Home > Information > latest Capital Checkup > Back Issues > Capital Checkup

August 25, 2008

 

CMS PUBLISHES SUMMARY OF PROPOSED MANDATORY INSURER REPORTING REQUIREMENTS

On August 1, 2008, the Centers for Medicare & Medicaid Services (CMS) published information about implementation of the data–collection rules under the Medicare, Medicaid, and SCHIP Extension Act of 2007 (MMSEA) that will affect employer–sponsored group health plans.1

The implementation instructions published by the CMS contain several key items for those responsible for complying with the law. These include:

  • A description of the application process for determining reporting obligations,
  • Information about what services make a company a third party administrator (TPA) under the MMSEA, and
  • A list of Group Health Plan (GHP) Data Elements.

The proposal tells plan sponsors little about the process for filing data with the CMS, but it does provide important information about the data elements that will be required.

Comments on the proposal must be received by the CMS by no later than September 30, 2008, either electronically or by regular mail. Further implementation guidance will be forthcoming on the following page of the CMS Web site: http://www.cms.hhs.gov/MandatoryInsRep2

 

Background on the MMSEA

The MMSEA (Public Law No: 110–173), enacted on December 29, 2007, created new Medicare Secondary Payer (MSP) data–reporting requirements.3 Starting January 1, 2009, the new MSP data–reporting requirements will require insurers, TPAs and a plan administrator or fiduciary of a self–insured/self–administered group health plan to:

  • Collect from the plan sponsor and plan participants information to identify situations where the group health plan is primary to Medicare, and
  • Submit such information to the Department of Health and Human Services (HHS) in a form and manner specified by HHS.

The new data–reporting requirements are designed to collect information for purposes of coordination of benefits with Medicare.

 

Voluntary Data Sharing Agreement Reporting and Internal Revenue Service (IRS)/Social Security Administration (SSA)/CMS Data Match Unchanged by Rules

Many insurers and TPAs that provide services to employer–sponsored group health plans have already arranged with Medicare to transfer data for MSP coordination purposes – in order to assist employers in providing insurance information for purposes of the IRS/SSA/CMS Data Match. These entities often use an electronic arrangement called a Voluntary Data Sharing Agreement (VDSA). For example, the CMS has entered into VDSAs with almost all Blue Cross/Blue Shield Plans and other large insurers. In addition, many larger employers/Funds have entered directly into VDSAs with CMS. Entities with VDSAs will have little or no additional compliance obligations with respect to the new data collection rules.4 The rules governing VDSA and the Data Match will remain unchanged under the MMSEA.

 

Reporting Obligations Present Significant Challenges for Some Administrators

The data–reporting requirements apply to insurers, TPAs and a plan administrator or fiduciary of a self–insured/self–administered group health plan.5 A TPA is defined as an entity that pays and/or adjudicates claims and may perform other administrative services on behalf of group health plans. The rules clarify that if a group health plan is self–insured and self-administered for certain purposes, but has a TPA that pays or adjudicates claims, then the TPA is responsible for complying with the reporting requirements. The proposal does not address situations where there is more than one TPA.

The proposal permits agents to submit reports on behalf of insurers, TPAs and self–insured/self–administered employers, but states that accountability for submitting accurate reports rests with the responsible entity, not the agent.

 

Reporting Process

The CMS plans to use a reporting process that is entirely electronic. According to the CMS, reporting entities will not need special hardware or software to submit the data; they will only need one or more computers with access to the Internet. The entity reporting plan data will register online by logging onto a secure Web site and completing an online application. Once the application is submitted, the CMS will begin working with the entity to set up the data reporting and response process. It is likely that decisions such as how data is submitted and the reporting deadlines will differ for each entity, to reflect the capabilities of the entity and the need for a revolving reporting process to avoid overloading CMS systems.

Information reporting will occur no more frequently than quarterly. The CMS recommends that entities retain records for MSP related information for a period of 10 years. It notes that certain administrative and legal actions can be brought against a responsible entity for MSP errors for a period as long as 10 years.

The CMS will continue to provide guidance on the process through its dedicated Web page: http://www.cms.hhs.gov/MandatoryInsRep. Documents including implementation timelines and user guides will be loaded in the coming months.

 

Data Elements

The following table lists required and optional GHP Data Elements:

GHP Data Elements
Required Data Elements
Optional Data Elements
  • HIC number (HICN; Medicare ID number)
  • Beneficiary Social Security Number (required if HICN not available)
  • Beneficiary surname (first five letters required)
  • Beneficiary First Initial
  • Beneficiary Date of Birth
  • Beneficiary Sex Code
  • Document Control Number (assigned by the insurer)
  • Transaction Type (add, delete or update)
  • Coverage Type (type of insurance coverage)
  • Effective Date (effective date of current coverage)
  • Termination Date (termination date of current coverage)
  • Relationship Code (Relationship to policy holder)
  • Policy Holder's First Name
  • Policy Holder's Last Name
  • Policy Holder's Social Security Number
  • Employer Size
  • Small Employer MSP Exception
  • Group Policy Number
  • Individual Policy Number
  • Employee Coverage Election (who the policy covers)
  • Employee Status (reason why GHP is primary)
  • Employer EIN and Business Address
  • Insurer EIN and Business Address
  • Rx Insured ID Number
  • Rx Group Number
  • Rx PCN
  • Rx BIN Number
  • Rx Toll–Free Number (to call with questions regarding Rx coverage)
  • Person Code (assigned by insurer)

 

Impact on Plan Sponsors

The impact on plan sponsors will vary depending on whether the health plan is insured and how it is administered:

  • Plan Sponsors with Insured Plans These plan sponsors may see little change with the new law, because their insurers are the ones that must comply, and most large insurers already have VDSAs.
  • Self–Insured Plan Sponsors that Use a TPA These plan sponsors are also unlikely to feel much impact, because the TPA is the responsible entity for filing data. However, depending on the size and capabilities of the TPA, plan sponsors may see TPAs asking them for help unearthing data elements that previously were not collected from plan participants and beneficiaries. For example, plans may not have used HIC Numbers (the Medicare ID number) or Social Security Numbers of beneficiaries. It can be time–consuming and challenging to collect HIC Numbers and SSNs from participants and beneficiaries, due in part to increased public scrutiny about the privacy of such information.
  • Plan Sponsors that Are Self–Insured and Self–Administered These plan sponsors will need to determine how they will comply with the law. Options include reporting data themselves or contracting with a TPA or other agent to do so. In the alternative, the plan sponsor may wish to explore whether a VDSA is possible. If a self–insured/self–administered plan sponsor uses a TPA, the TPA would appear to be the responsible party. However, it would be appropriate for the plan sponsor to confirm with the TPA that it will be reporting data as required.

The difficulty in compliance will vary based on several factors, some of which are the current format of enrollment and eligibility records, ability of the plan to identify whether an individual is receiving Medicare, the number of plans offered, and the frequency of changes between plans or in coverage elections.

 

Next Steps

Plan sponsors with insured plans or those that are self–insured, but have claims administered by a TPA, do not have a direct reporting obligation. They may, however, be asked to supply additional data to their insurer or TPA, and may want to ask their insurer or TPA to confirm that the insurer or TPA is meeting their obligations.

On the other hand, plan sponsors with self–insured/self–administered plans should take two steps now:

  • Review the reporting obligations with their current service providers and assign responsibility for reporting, and
  • Review the list of data elements to assure that they are all being collected. Depending on the results of these actions, the sponsor may want to review other options such as contracting out the reporting obligation or obtaining a VDSA.

 

        

As with all issues involving the interpretation or application of laws, plan sponsors should rely on their legal counsel for authoritative advice on the Medicare, Medicaid, and SCHIP Extension Act of 2007. The Segal Company can be retained to work with plan sponsors and their attorneys on coordination of group health plan coverage with public programs, including Medicare, Medicaid and SCHIP. Segal is available to assist sponsors of self-insured plans with confirming that their TPA is going to be able to comply with the new rules. Segal can also help sponsors of self-administered plans to take the necessary steps to comply with the reporting requirements.

1 The CMS published both a Federal Register Notice requesting comments and a Supporting Statement for the reporting requirements (CMS Form No. 10265), as required by the Paperwork Reduction Act of 1995.3 (Click on the following text to return to Capital Checkup.)
   
2 CMS has determined that the rules will be implemented by publishing instructions on a publicly available Web site and submitting an information collection request to the Office of Management and Budget (OMB) rather than through the usual regulatory rulemaking process. (Click on the following text to return to Capital Checkup.)
   
3 For more information on the MMSEA, see The Segal Company's January 15, 2008 Capital Checkup. (Click on the following text to return to Capital Checkup.)
   
4 A VDSA allows the insurer and CMS to send and receive GHP enrollment and participation information electronically. It also permits the insurer or TPA to electronically query CMS for Medicare entitlement information about any covered employees or dependents who have GHP benefits. While the benefits of a VDSA are significant, the hardware and programming requirements have presented significant hurdles for smaller plan administrators and TPAs. More information about VDSAs is available on the CMS Web site. (Click on the following text to return to Capital Checkup.)
   
5 Separate rules also govern reporting by liability and workers' compensation insurers. (Click on the following text to return to Capital Checkup.)
   

 

Capital Checkup is The Segal Company's periodic electronic newsletter summarizing activity in Washington with respect to health care and related subjects. Capital Checkup is for informational purposes only. It is not intended to provide guidance on current laws or pending legislation. On all issues involving the interpretation or application of laws and regulations, plan sponsors should rely on their attorneys for legal advice. A separate Web page lists back issues of Capital Checkup.

Back to Top