CMS upends Medicare Advantage supplemental benefits data reporting for payers

On February 21, 2024, the Centers for Medicare & Medicaid Services (CMS) issued new guidance via a memorandum to Medicare Advantage (MA) organizations, Program of All-Inclusive Care for the Elderly (PACE) organizations, and Demonstration Organizations (collectively, Plans) that upends how these Plans have been reporting (or not reporting) encounter information for their covered supplemental benefits. The guidance in the memorandum is effective retroactively to January 1, 2024.

Below is a Q&A explaining the top points of the guidance and highlight its impact on companies across industries.

What are supplemental benefits?

Plans are required to offer coverage for all items and services covered by the original Medicare fee-for-service program, referred to as “Part A” and “Part B” benefits or “basic” benefits. Plans are permitted – but not required – to offer additional benefits that supplement original Medicare benefits.

While there are stringent requirements for which items and services can qualify as supplemental benefits, Plans offer a broad range of supplemental benefits that vary from plan to plan. Supplemental benefits may expand coverage for basic benefits (eg, add more days of coverage). They may also add entirely new benefits.

The most common supplemental benefits are vision, dental, and hearing benefits, none of which are covered under original Medicare. Other examples have included acupuncture, bathroom safety devices, routine chiropractor services, and wigs for hair loss related to chemotherapy. Some supplemental benefits go beyond a healthcare item or service, such as non-emergency transportation, in-home safety assessments, enhanced disease management, and even readmission prevention services. Certain telehealth services may qualify as supplemental benefits as well.

While most common supplemental benefits are furnished by traditional healthcare “providers,” other, more non-traditional types of supplemental benefits are often provided by individuals or entities that are not enrolled in the original Medicare program and may not even fall within Medicare’s definition of a “provider.”

For example, a Plan can offer a “fitness” benefit, such as a gym membership or yoga classes. It can also offer coverage for over-the-counter (OTC) items and products, which may include healthcare-related items (eg, Band-Aids) or non-healthcare-related items (eg, groceries for certain patient populations). Those OTC products may be funded via pre-funded debit cards for use at non-healthcare retailers, such as “big box” retailers and grocery stores. Neither the gyms nor those retailers and grocery stores are licensed medical providers or facilities.

Supplemental benefits are either funded through certain “rebates” paid by CMS to Plans, whose annual bid submissions fall under a benchmark set by CMS each year, or by Medicare beneficiaries when they enroll in the plan as part of their monthly premium payment obligations.

Tell me more about the Plans’ obligation to report MA encounter data.

Encounter data represents the records of the items and services provided to MA enrollees and submitted to Plans as part of the claim or other submission process requesting payment for the covered items or services. Plans then submit this data to CMS primarily for “risk adjustment” purposes.

CMS makes advance payments to Plans on a per-beneficiary-per-month basis but adjusts those payments to account for risks related to beneficiaries who may cause a Plan to incur higher than typical costs. The risk adjustment relies on diagnoses included within encounter data from the prior plan year, but CMS also uses Medicare fee-for-service data to predict anticipated costs associated with those diagnoses.

CMS may use encounter data for other purposes as well, such as for program oversight and quality improvement activities. CMS does not require Plans to submit all encounter data but has instead provided instructions detailing certain minimum data elements that must be submitted, including information about the providers, enrollees, diagnoses, procedures, payment information, and dates of service.

CMS has been collecting this encounter data from Plans for about a decade via Plans’ submissions through the MA Encounter Data System (EDS) in accordance with a variety of technical instructions.

Why have supplemental benefits been historically difficult to report?

Per the memorandum, and pursuant to 42 CFR 422.310, CMS expects Plans to report not only encounter information for basic benefits but for “all items and services,” including supplemental benefits. While CMS has taken the position that encounter data for all supplemental benefits has always been required to be submitted, past CMS guidance and the EDS submission requirements have not provided clear directions or options for submitting data on supplemental benefits that are not traditional healthcare services.

Issues with reporting supplemental benefits were captured in a US Government Accountability Office (GAO) report in January 2023. That GAO report identified two primary obstacles to reporting usage of supplemental benefits: (1) confusion about reporting requirements and (2) challenges with procedure codes (eg, where the benefit did not have an associated procedure code).

CMS now acknowledges that Plans have not “regularly” submitted “some” supplemental benefits to the EDS, and that EDS would only accept submissions if certain data elements were provided, even though those elements did not apply to many types of supplemental benefits. CMS sees the February 2024 memorandum as providing the necessary technical instructions for Plans to submit encounter data records (EDRs) to EDS for every type of supplemental benefit.

What does memorandum’s new guidance require?

The new guidance in the CMS memorandum and the associated technical instructions provide detailed rules and guidelines for submitting EDRs for supplemental benefits. The following highlights some key issues covered in the memorandum:

• CMS sets out a “guiding principal” for reporting utilization of supplemental benefits.

In what it deems to be its “guiding principle,” CMS expects Plans to submit a record of utilization for “every individual instance” an enrollee uses a supplemental benefit.

• Reporting should follow CMS’s technical instructions issued via its Customer and Service Support Center (CSSC).

All submissions will need to comply with the technical instructions issued by CMS through its CSSC. The CSSC website contains a number of relevant documents that should be carefully reviewed and operationalized.

• Reporting requirements will vary from supplemental benefit to supplemental benefit.

The specific reporting requirements will vary based on the type of supplemental benefit and may be impacted by the specific benefit’s utilization pattern or payment type and frequency. Plans are encouraged to carefully follow the special rules and flexibilities for each type of benefit. For example, the memorandum includes instructions specific to dental benefit reporting. CMS will make various default codes available for supplemental benefits that do not have an associated diagnosis, procedure, or revenue code (eg, transportation, meals, gym memberships, and even OTC products, in certain circumstances).

Additionally, despite its “guiding principal,” CMS might not always expect each instance of utilization to be reported, particularly with respect to benefits like gym memberships, and perhaps even allowances or payment cards, among others.

Reporting memberships for access to services (eg, gyms) may vary based on how payment is made. For example, if a Plan pays monthly and the membership is used for three months, it would report EDR each of the three months; if a Plan pays annually, it would report EDR annually.

CMS strongly encourages the submission of “each use” of allowances and payment cards, including the items and services being paid for. However, CMS is willing to accept reports of the amount of the allowance used based on the card periodicity “when per-utilization reporting is not practicable.” If an allowance or a multi-purse debit card covers more than one type of benefit, CMS will expect reporting to separate spending by category.

• Reporting must use a Supplemental Benefits Indicator when reporting benefits to EDS.

CMS has developed a Supplemental Benefits Indicator to identify supplemental benefits reported through EDS. Without delving into the technical details, the Indicator will allow CMS to distinguish between basic and supplemental benefits more easily.

When does the CMS memorandum’s guidance take effect?

The guidance took effect on January 1, 2024. More specifically, the CMS memorandum’s guidance applies to data for supplemental benefits with contract year (CY) 2024 dates of service. While the memorandum purports to allow Plans time to build out the necessary capabilities for submitting this data, the memorandum does not offer any formal grace period and continually emphasizes the need to meet the requirements of the memorandum “as soon as possible” and otherwise begin submitting the minimum EDR data elements if they “have or can obtain” those elements.

Each year, CMS publishes updated information on the deadline for submitting risk adjustment data, including EDS data, via memorandum. According to the latest memorandum, dated May 5, 2023, the deadline for data related to CY 2024 dates of service (up to June 30, 2024) is September 6, 2024. CMS encourages the data to be submitted throughout each collection period and “well in advance” of any applicable deadlines. While the submission deadline is months away, the collection period for CY 2024 data is well under way.

Why is CMS issuing this memorandum now?

This memorandum was just a matter of time. The aforementioned GAO report hinted that CMS was already assessing the completeness of supplemental benefits encounter data. It is unsurprising that CMS would look to increase its collection of data on the utilization and coverage of supplemental benefits, especially with the growth in supplemental benefit offerings and utilization in recent years (as described by CMS in the memorandum).

What is the risk if Plans do not comply with the memorandum?

The potential risk here could be significant. CMS views reporting of encounter data as expressly required by Medicare regulations. Therefore, any non-compliance could result in CMS making use of one or more of its enforcement tools, including intermediate sanctions with costly fines and other sanctions, such as prohibitions on marketing and new enrollments, and even potentially contract termination. Additionally, any data submitted to CMS in this capacity that is known to be false or fraudulent could serve as the basis for allegations of false claims or other non-compliance.

I am a provider of supplemental benefits, but I am not a Plan. How does this memorandum impact me?

Any downstream providers of supplemental benefits are encouraged to be equally cautious. These providers are neither directly subject to MA laws and rules, nor under direct contractual obligations to CMS, like the Plans. CMS will generally look directly to the Plans for non-compliance by downstream entities. Still, the encounter data originates with these providers and may be submitted by the providers or via intermediaries that hold contracts directly with the Plans. Any incomplete or inaccurate data could lead to allegations of breach of contract and other damages and could entail other liability, such as false claims allegations.

Understood, but I am not a traditional “healthcare” provider. I run a gym or sell groceries or operate a non-emergency transportation service. Will data for my services really be reported to CMS via the EDS?

Yes, it will. If your services are covered by Plans and paid for as a supplemental benefit, Plans will look to capture all necessary data and submit it to CMS in a manner that is consistent with the new guidance in the memorandum and any related technical instructions. If your items or services are provided to Plan enrollees pursuant to a contract with the Plan or an intermediary contracting on behalf of the plan, that contract may impose data reporting or other record maintenance requirements.

In light of this new guidance and related technical instructions, the Plan or its intermediary may approach you to arrange for the provision of additional extension data and records. If Plans are unable to obtain all of the necessary data elements from any of their downstream contractors, they may need to consider terminating those relationships in favor of contractors who are in a position to support the Plans’ compliance obligations.

What should we do right now?

The specific next steps will depend on whether you are a Plan, a provider, or an intermediary. At a minimum, each should assess how the new guidance in the memorandum impacts their operations and arrangements with respect to Plan enrollees.

Additionally:

• If you are a Plan, compliance is effectively required now. Is your data collection and reporting consistent with the guidance and technical instructions? Do you have gaps in that data collection and reporting, or are there any areas in which you diverge from CMS’s expectations? Do your providers and other data sources provide you with everything you need to comply with this guidance?
• If you are a traditional or non-traditional provider, are you meeting your existing contractual obligations for generating and reporting data? Do those contracts impose fines, penalties, or other sanctions that increase your risk with respect to data submissions? If you are approached by a Plan to start providing additional data or at different frequencies, do you understand your obligations, and are you prepared to do so?
• If you are neither a Plan nor a provider, but an intermediary of some sort, are you assessing your upstream Plan relationships and downstream provider networks to ensure that data is available or can be available as necessary for Plans to comply with the guidance? If you offer services such as carded capabilities, does your platform generate the necessary information to support Plan reporting (which may involve reports of each item or service purchased through the card)? Will that additional, detailed data show any gaps in compliance in how the card or other platforms have been used to obtain covered or even non-covered items and services?

Given the current state of reporting of supplemental benefits as described in the GAO report and in the CMS memorandum, Plans, providers, and others that support the coverage and provision of supplemental benefits may find that their current data reporting requires adjustments to contractual obligations, compliance program policies and procedures, and business models and arrangements. Because this guidance is retroactively applied, all are encouraged to start their assessments now.

Please contact the authors for more information.