CMS views protecting its health care data as a top priority. Therefore:
- Use Medicare beneficiary eligibility transactions only to conduct Medicare business
- Accept responsibility for all eligibility transactions that you send, including requests sent on behalf of Medicare providers/suppliers or their agents
- Associate each inquiry with its source
- Establish authentication outside of the transaction
- Do not send user IDs and passwords within the 270 eligibility transaction
- Ensure that only valid and eligible NPI numbers are submitted
Familiarize yourself with the Rules of Behavior (PDF) document and understand that CMS monitors your HETS 270/271 transactions for unusual behavior.
Transaction Audit Process
The procedure for CMS’s transaction audit process is as follows:
- CMS reviews reports on HETS Submitter usage. This includes overall volume, repetitive transactions, AAA error rates, usage of the "A7" (Psychiatric - Inpatient) Service Type Code and other monitored uses.
- The Agency evaluates all HETS volume for security risk, including compliance with the Medicare HETS 270/271’s Rules of Behavior.
- The MCARE Help Desk will contact any submitters who are not following CMS/HETS security requirements.
- The Help Desk will then advise submitters that their error rates and trading practices must improve or their trading access will be suspended. These submitters may be required to submit a written Corrective Action Plan (CAP) to CMS. Their written CAP should include:
- Restatement of your understanding of HETS 270/271’s Rules of Behavior (PDF)
- Specific steps to improve trading practices, overall error rates, and expected error rate reduction
- If the submitter fails to submit a CAP and/or show the required improvement within an acceptable time frame, CMS will suspend the submitter's HETS 270/271 trading privileges.
Contact the MCARE Help Desk (1-866-324-7315) with questions about audits or suspension procedures.