U S Department of Health and Human Services www.hhs.gov
  CMS Home > Research, Statistics, Data and Systems > HIPAA Eligibility Transaction System (HETS) Help (270/271) > Security - HETS 270/271

Security - HETS 270/271

The Center for Medicare & Medicaid Services (CMS) is committed to maintaining the integrity and security of health care data in accordance with applicable laws and regulations. Disclosure of Medicare Beneficiary eligibility data is restricted under the provisions of the Privacy Act of 1974 and the Health Insurance Portability and Accountability Act of 1996 (HIPAA.) The Provider Medicare Beneficiary eligibility transaction is to be used for conducting Medicare business only. Providers interested in utilizing the HETS 270/271 are advised to become familiar with the security related documents on this page and understand that CMS monitors the transaction for aberrant behavior.  Refer to Section 10.3 of the Medicare Claims Processing Manual in the Downloads section below.

 

HETS 270/271 Suspension Procedures

If results from a random audit fail audit criteria, the submitter's access will automatically be suspended for the 24 hour period following the audit.  The submitter will be notified of this suspension via email.

After three such suspensions, the submitter's access will be terminated until a written Corrective Action Plan (CAP) outlining steps that will be taken to improve future audit results is submitted and accepted by CMS.

Submitters with repeated suspensions will face penalties up to and including permanent suspension of HETS 270/271 trading privileges.

Per the Trading Partner Agreement, all HETS 270/271 submitters must take the necessary steps to ensure that only valid, active Medicare provider NPI numbers are used to receive beneficiary eligibility information.  Your cooperation in this endeavor is vital.

Current Transaction Audit Process

CMS continues to conduct audits of HETS 270/271 transactions. Components of these audits ensure that submitters are complying with the requirement to submit 270 eligibility requests only for valid, active Medicare Providers and/or Suppliers.

CMS has set a 99% match requirement to allow for occasional typographic errors associated with Provider numbers, lags in Provider enrollment and updates to data from the internet based Provider validation tool, HETS Provider GUI (HPG). Therefore, CMS conducts audits requiring that no more than 1% of NPI numbers can be in error, and that at least 99% of all transactions submitted contain a valid, authenticated Medicare Provider NPI.

Here are some common Provider number errors:

  • Dashes in the Provider number
  • Terminated Provider number
  • Incorrect qualifier submitted with the number (i.e. a legacy qualifier submitted with an NPI)

*NM109 = NPI

Submitters who fail audits will face suspension of their trading privileges.

If the Provider number is sent in the proper X12 format with the correct qualifier, Clearinghouses should verify the Provider number in HPG.

HETS 270/271 Suspension Procedures

  • If results from a random audit fail audit criteria, access will automatically be suspended for the 24 hour period following the audit. The MCARE Help Desk will notify Submitters of their suspension through an email.
  • After three such suspensions, access will be terminated until a written Corrective Action Plan (CAP) outlining steps that will be taken to improve future audit results is submitted and accepted by CMS.  The MCARE Help Desk will provide a CAP template, when appropriate.
  • Submitters with repeated terminations will face penalties up to and including permanent suspension of HETS 270/271 trading privileges.

Per the Trading Partner Agreement (see Related Links Inside CMS below), all HETS 270/271 submitters must take the necessary steps to ensure that only valid, active Medicare Providers receive Beneficiary eligibility information. Your cooperation in this endeavor is vital.

AAA Error Audit Process

The Centers for Medicare and Medicaid Services (CMS) produces and evaluates routine reports on Medicare 270/271 submitter volume and error rate. 

Eligibility submitters whose error rates are higher than the published, tolerated Medicare 270/271 error rate are further evaluated for security risks, including compliance with the Medicare 270/271 Eligibility Rules of Behavior.

Submitters who do not comply with CMS security requirements and/or the Eligibility Rules of Behavior will be contacted by the Medicare Eligibility Help Desk.  These submitters will be advised that their overall error rate and trading practices must improve to an acceptable level within 14 calendar days or their trading access will be suspended.  These submitters will also be asked to submit a written Corrective Action Plan (CAP) to CMS within 14 calendar days of notification.  The written CAP should include:

  1. Restatement of understanding of Medicare 270/271 Eligibility Rules of Behavior from the organization,
  2. Specific steps the submitter will take to improve trading practices and overall error rates and expected error rate reduction   

If the submitter fails to submit a CAP and/or show the required improvement within 14 calendar days of the initial notice, CMS will suspend the submitter's eligibility trading access.

If you have questions about these audits or suspension procedures, please contact the MCARE Help Desk immediately.

Medicare Customer Assistance Re: Eligibility (MCARE) Help Desk

1-866-324-7315

 

Downloads

Medicare 270/271 Transaction: Audit Process[PDF,24KB]

Rules of Behavior [PDF,48KB]

 

Related Links Inside CMS

http://www.cms.hhs.gov/InformationSecurity/

Trading Partner Agreement and Access Form

Related Links Outside CMSExternal Linking Policy

There are no Related Links Outside CMS

 

Page Last Modified: 01/09/2009 1:43:58 PM
Help with File Formats and Plug-Ins

Submit Feedback




www3