Medicare Enrollment Certification Statements

Effective October 1, 2019, Medicare will no longer accept paper certification statements mailed in for enrollment applications submitted via the Internet-based Provider Enrollment, Chain and Ownership System (Internet-based PECOS).

Change Request (CR) 10845 makes modifications to certain provider enrollment certification statement policies. Specifically, you may upload provider enrollment certification statements using PECOS functionality.

CR10845 makes these modifications via changes to the Medicare Program Integrity Manual, Chapter 15, Section The revised manual section is attached to CR10845.

Make sure your billing staff are aware of these changes.

More information about this may be read and obtained here.

Aligned Quality Reporting: How To

The Centers for Medicare and Medicaid Services (CMS) officials explained how eligible professionals can report on clinical quality measures (CQMs) one time to meet CMS requirements for its physician quality reporting system (PQRS), meaningful use electronic health records (EHR) incentive program, and value-based modifier (VM) program.  They explained all of this on a national provider call on Wednesday.

CMS experts described the methods for eligible professionals (EPs) to do this on their own, through their group practices, or through the accountable care organizations (ACOs) they belong to, if those ACOs participate in the Medicare shared savings program or the Pioneer ACO program.

Although many have long called for the CMS to align quality reporting across these programs, it may not be easy for most physicians to follow the CMS' instructions for reporting one time. That's because they must use a certified EHR, a qualified registry, or a special web interface to do so. From 2011-2013, CMS data show, nearly three quarters of EPs used PQRS' claims-based reporting mechanism. Most of these EPs will have to shift to an entirely different reporting method to take advantage of the new alignment announced by CMS.

EPs can continue to report on CQMs using PQRS claims (although CMS is trying to end this by 2017, which was communciated in the 2014 Medicare Physician Fee Schedule published in the Federal Register), CMS officials confirmed during the provider call. But they will have to report separately to the three programs.

Reporting Once

The "report once" methodology requires EPs to report for 12 months, starting January 1, 2015. By doing so successfully, they can do the following:

  • Avoid the 2017 PQRS penalty of 2% of Medicare payments;

  • Satisfy the CQM component of the meaningful use requirements;

  • Qualify for bonuses under the VM program in 2017 if their quality scores are high enough. If they are in groups of 10 or more and have low scores, they may see their payments adjusted downward.

If the EPs do not satisfactorily report their CQMs to PQRS, the following will occur:

  • They will lose 2% of Medicare payments as a result of the PQRS penalty.

  • They will fail to satisfy the CQM component of the meaningful use program, which will also carry a penalty.

  • They will be subject to the VM automatic negative payment adjustment, which is 2% for soloists and groups of two to nine EPs and 4% for groups of 10 or more EPs, if at least 50% of the EPs do not satisfactorily report to PQRS as individuals.

These positives and negatives are similar in the group reporting and ACO reporting cases except that Pioneer ACO members are not subject to the VM adjustments.

Individual EPs can use either a certified EHR or a qualified clinical data registry to report their data to the CMS. If EPs assign their billing rights to a group practice, that group can use a certified EHR or a group practice reporting option (GPRO) web interface if the practice includes 25 or more EPs. An ACO must use the GPRO web interface on behalf of its EP members.

EPs who report individually must deliver data on at least nine CQMs in three national quality strategy domains, or on as many measures as they have data for. They can choose these from a group of 256 PQRS quality measures; however, not all of these measures are eligible for the required reporting methods.

For EPs who assign their billing rights to a group practice, the reporting requirements are a bit different. With the direct EHR reporting method, they can either report on nine CQMs in three domains or on six CQMs in two domains plus have a consumer assessment of healthcare providers and systems (CAHPS) for PQRS patient satisfaction survey conducted by an approved vendor. If they use the GPRO web interface, they have to report on all the measures included in that interface for a prepopulated Medicare beneficiary sample. If there are more than 100 doctors in the group, they also have to take a CAHPS survey.

ACOs must also report on all of the quality measures included in the GPRO web interface for the beneficiary sample. Individual EPs and groups that do not use that interface, however, can use both Medicare and non-Medicare patients in quality reporting as long as they report on at least one measure that includes a Medicare patient.

CMS’s Surrogacy Program: Streamlined Access to PECOS, EHR and NPPES

This Article was first publised in Billing, the Journal of the Healthcare Billing and Management Association, [Vol. 20 January & February 2015]
“We didn’t realize that.”  Things are not always as they seem.  I’ll explain later.
Let’s set the stage first.  The username and password that is initially obtained by any provider/organization to obtain their NPI and create their NPPES account is the same username and password used for accessing PECOS and EHR registration and attestation.  Most of us, (billing dept. personnel, credentialers, provider/organization staff, 3rd party vendors, etc.) all realize that most providers/organizations rarely set up their initial accounts or enrollments or complete their EHR meaningful use registration and attestation… so the providers/organizations share that information with others to get the work done on their behalf. 
There is one considerable problem with this; the regulations do not allow providers/organizations to share this information with anyone.  There are privacy issues and, more importantly, fraud and abuse implications. 
We have all been violating CMS regulations for quite some because there was no better way.  No better way to do what?  No better way to ensure provider and organization initial enrollment with NPPES and online PECOS and existing enrollment files are updated in a timely manner. CMS could choose to enforce these regulations, except that almost everyone is guilty of sharing this information. 
Let me go back and explain the statement I initially made in this article.  In early 2010, at the initial meeting of the PECOS Power User Focus Group that Zabeen Chong, Director of the Provider Enrollment Operations Group (PEOG) initiated, members of the Power Users, including myself, informed CMS that providers rarely perform their own enrollments or updates to their enrollments.  CMS almost seemed dumbfounded, but were interested in learning more and that is the mission of the Power User Group, to inform CMS what works, what doesn’t and find better ways to make it easier on the provider/organization community to do business with CMS.  CMS knew from the Power User Group meetings that providers/organizations were not going to change and start doing all of this themselves.  They now knew there were too many other parties that were completing this work on their behalf, so they had to come up with a system that would allow for others to work on behalf of the providers/organizations. 
Here are the initial issues CMS needed to resolve:
  • Individual Providers can not assign someone to work on their behalf in PECOS or NPPES
  • Sharing of personal account information caused security violations
  • The process for gaining access to PECOS took weeks, was not clear, and required mailing documents to External User Services (EUS)
  • Users were required to contact EUS for forgotten Username & Password Reset
The initial revelation revealed these issues and there are the reasons the Surrogacy Program (Identity & Access Management System or I&A) is now a reality. 
There are additional reasons why you should take advantage of using the Surrogacy Program.  When you have set up your own account in I&A properly and made Connections with the providers/organizations that you need to work on behalf of, you will only have one username and password you will have to remember.  If you perform work in NPPES, PECOS or EHR, you will be able to see all of your Connections (providers/organizations) within your login and be able to access all three systems with our login username and password.  No more usernames and passwords to document and remember. You will still have to access each product separately, but you will be able to complete all your takes on all providers/organizations at one time while in each product (NPPES, PECOS or EHR).
There are three options to set up Surrogacy. 
  1. Individual provider working for an enrolled group
  2. Enrolled organization works with a 3rd party
  3. Enrolled group (w/ individual provider) works with 3rd party
A provider with an NPI login username and password will use the same username and password to login to I&A and finish creating their profile.  The first important thing to know is that every account in I&A needs to have a unique email address.  No two accounts can utilize the same email address.   For this reason, you will need to know the proper email address for each provider/organization that you intend to work on behalf of.
As members of HBMA, you could be in the situation where you would be working on behalf of all three options above.  An appointed official with the authority to legally bind that your organization must register in I&A, and then add the organization as his/her employer, and then follow directions to send appropriate documents to EUS, which is mentioned below.
Your first step in the Surrogacy process will be to set up your own account (Authorized or Delegated Official) in I&A.  Once you have set up your account, you will want to choose an employer.  You do this by conducting a search based on the legal name of your organization and the zip code.  These are the only two identifying items you will need as I&A will go out to the IRS system to conduct a search for the legal name.  The zip code helps to identify the proper organization given that the same name could be used in different states, but not within a state.
Once you have chosen your employer, you will need to decide from a drop down menu whether you will be the AO or DO for the organization.  When you have made this decision, you will need to provide proof of your employment by mailing or emailing a copy of the IRS document that identifies your organization’s tax ID, which is usually the CP-575 form or letter 147C.  There are several options that you may choose from if you do not have one of these documents available.  If you are a newly enrolling entity, AO or DO that is not listed on an existing enrollment, or an AO or DO for a 3rd Party that does not have an NPI and does not qualify as an enrolling entity then you will need to submit IRS documentation to EUS for review prior to receiving approval for your role with the organization.
You will not be able to utilize your account or choose Connections with providers/organizations until you have been approved by External User Services (EUS).  Mailing the document will take approximately two weeks to process and you will be notified by email (remember the unique email address?).  If you have chosen to be a DO and your AO has already set up their account, you may be approved very quickly once the AO approves your account or sets it up for you.  An approved AO or DO may then set up staff users to act on behalf of the organization.
An Authorized or Delegated Official for an Organization can make a request for their organization to work on behalf of a Provider.  Once approved anyone in the Authorized or Delegated Official’s Organization (e.g. Staff) may work on behalf of that provider
Once you have set up your account(s) and any other staff, then it is time to set up Connections with providers/organizations.  There are two important steps to take here first.  Determine if you will be setting up the Connection between your organization and your providers/organizations yourself or whether you will rely upon the provider/organization to complete the process.  If you will be setting up provider/organization accounts yourself, you will be utilizing their login username and password one last time to complete the Connection for you to be their surrogate.  I highly recommend that you obtain, in writing, authorization from each provider/organization that you have their permission to be utilizing their login credentials.
If you are not going to set up each provider/organization’s account, then you will need to notify the provider/organization that you will be setting yourself and your organization up as a surrogate to work on their behalf.  Providers and organizations will receive email communications the minute you request a Connection and you will want them to complete that Connection by logging into their I&A account and to approve the Connection to your organization.
In many situations, you will be setting everything up for your providers/organizations because they will not want to be bothered with this process and, for many, this would be the first time they would ever be accessing their I&A account and probably know nothing about it.  As you make a request for a Connection to your organization on behalf of the provider/organization, you will need to choose which products (PECOS, EHR and/or NPPES) the provider/organization will grant you access on their behalf.  You do so by checking off the boxes next to the products.
As you set up each provider/organization account and request a Connection with your organization, you may log into your account as an AO/DO and approve those requests.  You will see an Approval or Rejection button for each product chosen on behalf of the provider/organization.  If the provider is completing the Connection, they do have the ability to reject a Connection request, so it is best to communicate in advance so they are informed of what to do.  Additionally, email notifications are sent to all users when new Connections are created. 
A MOST IMPORTANT NOTE:  A provider or Organization approving a Connection (Surrogate) to work on their behalf DOES NOT give that user authority to sign Medicare enrollment applications in PECOS.  All enrollment applications are still required to be signed by the Individual Provider or appropriate Official of the Organizational Provider.
It will take approximately 24 hours for this Connection to be recognized by PECOS and/or EHR.  NPPES is a completely different system and is currently not available once you have become a surrogate, but CMS expects this to be available in the future. 
As an AO or DO, you have the ability to manage your staff.  You may create Connections to allow access for staff and you can invite and manage what providers your staff may access.  You may turn access off immediately upon staff separation from your organization.
Only approved Authorized Officials and Delegated Officials of an Organization are able to create and manage connections.  If you have been authorized to perform these functions, you will need to perform a role change request on the My Profile page under the employer information section at the bottom of the page, and have your Authorized Official approve you to be a Delegated Official.  Once approved, a connection will not expire, but either party may login and remove the Connection at any time.
Authorized & Delegated Officials are able to see all the Individual Providers who have approved the 3rd Party Organization as their Surrogate. Staff need be given access to those records by an AO or DO.
Existing Users
Any Authorized Official, Staff End User, or Individual Provider who previously accessed PECOS, NPPES, or EHR already has an account.  Existing usernames and passwords previously used to access PECOS, EHR and NPPES have been converted, and may still be used in I&A. 
So now that you have completed all of this work to set up your provider/organization I&A accounts and your own/organization account(s), what benefit will this be to you?  The login username and password you chose for your account may now be used to log into PECOS, EHR and, eventually NPPES.  Once you login to PECOS, you will go to My Enrollments and you now see all the providers/organizations Medicare enrollment files available to you to access.  All with one login username and password… Yours.
The same will be the case with EHR.  Login using your username and password and all providers/organizations will be listed for you to work on EHR meaningful use registrations or attestations. 
This is a considerable timesavings, whether utilizing PECOS or EHR, from having to login in and out of multiple accounts, remembering multiple usernames and passwords.
Some Important Definitions
Organizational Provider: An Organization that provides medical items and/or services to Medicare beneficiaries (e.g. DMEPOS Supplier, Physician Group Practice, Hospital, etc...) Must have or be eligible for a Type 2 NPI in NPPES.
3rd Party Organization:  A 3rd party organization (e.g. billing agency, credentialing consultant, or other staffing company) that has business relationships with Individual Providers or Organizational Provider to work on their behalf.
Surrogate:  An employee (e.g. Staff, AO or DO) of an Individual Provider or Organizational Provider or 3rd Party Organization that is authorized to access, view, and modify information within CMS computer systems on behalf of their employer; OR an Organizational Provider that has a business relationship with an Individual Provider to access, view, and modify information within CMS computer systems on their behalf; OR a 3rd Party Organization that has a business relationship with an Individual Provider or Organizational Provider to access, view, and modify information within CMS computer systems on their behalf.

CMS Finalizes Quality Payment Program Rule for Year 2

Quality Payment Program Year 2 Policies are Gradually Preparing Clinicians for Full Implementation

Today, the Centers for Medicare & Medicaid Services (CMS) issued the final rule with comment for the second year of the Quality Payment Program (calendar year 2018), as required by the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) as well as an interim final rule with comment.

CMS listened to feedback from the health care community and used it to inform policy making. As a result, the Year 2 final rule continues many of the flexibilities included in the transition year, while also preparing clinicians for a more robust program in Year 3. CMS wants to ensure that the program consists of meaningful measurement while minimizing burden, improving coordination of care, and supporting a pathway to participation in Advanced Alternative Payment Models (APMs).

Year 2 Final Rule Highlights

We’ve finalized policies for Year 2 of the Quality Payment Program to further reduce your burden and give you more ways to participate successfully. We are keeping many of our transition year policies and making some minor changes. Major highlights include:

  • Weighting the MIPS Cost performance category to 10% of your total MIPS final score, and the Quality performance category to 50%.
  • Raising the MIPS performance threshold to 15 points in Year 2 (from 3 points in the transition year).
  • Allowing the use of 2014 Edition and/or 2015 Certified Electronic Health Record Technology (CEHRT) in Year 2 for the Advancing Care Information performance category, and giving a bonus for using only 2015 CEHRT.
  • Awarding up to 5 bonus points on your MIPS final score for treatment of complex patients.
  • Automatically weighting the Quality, Advancing Care Information, and Improvement Activities performance categories at 0% of the MIPS final score for clinicians impacted by Hurricanes Irma, Harvey and Maria and other natural disasters.
  • Adding 5 bonus points to the MIPS final scores of small practices.
  • Adding Virtual Groups as a participation option for MIPS.
  • Issuing an interim final rule with comment for extreme and uncontrollable circumstances where clinicians can be automatically exempt from these categories in the transition year without submitting a hardship exception application (note that Cost has a 0% weight in the transition year) if they were have been affected by Hurricanes Harvey, Irma, and Maria, which occurred during the 2017 MIPS performance period.
  • Decreasing the number of doctors and clinicians required to participate as a way to provide further flexibility by excluding individual MIPS eligible clinicians or groups with ≤$90,000 in Part B allowed charges or ≤200 Medicare Part B beneficiaries.
  • Providing more detail on how eligible clinicians participating in selected APMs (known as MIPS APMs) will be assessed under the APM scoring standard.
  • Creating additional flexibilities and pathways to allow clinicians to be successful under the All Payer Combination Option. This option will be available beginning in performance year 2019.

The final rule with comment further advances the agency’s goals of regulatory relief, program simplification, and state and local flexibility in the creation of innovative approaches to healthcare delivery.

Technical Support

CMS will continue to provide free hands-on support to help individual clinicians and groups participate in the Quality Payment Program.

For More Information

For more information about the Quality Payment Program, please visit:

Final Rule Enhances Medicare Provider Oversight

CMS Administrator Marilyn Tavenner today announced new rules that strengthen oversight of Medicare providers and protect taxpayer dollars from bad actors. These new safeguards are designed to prevent physicians and other providers with unpaid debt from re-entering Medicare, remove providers with patterns or practices of abusive billing, and implement other provisions to help save more than $327 million annually.

Read more: Final Rule Enhances Medicare Provider Oversight

Influenza Vaccine Payment Allowances

CMS released the Influenza Vaccine Payment Allowances for flu season 2013 – 2014.  The updated fees take effect August 1, 2013.

As a reminder with Medicare select the HCPCS code based on the vaccine given.

  • HCPCS Q2035 (Afluria®) is $11.543 (DOS 8/1/2013-7/31/2014)
  • HCPCS Q2036 (Flulaval®) is $8.579 (DOS 8/1/2013-7/31/2014)
  • HCPCS Q2037 (Fluvirin®) is $14.963 (DOS 8/1/2013-7/31/2014)
  • HCPCS Q2038 (Fluzone®) is $12.044 (DOS 8/1/2013-7/31/2014)

Read more: Influenza Vaccine Payment Allowances