Proposed Civil Money Penalties Rule for Medicare Reporting to be Released

Mandatory Insurer Reporting, Medicare Set-Aside Blog, MSP News on February 14, 2020
Posted by Jean S. Goldstein, JD, CMSP

The Medicare Medicaid SCHIP Extension Act of 2007 (MMSEA) imposed Mandatory Insurer Reporting obligations on all Responsible Reporting Entities (RREs) when enacted in 2009.  These mandatory requirements specifically imparted obligations on all RREs and required entities to provide the Centers for Medicare & Medicaid Services (CMS) with data on claims that involve Medicare beneficiaries.  Furthermore, pursuant to the Strengthening Medicare and Repaying Taxpayers Act (SMART Act) of 2012, non-compliance with the reporting requirements may have resulted in civil money penalties (CMPs) of up to $1,000 for each day of noncompliance with respect to each claimant.  Yet, since enaction of the both the MMSEA and SMART Act, CMPs have not been levied against an RRE because there has been no issued guidance surrounding assessment of CMPs.  However, as we learned in December 2018, CMS issued a notice of advanced proposed rulemaking to address how and when CMS would calculate and impose CMPs when RREs failed to meet their reporting obligations.  While the proposed rule has been delayed several times, just yesterday, the unpublished proposed rule was released, and can be found here.  The proposed rule is scheduled to be published in the Federal Register on February 18, and will be available here in its official form once published.    

Below, please find some highlights of the proposed rule, as released to date:

  • CMS will not assess CMPs against RREs which make good faith efforts as defined by the rule to obtain necessary reporting information.  RREs must document their records with their efforts to obtain the required reporting information, and CMS retains the right to audit such documentation for 5 years.  
  • CMP amounts will be based upon the number of times an entity fails to report or fails to report correctly.  Meaning a few poor submissions, may not necessarily trigger CMPs.
  • CMS will first issue an informal written notice of non-compliance, identifying the nature of the non-compliance and the determination of the potential CMP.  The RRE will then have 30 calendar days to respond with mitigating information before the issuance of a formal written notice, which would contain:
    • information on the reason for the assessment of a CMP
    • the amount of the CMP, and
    • next steps including appeal rights, which will include the option to a request a hearing with an Administrative Law Judge within 60 calendar days of receipt of the formal written notice.
  • A 5-year statute of limitations will apply, in that CMS will only impose a CMP within 5 years from the date of when the non-compliance was identified by CMS[1].
  • CMS anticipates continuing using the current messaging procedures around file errors as described in the MMSEA Section 111 User Guide.
  • CMS expects to continue to provide at least 6 months notice regarding any changes in policy or procedures associated with required reporting to allow RREs adequate time to comply with any changes.
  • Imposition of a CMP would occur in the following situations:
  • If an RRE fails to report any NGHP beneficiary record within the required timeframe (no more than 1 year of the date of the settlement, judgment, award or other payment (Total Payment Obligation, TPOC), the CMP will be calculated on a daily basis based upon the actual number of individual beneficiaries’ records that the entity submitted untimely. This is defined as an error threshold by CMS.
    • The error threshold of 20% has been established for reach reporting period, and RREs should not exceed the error tolerance threshold, in any 4 out of 8 consecutive reporting periods
    • The initial and maximum error tolerance threshold of 20% represents errors that prevent 20% or more of the beneficiary records from being processed.  
    • The 20% per file tolerance for errors would only include those errors and condition flags that are within the RRE’s direct control and cause CMS to be unable to process the individual beneficiary records or entire file submission.
    • This number was selected based upon current RRE performance and ability to meet this error threshold.
  • The CMP would be up to $1,000 (as adjusted annually under 45 CFR part 102) for each calendar day of noncompliance for each beneficiary, as counted from the day after the last day of the RRE’s assigned reporting window, with a maximum penalty of $365,000 per individual per year.
  • The proposed rule also acknowledges that RREs do not report on a daily basis, and therefore noncompliance cannot be specifically defined on a daily basis. For this reason, CMPs will be imposed on a tiered approach if the RRE exceeds the error tolerance(s) (of 20%) in the entity’s fourth submission, as noted below:
  • First tier penalty:  $250 per calendar day of non-compliance[2].  This represents a penalty of 25%, of the maximum penalty per individual record per calendar day of non-compliance, which is currently defined as $1,000 after the required date of submission (last calendar day of the NGHP’s reporting period), based upon the number of beneficiaries whose records exceeded any error tolerance(s).  This means $250 per calendar day, over the 90 calendar days of non-compliance for the full reporting period per individual record.
  • Second tier penalty: $500 per calendar day of non-compliance. Penalty of 50% of the maximum penalty if the RRE fails to comply again in the next consecutive reporting period.
  • Third tier penalty: $750 per calendar day of non-compliance. Penalty of 75% of the maximum penalty if the RRE fails to comply again in the next consecutive reporting period.
  • If the RRE remains below any error tolerances for the subsequent quarter, a reduction of 25% of the maximum penalty will be assessed. 

The rule also provides clear guidelines of good faith efforts to attempt to obtain the necessary information[3] for reporting, and when CMPs would not be assessed based upon these good faith efforts. These efforts include all of the following:

  • The RRE has communicated the need for this information to the individual and his or her attorney or other representative and requested the information from the individual and his or her attorney or other representative at least twice by mail and at least once by phone or other means of contact such as electronic mail in the absence of a response to the mailings.
  • The NGHP certifies that it has not received a response in writing or has received a response in writing that the individual will not provide his or her MBI or SSN (or last 5 digits of his or her SSN).
  • The NGHP has documented its records to reflect its efforts to obtain the MBI or SSN (or the last 5 digits of the SSN) and the reason for the failure to collect this information.
  • The NGHP entity should maintain records of these good faith efforts (such as dates and types of communications with the individual) in order to be produced as mitigating evidence should CMS contemplate the imposition of a CMP for a period of 5 years.

The rule also indicates that additional monitoring systems to better model future reporting violations and CMP impositions will be forthcoming.   In addition, comments will be solicited once the proposed rule has been published on February 18. We will be preparing comments for CMS’ consideration before the final rule is issued. 

To discuss how this proposed rule may impact your compliance requirements and goals, please reach out to a member of our team here.


[1] Specific examples of this application are noted in the proposed rule.  For example, if an RRE fails to report a beneficiary record as required in 2023, and CMS identifies the non-compliance in 2024, but fails to take action until 2030, then no CMP would be imposed.

[2] Based upon current CMP, which is adjusted annually under 45 CFR part 102.

[3] Required information includes the individual’s last name, first name, date of birth, gender, MBI, or SSN (or the last 5 digits of the SSN).