To trim insurance costs, more and more risk managers self-insure or shoulder self-insured retentions. One challenge confronting such risk managers is complying with a relatively new federal law known as the Medicare, Medicaid, and SCHIP Extension Act of 2007, known as "MMSEA."
A disclaimer: I am not a lawyer. What follows is not legal advice. MMSEA compliance is a new area, one where each risk manager should seek professional — perhaps legal — help. The following is a broad-brush impression of how MMSEA will impact risk managers.
The law’s aim is to protect Medicare from covering medical costs deemed to be the responsibility of an insurance company, self-insured entity, or another organization. The federal government is developing extensive data reporting requirements that must weigh in any risk manager’s decision to self-insure or to administer a self-insured retention. The law applies to liability claims, and it has teeth that can bite.
MMSEA aims to make Medicare "the payer of last resort," and to ensure that the costs of medical care due to a tortfeasor or an on-the-job injury are not shifted to the federal government. The law requires self-insureds and insurance companies that administer liability claims to report quarterly on Medicare-eligible claimants.
How does the risk manager determine whether a claimant in a given claim is Medicare-eligible? Good question! For starters, any claimant 65 or older is presumed to be in this category. Since MMSEA only applies to bodily injury claims, these files will typically contain medical records and bills. These data points would be one indicator.
Extracting the Right Info
What if the risk manager lacks a claimant’s Social Security number? The risk manager could then ask the claimant for it, explaining the reason. What if the claimant — for whatever reason — refuses to divulge this? When the risk manager goes to fund a settled claim, the claim handler can state that a condition of settlement is that the claimant (or claimant’s attorney) provide the Social Security number to enable the settling party to comply with MMSEA. Again, though, what if the claimant balks?
There appears little way that a risk manager — or an in-house claim staff administering a self-insured retention (SIR) — can force a claimant to divulge his Social Security number. This may sound like a small point. However, amid today’s identity theft concerns, many are leery of giving out Social Security numbers.
Risk managers trying to administer SIRs and comply with the law may find themselves in a bind. They need to report the settlement under MMSEA, but they lack the key data needed for compliance.
MMSEA includes penalties of $1,000 per claim per day, assessable against both insurance companies and self insureds that fail to meet the reporting requirements. Non-compliance with MMSEA could create huge financial liabilities for a risk manager’s company. Thus, responsible SIR program creation and administration includes MMSEA compliance.
Outsource or DIY?
One option for risk managers is to outsource the task (and headache) of MMSEA compliance. For some companies, the infrastructure is in place already. Many risk managers currently use third-party claim administrators (TPAs) to handle liability claims and workers’ compensation losses. A risk manager might be able to add to the TPA’s job description the task of reporting cases to Medicare. Many TPAs see in MMSEA a business opportunity to market themselves and add value.
Of course, none of this relieves risk managers of due diligence duties. Risk managers must verify that a TPA is capable of discharging MMSEA requirements. This may involve probing IT systems and getting the names of other clients for whom the TPA is handling MMSEA responsibilities. Further, the risk manager should require that the TPA indemnify and hold harmless the client company for any non-compliance because of the TPA’s oversight.
Extra service usually comes with extra cost. Thus, price is a feature risk managers must weigh when deciding whether to tackle the chore in-house or delegate it. If a TPA shoulders this added responsibility, then it will likely charge more. The price hike must be tolerable, but given the cost and hassle of a DIY approach to MMSEA compliance, the risk manager may decide that the added expense is worth it. Also, check with your insurance broker. It may have internal resources to help you or possibly save you time by recommending vendors to consider.
MMSEA’s data entry needs and labor demands are daunting. If you thought it was tedious and time consuming to enter new losses into the claim database now, just wait. MMSEA’s "interim data layout" has more than 100 fields to capture information such as the policyholder, injured party, injury type, claimant attorney, and settlement amount. The labor cost of added data entry will tax insurers and self-insureds. The responsibilities (and potential liabilities) of being a self-insured under MMSEA may deter companies from shouldering this role.
Does MMSEA Apply?
Risk managers may follow a simple decision tree on each bodily injury settlement.
Does the claim involve a Medicare recipient? If the answer is "no," the risk manager’s company can settle the case with no further action required. If the answer is "yes," the company must satisfy past Medicare payments, consider Medicare’s interest in the settlement, and give notice to the Center for Medicare and Medicaid Services (CMS).
Clearly, compliance challenges loom for risk managers. These include: determining whether a claimant is in fact a Medicare beneficiary; creating and populating the required data fields; navigating prompt settlements while simultaneously dealing with CMS; reporting on compliance as a "responsible reporting entity"; and possibly overseeing a TPA or other vendor for MMSEA compliance.
Here is the bottom line: if your company self-insures partially or totally for liability or workers’ compensation claims, then get up to speed now to ensure MMSEA compliance.
