A law passed in 2015 eliminated Social Security Numbers (SSNs) from Medicare ID cards, also known as Health Insurance Claim Numbers (HICNs). Congress and the President required use of a MBI to minimize the risk of identity theft for Medicare beneficiaries and to reduce opportunities for fraud within the program.
A Frontal Attack on Fraud
MBI Implementation Date is a Moving Target
Starting in early 2018, CMS will issue new Medicare cards with a MBI to approximately 60 million Medicare beneficiaries. The new ID card features a randomly generated number, the Medicare Beneficiary Identifier (MBI). The change will impact Medicare compliance processes including Section 111 Mandatory Insurer Reporting and Medicare conditional payment recovery. However, the required process changes to accommodate the new identifier are not expected until 2017.
On April 16, 2015, the Medicare Access and CHIP Reauthorization Act (MACRA) of 2015 became law. Known as the Medicare “Doc Fix” law, it provided doctors relief from a looming 21% reduction in their fees for providing services to Medicare beneficiaries. Why does the MSP compliance industry care about this law?
Section 501 of MACRA requires the Centers for Medicare & Medicaid Services (CMS) to remove Social Security Numbers (SSNs) from Medicare ID cards by April 16, 2019. According to CMS Deputy Administrator and Director Sean Cavanaugh, “CMS’ objectives are to complete the transition to the new cards in a timely fashion that not only improves security, but also minimizes beneficiary confusion and disruption from denied claims or access to services.” (full statement here)
On May 5, 2016, CMS’ Center for Medicaid & CHIP Services (CMCS) issued an informational bulletin about Section 501. Given the available literature, public comments from Mr. Cavanaugh, and discussion with CMS sources, it appears most MSP compliance clients will feel the impact of this law starting early 2018.
Most HICNs currently are the beneficiary’s SSN with the addition of a letter A or B typically tacked on the end (e.g., 123456789A). The MBI will be a randomly generated identifier that will NOT include a SSN or any personally identifiable information.
A HICN number will still be assigned to each beneficiary and will be used for internal data exchanges between CMS and the states, but the new MBI must be used in all interactions with the beneficiary, the provider community, and all external partners.
CMS will be able to terminate an MBI as soon as it confirms that it has been compromised and will issue a new number to a beneficiary, similar to how credit card companies address stolen card numbers. Immediate deactivation of a compromised MBI will enable CMS to respond quickly and deter further misuse of a compromised number.
The transition is a complex, multi-year effort that requires coordination between federal, state, and private-sector stakeholders as well as an extensive outreach and education program for Medicare beneficiaries, providers, and other stakeholders. Based upon the May 5, 2016 bulletin from CMS, it plans to issue replacement cards to beneficiaries by early 2018. Meanwhile, CMS will examine its business processes, critical data exchanges, and systems to ensure states and CMS can be fully compliant with the law by 2019. The review will include identifying necessary changes and then developing, testing, and implementing them prior to CMS assigning any MBIs and distributing the new cards.
Impact on Medicare Secondary Payer Compliance
Just as the HICN is today, the MBI will be critical information for Medicare’s Secondary Payer compliance programs, most notably the Section 111 Mandatory Reporting Process which requires Medicare beneficiary claimants be reported to Medicare. While the Medicare contractor responsible for maintaining the Section 111 reporting process has not issued any guidance yet, based upon our discussions with the contractor, it is anticipated that MBI fields will be added to both the query and claim file, prior to final implementation of the MBI program. It is also anticipated that Responsible Reporting Entities (RREs), and their reporting agents, will have the capability to query for the new MBI using either the HICN or the SSN. Today the HICN can be queried by using the SSN. Accordingly, the transition to MBIs should not result in significant challenges to identifying Medicare beneficiary claimants.
ExamWorks Compliance Solutions will continue to monitor the progress of the transition to MBIs and keep you up-to-date as we learn more.