Category: Blog

Building a Better Tower – Cybersecurity

February 18, 2021

hands on a keyboard overlaid with a lock symbol to illustrate cybersecurity

Tower has invested in significant cybersecurity initiatives to “Build a Better Tower” for our clients.  I provided a brief overview of those initiatives in a recent article and this week I highlight Tower’s investment in protecting Tower and our clients’ data.

Tower’s Cybersecurity Defenses

Long before COVID-19 came along, bringing a tsunami of cyberattacks, Tower had already proactively strengthened our internal IT defenses.

During the fall of 2019 we partnered with Vigilant Technology Solutions to use a service that combines passive monitoring technology with certified information security analysts. Through a customized deployment of Vigilant’s NDR (Network Detection and Response) and EDR (Endpoint Detection and Response) technology, Vigilant’s analysis engines and human threat hunting has reduced the time to detect and contain threats by 99.97% over the industry average.  Without this kind of 24/7/365 monitoring and action, bad actors can enter a system undetected and stay there for months learning how to circumvent security measures and destroying backup data resources.

The graph below shows the timeline of the recent attack on SolarWinds that ultimately compromised 18,000 through deployed software.  SolarWinds CEO disclosed an updated attack timeline, indicating that hackers had first accessed SolarWinds on September 4, 2019.  SourceSolarWinds blog, January 11, 2021.

But it is not sufficient to protect our own technology. We also educated our clients and others in the industry so they could understand and prevent cyber threats. Vigilant’s CEO Chris Nyhuis joined our VP of Information Technology Jesse Shade and another expert, Rob Kolb of Premier Mindset, for an eye-opening webinar in February.  It’s available on demand. Jesse also wrote two WorkCompWire articles with excellent advice that you can read here and here.

Third-Party Risk Assessments

In addition to ensuring the protection of its internal data, Tower also implemented a Vendor Risk Assessment Process for all third parties that had access to Tower data or networks or housed servers that stored our data. Our philosophy is that we are only as strong as our weakest link.  The result of this assessment is a vendor management process that continuously measures and monitors our partners to ensure that as per the AICPA Trust Criteria, we consistently honor the commitments made to our clients.

These are just a few of the ways that Tower is continually and proactively enhancing our infrastructure, processes and offerings to deliver measurably better services to you.

Rita Wilson,
Chief Executive Officer

 

Building a Better Tower

February 4, 2021

Man with blocks is building a tower

To master an understatement, 2020 was an unprecedented year of uncertainty and challenge for Tower MSA Partners.

When travel came to a halt and face-to-face meetings, conferences, and other business activities transitioned to a virtual environment, a new “normal” arrived. Tower MSA Partners, like many other companies, acclimated to these changes, believing that we could wait out the pandemic. 

Very quickly though, our leadership team realized that by looking inward, this time of external change could be used as time of growth for our company.  Our introspection produced actions to further strengthen our technology and services and to identify best-in-class partners in order to provide greater value to our clients and to build a “better Tower” for all stakeholders.  

When work from home (WFH) was mandated, Tower managed the transition seamlessly.  With 24/7/365 cybersecurity protection already in place for our network and data, full business continuity was achieved.  We consistently hit our target metrics in MSA turnaround time, cost mitigation and prescription drug treatment reductions without exception.

By looking at the internal controls that protect, monitor, and drive our business, we also created a stronger Tower that included:  Tower that included:

  • Increased cybersecurity – protecting Tower’s network and its clients’ data from a cyber threat.
  • Completed an intense SOC 2 Type 1 audit
  • Pursued strategic partnerships to extend best-in-class service
  • Created and delivered valuable educational content to help clients secure their own systems and data, enhance MSP compliance, and optimize MSAs
  • Introduced a free service — a 2nd Opinion on questionable MSAs
  • Deployed a Section 111 Management Dashboard to easily identify and correct errors, avoiding the potential for monetary penalties

Over the next few weeks we’ll explain these initiatives and others designed to provide secure and cost-effective MSP compliance services for our clients.

Rita Wilson

Chief Executive Officer
 

MSPN Elects Dan Anders as President

February 3, 2021

Dan Anders who was quoted in the Claims Journal

Tower’s Chief Compliance Officer, Dan Anders, has been elected president of the National Medicare Secondary Payer Network (MSPN).  MSPN is the premier organization for individuals, companies and law firms who want to stay apprised of Medicare Secondary Payer compliance developments and collaborate on industry leading education and advocacy efforts.  Check out the news release: Tower MSA Partners Dan Anders Elected President of the National Medicare Secondary Payer Network.

This is the second time in three years Tower has had one of our executives at the helm of this organization.  Our CEO, Rita Wilson, served as president in 2018.

Dan takes office as the organization completes rebranding itself from its former name of the National Alliance of Medicare Set-Aside Professionals (NAMSAP) to the National MSP Network.  Over the years, the Centers for Medicare and Medicaid Services (CMS) expanded its MSP enforcement mechanisms beyond Medicare Set-Asides.  The organization kept pace, adding Medicare conditional payment recovery, mandatory insurer reporting to Medicare, and MSA professional administration and settlement structuring to its education and advocacy initiatives.

Dan looks forward to working with MSPN’s Executive Committee and Board, consisting of the most experienced and knowledgeable professionals in the MSP compliance community, to accomplish the organization’s 2021 goals.

Additionally, he will continue the organization’s positive working relationship with CMS’s Division of MSP Program Operations, which enables MSPN members to ask questions and raise concerns and provide solutions directly with those who develop and implement MSP policy while learning the agency’s reasoning and viewpoint firsthand.

If you would like to learn more about MSPN, please contact Dan Anders at daniel.anders@towermsa.com or (888) 331-4941, ext. 219.

CMS Releases Technical Updates to Section 111 User Guide

January 26, 2021

CMS User Guides for Section 111 Reporting. open book with colored page markers

The Centers for Medicare and Medicaid Services (CMS) has begun the new year with some updates to its MMSEA Section 111 NGHP User Guide.  This guide provides everything and anything you ever wanted to know about mandatory insurer reporting by non-group health plans.  Version 6.2 provides the following updates:
 
$750 Reporting Threshold
 
In follow-up to its November 2020 announcement that it will be maintaining the $750 TPOC threshold for reporting and Medicare conditional payment recovery, CMS states:
 
As of January 1, 2021, the threshold for physical trauma-based liability insurance settlements will remain at $750. CMS will maintain the $750 threshold for no-fault insurance and workers’ compensation settlements, where the no-fault insurer or workers’ compensation entity does not otherwise have ongoing responsibility for medicals (Sections 6.4.2, 6.4.3, and 6.4.4).
 
Key takeaway:  Maintaining the $750 threshold means there are no changes to the reporting processes, determinations of claims that should be reported, or when conditional payments should be investigated or resolved.
 
Reporting Future ORM Termination Date
 
Per CMS:
 
To address situations where Responsible Report Entities (RREs) can identify future ORM termination dates based on terms of the insurance contract, RREs can now enter a future Ongoing Responsibility for Medicals (ORM) Termination Date (Field 79) up to 75 years from the current date (Section 6.7.1)
 
Key takeaway:  A future ORM termination date can only be submitted if it is certain, e.g., the date is specified in an insurance contract or a statutory limitation provides for its exact determination. The prior policy only allowed the reporting of an ORM termination date that was six months into the future.  The expansion to 75 years should allow for most date certain ORM terminations to be reported.
 
Data Exchange Update
 
Per CMS:
 
As part of CMS’ commitment to the modernization of the Coordination of Benefits & Recovery (COB&R) operating environment, changes are being implemented to move certain electronic file transfer data exchanges to the CMS Enterprise File Transfer (EFT) protocol. As part of this change the exchange of data with the COB&R program via Connect:Direct to GHINY SNODE will be discontinued. The final cutover is targeted to occur in April 2021. File naming conventions and other references have been updated in this guide. Contact your EDI Representative for details (Sections 10.2 and 10.3).
 
Key takeaway:  Right now, CMS offers four methods of data transmission that Section 111 RREs or their reporting agents can use to submit and receive electronic files.  CMS is discontinuing the Connect:Direct method, and since Tower does not communicate with CMS via this method there will be no impact to our reporting processes.
 
Policy Number Now a Key Field
 
Per CMS:
 
To support previous system changes, Policy Number (Field 54) has been added as a key field. If this field changes, RREs must submit a delete Claim Input File record that matches the previously accepted add record, followed by a new add record with the changed information (i.e., delete/add process) (Sections 6.1.2, 6.6.1, 6.6.2, and 6.6.4).
 
Key takeaway:  Previously, if a claim input file was updated with a different policy number for the same claim it would create two records with the BCRC.  This could duplicate Medicare conditional payment recovery efforts.  CMS’s solution is to have the RRE delete the prior record with the old policy number and add a new record with the new policy number.
 
Retraction of Soft Code Error
 
Per CMS:
 
In Version 6.1, we announced that several input errors will become “soft” errors starting April 5, 2021. However, CP03 will not become a soft edit. The Office Code/Site ID (Field 53), which triggers CP03, is used to identify correspondence addresses, and if incorrect, could result in mail being sent to the wrong place. Therefore this error will continue to reject the record (Appendix F).
 
Key Takeaway:  An error in Office Code/Site ID (Field 53) will not be considered a soft edit and will result in file rejection. An earlier Tower article, November CMS Mandatory Reporting and Conditional Payment Updates, explained these so-called “soft” code errors.
 
If you have any questions on these updates to the Section 111 User Guide, please reach out to Tower’s Chief Compliance Officer, Dan Anders, at daniel.anders@towermsa.com or 888.331.4941.
 

Three Medicare Secondary Payer (MSP) Predictions for 2021

January 14, 2021

rainbow over a highway with the year 2021 painted, illustrating predictions for Medicare Secondary Payer in 2021

We take a look at what’s in the crystal ball for Medicare Secondary Payer (MSP) short-term issues in the year ahead.

This year marks the 20th anniversary of the famous —or infamous, depending on your perspective— “Patel Memo” that formally launched CMS’s Workers’ Compensation Medicare Set-Aside review process.  It was probably safe to assume that a government program like this would still be around two decades later. However, the expansion of CMS’s authority to require mandatory reporting along with stepped up efforts to recover conditional payments by both Medicare and Medicare Advantage plans was less predictable.

I won’t hazard a guess on what Medicare Secondary Payer compliance will be like 20 years from now but will predict the outcomes of some short-term issues.

Liability MSAs

In June 2012 CMS issued an Advanced Notice of Proposed Rulemaking (ANPRM) with ideas as to how Medicare’s interests could be considered in the settlement of future medicals in a liability case.  Ultimately, the ANPRM was withdrawn in October 2014.

Nothing further was heard from CMS management until December 2018 when it indicated proposed rules would be issued in September 2019.  Subsequent notices postponed the date to March 2021.

Prediction:  Since CMS will have new leadership and its attention has turned to vaccine distribution, I suspect we will not see proposed rules on LMSAs this year.  Even if CMS proposes regulations, they would not be implemented until after a comment period followed by revisions, which would likely stretch into 2022.

Section 111 Penalties

On February 18, 2020, CMS issued its proposed regulations specifying how and when it would impose civil money penalties if Non-Group Health Plans fail to meet Section 111 Mandatory Insurer Reporting responsibilities.  A comment period ended on April 20, 2020 (Please see CMP Comments Submitted for Tower’s comments on the proposal).

Prediction:  Since CMS completed the process of releasing the proposed rule and receiving comment and the issuance of this regulation is statutorily required by the SMART Act of 2012 prior to issuing any penalties, I expect the final rule will be issued in 2021.  Once issued, it will likely become effective within 60 days.

PAID Act

On December 11, 2020, President Trump signed into law HR 8900, Further Continuing Appropriations Act, 2021, which included the provisions of the Provide Accurate Information Directly Act or PAID Act.

The PAID Act requires CMS to provide applicable plans (liability insurance, no-fault insurance and workers’ compensation laws or plans) access to Medicare beneficiary enrollment status in Medicare Advantage and Part D Prescription Drug plans through the Section 111 Mandatory Insurer Reporting process. (Please review PAID Act Becomes Law for a full explanation of the law and its implications.)

Prediction:  Per the law, CMS must provide access to Medicare Advantage and Part D plan information by December 11, 2021 (one year from the date of enactment).  As CMS must implement technical changes to the Section 111 reporting platform to provide such access, it may not be ready by that date.

Beyond these three predictions, some issues to watch in the coming year: 

  • Continued trend toward non-submit MSAs
  • More professional administration of MSAs
  • Cases affecting Medicare Advantage plan recovery rights
  • Per proposal from President-elect Biden, lowering of Medicare eligibility age to 60
  • “New” MSA reform legislation

A happy and safe new year to you and your families.

WorkCompCentral Explains the PAID Act

January 4, 2021

Red Medicare button on a keyboard to illustrate Medicare conditional payment.

The recently enacted PAID Act fixes long-term annoyances for MSA companies in securing accurate information about beneficiaries’ Medicare Advantage prescriptions drugs plans.

Right now, the Centers for Medicare and Medicaid Services (CMS) can tell payers which workers’ compensation claimants are Medicare beneficiaries. However, the agency has historically said that privacy concerns prevent it from sharing which Medicare Advantage Plans or Prescription Drug Plans these beneficiaries have joined.  This means Medicare Set Aside (MSA) companies and insurers have to ask claimants or their attorneys and the information was sketchy at best, leading to conditional payment demands – and some lawsuits – post settlement.  

In mid-December, the Provide Accurate Information Directly (PAID) Act was passed and signed into law, enabling Medicare to respond to queries by providing the name and address of beneficiary’s Medicare Advantage or prescription drug plans.  The law should help end years of aggravation over Medicare Advantage Plan identification, according to Tower MSA Partners’ Dan Anders, who was interviewed for  WorkCompCentral’s article on the law: Medicare Set-Aside Firms Applaud Passage of PAID Act Provisions

Related:

CMS: PAID Act Implementation Guidance & New ORM Termination Option

PAID Act Becomes Law

Tower MSA Partners Wishes You a Warm & Restful Holiday Season

December 22, 2020

a sprig of holly and the words Happy Holidays

This year has brought deeper meaning to traditional holiday wishes.  We are thinking about our health, families, and partners in different ways and re-thinking priorities.  But as we adapt to new realities, our commitment to you–our partners–is unwavering.  Thank you for your loyalty during this challenging year.

We sincerely hope you enjoy a happy and healthy holiday.

Your friends at Tower MSA Partners

PAID Act Becomes Law

December 16, 2020

US Capitol dome

The recently enacted PAID Act ensures that insurance carriers have access to Medicare Advantage plan enrollment information

On December 11, 2020, President Trump signed into law HR 8900, Further Continuing Appropriations Act, 2021, which included the provisions of the Provide Accurate Information Directly Act or PAID Act (It is named Transparency of Medicare Secondary Payer Reporting Information in Section 1301 of the law). 

What does all this mean?  In short, the PAID Act requires the Centers for Medicare and Medicaid Services (CMS) provide applicable plans (liability insurance, no-fault insurance and workers compensation laws or plans) access to Medicare beneficiary enrollment status in Medicare Advantage and Part D Prescription Drug plans.  Currently, this information can only be obtained from claimants which impedes the applicable plans’ efforts at mitigating their exposure to reimbursement claims from these Medicare Advantage and Part D plans.

Background on PAID Act

CMS has consistently asserted that Medicare Advantage and Part D plans have the same or similar rights of recovery under the Medicare Secondary Payer (MSP) Act as CMS itself.  Federal courts have largely agreed with CMS’s position, notably finding Medicare Advantage plans can seek post-settlement reimbursement against applicable plans, including double damages.

Presently, the applicable plans do not have access to Medicare Advantage and Part D plan enrollment information. CMS claims statutory privacy limitations prevent it from providing access. Plans are forced to rely on claimants to voluntarily share their Medicare Advantage plan or Part D plan enrollment, an inconsistent and unreliable method.

To address this problem, a group of industry stakeholders, through the Medicare Advocacy Recovery Coalition (MARC), advocated for the PAID Act. The National Medicare Secondary Payer Network (formerly NAMSAP), in which Tower is a corporate partner and member, endorsed the bill in 2018.

The bill, now law, provides that if through the Section 111 query process the claimant is identified as a Medicare beneficiary, then CMS must also respond with the following:

Whether a claimant subject to the query is or during the preceding 3-year period has been, entitled to benefits under the program under this title on any basis; and

to the extent applicable, the plan name and address of any Medicare Advantage plan under part C and any prescription drug plan under part D in which the claimant is enrolled or has been enrolled during such period.

In other words, if the claimant has been enrolled in a Medicare Advantage or Part D plan in the prior three years, the applicable plan will have access to that information through the Section 111 Mandatory Insurer Reporting query process.

Practical Implications

We applaud the passage of the PAID Act, which will make it easier for payers to proactively identify and then investigate and resolve Medicare Advantage and Part D Prescription Drug plan reimbursement claims.  As a result, claims can be settled with confidence that a reimbursement claim or lien will not pop-up weeks, months or years later.

CMS has one year after the date of enactment, that is December 11, 2021, to have the enhanced Section 111 query process in place. When Tower receives technical guidance on how this change will be incorporated into the current Medicare beneficiary query process, we will update our Section 111 reporting clients. 

As always, if you have any questions, contact Dan Anders, Tower’s Chief Compliance Officer, at daniel.anders@towermsa.com or 888.331.4941.

Related:


CMS: PAID Act Implementation Guidance & New ORM Termination Option

WorkCompCentral Explains the PAID Act

 

Celebrex and Abilify Price Drops Trigger MSA Reductions

December 14, 2020

Vial of pills illustrating MSA Reductions in RX costs

Recently, the lowest average wholesale price of Celebrex 200mg and the price of multiple strengths of Abilify dropped dramatically resulting in major MSA reductions.
 
A widely used, non-steroidal anti-inflammatory drug, Celebrex (Celecoxib), is FDA-approved for several conditions:

  • Ankylosing spondylitis
  • Juvenile rheumatoid arthritis
  • Acute migraines
  • Osteoarthritis
  • Acute pain
  • Primary dysmenorrhea
  • Rheumatoid arthritis

Per Red Book, the lowest average wholesale price for Celecoxib 200mg dropped from $1.79 to $0.33, an 81.56% price reduction.
 
Abilify (Aripiprazole) is an antipsychotic drug FDA-approved for the following conditions: 

  • Schizophrenia
  • Acute treatment of manic and mixed episodes associated with bipolar
  • Adjunctive treatment of major depressive disorder
  • Irritability associated with autistic disorder
  • Treatment of Tourette’s disorder

Per Red Book, the lowest average wholesale price for multiple strengths (2mg to 30mg) of Aripiprazole dropped from the $30 to $36 range to a range of $0.07 to $0.17 per dose, an almost 100% price reduction.
 
Tower Action in Response
 
Because Tower’s system tracks all medications allocated in MSA reports, we have already pulled reports from the past two years that allocated these medications and advised clients of the potential for MSA reductions. You can also contact us to determine whether a particular MSA qualifies for MSA reductions.  Revisions to the MSA can be done now or prior to MSA submission to CMS.
 
Please contact Dan Anders, Tower’s Chief Compliance Officer, at Daniel.anders@towermsa.com or (888) 331-4941 with questions.

Medicare Conditional Payment Recovery Threshold for 2021

December 1, 2020

chart, dollars and a fountain pen illustrating conditional paument recovery threshold post

In an 11/25/2020 Alert, the Centers for Medicare and Medicaid Services (CMS) announced that the 2021 conditional payment recovery threshold for liability, no-fault and workers’ compensation settlements will remain at $750. Accordingly, Total Payment Obligations to the Claimant, TPOCs, in the amount of $750 or less are not required to be reported to CMS through the Section 111 Mandatory Reporting process, nor will CMS attempt to recover conditional payments for TPOCs of this amount (The threshold does not apply to liability settlements for alleged ingestion, implantation or exposure cases).

By way of background, pursuant to the SMART Act of 2012, CMS is required to annually determine a threshold amount such that the cost of collection does not outstrip the amount recovered through such collection efforts. CMS’s calculations, which can be found here, resulted in maintaining the $750 threshold. 

Practical Implications

As CMS is keeping the $750 threshold for mandatory reporting and conditional payment recovery there are no changes to the reporting processes or determinations as to when conditional payments should be investigated or resolved.

Related

Questions About Medicare Conditional Payments? Join Our Upcoming Free Webinar

November CMS Mandatory Reporting and Conditional Payment Updates