TPA_PRA_Form_Revision_ track changes

TPA_PRA_Form_Revision_4.2 to 4.3_CMS_7-08-24 with track changes-RS.docx

The HIPAA Eligibility Transaction System (HETS) (CMS-10157)

TPA_PRA_Form_Revision_ track changes

OMB: 0938-0960

Document [docx]
Download: docx | pdf









Shape1

MEDICARE HIPAA ELIGIBILITY TRANSACTION SYSTEM (HETS) TRADING PARTNER

AGREEMENT (TPA)


CMS-Version 4.3










TABLE OF CONTENTS

FORM INSTRUCTIONS 1

CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS) 1

TRADING PARTNER AGREEMENT 1

I. BACKGROUND 2

II. AUTHORIZED USES 2

III. SYSTEM INTEGRITY 2

IV. CONNECTIVITY 3

V. ASSURANCES 3

APPENDIX A REFERENCES REQUIRED 5

APPENDIX B - INFORMATION REQUIRED TO REQUEST ACCESS TO HETS REQUIRED 6

APPENDIX C CONNECTIVITY REQUIRED 7

APPENDIX D OFFSHORE DATA PROTECTION SITUATIONAL (IF YOU HAVE OFFSHORE ARRANGEMENT) 8



Shape6

FORM INSTRUCTIONS

Shape7

Check 1 box to indicate the type of Agreement you’re submitting.
Initial Trading Partner Application

Annual TPA Recertification Other TPA Update

Shape8

CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS) TRADING PARTNER AGREEMENT

Shape9

For the use of the Medicare Health Insurance Portability and Accountability Act of 1996 (HIPAA) Eligibility Transaction System (HETS) to share health care eligibility inquiry and response transactions.

This Trading Partner Agreement (“Agreement”) is made on <Enter Date> CMS and .


The Trading Partner intends to conduct eligibility transactions with CMS in electronic form. Both parties acknowledge and agree the data privacy and security are the highest priority. Each party agrees to take all steps reasonably necessary to ensure all electronic transactions between them conform to HIPPA and its regulations . Unless defined in this Agreement, all terms have the same meaning as in the regulations to implement the Administrative Simplification provisions of HIPAA at 45 CFR Parts 160-164.

Shape10

PAPERWORK REDUCTION ACT (PRA) DISCLOSURE STATEM ENT

The Paperwork Reduction Act of 1995 states no one must respond to a collection of information unless it displays a valid OMB control number. The valid OMB control number for this information collection is 0938-0960 expires April 30, 2025. We estimate it’ll take about 15 minutes to respond, including time to review instructions, search existing data resources, gather data, and complete and review the information collection. If you have comments about the accuracy of the time estimate or suggestions for improving this form, please write to:
CMS
7500 Security Boulevard
Attn: PRA Reports Clearance Officer
Mail Stop C4-26-05
Baltimore, Maryland 21244-1850
Don’t send applications, claims, payments, medical records or any documents with sensitive information to the PRA Reports Clearance Office. We won’t review, forward, or keep any correspondence not about the information collection burden approved under the associated OMB control number listed on this form. If you have questions about where to submit your documents, please contact the MCARE Help Desk at 1-866-324-7315 or mcare@cms.hhs.gov.



Shape15

  1. BACKGROUND

Shape16

CMS maintains the integrity and security of Medicare health care data according to applicable laws and regulations. The Privacy Act of 1974 (Privacy Act) and HIPAA restricts disclosing Medicare beneficiary eligibility data. HETS is for health care providers and suppliers (collectively referred to as “providers”).

We administer HETS as a covered entity under HIPAA rules. HETS uses the ASC X12 270/271 standard. This Agreement is for non-CMS entities that want to get Medicare eligibility information.. We’ll use information in this Agreement to establish connectivity, define data exchange requirements, and explain the responsibilities of HETS Trading Partners.

Shape17

  1. AUTHORIZED USES

Shape18

You can only use Medicare eligibility data for Medicare FFS activities, including preparing accurate FFS claims or determining eligibility for certain services. Review Appendix A for what’s authorized and unauthorized in the HETS Rules of Behavior.

You can’t electronically store or reuse Medicare beneficiary Protected Health Information (PHI) you got from HETS,except:

  • To record transaction processing history

  • For security procedures, like routine system backups for disaster recovery

  • To update patient records in the Medicare Fee-for-Service (FFS) provider’s system

You and your Business Associates, as defined by 45 CFR§160.103, must comply with the HETS Rules of Behavior when you store data.

Shape19

  1. SYSTEM INTEGRITY

Shape20


The Centers for Medicare & Medicaid Services (CMS) monitors inquiries in HETS, and we’ll contact you if we find discrepancies. For example, we’ll check if you submit a high ratio of eligibility inquiries compared to your FFS claims. If we suspect improper use or if you violate these rules of behavior, we may suspend you, place you on a corrective action plan, or refer you for investigation and you could be subject to other penalties, including civil or criminal actions.


Shape21

  1. CONNECTIVITY

Shape22


You can connect to HETS via the extranet or internet.


  • Extranet:

    • Transmission Control/Internet Protocol (TCP/IP)

  • Internet:

    • Simple Object Access Protocol (SOAP) + Web Services Description Language (WSDL)

    • Hypertext Transfer Protocol (HTTP) / Multipart Internet Mail Extensions (MIME)

You must submit the required information in Appendix B to request connectivity. Review the HETS 270/271 Companion Guide for more information.

Shape23

  1. ASSURANCES

Shape24

Your access to HETS is contingent on your assurances in this section. We can revoke HETS access without notice if we determine that you’re not complying with these assurances.

You agree to and assure:



No.

Assurance

Agreement

1.

I’ll abide by all applicable federal laws, regulations, and guidance governing access to, use of, and disclosure of:

  • CMS data

  • PHI as defined in 45 CFR §160.103

  • Personally Identifiable Information (PII) as defined in OMB Memorandum M-17-12 (January 03,2017)

I understand that individuals or entities may be subject to civil or criminal penalties for failing to abide by such provisions.



Shape25 Shape26

Agree Disagree


No.

Assurance

Agreement

2.

I’ll cooperate with CMS and its contractors to test the transmission and processing systems to ensure the accuracy, timeliness, completeness, and security of each data transmission before initiating any transmission in HIPAA standard 270/271 transaction format, and through the term of this Agreement.


Shape27 Shape28

Agree Disagree

3.

I’ll take reasonable care to ensure the information I submit in each electronic transaction is timely, complete, accurate, and secure, and I’ll take reasonable precautions to prevent unauthorized access of the transmission and processing systems. I’ll ensure that each electronic transaction I submit to CMS conforms with the requirements applicable to the transaction.


Shape29 Shape30

Agree Disagree

4.

I’ll only submit electronic transactions for an active enrolled Medicare FFS provider or a Business Associate working on behalf of active enrolled Medicare FFS providers. I agree to notify CMS when my relationship with a Medicare FFS provider begins and ends. Business Associates must provide current information about the FFS providers they submit transactions for according to the HETS Rules of Behavior. I understand and agree that CMS reserves the right to confirm the status of a Business Associate relationship with a FFS provider directly.




Shape31 Shape32

Agree Disagree

5.

I’ll notify CMS of a change in Business Associate representation consistent with the HETS Rules of Behavior.

Shape33 Shape34

Agree Disagree

6.

I’ll comply with the HETS Rules of Behavior, referenced in Appendix A, including referencing the HETS Rules of Behavior in business associate contracts.

Shape35 Shape36

Agree Disagree

7.

This Agreement takes effect and is binding when both CMS and I sign.

Shape37 Shape38

Agree Disagree

8.

If this Agreement ends or expires, I’m still obligated under this Agreement and under federal and state laws and regulations to ensure the privacy and security of PHI and PII, and confidentiality of CMS proprietary information.


Shape39 Shape40

Agree Disagree

9.

If I perform Medicare work offshore (any location outside of the United States where U.S. law is non-binding), I attest to the terms specified in Appendix D. If I don’t perform any Medicare work offshore or directly or indirectly employ any offshore labor, I will mark this assurance as ‘Not Applicable.’


Shape41

Agree Disagree

Shape42 Shape43

Not Applicable

The person listed below must be authorized to bind your organization as a HETS Trading Partner. By completing and signing the section below, you agree that your organization will comply with the provisions of this Agreement.


Trading Partner Authorized Representative Signature

Title

Printed Name of Trading Partner Authorized Signer

Date Signed

Telephone Number

E-Mail Address


Shape44

Shape45
APPENDIX A REFERENCES REQUIRED

HETS Rules of Behavior

The HETS Rules of Behavior explains your responsibilities to get and use Medicare eligibility data. You must comply with the HETS Rules of Behavior to use HETS.

HETS Authorized Representative Roles and Responsibilities

The Authorized Representative (AR) Roles and Responsibilities explains your role as the Trading Partner Authorized Representative. It’s written confirmation you understand your responsibilities related to HETS.


Acknowledgement


You must acknowledge to complete this Agreement:

Shape46 I acknowledge I read, understand, and will follow the HETS Rules of Behavior. I also shared the HETS Rules of Behavior with my customers or users and will enforce compliance.

Shape47 I acknowledge I read, understand, and will follow the HETS Authorized Representative Roles and Responsibilities


Shape48

APPENDIX B - INFORMATION REQUIRED TO REQUEST ACCESS TO

HETS REQUIRED

________________________________________________________________________


Trading Partner Organization’s Information:


You must complete all fields in this table.

Trading Partner Organization Name:

Trading Partner Organization Legal Business Name:

Trading Partner Organization Billing Address:

City

State

Zip Code

Trading Partner Organization Physical Address:

City

State

Zip Code

Trading Partner Organization Technical Representative Name:


Trading Partner Organization Technical Representative Telephone Number:

Trading Partner Organization Technical Representative E-mail Address:

Note: CMS requires only one National Provider Identifier (NPI) from an active and valid enrolled Medicare provider on this form. You’ll have the opportunity to provide other NPIs later.

Medicare Provider’s Name:

Medicare Provider’s NPI:




Trading Partner Organization Security Officer Contact Information (Optional):


Name: (Optional)

Title: (Optional)

Telephone number: (Optional)

E-mail address: (Optional)




Shape49

APPENDIX C CONNECTIVITY REQUIRED

Indicate the type of connectivity.



Extranet:

Shape50 Shape51

Yes No

If yes, Name of Network Service Vendor (NSV) used


Internet:

Shape52 Shape53

Yes No

If yes, Message Envelope Used

Shape54 Shape55

SOAP + WSDL HTTP MIME Multipart


Trading Partner IP Address (es) for SOAP/MIME transaction (if sending multiple IP addresses, use a Classless Inter-Domain Routing (CIDR) notation, i.e., 192.0.1.0/24)

SOAP + WSDL and HTTP MIME Multipart submitters only must fill out the fields below.



IP Address(es):


X.509 Digital Certificate Issuer Name:


X.509 Digital Certificate Type:


X.509 Digital Certificate Serial Number:



If you use SOAP + WSDL or HTTP MIME Multipart, you must include a copy of your organization’s public x.509 digital certificate as a separate attachment. We won’t process agreements without a copy of the public digital certificate.


Shape56 I agree to include the originating IP address on every transaction to HETS. We’ll revoke your HETS access if you purposefully manipulate or obscure the originating IP address(es).




Shape57


Shape58

APPENDIX D OFFSHORE DATA PROTECTION SITUATIONAL (IF YOU HAVE OFFSHORE ARRANGEMENT)

Shape59

Offshore Data Protection Safeguards

Affirm all the following safeguards are actively in place.

Attestation of Safeguards to Protect Beneficiary Information Offshore


No.

Assurance

Agreement

1.

Offshore arrangement include policies and procedures to ensure Medicare beneficiary PHI and PII privacy and security, and CMS proprietary information confidentiality.

Shape60 Shape61

Agree Disagree

2.

Offshore arrangement prohibits access to Medicare data not associated with the offshore agreement.

Shape62 Shape63

Agree Disagree

3.

Offshore arrangement includes policies and procedures to immediately terminate offshore work if there’s a significant security breach.

Shape64 Shape65

Agree Disagree

4.

Offshore arrangement will take reasonable precautions to prevent unauthorized access to the parties’ transmission and processing systems.

Shape66 Shape67

Agree Disagree

5.

Offshore arrangement must comply with the HETS Rules of Behavior (Appendix A).

Shape68 Shape69

Agree Disagree



The Trading Partner Authorized Representative must be able to attest to the Offshore Data Protection Safeguards Appendix D of the Agreement. Please complete the table below and then check the box at the bottom of the form to acknowledge your offshore data protection responsibilities.



Offshore Work Site Organization Name*

Offshore Work Site Organization Address including Country Name*

Offshore Work Site Organization Originating

IP Address(es)*


























































*If multiple Organizations, then provide all

Note: Enter each/every Offshore Work Site’s non-US Originating IP Addresses


Acknowledgement


You must acknowledge to complete this Agreement:

Shape70 I, the Trading Partner Authorized Representative, acknowledge I have read and understand the offshore data protection safeguards. I will ensure that the offshore organizations and addresses listed above will follow the offshore data protection safeguards.


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleMEDICARE HIPAA ELIGIBILITY TRANSACTION SYSTEM (HETS) TRADING PARTNER AGREEMENT (TPA)
SubjectMEDICARE HIPAA ELIGIBILITY TRANSACTION SYSTEM (HETS) TRADING PARTNER AGREEMENT (TPA)
AuthorCenters for Medicare & Medicaid Services
File Modified0000-00-00
File Created2024-10-07

© 2024 OMB.report | Privacy Policy