Category: News

Tower MSA Partners Receives SOC 2 Type I Attestation

August 21, 2020

AICPA SOC logo

Tower MSA Partners has completed its SOC 2 Type I audit. Performed by KirkpatrickPrice, this attestation provides evidence of Tower’s strong commitment to security and delivering high-quality services to its clients by demonstrating that it has the necessary internal controls and processes in place.

A SOC 2 Type I audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit, an organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design of Tower’s controls to meet the standards for these criteria.

“Tower’s processes have been technology driven from its beginning with the privacy and security of client data at the forefront of internal policy and procedure development,” said Tower CEO Rita Wilson.  “We are pleased to receive this affirmation from an independent analysis.”

“The SOC 2 audit is based on the Trust Services Criteria. Tower MSA Partners has selected the security and confidentiality criteria for the basis of their audit,” said Kirkpatrick Price President Joseph Kirkpatrick. “Tower delivers trust-based services to its clients and by communicating the results of this audit, its clients can be assured of their reliance on this company’s controls.”

Related Posts

Tower MSA Partners Completes SOC 2 Type II Audit

Towers’ VP of IT Jesse Shade on The Hot Seat

August 5, 2020

Jesse Shade Portrait

Jesse Shade, Tower’s Vice President of Information Technology, will be a panelist on the “Cybersecurity Threats: What You Can’t See Can Hurt You” webinar. Presented by WorkersCompensation.com as part of its The Hot Seat series, the free webinar starts at noon EDT on August 6.

Shade, who is a member of the Forbes Technology Council, brings more than 35 years of IT experience to the panel. He oversees all aspects of Tower’s technologies, including data security. 

Joining Jesse Shade in the information-packed session is the George State Board of Workers’ Compensation’s Director of Information Technology Bobby Allen and WorkersCompensation.com’s Media Director Nancy Grover.

Among the topics Jesse Shade will cover are:

  • Misconceptions about cybersecurity
  • Should organizations outsource cybersecurity efforts?
  • How can you guard against internet attack?

The webinar will be moderated by WorkersCompensation.com President and CEO Bob Wilson and Judge David Langham. There is no charge for the webinar.

Prepping for Penalties

August 3, 2020

section 111 reporting sample

WorkCompCentral.com covered Tower’s recent webinar “Avoiding the Medicare Mandatory Reporting Penalty” with Chief Compliance Officer Dan Anders and VP of Information Technology Jesse Shade.  CMS has yet to respond to comments or finalize the regulation proposed in February, but its proposal contained alarmingly high penalties for relatively minor infractions, like recording the wrong diagnostic code. 

The webinar highlighted various penalties for inaccurate or late reporting and demonstrated the new dashboard Tower built to help its clients find and fix reporting errors faster and easier.  The dashboard identifies claims with errors and the remedy to correct them. It also enables users to produce instant reports, such as a one showing claims with reported medical closure settlements or Total Payment Obligation to Claimants (TPOCs) where Ongoing Responsibility for Medicals (ORM) has not been terminated, a common reporting error.

For more information, please see Dan Anders’ Feb. 18 and April 27 blog posts on the proposed regulations or email Daniel.Anders@TowerMSA.com.

Avoid Anticipated Medicare Mandatory Reporting Penalties

July 29, 2020

hands on a calculator and keyboard to illustrate Medicare Mandatory Reporting Rules

Nancy Grover of workerscompensation.com wrote an in-depth article on Tower MSA Partner’s “Avoiding Medicare Mandatory Reporting Penalties” webinar.  CMS is considering comments received to its proposed regulation that included penalties as high as $1,000 per day per claim. Final regs could publish any time. 

“There probably won’t be a lot of changes [in the final rule],” said Tower’s Chief Compliance Officer Dan Anders, who presented the webinar with Jesse Shade, VP of Information Technology.

Penalties could be imposed on organizations for not reporting a claim closure at all, exceeding error tolerance, or reporting contradictory information at different times. The article quoted Anders’ “contradictory information” example of a Medicare beneficiary with work-related injury on his right shoulder and a diagnoses code indicating the injury was on the right knee.

“CMS would have conflicting information. Even if the error is subsequently corrected, CMS could still impose a penalty of up to $365,000 [for a year],” he said.

To avoid penalties from even minor mistakes, Anders recommended that attendees note the omission of data, confirm the correct use of diagnosis codes, be sure to promptly report termination of ongoing responsibility for medicals or ORM.

“And ensure you have a reporting platform that is identifying potential errors and is working with you … to resolve errors and avoid penalties,” he said.

Tower is well positioned to serve as your reporting agent partner.  The company proactively developed its own Section 111 Mandatory Reporting dashboard, which Shade demonstrated on the webinar. He showed the many ways the platform helps users identify possible mistakes, address missing data points, confirm ICD9 and ICD10 codes, and run reports to direct their efforts.   Incorporating all the elements CMS examines, the dashboard simplifies and automates the process for users.

The dashboard is ready to roll as soon as CMS publishes the final regs.  As usual, Tower is ahead of the game — meeting clients’ needs before they know they have them.

Related

PREMIER WEBINAR: Avoiding the Medicare Mandatory Reporting Penalty

Time for an MSA Do-over?

July 8, 2020

CMS User Guides for Section 111 Reporting. open book with colored page markers

Is it time for an MSA do-over for open claims? Given the amended review process, we think it is.

Michael Stack’s recent article – Case Study: $101,312 Savings Through MSA Amended Review Process – in www.reduceyourworkerscomp.com points out that not every claim with a CMS-approved MSA settles on the first attempt. The piece describes one of CMS’s rare do-over opportunities, the Amended Review process.  

In the past, once an MSA had been approved by CMS, that was it.  If the claim didn’t close and subsequent changes in medical treatment reduced the MSA’s allocated costs, that was too bad. 

Process change allows for a productive MSA do-over

Fortunately, the agency changed its stance in 2017 and now allows the submission of revised MSAs to reflect changes in medical treatment and costs. Naturally, the claims need to meet certain criteria, which the article clearly outlines.

Stack, a highly regarded expert in workers’ compensation cost containment, illustrates his points with one of Tower’s Amended Review case studies, which resulted in savings of over $100,000.

During the economic fallout of COVID-19, some injured workers are re-thinking their earlier decisions to not settle their cases.  This is a good time to pull out any unsettled claims with MSAs, consider the Amended Review process and reopen settlement talks.

For more information, please see our Chief Compliance Officer Dan Anders’ earlier posts on Amended Reviews:

 

Contact Dan at Daniel.Anders@TowerMSA.com with any questions; he will be happy to help you determine if this program can help you close any of your claims.

Forbes Technology Council Welcomes Tower’s Jesse Shade

June 24, 2020

Jesse Shade Portrait

Tower’s Vice President of Technology Jesse Shade has joined Forbes Technology Council, a prestigious invitation-only forum of senior CIOs, CTOs, and technology execs.  Members collaborate to help solve daily business challenges—like cybersecurity threats—and share insights in Forbes.com articles. Read the related release: Tower MSA Partners’ Vice President of IT, Jesse Shade Accepted into Forbes Technology Council

We know Jesse will be a major asset to the Council because he delivers such high value to Tower. Possessing an unusual blend of interpersonal skills as well as hands-on technical expertise, he is responsible for strategic planning and serves on Tower’s executive team.  

Tower designed and built its own technology based on best practices in MSP compliance and MSA preparation.  The seamless system drives all compliance processes from Section 111 Mandatory Insurer Reporting, conditional payment resolution, MSA triage, and clinical interventions all the way through MSA preparation, CMS submission, and claim closure.

To be simple for clients to use, technology has to be quite complex behind the scenes.  That’s where Jesse’s 35+ years of IT experience in numerous industries, including banking, defense and aviation, comes into play. He leads development efforts for our proprietary technology and its network infrastructure all within a cybersecurity framework that protects Tower and its clients and business partners. (To learn more about cybersecurity threats, especially during COVID-19, check out Jesse’s two Leaders Speak articles on WorkCompWire.)

We’re proud that Jesse will be participating in Forbes’ exclusive Technology Council and look forward to seeing his articles in Forbes.com.

Related information

Jesse Shade

Forbes business communities

Dan Anders Weighs in on Legacy Comp Claim Closures

June 8, 2020

Stethescope and an insurance claim form illustrating legacy comp claim post

Business Insurance’s Louise Esola wrote an interesting More legacy comp claim closures anticipated with pandemic on an unexpected side effect of the coronavirus.  Injured workers who previously rejected settlement offers are rethinking their decisions. 

When researching the story, Esola contacted our Chief Compliance Officer, Dan Anders, who noted that insurers have long focused on legacy comp claim closures, especially those with high prescription drug costs.  He said they have, “become a little more proactive in looking at older legacy comp claims to see if this may be an opportunity to take a first or second look at settling those claims.”

At the same time, injured workers find themselves in financial conditions where a settlement would be critical. 

Tower’s Legacy Claims Settlement Initiative analyzes a payer’s portfolio of claims to detect those that could settle with or without clinical intervention. When future pharmacy costs inhibit settlement, Tower teams with myMatrixx to review drug regimens and find opportunities to reduce costs while protecting injured worker safety. Our recent Tower Premier Webinar: A Prescription for Settling Legacy Claims describes the program in detail.

After triaging the claim, Tower recommends interventions to optimize the MSA, identifies settlement partners, executes interventions, and helps move the claims to closure. 

Related:

WorkersCompensation.com’s Coverage of the Pharmacy/Legacy Claims Webinar

WorkersCompensation.com’s Coverage of the Pharmacy/Legacy Claims Webinar

June 1, 2020

stethoscope and insurance claim form

“The older the claim, the higher the costs—especially for prescription drugs,” wrote WorkersCompensation.com’s Nancy Grover, in this excellent recap of A Prescription for Settling Legacy Claims webinar. 

The May 19 webinar was presented by Dan Anders, Tower MSA Partners’ Chief Compliance Officer, and Phil Walls, Chief Clinical and Compliance Officer of myMatrixx. 

They said that aging claims increase the likelihood that the injured worker may become a Medicare beneficiary.  “That means those higher drug costs must be included in a Medicare Set-Aside,” she wrote.

The fast-paced webinar explains how and why prescription drug costs increase during the life of a claim. Brand name drugs, compounds (yes, still), and “prescription cascade” (prescribing new meds to address the side effects of other meds) top the list of cost-drivers.

To gain CMS approval of an MSA, medications that may not be needed or even being used must be allocated in the MSA. What’s more, they are priced at Redbook’s lowest average wholesale price (AWP), eliminating discounts the pharmacy benefit manager (PBM) once provided. Side note: Phil describes issues with AWP in detail during the Q&A at the end of the webinar. 

Dan and Phil discussed ways an MSA provider and PBM can partner to identify and address unnecessary costs—without negatively impacting the injured worker’s treatment.  “We reach out to the treating physician for last dates of service to see what’s going on,” Dan said. “We also do drug reviews to see if there are alternatives that can be implemented.”

Presenters cited a case where an intervention reduced the total morphine equivalent dosage from a dangerous 480 mg per day to 120 mg per day.  The changes produced a savings of about $1 million. 

“Our goal is never to keep the injured worker from obtaining the therapy they need, but not to expose them to unnecessary prescribing,” Phil said.

To download the recording of this valuable webinar, please go to: https://register.gotowebinar.com/recording/7163259288372148492

Best Practices for Cybersecurity

May 26, 2020

threatening hooded figure with the word cyber security superimposed to illustrate post on best practices for cybersecurity

Tower MSA Partners’ SVP of IT Jesse Shade offers advice to workers’ compensation companies on best practices for cybersecurity.

Did you know that personal health information (PHI) is more valuable on the black market than financial data?  This makes workers’ comp organizations very attractive targets for cyber criminals.

“Payers and other workers’ compensation organizations need to guard this sensitive data within their own enterprises. And, since these companies regularly exchange data with each other, each company needs to be just as concerned about the cybersecurity practices of its partners as its own,” says Tower’s Senior Vice President of Information Technology, Jesse Shade in this informative WorkCompWire article: Securing Data During COVID-19 and Beyond.

In last week’s article – COVID-19 Response Triggers Cybersecurity Threats to Workers’ Comp –  Jesse described the scope of the cybersecurity issue especially in the midst of COVID-19.  In this one, he outlines out best practices for cybersecurity in the form practical ways to protect PHI and other data and discusses the tools your IT department needs. He also gives you questions for your managed care organizations, MSP compliance companies and other service providers to ensure that their security practices can withstand attacks.

Cyberattacks have risen astronomically during COVID-19 and will continue long after the pandemic passes.  The IBM Cost of a Data Breach Report put the average cost of a data breach in the U.S. at $8.19 million in 2019.  In addition to the financial hit, companies risk their reputations and the trust of their clients, customers and partners. 

As Jesse says, you can’t afford to ignore cybersecurity.  

Related:

Building a Better Tower – Cybersecurity

 

Federal Court Rules on Plaintiff Refusal to Provide SSN

May 19, 2020

close up of judge's gavel with the scales of justice in the background

A federal magistrate judge got a full education in Section 111 Mandatory Insurer Reporting when a plaintiff refused to provide his Social Security Number (SSN) in a liability settlement with the State of Rhode Island.

The April 27, 2020 Rhode Island U.S. District Court decision came in the case of Genaro Ruiz vs. State of Rhode Island, et al., C.A. No. 16-507WES, April 27, 2020.  The judge held the defendant’s post-settlement effort to obtain the plaintiff’s SSN was “fully consistent with the express and implied terms of the Settlement Agreement” given the Medicare Secondary Payer Act (MSP) requirements. 

Further, the plaintiff could not use the federal Privacy Act to negate the defendant’s basis for requesting the information, again given MSP requirements.

Background

The 2007 Medicare, Medicaid and SCHIP Extension Act (MMSEA) created a requirement for non-group health plans (NGHPs), such as the defendant State of Rhode Island, to report settlements involving Medicare beneficiaries to the Centers for Medicare and Medicaid Services (CMS).  Consequently, NGHPs must determine whether a plaintiff or claimant is a Medicare beneficiary.

To verify their Medicare beneficiary status, a claimant, whether a Medicare beneficiary or not, is asked to produce certain information to the NGHP: including first and last name, date of birth, gender, SSN, Medicare number, or at least the last five digits of the SSN or Medicare number.

To ensure compliance, the statute provides for penalizing the NGHP up to $1,000 per day per claim for non-compliance. However, demonstration of good faith efforts to obtain the SSN can eliminate this penalty.  As the Court noted, CMS’s February 18, 2020 proposal described the penalties and what constituted a good faith effort.  (See Tower’s article, CMP Comments Submitted)

Rhode Island Case

The parties in the Rhode Island liability case reached a mediated settlement agreement with the following relevant components:

  • Plaintiff, who was at least 65 at the time of settlement, acknowledged that because he was a Medicare beneficiary, it was his responsibility to resolve any Medicare claim. However, the settlement negotiations did not define how defendants would obtain closure of any possible Medicare claim or lien.
  • Plaintiff never advised defendants that he would refuse to supply his SSN, or any part of it, as part of the settlement agreement. Providing the SSN would enable the State to ascertain his status as a Medicare beneficiary and to comply with the Medicare statutory reporting requirement.
  • Defendants never advised plaintiff that the submission of his SSN, or any part of it, was a precondition to their paying the settlement proceeds.

Post the settlement agreement the defendant provided the “RI Medicare Reporting Form” that requests the SSN the plaintiff attorney. Plaintiff attorney’s response was “n/a” to the SSN question.  Ultimately, the plaintiff attorney said they were refusing to provide the SSN, which caused the defendant to petition the court to intervene. 

The court held an off-the-record call with the parties that resulted in the decision that the plaintiff would either provide the SSN or an affidavit stating that he did not have an SSN. Plaintiff failed to provide either and filed a motion to enforce the settlement on the basis that the federal Privacy Act gives him an absolute right to refuse to disclose his SSN. He also made a claim for punitive damages, interest, and attorneys’ fees.  The defendant responded with a motion to enforce the agreement from the off-the-record call.

District Court Holding

The District Court held:

  • That the defendant made significant (and successful) efforts to comply fully with the letter and spirit of MMSEA. In an effort to comply, The State of Rhode Island made the requisite query using at least a five-digit iteration of Plaintiff’s SSN. (During discovery, the defendant apparently obtained the last four digits of the SSN and tried to add the fifth digit by performing a query of the multiple iterations).
  • The State’s actions fit neatly into the not-yet-established safe harbor limned by the Proposed Rule, so that any penalties and sanctions for non-compliance should not be imposed
  • The State (and the Court) appropriately relied on plaintiff’s acquiescence to the use of the information he produced in discovery to make the required report to CMS
  • There was no further need for plaintiff to disclose his SSN or any part of it as a prerequisite to receiving the settlement proceeds

Regarding the plaintiff’s claim for punitive damages, interest, and attorneys’ fees:

  • The State’s conduct in delaying payment of the settlement proceeds does not conceivably amount to “willful and wanton disregard” for plaintiff’s rights bordering on criminality.
  • The settlement agreement must be interpreted as incorporating and being subject to the MMSEA requirement of disclosure of the SSN (and, if that is not available, at least the last five digits of the SSN). It is not subject to the Privacy Act prohibition on SSN disclosure because MMSEA is a “Federal statute” requiring preferably full, but at least partial, SSN disclosure.
  • Plaintiff was contractually obliged to provide defendants with as much of the specified information as the State reasonably needed to make a CMS query about his Medicare status/ His refusal to disclose at least the fifth from the last digit of his SSN is a breach of the implied covenant of good faith and fair dealing.

Practical Implications

This is one of those cases where an uncooperative claimant appears to have hit a nerve with the Court, resulting in the Court going above and beyond to rule in favor of the defendant.  Its decision, though, shows how at least this federal court views the responsibilities of the settling parties in regard to the Section 111 Mandatory Insurer reporting requirement.

Key takeaways from the decision:

  • A defendant is allowed to request the SSN or an affidavit that the SSN will not be provided even post-settlement and such request does not constitute bad faith or a violation of the federal Privacy Act.
  • The plaintiff should either provide the full SSN (or their Medicare number), the last five digits of the SSN or Medicare number, or a statement or affidavit that the plaintiff is refusing to provide either.  CMS even provides a standard form if the plaintiff does not want to use the form provided by the defendant.

Best practice is to attempt to obtain the SSN prior to the settlement agreement. This is not only important to reporting requirements, but also to investigate Medicare conditional payments.  If the SSN or affidavit cannot be obtained prior to the settlement agreement, then the settlement agreement should include terms in which the plaintiff is required to provide such information.

If you have any questions, please contact me, Dan Anders, at (888) 331-4941 or daniel.anders@towermsa.com.