System Monitoring

CMS views protecting its health care data as a top priority. Therefore:

• Use Medicare beneficiary eligibility transactions only to conduct Medicare business
• Accept responsibility for all eligibility transactions that you send, including requests sent on behalf of Medicare providers/suppliers or their agents
• Associate each inquiry with its source
• Establish authentication outside of the transaction
• Do not send user IDs and passwords within the 270 eligibility transaction
• Ensure that only valid and eligible NPI numbers are submitted

Familiarize yourself with the Rules of Behavior (PDF)  document and understand that CMS monitors your HETS 270/271 transactions for unusual behavior.

Transaction Audit Process

The procedure for CMS’s transaction audit process is as follows:

1. CMS reviews reports on HETS Submitter usage. This includes overall volume, repetitive transactions, AAA error rates, usage of the "A7" (Psychiatric - Inpatient) Service Type Code and other monitored uses.
2. The Agency evaluates all HETS volume for security risk, including compliance with the Medicare HETS 270/271’s Rules of Behavior.
3. The MCARE Help Desk will contact any submitters who are not following CMS/HETS security requirements.
4. The Help Desk will then advise submitters that their error rates and trading practices must improve or their trading access will be suspended. These submitters may be required to submit a written Corrective Action Plan (CAP) to CMS. Their written CAP should include:
   • Restatement of your understanding of HETS 270/271’s Rules of Behavior (PDF)  
   • Specific steps to improve trading practices, overall error rates, and expected error rate reduction
5. If the submitter fails to submit a CAP and/or show the required improvement within an acceptable time frame, CMS will suspend the submitter's HETS 270/271 trading privileges.

Contact the MCARE Help Desk (1-866-324-7315) with questions about audits or suspension procedures.