The industry has speculated for years whether and when the Centers for Medicare & Medicaid Services (CMS) would seek to enforce civil monetary penalties (CMPs) that were provided for the in Medicare Secondary Payer Act (MSP). Now, we are almost there.
On Feb. 18, 2020, CMS published the proposed rule “Medicare Secondary Payer and Certain Civil Monetary Penalties.” It specifies how and when CMS would calculate and impose CMPs where group health plan (GHP) and non-group health plan (NGHP) responsible reporting entities (RREs) fail to meet their MSP reporting obligations. The deadline to offer public comments to the rule was April 20, 2020. For our purposes here, let’s only discuss the proposed rule’s application to NGHP entities.
According to the Section 111 NGHP User Guide, Section 6.1, “Who Must Report,” as well as 42 USC 1395y(b)(8), the “applicable plan” is the NGHP RRE, and it defines “applicable plan” as the following laws, plans, or other arrangements: liability insurance (including self-insurance), no-fault insurance, and workers’ compensation law or plans. In other words, all liability, no-fault, and workers’ compensation insurers/carriers and self-insured entities are subject to CMPs under this proposed rule.
The industry has anticipated this proposed rule because, under the Strengthening Medicare and Repaying Taxpayers Act of 2012 (SMART Act), CMS is required to establish criteria and practices in which CMPs would be imposed under the act. The initial regulatory language surrounding CMPs—$1,000 per day, per claim for noncompliant RREs—was modified to provide that CMPs/penalties would be “up to $1,000 each day of noncompliance with respect to each claimant.”
In other words, the SMART Act allowed for CMPs to be discretionary rather than mandatory. In order to set parameters around CMS’ discretion on safe harbors from such CMPs, Medicare would need to lay out such safe harbors for RREs to determine when CMPs should be issued and the monetary amount of the penalty. Back in 2013, CMS issued an Advanced Notice of Proposed Rulemaking (ANPRM) regarding these safe harbors, but until now it has not taken any action against noncompliant NGHPs for failure to properly report. However, now that the proposed rule has been published, CMS can move to publish a final rule (more than likely sometime in 2020) and start issuing CMPs against noncompliant NGHPs.
Avoiding CMPs
In order to determine how to avoid CMPs, NGHP RREs must understand what is in the proposed rule so they can determine and resolve compliance gaps now. Under the proposed rule, the scenarios in which CMS would impose a CMP against an NGHP are:
1) The entity fails to register as an RRE.
2) The entity fails to report a total payment obligation to claimant (TPOC)—a settlement, judgment, or award—within one year of the date of the settlement, judgment, or award.
3) The entity’s response to CMS recovery efforts (where CMS seeks to recover conditional payments via a conditional payment notice or demand) contradicts the entity’s Section 111 reporting.
4) The entity exceeds any error tolerance threshold established by the Secretary in any four out of eight consecutive reporting periods.
CMS provides that it will not impose CMPs against NGHPs under the following scenarios:
1) The entity reports a TPOC no later than one year after the TPOC date.
2) The entity complies with any TPOC-reporting thresholds or other reporting exclusions published in CMS’s MMSEA Section 111 User Guides.
3) The entity does not exceed any error tolerance(s) in any four out of eight consecutive reporting periods.
4) The entity fails to report because it was unable to obtain information necessary for reporting from the reporting individual, including an individual’s last name, first name, date of birth, gender, MBI or SSN (or last five digits of the SSN), and the entity has made and maintained records of good-faith efforts to obtain this information.
The critical question is, what should NGHPs do now to avoid CMPs? CMS has indicated that any CMPs would be issued prospectively after the effective date of the final rule. However, that does not mean that noncompliant reporting prior to 2020 would not result in a CMP against an RRE.
Under the proposed rule, CMS would have five years from the date it identified the noncompliance. So, if an RRE failed to report a TPOC that occurred in 2016—and if the final rule is published in, for example, September 2020—and CMS discovers in January 2021 that the RRE failed to report the 2016 TPOC, CMS would have until August 2026 to impose CMPs against the RRE.
Therefore, NGHP plans/RREs should take steps now to avoid CMPs in the future. Entities that have failed to register as an RRE should do so immediately and report applicable claims as soon as possible. NGHPs should take appropriate steps to identify Medicare status and document good-faith efforts. Further, NGHPs should report TPOCs timely, and correct all errors and make sure ICD-10 codes are accurate.
How Prepared Are You?
Claims organizations vary greatly in their preparedness for implementation of this rule. Preparedness may have been contingent on the technology solutions the organization had in place, which can include a partnership with a vendor that has expertise in Medicare compliance. A partnership such as this is particularly important if the organization does not have the technological, financial, or knowledge expertise to build an in-house reporting solution.
There are differences across lines of business as to the ease of collecting the necessary data. In the workers’ compensation space, access to personal identifiable information (PII), like a Social Security number, can typically be easier to come by than in lines like general liability and auto. It is heartening to know that CMS has considered the challenge of collecting PII and thereby created the good-faith effort exception to CMPs. It is the documentation of those good-faith efforts that will be critical to taking advantage of that exception when necessary.
The challenge for any claims organization is the ability to record and maintain accurate Section 111 reporting data, particularly in organizations where the collection and maintenance of that data is decentralized—for example, when individual claim handlers are responsible for inputting and maintaining this data. While the “Big Five” data points—individual’s last name, first name, date of birth, gender, MBI or Social Security number (or last five digits of the Social Security number)—are easily understood by claim handlers, there can be confusion when it comes to correctly identifying ongoing responsibility for medicals, TPOCs, and ICD-10 codes. This will require initial training and ongoing refresher training in order to ensure that claims handlers who are responsible for ensuring their organizations’ CMS data integrity have been equipped with the information they need to accurately input and maintain this data. The repercussions are simply too expensive to ignore.
Editor’s Note: The views expressed in this article are those of the authors and do not necessarily represent the views of the organizations by which they are employed.