HICN and MBI News

CMS has announced several new resources to help facilities prepare for the conversion from Health Insurance Claim Numbers (HICN) to Medicare Beneficiary Identifiers (MBI), in order to remove Social Security Numbers from Medicare identifiers.  The conversion is called the Social Security Number Removal Initiative or SSNRI.  The resources include:

Beginning in April 2018, CMS will start sending new MBI Medicare cards to all beneficiaries.  It is recommended that facilities begin using the new Identifiers as soon as possible.  A transition period, where providers can use either HICN or MBI to exchange data with CMS, will begin no earlier than April 1, 2018, and run through December 31, 2019.

Transplant, EHR Rule Changes

CMS has published in the November 14, 2016 Federal Register a final rule with comment period and interim final rule with comment period that makes technical changes to standards and requirements for Organ Procurement and Transplant (sections XV-XVII), and for Electronic Health Records and Hospital Information Exchange (section XVIII), and includes the related information collection burdens (section XXI D-F).  The effective date will be January 1, 2017.  See https://www.federalregister.gov/documents/2016/11/14/2016-26515/medicare-program-hospital-outpatient-prospective-payment-and-ambulatory-surgical-center-payment .

11/1 SSN Removal Call

On November 1, 2016 CMS will hold an Open Door Forum conference call on the removal of Social Security Numbers from Health Insurance Claim Numbers (HICN).  HICNs will be replaced by randomly created Medicare Beneficiary Identifiers (MBIs) starting in 2018.  For more information see https://nwrnbulletins.wordpress.com/2016/09/29/mbi-replaces-hicn/ .  

The call well be held at 11am PDT, 800-837-1935, conference ID 98745631.  For TTY services, dial 800-855-2880.  CMS requests that participants dial in at least fifteen minutes before the scheduled start time.  

CMS has also advised that between now and 2018, all patients and facilities should make sure that their mailing addresses are kept current.  MBIs will be mailed to patients, and facilities will have to ask patients for their MBI.  Patient addresses in the Medicare, SSA, and CROWNWeb databases should all agree, with a correct and complete address to which the US Postal Service delivers.

HIPAA, Deception, Cloud, Audits

The Federal Trade Commission has published guidance that goes beyond HIPAA, pointing out that it’s also illegal to phrase your HIPAA statements to patients in what could be construed as a deceptive manner.  An example would be to say on page one of a disclaimer form that the patient’s information will go only to their doctor, but on page three ask them to sign authorization to send their information elsewhere.  For details see https://www.ftc.gov/tips-advice/business-center/guidance/sharing-consumer-health-information-look-hipaa-ftc-act .

HIPAA has also recently added or emphasized new or revised guidance on:

MBI Replaces HICN

Over the next three years, CMS will replace their traditional Health Insurance Claim Number (HICN) patient identifiers with a new Medicare Beneficiary Identifier (MBI).  New Medicare Cards will be sent to all Medicare beneficiaries starting in April 2018, and all providers will be expected to have modified their software to accept MBIs by then.  Between April 2018 and December 2019, either the HICN or the MBI will be accepted by CMS.  After December 2019, the HICN will no longer be accepted.  

The MBI will have eleven characters, numbers and upper-case letters only.  A 2015 law (MACRA) requires CMS to remove Social Security Numbers (SSN) from Medicare identifiers.  You may encounter the new acronym SSNRI, for the CMS SSN Removal Initiative.  For more information see https://www.cms.gov/Medicare/SSNRI/Index.html and https://www.cms.gov/Medicare/SSNRI/Providers/Providers.html .

10/12-10/19 HIPAA Conference

The HHS Office for Civil Rights and the National Institute for Standards and Technology will co-host a conference October 19-20, 2016 in Washington DC on Safeguarding Health Information: Building Assurance through HIPAA Security.  Register at https://www2.nist.gov/news-events/events/2016/10/safeguarding-health-information-building-assurance-through-hipaa-security by October 12, 2016.