The Government Accountability Office (GAO) has released findings of its most recent review of the IT system used by the Centers for Medicare & Medicaid Services (CMS) to verify the eligibility of Medicare beneficiaries. GAO's analysis concludes that CMS effectively upgraded the HIPAA Eligibility Transaction System (HETS).[See also: Medicare stable until 2024, trustees report ]
According to the GAO, 244 entities were using HETS in 2012, including about 130 providers, 104 clearinghouses that provide data exchange services to about 400,000 healthcare providers, and 10 Medicare contractors that help CMS process claims for services. From January through June 2012, HETS processed each month an average of 1.7 million to 2.2 million queries per day with most of the queries submitted between the hours of 8:00 a.m. and 4:00 p.m. eastern time.
Users of the system interviewed by GAO said they were satisfied with the system. According to GAO, CMS has resolved operational issues it had in 2010 and 2011. System performance reports for the first six months of 2012 showed that the average response time per transaction was less than three seconds. Users told GAO that the upgraded CMS system now provides more complete information and reliable service than other systems that they use to verify eligibility with commercial health insurers.
The report noted that CMS took steps to ensure users remain satisfied with the system’s performance, including notifying users in advance of system downtime, providing help desk support, and monitoring contractors’ performance. The agency also plans several technical improvements intended to increase HETS’ capacity to process a growing number of transactions, which the agency projects to increase at a rate of about 40 percent each year. These plans include a redesign of the system and migration to a new database environment that is scalable to accommodate the projected increase in transaction volume.[See also: Medicare preventive services provided to 12 million patients through first four months of 2012]
According to HETS program officials, near-term plans include the implementation of tools to enable proactive monitoring of system components and additional services intended to enhance production capacity until the planned redesign of the system is complete.
To help protect the privacy of beneficiary eligibility data provided by HETS, CMS has established policies, processes and procedures that are intended to address principals reflected by the HIPAA Privacy Rule, according to GAO’s study. For example, in its efforts to ensure proper uses and disclosures of data, CMS documented in user agreements the authorized and unauthorized purposes for requesting Medicare beneficiary eligibility data. Additionally, the agency conducted privacy impact and risk assessments of HETS as required by the E-Government Act of 2002.Officials from the Department of Health & Human Services’ Office for Civil Rights stated that no privacy violations had been reported regarding the use of the protected health data provided by HETS since its implementation in 2005. [See also: GAO issues recommendations to CMS on EHR program requirements]