• Careers
  • Contact Us
  • Blog
  • REQUEST A DEMO

Compliance Newsletter

January 2017 Compliance Insights

MedHOK Compliance Team | February 3, 2017

shutterstock_346194581_finger_reminder.jpgIMPORTANT REMINDERS

2017 Part C and Part D Call Center Monitoring

For 2017, CMS has contracted with IMPAQ International, LLC, to monitor Part C, Part D and Medicare-Medicaid (MMP) plan sponsors’ call centers to ensure compliance with two studies: The Timeliness Study and the Accuracy and Accessibility Study. The Timeliness Study measures current call center phone lines and pharmacy technical help desk to determine the average hold time and disconnect rates. An organization must maintain an average hold time of 2 minutes or less and a disconnect rate of 5% or less. The Accuracy and Accessibility measures prospective beneficiary call lines to determine the availability of interpreters for individuals, TTY functionality and the accuracy of plan information provided by customer service representatives. Compliance actions will be taken when an organization’s interpreter availability is less than 75%, its TTY service score is less than 65%, or its rate of accuracy answering questions is below 75%.

CY 2017 Medicare Requirements Readiness Checklist for Medicare-Medicaid Plans (MMPs)  

This is a reminder that the Contract Year (CY) 2017 Readiness Checklist is a non-exhaustive summarization of key operational requirements as established in statutes, regulations, manual chapters, Health Plan Management System (HPMS) memos, applications, and other advisory materials. This checklist is meant to serve as technical assistance to MMPs for those Medicare requirements that should be in place for CY 2017. Please refer to the November 17, 2016 memo for the complete checklist.

Upcoming Health Plan Management System (HPMS) Complaints Tracking Module Redesign  

On March 18, 2017, CMS will launch a redesigned CTM to introduce improvements to the module’s user interface and functionality. The memo includes the new file layout. An updated draft Plan User Standard Operating Procedures (SOP) is due out in February, and the final SOP in March, prior to the CTM release. MedHOK will be communicating enhancements related to this topic directly to our clients using the CTM portion of our platform.

Compliance and Enforcement Actions Related to Part D Auto-Forwards

Part D sponsors are required to process coverage determinations and redeterminations and notify enrollees of those decisions within the timeframes established in regulation. CMS is focusing on plan sponsors that have inordinately high levels of cases that are auto-forwarded due to the plan sponsor’s failure to meet the required adjudication timeframes. In 2017, CMS will begin effectuating the compliance-to-enforcement escalation process. For example, sponsors that received a Notice of Non-Compliance for the fourth quarter of 2016 and exceed the compliance threshold in the first quarter of 2017 will be issued a Warning Letter, and so on. A sponsor that receives compliance notices over multiple quarters may ultimately be subject to an enforcement action. Also, a sponsor that meets the CMP threshold in any quarter may be subject to a CMP, regardless of its auto-forward compliance letter history. Please see the December 16, 2016 memo for additional information.

COMPLIANCE NEWS

Industry-wide Appeals Timeliness Monitoring  

On November 28, 2016 CMS issued a memo providing an overview of a large-scale monitoring project being implemented around Part C organization determinations and reconsiderations and Part D coverage determinations and redeterminations. Effective appeals processing by sponsors is one of the most critical areas of the Medicare Advantage (MA) and Part D programs. These programs provide key beneficiary protections to access essential medical care and/or prescription medications, but Medicare Parts C and D audits have consistently identified performance issues in these areas (referred to as ODAG and CDAG). There are two important goals for this project. The first is to provide greater information to evaluate the integrity and completeness of the Independent Review Entity (IRE) data. The second goal is to improve the overall monitoring of compliance with ODAG and CDAG. For more information, see the memo and our blog, CMS Timeliness Monitoring to Challenge Plans. As of the date of this newsletter, many of our clients are engaged in the audit and MedHOK is on point to provide any applicable support.

CY 2017 Core Reporting Requirements for Medicare-Medicaid Plans  

On December 16, 2016 CMS released the CY 2017 Medicare-Medicaid Capitated Financial Alignment Model Core Reporting Requirements. The reporting requirements document is divided into three sections. The first section consists of all Medicare Part C reporting requirements the MMPs are responsible for submitting via the Health Plan Management System (HPMS). The second section consists of all Medicare Part D reporting requirements the MMPs are responsible for submitting via HPMS. The third section consists of the MMP-specific core reporting requirements for the capitated financial alignment model, which include some modified Part C and D measures. Please note within the memo the substantive changes that were made compared to the CY 2016 reporting requirements released on August 10, 2016.

November 18, 2016: Social Security Number Removal Initiative (SSNRI) Selected Updates for Medicare Advantage and Part D Plans  

The Medicare Access and CHIP Reauthorization Act (MACRA) of 2015, requires that CMS remove Social Security Numbers (SSNs) from all Medicare cards by April 2019. A new Medicare Beneficiary Identifier (MBI) will replace the SSN-based Health Insurance Claim Number (HICN) on new Medicare cards which will be issued to beneficiaries no earlier than April 2018. There will be a transition period where CMS will accept either the HICN or the MBI when submitting data to the agency. The transition period will begin no earlier than April 1, 2018, and run through December 31, 2019. Please see our CMS Alphabet Soup blog on this subject. MedHOK will be communicating any enhancements related to this topic directly to our clients.

SECURITY NEWS

Cybercriminals are posing as job applicants as part of a new campaign to infect victims in corporate human resources departments with GoldenEye ransomware – and they're even providing cover letters in an effort to lull targets into a false sense of security.

A variant of the Petya ransomware, GoldenEye targets human resources departments in an effort to exploit the fact that HR employees must often open emails and attachments from unknown sources.

Cybersecurity researchers at Check Point have been monitoring the campaign, which attempts to deliver ransomware to German targets using emails and attachments claiming to be from job applicants. The initial email contains a short message from the fake applicant, directing the victim to two attachments.

The first is a cover letter within a PDF which doesn't actually contain any malicious software, but is intended to reassure the target that they're dealing with a standard job application. However, the second attachment is an Excel file supposedly containing an application form but which in fact contains the malicious GoldenEye payload.

Upon opening the Excel attachment, the target is presented with a document which claims to be 'Loading' and requires them to enable Macros to view the file. When Macros are enabled, GoldenEye executes a code and begins encrypting the users' files before presenting them with a ransom note using yellow text – rather than the red or green used by other Petya variants.

The note demands the victim pays a ransom of 1.3 bitcoins – around $1,000 – in order to retrieve their files. The perpetrators detail how the victim can acquire bitcoin on the dark web and even offer the option of exchanging messages with a GoldenEye admin if they're having trouble with the payment or decryption process.

It's believed by researchers that the developer behind Petya ransomware is going by the alias Janus – apparently borrowing the name of a cybercrminal group in the 1995 James Bond film GoldenEye.

Avoid falling victim to GoldenEye and other ransomware variants by never enabling Macros within Microsoft Office documents and being mindful of unexpected or overly generic email messages.

Palmer, Danny (2017, January 4). “This ransomware targets HR departments with fake job applications” Retrieved from http://www.zdnet.com/article/this-ransomware-targets-hr-departments-with-fake-job-applications (accessed January 19, 2017)

Medicare, CMS, Medicaid, compliance, HICN, MBI, SSNRI, Cyber Security, MACRA, HPMS, readiness, CTM

About The Author

MedHOK Compliance Team

0 Comments