Important Points:
* Medicare Secondary Payer Act mandates insurance organizations to submit a report when a Medicare eligible beneficiary’s claim is fully or partially resolved during the applicable reporting period.
* Lack of reporting compliance may result in fines as high as $1000 per day for each individual for whom information should have been reported.
* Insurance organizations continue to experience challenges to ensure the accuracy and completeness of reports due to the presence of multiple claims systems on multiple platforms and data conversion requirements.
* Automated Information Controls eliminate information risks present in the Medicare Reporting process. Continuous monitoring of the reporting process, information controls and exceptions enables insurance organizations to submit required reports with confidence.
|
(HealthNewsDigest.com) – Insurance organizations are required to comply with the new Medicare Secondary Payer (“MSP”) reporting requirements. This mandatory reporting requirement, enacted through Section 111 of the Medicare, Medicaid, and SCHIP Extension Act of 2007, is intended to ensure that the Center for Medicare and Medicaid Service (CMS) has the necessary information to determine when Medicare’s financial responsibility is secondary. The mandatory reporting requires that a responsible reporting entity (RRE) identify claimants that are Medicare beneficiaries and submit a report when a beneficiary’s claim is fully or partially resolved during the applicable reporting period. The reports are required to be submitted to the CMS coordination of benefits contractor (COBC) on a quarterly basis. Group health plan (GHP), Liability Insurance (including Self-Insurance), No-Fault Insurance, and Workers’ Compensation are all subject to this reporting requirement. While insurers are currently addressing initial implementation challenges, quickly and accurately assessing and integrating annual updates is also a challenge.
|
In addition to penalties due to payment errors, such as paying secondary to Medicare; lack of reporting compliance may result in fines as high as $1000 per day for each individual for whom information should have been reported.
Multiple claims and policy administration systems, multiple RRE’s, complex insurance products and increasing data volumes increase the risks of inaccurate and incomplete reporting. Reporting risk also increases considerably when complexity of the underlying technology environment is considered: usage of both mainframe and distributed claims and policy administration systems as well as the coexistence of both batch and real-time processing requirements. In addition to complying with reporting requirements, insurers are also asked to capture an audit trail of all information exchanges as an evidence of compliance. Due to these complexities of the environment and reporting requirements, manual efforts to ensure the accuracy and completeness of the reports submitted to CMS are not sustainable. Many insurance organizations are increasingly relying on automated, standardized controls to ensure accuracy and completeness of the information that is being exchanged with the CMS.
Medicare Secondary Payer Reporting Challenges
The following diagram showcases a simplified MSP reporting process. The insurer extracts responsible Reporting Entity (RRE) specific claims data from multiple claims systems and then transforms the data to the Medicare specified format (Universal Format) prior to sending the information to CMS. There are two types of bi-directional information exchanges that occur during the process:
* Beneficiary information to determine Medicare
* Claims information for Medicare eligible beneficiary
While simple in principle, the process is fraught with a number of information risk factors that lead to inaccuracies in reports, thus increasing risks of fines and penalties. While several factors contribute to the risks around this requirement, the following are the major causes of inaccuracies and incompleteness in MSP reporting:
1. Multiple Systems: Most insurance organizations have multiple claims systems to support various lines of business. Ensuring all relevant information is extracted from multiple systems is always a challenge and requires initial quality assurance and on-going validation that the extracted information represents the complete data set and can be matched back to the source system.
2. Multiple Platforms and Multiple Data Formats: In addition to multiple claims systems, the Medicare reporting process requires interfaces with multiple technology platforms (mainframe, distributed, SAAS) to capture necessary data elements. Prevalence of multiple data formats in various source systems increases the risk of data error during the conversion process. Since information can not be transmitted in its native format, this creates additional risk for the RRE’s as this often results in empty fields and/or critical fields being dropped altogether.
3. Batch and Real-time Source System: MSP reporting often requires interfacing with both legacy and next generation systems with batch and real-time functionality. In the absence of appropriate controls and continuous monitoring, it is often difficult to ensure the integrity of processes. For example, if a real-time claims message is lost during the transmission due to system or process failures – the claims information will be not be sent to CMS. More importantly, the RRE will have no way of knowing about this missing transaction without appropriate controls.
4. Error Monitoring: Gateway systems are designed to filter out transactions that do not have sufficient information such as social security number, birth date, etc. The ownership is on the insurer to fix the erroneous transactions and resend them to CMS. Resolution of the errors often requires research and multiple communications with different internal groups and, in some instances, with the beneficiary. The chance of overlooking a certain number of erroneous transactions is significantly high primarily due to following reasons:
* Errors are not visible to the business users. Erroneous transactions are often reported inside the Gateway server log
* Error resolution process is highly manual and time consuming
With accelerating changes, increasing business complexities, and changing technology landscape, the risk of reporting errors increases even more.
Changes in the Source Systems: Changes in the source systems often require code changes in the reporting process. The following list outlines the types of potential errors that can happen because of changes in the extraction, conversion, and reporting processes:
* Extraction logic excludes certain types of data that were not tested.
* Transformation logic may exclude certain types of claims data resulting in incomplete records in the Medicare report.
Changes in the reporting requirements: Medicare is expected to continue to develop and change MSP requirements. Insurers will need to quickly and accurately assess and implement new controls to comply with annual revisions and changes.
Process failures: Current processes may fail due to system errors or transformation errors resulting in incomplete report transmission. System errors may include abends due to unavailability of source system/extract or the incorrect format of the source information.
Transformation errors may result from incorrect formats.
Changes/Updates in the reference data: Outdated, incomplete or incorrect reference data will lead to errors in the MSP reports. For example, errors in the customer relationship management system may result in erroneous SSN and address transmission.
Data Quality issues with the Source System: Source systems data may be incomplete or inconsistent. For example, a customer record in the source system may not have a SSN or DOB data. Incompleteness and inconsistency in source system data will lead to quality issues in the MSP reporting.
Current Approach
The current focus in most insurance companies is to standardize the reporting process and to use manual/semi-automated processes to detect and correct incomplete and inconsistent data. Some of the techniques currently used by various organizations are:
* Developing manual processes to balance information sent to CMS from the internal source systems.
* Maintaining an Excel based log to capture audit trail of the information sent.
* Developing manual processes and email based workflow methods to resolve erroneous transactions.
Current approaches are not scalable and sustainable. There is an urgent need to use automated information controls and continuous monitoring for verifying, balancing, reconciling, and tracking the MSP reporting information. Ideally, information controls should be independent of the underlying application and have the ability to store an audit trail of the information transfer process and its validation results.
Information Controls and Continuous Monitoring Defined
Most organizations develop controls for “data-in-flight” in a reactive mode. They either deploy controls because of the audit recommendations or when an error occurs. Successful organizations deploy controls in a proactive manner to prevent any future error. Information controls are application independent routines/procedures that can validate information to detect information errors and anomalies. Defining characteristics of information controls are:
Automated: Automatically check all transaction instances.
Independent: Controls operate independent of system being controlled.
Continuous: Event driven, cycle driven — controls are continuously available.
Verifiable: Fully verifiable audit trail of control reports and execution.
Adaptive: Easily adaptable to changes and new requirements
Standard: Standardized controls can spread throughout the enterprise.
Rule-based: Implement and maintain controls without software developers.
Non-intrusive: Controls that work with existing data in current formats.
End-to-End: Controls that span apps/platforms – end-to-end coverage.
Ideally, Information Controls should have the following capabilities to validate real-time and batch transactions in both mainframe and distributed environment:
Verification and Reasonability: Ability to verify the information content and format. Ability to validate the spatial and temporal reasonability of transactions.
Balancing: Ability to balance information as it traverses through various systems.
Reconciliation: Ability to reconcile information at a transactional level.
Tracking: Ability to track information to ensure adherence to SLA agreements and timeliness requirement to optimize your business processes by trending and profiling the underlying operational information.
In addition, Information Controls should provide continuous monitoring capabilities. Defining characteristics of the continuous monitoring are:
Continuous Controls Monitoring: Ability to monitor controls and exceptions real-time.
Trending and Profiling: Ability to optimize your business processes by trending and profiling the underlying operational information.
Exception Management: Ability to manage the exception workflow and reporting process.
Compliance Reporting: Ability to create and view reports to support audit and compliance initiatives.
Information Controls Framework for MSP reporting
While each insurer’s business processes and technology environment are different, the proposed framework recommends a minimum of six information controls and continuous monitoring to eliminate the information error risk in the Medicare reporting process and to avoid penalties and fines. The location of the information controls are depicted in the following figure.
X1: Information is not duplicate or reasonable: Information transmitted to CMS should be checked to prevent duplicate information from being sent. In addition, information controls that compare the reasonability of the information to a historical period or standard mean would help flag anomalies to the transmission load.
X2: Information sent to CMS reconciles with source systems: The most basic information control is validation that total information sent reconciles to the source systems. Automated summary level controls executed will detect failed, incomplete or duplicate transfer of information and therefore information errors.
X3: Information sent is complete: Detail level checks ensure that all claim file data elements required are present in the report. Controls that validate the accurate reformatting of files will flag the presence of empty, incomplete or missing fields.
X4: Exception management of information exceptions: Centralized exception management, research, tracking, resolution, and reporting creates greater visibility into risk management of MSP reporting.
X5: Trending of errors to increase operational efficiency: Trending of reporting errors across numerous control runs enhances the integrity of the process and increases the operational efficiency of Medicare 111 reporting.
X6: Visibility that documents CMS responses notated correctly and completely: Continuous monitoring of CMS responses ensures that exceptions and responses are documented within the RRE’s environment across multiple platforms and systems.
What Steps Insurers Must Take?
1. Assess Risk: Conduct a replicable risk assessment of the MSP process to identify focus areas for deploying controls to ensure the accuracy, consistency, and reliability of Medicare 111 reporting now and with regard to future MSP requirements.
2. Define/design appropriate controls to mitigate errors: Define functional requirements of controls that will mitigate errors in high risk areas. These may include, but are not limited to, reasonability, verification, balancing, reconciliation, and tracking capabilities, and should be easily adaptable to incorporate future MSP changes and requirements
3. Define Continuous Monitoring Needs: Define role specific continuous monitoring needs by business groups.
4. Implement and test: Test the system before full release of the controls into the production environment.
5. Extend scope of control best practices beyond MSP: The controls life-cycle around MSP reporting can be extended as a best practice for information controls assessment, design, and implementation across the enterprise. Standardization of information control practices reduces costs and risks associated with developing new control procedures around complex business environments that exist today.
For further information, go to: www.infogix.com
Subscribe to our FREE Ezine and receive current Health News, be eligible for discounted products/services and coupons related to your Health. We publish 24/7.
HealthNewsDigest.com
For advertising/promotion, email: [email protected] Or call toll free: 877- 634-9180