Alert Series
Cyber-Threats: What You Need to Know to Protect Your Business Now

Year-end is an excellent opportunity to reflect and get organized for the coming year. While making your list of New Year’s resolutions, consider potential cyber and data security threats to you and your business and prepare for what we expect to be a tumultuous year filled with malware attacks, data security breaches and cybersecurity challenges.

To get you started, here is a recap of the top five tips we covered in our 2017 Cybersecurity Alert series, which addressed significant cyber-threats to your business and discussed ways you can protect your business with thoughtful and timely planning before an emergency arises. We offered guidance on establishing a smart data management plan, securing your company’s portable devices, evaluating vendor relationships, handling disgruntled employees, and testing for data security events.

Sam Felker
Brad Moody

Cyber-Threats: Five Tips for Data Protection We Learned in 2017

1. Plan Now for Data Security Events

As the number of data security breaches grows, it’s not a matter of if your company will experience a security event, but when and to what degree. Is your company ready? Get your plan together.

  • Identify potential security events. Know what data you have and where it’s stored. Identify how access is granted, and to whom. Look for vulnerabilities in everything from your network to your employees’ mobile devices to your company’s website.
  • Develop a two-part plan: prevention and reaction. Take steps to secure your platforms and data, and devise processes for remediation and notification in the event of a breach or other malicious attack.
  • Review and test the plan. Document your data security policies and processes, and review them with your users, vendors and legal counsel. Continually test your information systems by simulating data security events.
  • Revise and repeat. Data security plans should be continually reviewed, revised and updated – especially when technology is updated, a new category of data is retained or storage solutions change.

Read on: “Ready, Set, Go: Preparing and Testing for Data Security Events”

2. Keep Only the Data You Need

Companies are continually building out their IT infrastructure with new applications, networks and platforms. As a result, they’re amassing enormous volumes of data, making compliance with data privacy law and regulations more challenging than ever.

What’s a company to do? Keep it simple by keeping only what you need.

  • Know what types of data your company has. Identifying and managing data at a granular level helps you strike a balance between regulatory compliance and operational efficiency.
  • Automate your information governance. Cloud-based solutions, in-place records management and AI can trim the fat from both your data storage and your data management processes.
  • Get your data practices in line now because the EU’s General Data Protection Regulation will be enforced beginning on May 25, 2018.

Read on: “Keep Only What You Need – Information Management in the Digital Age”

3. Secure Your Company’s Portable Devices

Don’t assume your laptop or phone can’t be compromised just because it’s safely in your possession. Beyond the risk of physical theft, those devices can be hacked. Know these eight keys for protecting your portable devices.

  • Make sure your data is encrypted, both upon transmittal and at rest. Most laptops, phones and other portable devices have some form of encryption built in – but if you’re storing sensitive and confidential data, consider adopting more advanced options through a third-party encryption service.
  • Require users to create complex passwords that must be changed frequently. Add further protection by adopting multi-factor authentication (MFA), which requires something in addition to a password, like a fingerprint, phone call or additional passcode generated from another source.
  • Decide which users should have access to your data through portable devices, and which information they should be allowed to access. Create and monitor access logs to watch out for unauthorized access.
  • Back up your devices and then secure those backups. Backups should be treated no differently than the original data; they should be encrypted and password protected.
  • Remember to install updates and patches from the device manufacturers to stave off viruses, backdoors and malware. Inventory your devices regularly, and revoke from your network any that don’t have the latest security updates.
  • Use mobile device management (MDM) solutions, which offer a range of options, including allowing devices to be remotely controlled or wiped, setting minimum security requirements or requiring external drives to be password protected.
  • Create written policies governing access to your company’s data on portable devices. Clarify what’s permitted and what’s not. Disclaim liability for damage to employee-provided devices. Make clear that there’s no right to privacy on devices that access a company’s networks. Require users to execute an acknowledgment of the policies.

Read on: “Eight Keys to Securing Portable Devices”

4. Vet Your Vendors Carefully

Vendors and third-party service providers that have access to your company’s platforms and customer data pose unique security risks. Take steps to minimize risks when allowing access to your company’s data.

  • Before hiring a vendor, do a thorough review of its data security policies, procedures and controls.
  • Be sure your vendor contracts provide for data security reporting standards, non-disclosure clauses, the right to require changes as the digital space evolves and a provision for your organization to have access to your vendors’ systems.
  • Even after a vendor is engaged, plan on continued oversight to ensure vendors are honoring their commitments and adhering to standards and processes outlined in your agreements

Read on: “Vendor Relations – Your Best Friends Really Can Hurt You”

5. Beware of Internal Threats

Disgruntled, financially-motivated or even careless employees can cause significant disruption and damage to your digital property. Employees know their way around your company’s platform and data, and as such, have an advantage in launching malicious attacks against your information systems. Be on your guard for – and take steps to prevent – internal threats.

  • Require non-disclosure agreements with new employees.
  • Train your workforce to prevent unintended disclosure of confidential information.
  • Protect devices and encrypt those that store your company’s most sensitive data.
  • Monitor user behavior and identify any unusual patterns.
  • Manage access by regularly checking that user permissions are granted only for needed job responsibilities.
  • Disable unnecessary accounts promptly.

Read on: “Disgruntled Employees and Other Internal Threats to Your Cybersecurity”

HBMA Washington Report – November Issue

Washington Report – November, 2017
(Covers activity between 11/1/17 and 11/30/17)
Bill Finerfrock, Matt Reiter, Nathan Baugh, Deanna Marcarelli, Carolyn Bounds



 Return to Top

President Trump Nominates Alex Azar for Secretary of Health and Human Services
On November 13th, President Trump announced that he is nominating Alex Azar to serve as Secretary of Health and Human Services (HHS). Azar was widely rumored to be a frontrunner for the position but now his nomination is official.

If confirmed, Azar would replace former HHS Secretary Tom Price who resigned as HHS Secretary after media reports surrounding his use of chartered flights instead of commercial flights. Recently confirmed Deputy HHS Secretary, Eric Hargan, is currently serving as acting Secretary of HHS.

Azar was the President of pharmaceutical giant Eli Lilly & Co.’s U.S. operation for five years but left that position in January. Azar is a veteran of HHS. He held several positions at HHS under the George W. Bush administration including deputy secretary.

The Senate Health, Education, Labor and Pensions (HELP) Committee held a hearing featuring Azar as the sole witness to discuss his nomination. However, it should be noted that the HELP Committee does not have jurisdiction to vote on his nomination, the Senate Finance Committee has jurisdiction over his nomination. The Finance Committee will hold its own confirmation hearing soon but a date has not yet been announced. The full Senate will consider his nomination after approval from the Finance Committee.

Azar has been critical of the Affordable Care Act (ACA) in the past but now inherits the job of implementing this law. In his testimony at the Senate HELP Committee hearing, Azar discussed the need to make health insurance sold through the ACA exchanges more affordable. He also discussed how his background in the pharmaceutical industry will help him address rising prescription drug prices and the opioid epidemic. In this hearing, he also affirmed his support for the transition to value-based payments in the Medicare program.

Azar has a law degree from Yale and clerked for the late U.S. Supreme Court Justice Antonin Scalia.

Return to Top

Senate Passes Its Tax Bill Setting up Negotiations with House on Final Version
In the early hours of December 1st, the Senate passed its version of a massive reform of the U.S. tax code by a vote of 51- 49. The House of Representatives passed its own version of this bill a few weeks ago. The two Chambers will now form a Conference Committee made up of a handful of legislators from both parties appointed by each party’s leadership. The Conference Committee will negotiate to reconcile the differences between the two versions. The Conference Committee’s report is subject to a vote in each Chamber which, if passed, will send the legislation to President Trump to sign into law.

The Senate version is projected to have a similar overall impact on the federal budget as the House’s bill but there are a few key differences between the two bills. Both will reduce federal revenues by about $1.5 trillion according to the Congressional Budget Office (CBO) and Joint Committee on Taxation (JCT) although some of this reduced revenue will be offset by tax revenue from projected economic growth.

The Senate and House passed their respective versions of the bill using a process known as budget reconciliation. Use of the budget reconciliation process is important because legislation considered via budget reconciliation cannot be filibustered in the Senate. It takes 60 votes to overcome a filibuster in the 100-seat Senate and Republicans only control 52 of those seats. This means that the GOP is unable to overcome a filibuster from within their own ranks. There is no procedure similar to the filibuster in the House meaning the Republican-controlled House can pass most bills with a simple majority vote.

Budget reconciliation also comes with certain limitations, however.

As the words “budget reconciliation” would imply, bills using this process must have a significant budgetary impact (i.e. taxing authority and entitlement spending). Inclusion of so-called “extraneous” matter could cause the Senate parliamentarian to rule that a bill was “out of order” and unavailable to be considered until such time as the offending provision was removed. The Senate can vote to override the ruling of the parliamentarian but it takes 60 votes to override the parliamentarians ruling.

It is noteworthy that the Senate included a provision in its tax reform bill that would eliminate the individual mandate. There is no similar provision in the House tax reform bill. This is something that the House-Senate Conference Committee must reconcile.

Under the Senate bill, beginning in 2019, the ACA’s individual mandate would be repealed.   According to the CBO, repealing the individual mandate is projected to save the federal government $338 billion over ten years. To some, this seems counterintuitive. Given that people who fail to comply with the mandate must be a tax penalty to the federal government, how is it that by repealing the mandate, you are actually saving money?

According to the Congressional Budget Office (CBO) approximately 4 million people will not buy health insurance in 2019 who would have purchased health insurance if the tax penalty remained in place. CBO assumes that a significant percentage of these 4 million people would have been eligible for a federal subsidy to help pay for their insurance. CBO estimates that the amount of money the federal government would save on premium subsidies for these individuals was far more than the revenue the federal government would have received due to the penalty.

The House bill would also eliminate the deduction for medical expenses. The Senate’s version keeps this deduction. This, too, will have to be reconciled.

Both versions would eliminate many individual tax deductions but offset those changes with an increase of the standard deduction. Though, they do differ on which deductions are eliminated and the amount of the standard deduction increase.

The House version would increase the standard deduction to $12,200 for individuals and $24,400 for joint filers while the Senate would increase the standard deduction to $12,000 for individual and $24,000 for joint filers. Both increases represent an almost two-fold increase from the current standard deduction amount of $6,350 for individuals and $12,700 for joint filers.

Also among the provisions that need to be worked out in a Conference is the mortgage interest deduction. The Senate version would maintain the current mortgage interest deduction for up to $1 million in mortgage principal but the House bill would reduce that amount to $500,000.

Both versions would reduce the state and local tax deduction and both increase the child tax credit although the exact amounts for the child tax credit differ.

With regard to the business tax framework, both versions reduce the corporate tax rate from 35 percent to 20 percent. However, the House bill would implement this change beginning with the 2018 tax year but the Senate bill would wait until the 2019 tax year. Both the House and Senate bills reduce the top pass-through tax rate used by many small business from 39.6 percent to 25 percent and 23 percent respectively.

Both versions would allow companies to immediately expense capital investments as opposed to spacing the deduction out over several years.

The Conference Committee will begin meeting with the goal of producing a Conference Report that can be voted on in each chamber for the end of the year. This process always takes place behind closed doors meaning the public will not be able to see the Conference Report until it is finished.

Return to Top

CMS Announces Medicare Parts A and B Premiums and Deductibles for 2018
The Centers for Medicare and Medicaid Services (CMS) has announced the premiums and deductibles for Medicare Parts A and B for 2018. CMS is leaving Medicare Part B generally unchanged but is increasing deductibles for Part A.

For 2018, the standard Medicare Part B premium will be $134 per month, which is unchanged from 2017. The annual deductible for Medicare Part B will also remain unchanged from 2017 at $183.

Beneficiaries with higher incomes pay more than the standard premium amount. This could be as low as $187.50 for beneficiaries who earn less than or equal to $85,000 per year and as high as $428.60 for individual beneficiaries who earn more than $160,000 per year. Only five percent of beneficiaries are subject to increased premiums.

Seniors who rely on Social Security as their sole source of income are eligible for a reduced Part B premium under a “hold harmless” provision. For these enrollees, any increase in Part B premiums must be lower than the increase in their Social Security benefits. About 70 percent of enrollees qualify for the hold harmless protection’s reduced premiums which were $109 in 2017. CMS expects the “hold harmless” premiums to increase in 2018 but did not indicate how much the increase will be.

According to CMS, after several years of no or very small increases, Social Security benefits will increase by two percent in 2018 due to the Cost of Living adjustment (COLA). Therefore, some beneficiaries who were held harmless against Part B premiums increases in prior years will have a premium increase in 2018. CMS estimates 42 percent of all Part B enrollees are subject to the hold harmless provision in 2018 but will pay the full monthly premium of $134, because the increase in their Social Security benefit will be greater than or equal to an increase in their Part B premiums up to the full 2018 amount.

There is no premium for Medicare Part A for beneficiaries who successfully paid into the Medicare trust fund for 40 quarters of Medicare-covered employment. However, Part A enrollees who only had 30 quarters of covered employment are subject to a $232 monthly premium in 2018 which is a $5 increase from 2017. Enrollees with less than 30 quarters of coverage will pay the full Part A premium, which will be $422 a month, a $9 increase from 2017.

The deductible for Part A plans is increasing by $24 to a total of $1,340 in 2018. The daily Part A coinsurance for the 61st through the 90th day of an inpatient hospital stay is increasing from $329 per day to $335 per day and the daily coinsurance on lifetime reserve days is increasing from $658 to $670 per day. The Skilled Nursing Facility (SNF) coinsurance for days 21 through 100 of a SNF stay is increasing from $164.50 per day to $167.50 per day.

Return to Top

HHS Launching Voluntary HIPAA Administrative Simplification Compliance Reviews for Health Plans and Clearinghouses
In recognizing the need for improved compliance with the HIPAA Administrative Simplification electronic transaction standards, the Department of Health and Human Services (HHS) is announcing it will begin conducting voluntary compliance reviews of health plans and clearinghouses.

HHS is looking for three health plans and three clearinghouses to volunteer for the compliance reviews. Volunteers will undergo reviews of their transactions for compliance with adopted standards, code sets, unique identifiers, and operating rules. Reviews will be conducted beginning January 2018.

HHS will not enforce penalties from the results of this review. HHS will identify compliance issues and areas for improvement. Volunteers will be required to develop a corrective action plan to remedy areas of noncompliance.

HHS will provide a certification to participants who “achieve successful reviews” which HHS says can be used as a marketing tool by the participant.

This review is a pilot program that HHS intends to scale to a larger number of health plans and clearinghouses. Health plans and clearinghouses that take part in the pilot project won’t be subject to random selection for another assessment for one year following HHS’s launch of the optimization program.

Health plan and clearinghouse compliance with these standards is identified as a top priority in the HBMA Government Relations Committee Strategic Plan for 2017 and 2018. The HBMA Government Relations Committee will be closely following the results of this review.

Return to Top

CMS to Provide Additional Tools for Providers to Look Up QMB Status
Over the past few months, the Centers for Medicare and Medicaid Services (CMS) has been making an effort to reduce improper billing of cost sharing for Qualified Medicare Beneficiaries (QMB). QMBs are eligible for both Medicare and Medicaid and providers cannot bill QMBs for Medicare coinsurance. Medicaid is supposed to cover the Medicare cost sharing for QMBs.

Most instances of providers improperly charging QMBs for Medicare cost sharing is not intentional. Providers often have trouble identifying a patient’s QMB status.

CMS is announcing new steps to help make QMB status information more available to providers. This month, CMS will begin providing QMB status information in the HIPAA Eligibility Transaction System (HETS). CMS is also providing this information in remittance advice (RA) on Part A and B claims as of October 2nd.

Providers may also verify patient’s QMB status through State online Medicaid eligibility systems or by asking patients for other proof such as their Medicaid identification card or a copy of their quarterly Medicare benefit summary notice. CMS began providing additional information to beneficiaries on their QMB status including through summary notices.

Return to Top

Congress Still Deciding Path Forward on CHIP Funding
On September 30th, the authorization expired for federal funding for the Children’s Health Insurance Program (CHIP) which provides insurance for children of low-income parents who earn too much to qualify for Medicaid. The CHIP program generally enjoys bipartisan support in Congress but funding has yet to be reauthorized. Most states have enough funds in reserve to maintain their CHIP programs however a few states are close to running out of money.

On November 3rd, the House of Representatives passed a five-year reauthorization of CHIP funding mainly along party lines. Democrats objected to how the bill offsets the cost of the reauthorization including increasing Medicare premiums for wealthy beneficiaries and taking money from the Affordable Care Act’s public health and prevention fund. The bill is projected to cost $14.7 billion over ten years.

The Senate has not considered the House bill nor has it advanced its own version of a CHIP reauthorization bill.

However, Congress did take action on a short-term measure to address the CHIP funding shortfall in the recently passed Continuing Resolution (CR) which extends funding for the entire Federal Government for two weeks. The CR includes a provision that allows states to tap into some reserve CHIP funding that is not currently available. This is not a permanent solution to the problem but it should help the states that are running low on CHIP funding while Congress continues to negotiate a long-term solution.

Return to Top

ACA Enrollment Update
Open enrollment for the 2018 plan year for health insurance sold on the exchanges established under the Affordable Care Act (ACA) began on November 1st. The Centers for Medicare and Medicaid Services (CMS) has been providing weekly updates on enrollment figures for the federally facilitated marketplace, better known as A total of 39 states use as their state’s exchange. States that operate their own exchanges are not reflected in this data set.

Through the first four weeks of the open enrollment period (November 1st – November 25th), over 2.7 million people enrolled in a health plan through 718,285 are new consumers while the remaining two million and change are consumers who already have insurance through the exchanges and are renewing their coverage for 2018 either in the form of a new plan or renewing their existing plan.

This data set does not include information on which types of plans were selected.

The 2018 open enrollment period ends on December 15th.

Return to Top

More Details Released on CMS’ Meaningful Measures Initiative
Last month, the Administrator of the Centers for Medicare and Medicaid Services (CMS), Seema Verma, announced a new initiative to reduce the burden of reporting quality measures while also improving the quality of the quality measures themselves.

Titled, the Meaningful Measures initiative, CMS followed up this announcement with a webinar to further explain the program. CMS intends to apply this initiative to the existing value-based payment programs such as the Merit-based Incentive Payment System (MIPS). Meaningful Measures will not change the reporting requirements for programs like MIPS, but it is intended to improve the measures that are available to be reported to achieve six goals highlighted by CMS in the graphic below.

Administrator Verma has been very open with her support for the transition to value-base care. However, she recognizes the administrative burdens these new payment systems cause for providers and has taken steps to address those issues.

Meaningful Measures could lead to an expedited phase out of topped out measures or a greater emphasis on outcomes-based measures. CMS will be releasing additional information on this initiative in the coming months.

Return to Top

CMS Considering 32 New Quality Measures
Each year, the Centers for Medicare and Medicaid Services (CMS) releases a the list of new quality and cost measures that it is considering adding to the various Medicare value-based payment programs such as the Merit-based Incentive Payment System (MIPS). CMS then works with the National Quality Forum (NQF) to get input from multiple stakeholders, including patients, clinicians and payers on the measures that are best suited for implementation.

The Affordable Care Act (ACA) required CMS to publish the list of measures under consideration (MUC) for adoption before they are formally proposed through rulemaking.

CMS is proposing 32 new measures to consider adding to the Medicare value-based payment programs. Of these new measures, 22 are for MIPS. No other program has more than three new measures on the MUC list while many have no measures on the list. A total of 184 measures were submitted by stakeholders for inclusion on the MUC list.

The measures that were selected reflect the new CMS Meaningful Measures program which is intended to prioritize the use of measures that have a significant impact on quality while eliminating those that do not in order to reduce the regulatory burden of quality reporting. According to CMS, approximately 40% of measures on the MUC list are outcome measures, including patient-reported outcome measures.


Return to Top

CMS Reports Drop in Medicare Fee-For-Service Improper Payment Rate
The Centers for Medicare and Medicaid Services (CMS) has reported that the improper payment rate for Medicare Fee-For-Service (FFS) payments has continued to decline. In a CMS blog post authored by CMS Principal Deputy Administrator for Operations Kimberly Brandt, the Medicare improper payment rate dropped from 11 percent in 2016 to 9.5 percent in 2017. This translates to a $4.9 billion decrease in estimated improper payments. Total Medicare FFS improper payments were estimated to be $36.2 billion in 2017.

According to the post, this is the first time since 2013 that the Medicare FFS improper payment rate is below the 10 percent, a threshold required by the Improper Payments Elimination and Recovery Act of 2010.

The blog post clarifies that improper payments are not always indicative of fraud, nor do they necessarily represent expenses that should not have occurred. For example, instances where there is insufficient or no documentation to support the payment as proper are cited as improper payments under current Office of Management and Budget (OMB) guidance. Providing the necessary documentation can remedy some of these “improper” payments.

According to CMS, the majority (66 percent) of Medicare FFS improper payments are due to documentation errors resulting in CMS being unable to determine whether the billed items or services were actually provided, were billed at the appropriate level, and/or were medically necessary. A smaller percentage (27 percent) of Medicare FFS improper payments are payments for claims CMS determined should not have been made or should have been made in a different amount.

The most common form of improper payments (64 percent) was insufficient documentation followed by medical necessity errors representing 17 percent of improper payments and incorrect coding representing ten percent. Three percent of improper payments were underpayments for covered services. Two percent of improper payments were made for claims that presented no documentation and “other” rounds out the total by accounting for three percent of improper payments.

CMS has taken steps to address the prevalence of documentation and coding errors including its Targeted Prove and Educate (TPE) program.

The results reported in this blog post are in line with what CMS told the HBMA Government Relations Committee during its annual meeting with CMS in June.

Return to Top

CVS Agrees to Purchase Aetna
After several months of rumors that an acquisition was in the works, CVS and Aetna officially announced that CVS will indeed purchase Aetna for about $67.5 billion in cash and stock. This deal immediately set off speculation over whether or not the U.S. Department of Justice (DOJ) would seek to block the merger on anti-trust grounds.

The deal would represent a significant expansion of CVS to now be a pharmacy, healthcare provider and insurer all in one company. CVS’ massive retail presence of 9,700 locations could lead it to take an increased role in nutrition and other wellness services as well.

CVS could use its ownership of one of the top five largest health insurers to make itself the exclusive or preferred pharmacy for Aetna plans. CVS has also been pushing into the primary care space with its Minute Clinics. A likely effect of the deal is reduced competition for providers and pharmacies looking to be in an Aetna network. The question for the DOJ is to what degree is competition reduced and will this warrant an anti-trust challenge from the government. Federal approval for the deal could be contingent on guarantees that CVS will preserve competition.

This would not be the first time a healthcare provider organization attempted to enter the insurance industry. Over the past few years, several healthcare systems have started their own health insurance company with examples of both success and failure.

According to the announcement, Aetna’s leadership would be retained and Aetna would be run as an independent business unit of CVS.

CVS believes this acquisition can lead to reduced costs for consumers and reduce spending on healthcare by steering patients towards its Minute Clinics to keep them out of the emergency room. CVS also believes that combining the data collected by the two companies can lead to additional strategies for savings and improvements in the delivery of care. CVS could take a more proactive role in care management such as prescription adherence monitoring and managing chronic conditions.

Return to Top

CMS Finalizes Cancellation of New, Mandatory Episode Payment Models
On November 30, 2017, the Centers for Medicare and Medicaid Services (CMS) finalized its proposal from August 15th to cancel the two episode payment models (EPM) for cardiac care. CMS is also finalizing a reduction in the number of geographic areas required to participate in the Comprehensive Care for Joint Replacement (CJR) EPM. The final rule also cancels an expansion of the CJR model to surgical hip and femur fracture treatments.

The two cardiac care models were for Coronary Artery Bypass Grafts (CABG) and Acute Myocardial Infarction (AMI) for treating heart attacks. The EPMs would have covered Medicare Part A and B services for the procedure and all care 90-days following the procedure. Participation would have been mandatory in the selected geographic areas.

For the CJR performance year beginning on January 1, 2018, CMS is reducing the number of geographic areas required to participate in the CJR model from 67 to 34. Hospitals in the selected geographic areas are required to participate in the CJR model for Medicare hip and knee replacement surgeries. Low-volume and rural hospitals in the selected areas would be exempt.

The list of geographic areas that are required for participation can be found on the CMS website for the CJR.

CMS will allow hospitals in the 33 geographic areas that were removed from the mandatory list to voluntarily participate in the CJR model. Hospitals that wish to voluntarily participate must opt-in by January 1, 2018.

This move comes as little surprise. Throughout the year, the Trump Administration has expressed opposition to the mandatory nature of these models. The proposed rule from August reflected this sentiment. The Administration is not opposed to EPMs on principle, but wants to implement them at a slower rate and on a smaller scale to avoid imposing a burden on providers. Current CMS and HHS leadership also want to make sure these models can work before making them mandatory across the Medicare program.

In a hearing before the Senate Health Education Labor and Pensions (HELP) Committee, President Trump’s nominee for Secretary of Health and Human Services (HHS), Alex Azar, affirmed his support for testing new value-based payment models. We would not be surprised if CMS introduces new proposed EPMs as early as next year.

Return to Top

CMS Transmittals
The following Transmittals were released by CMS during the month of November.

Transmittal Number Subject Effective Date
R1980OTN Shared System Enhancement 2015: Removing/Archiving Obsolete On Request Jobs within the Multi-Carrier System (MCS) 2018-04-02
R3929CP Elimination of the GT Modifier for Telehealth Services 2018-01-02
R3927CP Instructions for Downloading the Medicare ZIP Code File for April 2018 2018-04-02
R3928CP Off-Cycle Update to the Skilled Nursing Facility (SNF) Prospective Payment System (PPS) Fiscal Year (FY) 2018 Pricer 2018-01-02
R110GI Affordable Care Act Bundled Payments for Care Improvement Initiative – Recurring File Updates Models 2 and 4 April 2018 Updates 2018-04-02
R186DEMO IVIG Demonstration: Payment Update for 2018 2018-01-02
R187DEMO Next Generation Accountable Care Organization (NGACO) Year Three Benefit Enhancements 2018-01-02
R3844CP Replacement of Mammography HCPCS Codes, Waiver of Coinsurance and Deductible for Preventive and Other Services, and Addition of Anesthesia and Prolonged Preventive Services 2018-01-02
R3925CP Changes to the Laboratory National Coverage Determination (NCD) Edit Software for January 2018 2018-01-02
R173SOMA Revisions to State Operation Manual (SOM), Appendix PP Guidance to Surveyors for Long Term Care FacilitiesRevisions to State Operation Manual (SOM), Appendix PP Guidance to Surveyors for Long Term Care FacilitiesRevisions to State Operation Manual (SOM), Appendix PP Guidance to Surveyors for Long Term Care Facilities 2017-11-28
R12P240 Clarifies and corrects the existing instructions, incorporates additional statutory and regulatory changes, and adds a checkbox that allows a provider to elect and sign the Certification and Settlement Summary page of the Medicare cost report using an electronic signature pursuant to 42 CFR 413.24(f)(4)(iv). (See also 82 FR 38493.) Effective dates will vary. N/A
R1978OTN Implementation of Changes to Certificate of Medical Necessity (CMN) and CMN DME Information Form (CMN DIF) as a result of the New Medicare Card Project 2018-04-02
R203NCD Hyperbaric Oxygen (HBO) Therapy (Section C, Topical Application of Oxygen) 2017-12-18
R3921CP Hyperbaric Oxygen (HBO) Therapy (Section C, Topical Application of Oxygen) 2017-12-18
R238BP Rural Health Clinic (RHC) and Federally Qualified Health Center (FQHC) Medicare Benefit Policy Manual Chapter 13 Update 2018-02-15
R3923CP Quarterly Update of HCPCS Codes Used for Home Health Consolidated Billing Enforcement 2018-04-02
R171SOMA Revisions to State Operations Manual (SOM), Appendix U – Survey Procedures and Interpretive Guidelines for Responsibilities of Medicare Participating Religious Nonmedical Healthcare Institutions 2017-11-20
R172SOMA Revision to State Operations Manual (SOM) Appendix A – Survey Protocol, Regulations and Interpretive Guidelines for Hospitals 2017-11-17
R1979OTN Shared System Enhancement 2015: Identify Inactive Medicare Demonstration Projects Within the Common Working File (CWF) 2018-07-02
R3922CP Update to the Federally Qualified Health Center (FQHC) Prospective Payment System (PPS) for Calendar Year (CY) 2018 – Recurring File Update 2018-01-02
R3924CP 2018 Annual Update to the Therapy Code List 2018-01-02
R3920CP Qualified Medicare Beneficiary Indicator in the Medicare Fee-For-Service Claims Processing System N/A
R755PI Tracking Medicare Contractors’ Prepayment and Postpayment Reviews 2017-12-11
R3916CP Claim Status Category and Claim Status Codes Update 2018-04-02
R1973OTN Multi-Carrier System (MCS) Modernization Proof of Concept Number 8 2018-04-02
R1972OTN Analysis Only: Develop Enhanced Claims Search Reporting in Fiscal Intermediary Shared System (FISS) 2018-04-02
R3915CP Implement Operating Rules – Phase III Electronic Remittance Advice (ERA) Electronic Funds Transfer (EFT): CORE 360 Uniform Use of Claim Adjustment Reason Codes (CARC), Remittance Advice Remark Codes (RARC) and Claim Adjustment Group Code (CAGC) Rule – Update from Council for Affordable Quality Healthcare (CAQH) Committee on Operating Rules for Information Exchange (CORE) 2018-04-02
R3912CP Off-Cycle Update to the Long Term Care Hospital (LTCH) Prospective Payment System (PPS) Fiscal Year (FY) 2018 Pricer 2018-01-02
R3913CP Common Edits and Enhancements Modules (CEM) Code Set Update 2018-04-02
R1968OTN Tracking Status of Claims Adjustments N/A
R1969OTN Partial Settlement of 2-Midnight Policy Court Cases 2017-12-11
R3911C[ New Positron Emission Tomography (PET) Radiopharmaceutical/Tracer Unclassified Codes N/A
R3910CP Remittance Advice Remark Code (RARC), Claims Adjustment Reason Code (CARC), Medicare Remit Easy Print (MREP) and PC Print Update 2018-04-02
R1971OTN Modifications to the National Coordination of Benefits Agreement (COBA) Crossover Process 2018-04-02
R1974OTN Revision of PWK (Paperwork) Fax/Mail Cover Sheets 2018-04-02
R1975OTN ICD-10 and Other Coding Revisions to National Coverage Determinations (NCDs) 2018-07-02
R3919CP Update to Rural Health Clinic (RHC) All Inclusive Rate (AIR) Payment Limit for Calendar Year (CY) 2018 2018-01-02
R3918CP Therapy Cap Values for Calendar Year (CY) 2018 2018-01-02
R1976OTN Common Working File (CWF) to Modify CWF Provider Queries to Only Accept National Provider Identifier (NPI) as valid Provider Number 2018-01-02
R3909CP Quarterly Update for the Durable Medical Equipment, Prosthetics, Orthotics and Supplies (DMEPOS) Competitive Bidding Program (CBP) – January 2018 2018-01-02
R1967OTN CICS Region Merge(s) for A/B MACs – Analysis Only 2018-04-02
R3917CP Calendar Year (CY) 2018 Participation Enrollment and Medicare Participating Physicians and Suppliers Directory (MEDPARD) Procedures N/A
R3901CP Update to Pub 100-04, Chapter 18 Preventive and Screening Services – Screening for Lung Cancer with Low Dose Computed Tomography (LDCT) 2017-12-04
R3902CP New Waived Tests 2018-01-02
R1960OTN Implementation of the Award for the Jurisdiction Part A and Part B Medicare Administrative Contractor (JJ A/B MAC) 2018-02-26
R1959OTN Analysis Only: VMS Accreditation Logic Related to HCPCS Codes Contained in Multiple Product and Service Codes 2018-04-02
R237BP Implementation of Changes in the End-Stage Renal Disease (ESRD) Prospective Payment System (PPS) and Payment for Dialysis Furnished for Acute Kidney Injury (AKI) in ESRD Facilities for Calendar Year (CY) 2018 2018-01-02
R1958OTN Shared System Enhancement 2014: Implementation of Fiscal Intermediary Shared System (FISS) Obsolete Financial and Expert Claims Processing System (ECPS) Reports – Phase 1 2018-04-02
R1957OTN Shared System Enhancement 2015: Identify Inactive Medicare Demonstration Projects Within the Common Working File (CWF) – Removing/Archiving demonstration codes 51 and 56 2018-04-02
R3903CP Annual Medicare Physician Fee Schedule (MPFS) Files Delivery and Implementation and Medicare Physician Fee Schedule Database (MPFSDB) 2018 File Layout Manual 2018-01-02
R1962OTN Shared System Enhancement 2014: Implementation of Fiscal Intermediary Shared System (FISS) Obsolete Core Reports – Phase 1 2018-04-02
R108GI MAC Transition Workload Handbook 2017-12-04
R185DEMO IVIG Demonstration: Payment Update for 2018 N/A
R1964OTN Fee For Service (FFS) Applications Upgrade Customer Information Control System (CICS) to Transaction Server (TS) v5.2 2018-01-02
R3908CP Influenza Vaccine Payment Allowances – Annual Update for 2017-2018 Season N/A
R3907CP October 2017 Integrated Outpatient Code Editor (I/OCE) Specifications Version 18.3 2017-10-02
R1966OTN Out-of-Jurisdiction Providers (OJP) and Qualified Chain Providers (QCP) Move to Correct A/B MAC Jurisdiction – Analysis CR Only N/A
R1966OTN The purpose of this Change Request (CR) is for the Common Working File (CWF) Maintainer to redesign and implement the Operating Report (ORPT). N/A
R1956OTN Analysis and Design Working Sessions for the Development of a Pre-Payment Common Additional Documentation Request (ADR) Letter 2017-10-02