Medicare Compliance & Reimbursement

Industry Notes:

CMS Rolls Out MFA for Online Provider Enrollment

Plus: CMS updates waivers and guidance for those impacted by Hurricane Dorian.

Hackers continue to target healthcare with more sophisticated schemes and malware, infiltrating systems and even hijacking the feds. CMS aims to thwart these types of cyber attacks with the help of multifactor authentication (MFA).

The Centers for Medicare & Medicare Services (CMS) is implementing MFA as a “second layer of security” across its various provider enrollment systems, including the Identity & Access (I&A) System, Provider Enrollment, Chain and Ownership System (PECOS), and National Plan and Provider Enumeration System (NPPES), notes Part B Medicare Administrative Contractor (MAC) NGS Medicare in a news alert on the subject.

“MFA is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction,” reminds NGS Medicare.

Timeline: CMS plans to stagger implementation of MFA over the next several months with the I&A System toggled over on Sept. 9. NPPES is slated for a December 2019 start date while PECOS is supposed to begin MFA for providers in April 2020.

Once MFA is up and running, providers in the Medicare program will need their usernames and passwords as well as an additional one-time passcode to log into one of the systems. 

Questions: According to NGS, providers should contact the “EUS Help Desk with any questions related to CMS Provider Enrollment Systems MFA setup,” including implementation issues, MFA login concerns, account resets, and more.

Find the link to EUS support at  https://eus.custhelp.com.

In other news…

If your practice was impacted by the path of Hurricane Dorian, the feds have uploaded emergency information for Medicare providers.

HHS Secretary Alex Azar has declared public health emergencies (PHEs) in Georgia, Florida, North Carolina, South Carolina, and Puerto Rico. Once a PHE is declared then the HHS Secretary may invoke Section 1135 of the Social Security Act (SSA), which allows Azar to waive or modify certain Medicare, Medicaid, CHIP, and HIPAA requirements. These updates cover the essentials you’ll need to submit claims after disaster strikes.

The Centers for Medicare & Medicaid Services (CMS) has added its support with new information to help providers, too, including links, FAQs, and waiver dos and don’ts.

“We are extremely concerned about those who are in harm’s way and affected by Hurricane Dorian and CMS is doing everything within its authority to provide assistance and relief to everyone impacted by the devastation of this storm,” said CMS Administrator Seema Verma in a release. “It is our priority to make sure we coordinate with our federal, state, and local partners to make sure our beneficiaries have the access to healthcare and other critical life-saving and sustaining services they may need.”

Find the most updated Hurricane Dorian information at  www.cms.gov/About-CMS/Agency-Information/Emergency/EPRO/Current-Emergencies/Current-Emergencies-page.html.