TPA_PRA_Form_Revision_ track changes
TPA_PRA_Form_Revision_4.2 to 4.3_CMS_7-08-24 with track changes-RS.docx
The HIPAA Eligibility Transaction System (HETS) (CMS-10157)
TPA_PRA_Form_Revision_ track changes
OMB: 0938-0960
MEDICARE HIPAA ELIGIBILITY TRANSACTION SYSTEM (HETS) TRADING PARTNER
AGREEMENT (TPA)
CMS-Version 4.3
TABLE OF CONTENTS
CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS)
I. BACKGROUND
II. AUTHORIZED USES
III. SYSTEM INTEGRITY
IV. CONNECTIVITY
V. ASSURANCES
APPENDIX A – REFERENCES – REQUIRED
APPENDIX B - INFORMATION REQUIRED TO REQUEST ACCESS TO HETS – REQUIRED
APPENDIX C – CONNECTIVITY – REQUIRED
APPENDIX D – OFFSHORE DATA PROTECTION – SITUATIONAL (IF YOU HAVE OFFSHORE ARRANGEMENT)
FORM INSTRUCTIONS
Check 1 box to indicate
the type of Agreement you’re
submitting.
Initial Trading Partner Application
Annual TPA
Recertification
Other TPA Update
CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS) TRADING PARTNER AGREEMENT
For the use of the Medicare Health Insurance Portability and Accountability Act of 1996 (HIPAA) Eligibility Transaction System (HETS) to share health care eligibility inquiry and response transactions.
This Trading Partner Agreement (“Agreement”) is made on <Enter Date> CMS and .
The Trading Partner intends to conduct eligibility transactions with CMS in electronic form. Both parties acknowledge and agree the data privacy and security are the highest priority. Each party agrees to take all steps reasonably necessary to ensure all electronic transactions between them conform to HIPPA and its regulations . Unless defined in this Agreement, all terms have the same meaning as in the regulations to implement the Administrative Simplification provisions of HIPAA at 45 CFR Parts 160-164.
PAPERWORK
REDUCTION
ACT
(PRA)
DISCLOSURE
STATEM
ENT
The Paperwork Reduction
Act of 1995 states no
one must respond to a
collection of information unless it displays a valid OMB control
number. The valid OMB control number for this information collection
is 0938-0960 expires April 30,
2025. We estimate it’ll take about 15 minutes to
respond, including time to review
instructions, search existing data resources,
gather data, and
complete and
review the
information collection.
If you
have comments about the accuracy
of the time estimate or
suggestions for improving
this form, please write to: 
CMS
7500 Security
Boulevard
Attn: PRA Reports Clearance Officer
Mail Stop C4-26-05
Baltimore, Maryland 21244-1850
Don’t send
applications, claims, payments, medical records or any documents
with sensitive information to the PRA
Reports Clearance
Office. We won’t review, forward, or keep any
correspondence not about
the information collection
burden approved
under the
associated OMB control number listed on this form. If you have
questions about where to submit your documents, please contact the
MCARE Help Desk at
1-866-324-7315 or [email protected].
CMS maintains the integrity and security of Medicare health care data according to applicable laws and regulations. The Privacy Act of 1974 (Privacy Act) and HIPAA restricts disclosing Medicare beneficiary eligibility data. HETS is for health care providers and suppliers (collectively referred to as “providers”).
We administer HETS as a covered entity under HIPAA rules. HETS uses the ASC X12 270/271 standard. This Agreement is for non-CMS entities that want to get Medicare eligibility information.. We’ll use information in this Agreement to establish connectivity, define data exchange requirements, and explain the responsibilities of HETS Trading Partners.
You can only use Medicare eligibility data for Medicare FFS activities, including preparing accurate FFS claims or determining eligibility for certain services. Review Appendix A for what’s authorized and unauthorized in the HETS Rules of Behavior.
You can’t electronically store or reuse Medicare beneficiary Protected Health Information (PHI) you got from HETS,except:
To record transaction processing history
For security procedures, like routine system backups for disaster recovery
To update patient records in the Medicare Fee-for-Service (FFS) provider’s system
You and your Business Associates, as defined by 45 CFR§160.103, must comply with the HETS Rules of Behavior when you store data.
The Centers for Medicare & Medicaid Services (CMS) monitors inquiries in HETS, and we’ll contact you if we find discrepancies. For example, we’ll check if you submit a high ratio of eligibility inquiries compared to your FFS claims. If we suspect improper use or if you violate these rules of behavior, we may suspend you, place you on a corrective action plan, or refer you for investigation and you could be subject to other penalties, including civil or criminal actions.
You can connect to HETS via the extranet or internet.
Extranet:Transmission Control/Internet Protocol (TCP/IP)
Internet:
Simple Object Access Protocol (SOAP) + Web Services Description Language (WSDL)
Hypertext Transfer Protocol (HTTP) / Multipart Internet Mail Extensions (MIME)
You must submit the required information in Appendix B to request connectivity. Review the HETS 270/271 Companion Guide for more information.
Your access to HETS is contingent on your assurances in this section. We can revoke HETS access without notice if we determine that you’re not complying with these assurances.
You agree to and assure:
No. |
Assurance |
Agreement |
1. |
I’ll abide by all applicable federal laws, regulations, and guidance governing access to, use of, and disclosure of:
I understand that individuals or entities may be subject to civil or criminal penalties for failing to abide by such provisions. |
Agree Disagree |
No. |
Assurance |
Agreement |
2. |
I’ll cooperate with CMS and its contractors to test the transmission and processing systems to ensure the accuracy, timeliness, completeness, and security of each data transmission before initiating any transmission in HIPAA standard 270/271 transaction format, and through the term of this Agreement. |
Agree Disagree |
3. |
I’ll take reasonable care to ensure the information I submit in each electronic transaction is timely, complete, accurate, and secure, and I’ll take reasonable precautions to prevent unauthorized access of the transmission and processing systems. I’ll ensure that each electronic transaction I submit to CMS conforms with the requirements applicable to the transaction. |
Agree Disagree |
4. |
I’ll only submit electronic transactions for an active enrolled Medicare FFS provider or a Business Associate working on behalf of active enrolled Medicare FFS providers. I agree to notify CMS when my relationship with a Medicare FFS provider begins and ends. Business Associates must provide current information about the FFS providers they submit transactions for according to the HETS Rules of Behavior. I understand and agree that CMS reserves the right to confirm the status of a Business Associate relationship with a FFS provider directly. |
Agree Disagree |
5. |
I’ll notify CMS of a change in Business Associate representation consistent with the HETS Rules of Behavior. |
Agree Disagree |
6. |
I’ll comply with the HETS Rules of Behavior, referenced in Appendix A, including referencing the HETS Rules of Behavior in business associate contracts. |
Agree Disagree |
7. |
This Agreement takes effect and is binding when both CMS and I sign. |
Agree Disagree |
8. |
If this Agreement ends or expires, I’m still obligated under this Agreement and under federal and state laws and regulations to ensure the privacy and security of PHI and PII, and confidentiality of CMS proprietary information. |
Agree Disagree |
9. |
If I perform Medicare work offshore (any location outside of the United States where U.S. law is non-binding), I attest to the terms specified in Appendix D. If I don’t perform any Medicare work offshore or directly or indirectly employ any offshore labor, I will mark this assurance as ‘Not Applicable.’ |
Agree Disagree
Not Applicable |
The person listed below must be authorized to bind your organization as a HETS Trading Partner. By completing and signing the section below, you agree that your organization will comply with the provisions of this Agreement.
Trading Partner Authorized Representative Signature |
Title |
Printed Name of Trading Partner Authorized Signer |
Date Signed |
Telephone Number |
E-Mail Address |
APPENDIX
A –
REFERENCES –
REQUIRED
HETS Rules of Behavior
The HETS Rules of Behavior explains your responsibilities to get and use Medicare eligibility data. You must comply with the HETS Rules of Behavior to use HETS.
HETS Authorized Representative Roles and Responsibilities
The Authorized Representative (AR) Roles and Responsibilities explains your role as the Trading Partner Authorized Representative. It’s written confirmation you understand your responsibilities related to HETS.
Acknowledgement
You must acknowledge to complete this Agreement:
I
acknowledge I
read, understand,
and will follow the
HETS Rules
of Behavior.
I also
shared the HETS
Rules of Behavior with my customers or users and will enforce
compliance.
I acknowledge I
read, understand,
and will follow the
HETS Authorized
Representative Roles
and Responsibilities
APPENDIX B - INFORMATION REQUIRED TO REQUEST ACCESS TO
HETS – REQUIRED
________________________________________________________________________
Trading Partner Organization’s Information:
You
must complete all fields in this table.
Trading Partner Organization Name: |
Trading Partner Organization Legal Business Name: |
|
Trading Partner Organization Billing Address: |
||
City |
State |
Zip Code |
Trading Partner Organization Physical Address: |
||
City |
State |
Zip Code |
Trading Partner Organization Technical Representative Name:
|
||
Trading Partner Organization Technical Representative Telephone Number: |
Trading Partner Organization Technical Representative E-mail Address: |
|
Note: CMS requires only one National Provider Identifier (NPI) from an active and valid enrolled Medicare provider on this form. You’ll have the opportunity to provide other NPIs later. |
||
Medicare Provider’s Name: |
||
Trading Partner Organization Security Officer Contact Information (Optional):
Name: (Optional) |
Title: (Optional) |
Telephone number: (Optional) |
E-mail address: (Optional) |
APPENDIX C – CONNECTIVITY – REQUIRED
Indicate the type of connectivity.
Extranet: |
Yes No |
If yes, Name of Network Service Vendor (NSV) used |
|
Internet: |
Yes No |
If yes, Message Envelope Used |
SOAP + WSDL HTTP MIME Multipart |
Trading Partner IP Address (es) for SOAP/MIME transaction (if sending multiple IP addresses, use a Classless Inter-Domain Routing (CIDR) notation, i.e., 192.0.1.0/24)
SOAP + WSDL and HTTP MIME Multipart submitters only must fill out the fields below.
IP Address(es): |
|
X.509 Digital Certificate Issuer Name: |
|
X.509 Digital Certificate Type: |
|
X.509 Digital Certificate Serial Number: |
|
If you use SOAP + WSDL or HTTP MIME Multipart, you must include a copy of your organization’s public x.509 digital certificate as a separate attachment. We won’t process agreements without a copy of the public digital certificate.
I
agree to include the originating IP address on every transaction to
HETS. We’ll revoke your HETS access if you purposefully
manipulate or obscure the originating IP address(es).
APPENDIX D – OFFSHORE DATA PROTECTION – SITUATIONAL (IF YOU HAVE OFFSHORE ARRANGEMENT)
Offshore Data Protection Safeguards
Affirm all the following safeguards are actively in place.
Attestation of Safeguards to Protect Beneficiary Information Offshore
No. |
Assurance |
Agreement |
1. |
Offshore arrangement include policies and procedures to ensure Medicare beneficiary PHI and PII privacy and security, and CMS proprietary information confidentiality. |
Agree Disagree |
2. |
Offshore arrangement prohibits access to Medicare data not associated with the offshore agreement. |
Agree Disagree |
3. |
Offshore arrangement includes policies and procedures to immediately terminate offshore work if there’s a significant security breach. |
Agree Disagree |
4. |
Offshore arrangement will take reasonable precautions to prevent unauthorized access to the parties’ transmission and processing systems. |
Agree Disagree |
5. |
Offshore arrangement must comply with the HETS Rules of Behavior (Appendix A). |
Agree Disagree |
The Trading Partner Authorized Representative must be able to attest to the Offshore Data Protection Safeguards Appendix D of the Agreement. Please complete the table below and then check the box at the bottom of the form to acknowledge your offshore data protection responsibilities.
Offshore Work Site Organization Name* |
Offshore Work Site Organization Address including Country Name* |
Offshore Work Site Organization Originating IP Address(es)* |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*If multiple Organizations, then provide all
Note: Enter each/every Offshore Work Site’s non-US Originating IP Addresses
Acknowledgement
You must acknowledge to complete this Agreement:
I,
the Trading Partner Authorized Representative, acknowledge I have
read and understand the offshore data protection safeguards. I will
ensure that the offshore organizations and addresses listed above
will follow the offshore data protection safeguards.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | MEDICARE HIPAA ELIGIBILITY TRANSACTION SYSTEM (HETS) TRADING PARTNER AGREEMENT (TPA) |
| Subject | MEDICARE HIPAA ELIGIBILITY TRANSACTION SYSTEM (HETS) TRADING PARTNER AGREEMENT (TPA) |
| Author | Centers for Medicare & Medicaid Services |
| File Modified | 0000-00-00 |
| File Created | 2024-10-07 |
© 2024 OMB.report | Privacy Policy