MSP Compliance Blog

Expert summary, analysis and recommendations on issues impacting Medicare Secondary Payer compliance.

Building a Better Tower – Cybersecurity

Posted on February 18, 2021 by Rita Wilson

Tower has invested in significant cybersecurity initiatives to “Build a Better Tower” for our clients.  I provided a brief overview of those initiatives in a recent article and this week I highlight Tower’s investment in protecting Tower and our clients’ data.

Tower’s Cybersecurity Defenses

Long before COVID-19 came along, bringing a tsunami of cyberattacks, Tower had already proactively strengthened our internal IT defenses.

During the fall of 2019 we partnered with Vigilant Technology Solutions to use a service that combines passive monitoring technology with certified information security analysts. Through a customized deployment of Vigilant’s NDR (Network Detection and Response) and EDR (Endpoint Detection and Response) technology, Vigilant’s analysis engines and human threat hunting has reduced the time to detect and contain threats by 99.97% over the industry average.  Without this kind of 24/7/365 monitoring and action, bad actors can enter a system undetected and stay there for months learning how to circumvent security measures and destroying backup data resources.

The graph below shows the timeline of the recent attack on SolarWinds that ultimately compromised 18,000 through deployed software.  SolarWinds CEO disclosed an updated attack timeline, indicating that hackers had first accessed SolarWinds on September 4, 2019.  SourceSolarWinds blog, January 11, 2021.

But it is not sufficient to protect our own technology. We also educated our clients and others in the industry so they could understand and prevent cyber threats. Vigilant’s CEO Chris Nyhuis joined our VP of Information Technology Jesse Shade and another expert, Rob Kolb of Premier Mindset, for an eye-opening webinar in February.  It’s available on demand. Jesse also wrote two WorkCompWire articles with excellent advice that you can read here and here.

Third-Party Risk Assessments

In addition to ensuring the protection of its internal data, Tower also implemented a Vendor Risk Assessment Process for all third parties that had access to Tower data or networks or housed servers that stored our data. Our philosophy is that we are only as strong as our weakest link.  The result of this assessment is a vendor management process that continuously measures and monitors our partners to ensure that as per the AICPA Trust Criteria, we consistently honor the commitments made to our clients.

These are just a few of the ways that Tower is continually and proactively enhancing our infrastructure, processes and offerings to deliver measurably better services to you.

Rita Wilson,
Chief Executive Officer

 

Building a Better Tower

Posted on February 4, 2021 by Rita Wilson

To master an understatement, 2020 was an unprecedented year of uncertainty and challenge for Tower MSA Partners.

When travel came to a halt and face-to-face meetings, conferences, and other business activities transitioned to a virtual environment, a new “normal” arrived. Tower MSA Partners, like many other companies, acclimated to these changes, believing that we could wait out the pandemic. 

Very quickly though, our leadership team realized that by looking inward, this time of external change could be used as time of growth for our company.  Our introspection produced actions to further strengthen our technology and services and to identify best-in-class partners in order to provide greater value to our clients and to build a “better Tower” for all stakeholders.  

When work from home (WFH) was mandated, Tower managed the transition seamlessly.  With 24/7/365 cybersecurity protection already in place for our network and data, full business continuity was achieved.  We consistently hit our target metrics in MSA turnaround time, cost mitigation and prescription drug treatment reductions without exception.

By looking at the internal controls that protect, monitor, and drive our business, we also created a stronger Tower that included:  Tower that included:

  • Increased cybersecurity – protecting Tower’s network and its clients’ data from a cyber threat.
  • Completed an intense SOC 2 Type 1 audit
  • Pursued strategic partnerships to extend best-in-class service
  • Created and delivered valuable educational content to help clients secure their own systems and data, enhance MSP compliance, and optimize MSAs
  • Introduced a free service — a 2nd Opinion on questionable MSAs
  • Deployed a Section 111 Management Dashboard to easily identify and correct errors, avoiding the potential for monetary penalties

Over the next few weeks we’ll explain these initiatives and others designed to provide secure and cost-effective MSP compliance services for our clients.

Rita Wilson

Chief Executive Officer
 

MSPN Elects Dan Anders as President

Posted on February 3, 2021 by Tower MSA Partners

Tower’s Chief Compliance Officer, Dan Anders, has been elected president of the National Medicare Secondary Payer Network (MSPN).  MSPN is the premier organization for individuals, companies and law firms who want to stay apprised of Medicare Secondary Payer compliance developments and collaborate on industry leading education and advocacy efforts.  Check out the news release: Tower MSA Partners Dan Anders Elected President of the National Medicare Secondary Payer Network.

This is the second time in three years Tower has had one of our executives at the helm of this organization.  Our CEO, Rita Wilson, served as president in 2018.

Dan takes office as the organization completes rebranding itself from its former name of the National Alliance of Medicare Set-Aside Professionals (NAMSAP) to the National MSP Network.  Over the years, the Centers for Medicare and Medicaid Services (CMS) expanded its MSP enforcement mechanisms beyond Medicare Set-Asides.  The organization kept pace, adding Medicare conditional payment recovery, mandatory insurer reporting to Medicare, and MSA professional administration and settlement structuring to its education and advocacy initiatives.

Dan looks forward to working with MSPN’s Executive Committee and Board, consisting of the most experienced and knowledgeable professionals in the MSP compliance community, to accomplish the organization’s 2021 goals.

Additionally, he will continue the organization’s positive working relationship with CMS’s Division of MSP Program Operations, which enables MSPN members to ask questions and raise concerns and provide solutions directly with those who develop and implement MSP policy while learning the agency’s reasoning and viewpoint firsthand.

If you would like to learn more about MSPN, please contact Dan Anders at daniel.anders@towermsa.com or (888) 331-4941, ext. 219.

CMS Releases Technical Updates to Section 111 User Guide

Posted on January 26, 2021 by Daniel Anders

The Centers for Medicare and Medicaid Services (CMS) has begun the new year with some updates to its MMSEA Section 111 NGHP User Guide.  This guide provides everything and anything you ever wanted to know about mandatory insurer reporting by non-group health plans.  Version 6.2 provides the following updates:
 
$750 Reporting Threshold
 
In follow-up to its November 2020 announcement that it will be maintaining the $750 TPOC threshold for reporting and Medicare conditional payment recovery, CMS states:
 
As of January 1, 2021, the threshold for physical trauma-based liability insurance settlements will remain at $750. CMS will maintain the $750 threshold for no-fault insurance and workers’ compensation settlements, where the no-fault insurer or workers’ compensation entity does not otherwise have ongoing responsibility for medicals (Sections 6.4.2, 6.4.3, and 6.4.4).
 
Key takeaway:  Maintaining the $750 threshold means there are no changes to the reporting processes, determinations of claims that should be reported, or when conditional payments should be investigated or resolved.
 
Reporting Future ORM Termination Date
 
Per CMS:
 
To address situations where Responsible Report Entities (RREs) can identify future ORM termination dates based on terms of the insurance contract, RREs can now enter a future Ongoing Responsibility for Medicals (ORM) Termination Date (Field 79) up to 75 years from the current date (Section 6.7.1)
 
Key takeaway:  A future ORM termination date can only be submitted if it is certain, e.g., the date is specified in an insurance contract or a statutory limitation provides for its exact determination. The prior policy only allowed the reporting of an ORM termination date that was six months into the future.  The expansion to 75 years should allow for most date certain ORM terminations to be reported.
 
Data Exchange Update
 
Per CMS:
 
As part of CMS’ commitment to the modernization of the Coordination of Benefits & Recovery (COB&R) operating environment, changes are being implemented to move certain electronic file transfer data exchanges to the CMS Enterprise File Transfer (EFT) protocol. As part of this change the exchange of data with the COB&R program via Connect:Direct to GHINY SNODE will be discontinued. The final cutover is targeted to occur in April 2021. File naming conventions and other references have been updated in this guide. Contact your EDI Representative for details (Sections 10.2 and 10.3).
 
Key takeaway:  Right now, CMS offers four methods of data transmission that Section 111 RREs or their reporting agents can use to submit and receive electronic files.  CMS is discontinuing the Connect:Direct method, and since Tower does not communicate with CMS via this method there will be no impact to our reporting processes.
 
Policy Number Now a Key Field
 
Per CMS:
 
To support previous system changes, Policy Number (Field 54) has been added as a key field. If this field changes, RREs must submit a delete Claim Input File record that matches the previously accepted add record, followed by a new add record with the changed information (i.e., delete/add process) (Sections 6.1.2, 6.6.1, 6.6.2, and 6.6.4).
 
Key takeaway:  Previously, if a claim input file was updated with a different policy number for the same claim it would create two records with the BCRC.  This could duplicate Medicare conditional payment recovery efforts.  CMS’s solution is to have the RRE delete the prior record with the old policy number and add a new record with the new policy number.
 
Retraction of Soft Code Error
 
Per CMS:
 
In Version 6.1, we announced that several input errors will become “soft” errors starting April 5, 2021. However, CP03 will not become a soft edit. The Office Code/Site ID (Field 53), which triggers CP03, is used to identify correspondence addresses, and if incorrect, could result in mail being sent to the wrong place. Therefore this error will continue to reject the record (Appendix F).
 
Key Takeaway:  An error in Office Code/Site ID (Field 53) will not be considered a soft edit and will result in file rejection. An earlier Tower article, November CMS Mandatory Reporting and Conditional Payment Updates, explained these so-called “soft” code errors.
 
If you have any questions on these updates to the Section 111 User Guide, please reach out to Tower’s Chief Compliance Officer, Dan Anders, at daniel.anders@towermsa.com or 888.331.4941.
 

Three Medicare Secondary Payer (MSP) Predictions for 2021

Posted on January 14, 2021 by Daniel Anders

We take a look at what’s in the crystal ball for Medicare Secondary Payer (MSP) short-term issues in the year ahead.

This year marks the 20th anniversary of the famous —or infamous, depending on your perspective— “Patel Memo” that formally launched CMS’s Workers’ Compensation Medicare Set-Aside review process.  It was probably safe to assume that a government program like this would still be around two decades later. However, the expansion of CMS’s authority to require mandatory reporting along with stepped up efforts to recover conditional payments by both Medicare and Medicare Advantage plans was less predictable.

I won’t hazard a guess on what Medicare Secondary Payer compliance will be like 20 years from now but will predict the outcomes of some short-term issues.

Liability MSAs

In June 2012 CMS issued an Advanced Notice of Proposed Rulemaking (ANPRM) with ideas as to how Medicare’s interests could be considered in the settlement of future medicals in a liability case.  Ultimately, the ANPRM was withdrawn in October 2014.

Nothing further was heard from CMS management until December 2018 when it indicated proposed rules would be issued in September 2019.  Subsequent notices postponed the date to March 2021.

Prediction:  Since CMS will have new leadership and its attention has turned to vaccine distribution, I suspect we will not see proposed rules on LMSAs this year.  Even if CMS proposes regulations, they would not be implemented until after a comment period followed by revisions, which would likely stretch into 2022.

Section 111 Penalties

On February 18, 2020, CMS issued its proposed regulations specifying how and when it would impose civil money penalties if Non-Group Health Plans fail to meet Section 111 Mandatory Insurer Reporting responsibilities.  A comment period ended on April 20, 2020 (Please see CMP Comments Submitted for Tower’s comments on the proposal).

Prediction:  Since CMS completed the process of releasing the proposed rule and receiving comment and the issuance of this regulation is statutorily required by the SMART Act of 2012 prior to issuing any penalties, I expect the final rule will be issued in 2021.  Once issued, it will likely become effective within 60 days.

PAID Act

On December 11, 2020, President Trump signed into law HR 8900, Further Continuing Appropriations Act, 2021, which included the provisions of the Provide Accurate Information Directly Act or PAID Act.

The PAID Act requires CMS to provide applicable plans (liability insurance, no-fault insurance and workers’ compensation laws or plans) access to Medicare beneficiary enrollment status in Medicare Advantage and Part D Prescription Drug plans through the Section 111 Mandatory Insurer Reporting process. (Please review PAID Act Becomes Law for a full explanation of the law and its implications.)

Prediction:  Per the law, CMS must provide access to Medicare Advantage and Part D plan information by December 11, 2021 (one year from the date of enactment).  As CMS must implement technical changes to the Section 111 reporting platform to provide such access, it may not be ready by that date.

Beyond these three predictions, some issues to watch in the coming year: 

  • Continued trend toward non-submit MSAs
  • More professional administration of MSAs
  • Cases affecting Medicare Advantage plan recovery rights
  • Per proposal from President-elect Biden, lowering of Medicare eligibility age to 60
  • “New” MSA reform legislation

A happy and safe new year to you and your families.

For Media Inquires, Contact:

Helen King Patterson
813.690.4787
helen@kingknight.com

    Subscribe to our blog & news

    Search our blog:

    Contact Us for a FREE Consultation