January 2009 Bulletin, "Medicare Mandatory Insurer Reporting for Public Sector Health Plans"
The Centers for Medicare & Medicaid Services (CMS) has issued guidance on new data-reporting obligations for group health plans and their insurers and third party administrators (TPAs) that were effective January 1, 2009. The new data-reporting requirements are designed to facilitate coordination of benefits with Medicare. They will require insurers, TPAs and a plan administrator or fiduciary of a self-insured/self-administered group health plan to collect data - including Social Security Numbers (SSNs) or Health Insurance Claim Numbers - and electronically file the information with Medicare in accordance with rules established by CMS.
Self-insured, self-administered health plans must act quickly to either develop an electronic reporting capability or delegate the responsibility to an administrator. These plans should develop a compliance plan that sets forth their strategy for complying with the law and provides evidence of both good faith efforts and delegation of responsibility in case the plan is audited by CMS. Plans that are insured, or that are self-insured but not self-administered, do not have to report data to CMS. However, they may be contacted by their TPA or insurer and encouraged to begin collecting SSNs for dependents.
This Bulletin describes the "Responsible Reporting Entities" (RRE) that must register with CMS to comply. CMS guidance states that a Health Flexible Spending Arrangement and stand-alone dental and vision plans would not have reporting obligations. A Health Reimbursement Arrangement will be treated like any other group health plan, so an RRE must report data for it. According to CMS, sponsors of Health Savings Accounts (HSAs) do not have to report because Medicare beneficiaries may not make a current year contribution to an HSA.
The Bulletin also summarizes the registration deadlines, reportable information, the reporting process and penalties.