Fraud Prevention Resources

CMS has published information about helping patients avoid fraud and scams, which may be particularly important with the release of the New Medicare Cards.

Medicare will never call beneficiaries uninvited and ask for personal or private information to get their new Medicare Number and card.  Scam artists may try to get personal information (like their current Medicare Number) by contacting them about their new card.  If your Medicare patient is asked for their information, for money, or someone threatens to cancel their health benefits if they don’t share their personal information, have them call 1-800-MEDICARE (1-800-633-4227).

The new Medicare Number is also called the Medicare Beneficiary Identifier (MBI) and is replacing the current Social Security-based Health Insurance Claim Number (HICN) on Medicare health insurance cards.  Medicare will continue to accept the HICN through the transition period; see https://www.cms.gov/Medicare/New-Medicare-Card/index.html#target.  Identity theft resources for people with Medicare can be found at https://www.medicare.gov/forms-help-and-resources/identity-theft/identity-theft.html.

Cyber Crime Reporting

The following message is from CMS.

If you are the victim of ransomware or have cyber threat indicators to share

If you or your organization is the victim of a ransomware attack, please contact law enforcement immediately.

1. Contact your FBI Field Office Cyber Task Force, at https://www.fbi.gov/contact-us/field-offices/field-offices , immediately to report a ransomware event and request assistance.  These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
2. Report cyber incidents to both of the following:
   • The US Computer Emergency Readiness Team (US-CERT) at https://www.us-cert.gov/forms/report
   • The FBI’s Internet Crime Complaint Center at https://www.ic3.gov/default.aspx 
3. For further analysis and healthcare-specific indicator sharing, please also share these indicators with the HHS Healthcare Cybersecurity and Communications Integration Center (HCCIC) via email to HCCIC_RM@hhs.gov

HIPAA FAQ re Loved Ones

The HHS Office of Civil Rights (OCR) has issued a new FAQ clarifying that the HIPAA Privacy Rule permits disclosures to loved ones regardless of whether they are recognized as relatives under applicable law.  The FAQ, while applicable in a variety of circumstances, was developed in large part to address confusion following the 2016 Orlando nightclub shooting about whether and when hospitals may share protected health information with patients’ loved ones.  In particular, the FAQ makes clear that the potential recipients of information under the relevant permissive disclosure provisions of the law are not limited by the sex or gender identity of the person.  

In tandem, OCR is updating its existing Guidance on several provisions within the HIPAA Privacy Rule that recognize the integral role that a spouse often plays in a patient’s health and health care.  Consistent with a recent Supreme Court decision, OCR is issuing updated guidance that makes clear that the terms marriage, spouse, and family member include, respectively, all lawful marriages (whether same-sex or opposite-sex), lawfully married spouses and the dependents of all lawful marriages, and clarifies certain rights of individuals under the Privacy Rule.

Find the Guidance and a link to the FAQ at https://www.hhs.gov/hipaa/for-professionals/special-topics/same-sex-marriage/index.html .

Holiday Eating

The November issue of the Northwest Renal Network’s provider newsletter, Network 16 News, is all about eating at other people’s houses during the holidays without disrupting your dialysis routine.  Find a copy at https://www.nwrn.org/providers-and-professional-staff/nw16n.html .  The National Kidney Foundation has a different list of tips for holiday eating – both lists are very useful – which you can find at https://www.kidney.org/content/tips-happy-healthy-holidays-dialysis-diet .

The November Network 16 News also includes an Announcement on the Network’s 2017 Quality Improvement Activities, a Question Corner on protected health information, and Hot Dates for the NWRN Annual Conference in Seattle March 2-3, 2017, and the NKF Spring Clinical Meetings in Orlando FL April 18-22, 2017.  Get the latest information on these and other professional and staff education meetings from the Facility Calendar in the menu bar at the top of this page.

11/1 SSN Removal Call

On November 1, 2016 CMS will hold an Open Door Forum conference call on the removal of Social Security Numbers from Health Insurance Claim Numbers (HICN).  HICNs will be replaced by randomly created Medicare Beneficiary Identifiers (MBIs) starting in 2018.  For more information see https://nwrnbulletins.wordpress.com/2016/09/29/mbi-replaces-hicn/ .  

The call well be held at 11am PDT, 800-837-1935, conference ID 98745631.  For TTY services, dial 800-855-2880.  CMS requests that participants dial in at least fifteen minutes before the scheduled start time.  

CMS has also advised that between now and 2018, all patients and facilities should make sure that their mailing addresses are kept current.  MBIs will be mailed to patients, and facilities will have to ask patients for their MBI.  Patient addresses in the Medicare, SSA, and CROWNWeb databases should all agree, with a correct and complete address to which the US Postal Service delivers.

MBI Replaces HICN

Over the next three years, CMS will replace their traditional Health Insurance Claim Number (HICN) patient identifiers with a new Medicare Beneficiary Identifier (MBI).  New Medicare Cards will be sent to all Medicare beneficiaries starting in April 2018, and all providers will be expected to have modified their software to accept MBIs by then.  Between April 2018 and December 2019, either the HICN or the MBI will be accepted by CMS.  After December 2019, the HICN will no longer be accepted.  

The MBI will have eleven characters, numbers and upper-case letters only.  A 2015 law (MACRA) requires CMS to remove Social Security Numbers (SSN) from Medicare identifiers.  You may encounter the new acronym SSNRI, for the CMS SSN Removal Initiative.  For more information see https://www.cms.gov/Medicare/SSNRI/Index.html and https://www.cms.gov/Medicare/SSNRI/Providers/Providers.html .

Medical Consumer Protection

Medicare acknowledges Consumer Protection Week by publishing a table of guidelines to help medical consumers make important choices about finances, health, privacy, and more, in their “Five Ways to Become an Informed Medical Consumer” post on the official Medicare Blog.  Each of the Five Ways links to in-depth information.  Find the post at http://blog.medicare.gov/2016/03/07/informed-medicare-consumer/ .

Another effort to increase protections for medical consumers is the CDC Foundation Safe Injection Practices Coalition’s “One and Only Campaign,” using the motto “One Needle, One Syringe, Only One Time.”  You can find a great deal more information about this campaign at http://www.oneandonlycampaign.org/ .