Frequently Asked Questions

No. States typically do not meet the definition of a covered health care provider under 45 CFR 160.103, and therefore, are not eligible to receive an NPI. If states encounter situations where plans are requiring them to submit an NPI, they can submit a formal complaint to the Office of E-Health Standards and Services (OESS) in CMS by using the online Administrative Simplification Enforcement Tool (ASET). ASET allows individuals or organizations to electronically file a complaint against an entity whose actions they believe violate an Administrative Simplification provision of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

States may submit a formal complaint electronically at: https://asett.cms.gov/ASETT_HomePage. ASET users are required to register with OESS and create a user identification name and password. States also may submit a paper complaint. The form is available at: www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/Enforcements/Downloads/HIPAANon-PrivacyComplaintForm.pdf.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB)

FAQ ID:91241

Section 1902(a)(25)(I) of the Social Security Act requires states to have laws in effect that require health insurers to make payment as long as the claim is submitted by the state within three years from the date on which the item or service was furnished.

Some health insurers currently deny claims submitted by Medicaid if they are not filed within a prescribed time limit, which is applied to plan beneficiaries and providers (e.g., a plan might require beneficiaries and providers to submit claims within 30 days from date of service). If the state Medicaid agency is unable to ascertain the existence of the third party coverage and submit a claim within the time limit, the insurer may attempt to avoid liability.

Any action by the state to enforce its rights with respect to such claim must be commenced within six years of the state's submission of such claim. Health insurers also must respond to any inquiry by a state regarding claims submitted within three years from the date on which the item or service was furnished.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB)

FAQ ID:91246

Section 1902(a) (25) (I) of the Act defines ""health insurers"" to include self-insured plans, group health plans (as defined in section Medicaid Management Information Systems (MMIS)(l) of the Employee Retirement Income Security Act of 1974 (ERISA)), service benefit plans, managed care organizations (MCOs), pharmacy benefit managers (PBMs), and ""other parties that are, by statute, contract, or agreement, legally responsible for payment of a claim for a health care item or service."" Workers' compensation, automobile insurance, and liability insurance plans all are included within the definition of ""health insurer"" for purposes of this section and the requisite state laws which must be enacted pursuant to it.

The CMS interprets ""other parties that are, by statute, contract, or agreement, legally responsible for payment of a claim"" to include:

1. Prepaid Inpatient Health Plans (PIHPs) and Prepaid Ambulatory Health Plans (PAHPs). For purposes of Medicaid managed care, PIHPs and PAHPs are entities that contract with the state to deliver Medicaid-covered services; in that context, they would also be considered ""other parties that are, by contract, legally responsible for payment of a claim for a health care item or service;"" and,
2. Such entities as third party administrators (TPAs), fiscal intermediaries, and managed care contractors, which administer benefits on behalf of the riskbearing plan sponsor (e.g., an employer with a self-insured health plan). CMS recognizes that entities such as PBMs and TPAs do not necessarily have ultimate financial liability, but, to the extent that they are required, by contract or otherwise, to review claims and authorize payment by the plan sponsor, they are included within the definition of ""third party"" and ""health insurer"" for purposes of section 1902(a) (25) of the Act.

Nothing in revisions to the Social Security Act made by the Deficit Reduction Act of 2005 (DRA) imposes new liability to pay claims on entities that do not otherwise bear such liability. Nor does section 1902(a) (25) of the Act negate any right of indemnification against a plan sponsor or other entity with ultimate liability for health care claims by a contracting party that pays the claims.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB) 

FAQ ID:94021

Indemnity policies may be considered third party resources if the policies meet certain criteria. Federal Medicaid regulations at 42 CFR 433.136 define a third party as ""any individual, entity, or program that is or may be liable to pay all or part of the expenditures for medical assistance furnished under a state plan."" This includes private insurance. Section 433.136 also defines private insurer to include ""any commercial insurance company offering health or casualty insurance to individuals or groups (including both experience-related insurance contracts and indemnity contracts)."" Private insurers are required to comply with the Deficit Reduction Act of 2005 (DRA) and related state enactments.

Indemnity plans may include a variety of insurance policies such as accident, cancer/specified disease, dental, hospital confinement indemnity, hospital confinement sickness indemnity, hospital intensive care, long-term care, short-term disability, specified health event, and vision. An individualized review of the various policy terms would be necessary to determine if they should be considered a third party resource for purposes of Medicaid. If this review determines that the policy provides for payment of health care items and services, the policy is a third party resource and payments would be assigned to the Medicaid agency.

An indemnity policy may be designed to pay a cash benefit to policyholders, unless the policyholder chooses otherwise. The policy may state that these payments may be used to cover medical expenses or living expenses such as rent, child care, or groceries. However, the insurance company may condition payment upon the occurrence of a medical event. Whenever payments are linked to specific medical events, these payments should be considered third party payments. Thus, the state could seek to recover Medicaid payments from the policy benefits.

Where indemnity policies do not qualify as a third party resource, any payments made to a Medicaid beneficiary may be countable as income for Medicaid eligibility purposes.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB) 

FAQ ID:94026

The Social Security Act (the Act) generally requires health insurers and other third parties that are legally liable to pay for health care services received by Medicaid beneficiaries to pay for the services that are primary to Medicaid. However, state Medicaid agencies might mistakenly pay claims for which a third party may be liable, because they are not aware of the existence of other coverage.

The Deficit Reduction Act of 2005 (DRA) made a number of changes to title XIX of the Social Security Act intended to strengthen state Medicaid programs' ability to identify and collect from third party payers that are legally responsible to pay claims primary to Medicaid.

Specifically, section Eligibility and Enrollment Systems5 of the DRA amended section 1902(a) (25) of the Act:

1. To clarify which specific entities are considered "third parties"" and "health insurers" that may be liable for payment and that cannot discriminate against individuals on the basis of Medicaid eligibility; and,
2. To require that states pass laws requiring health insurers:
   1. To provide the state with the coverage, eligibility, and claims data needed by the state to identify potentially liable third parties, including, at a minimum, name, address, and ID number;
   2. To honor the assignment to the state of a Medicaid beneficiary's right to payment by insurers for health care items or services; and,
   3. Not to deny such assignment or refuse to pay claims submitted by Medicaid based on procedural reasons (e.g., the failure of the beneficiary to present his/her insurance card at the point of sale, or the state's failure to submit an electronic, as opposed to a paper, claim).

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB) 

FAQ ID:94041

Section 1902(a)(25)(A) of the Act requires states to take all reasonable measures to ascertain the legal liability of "third parties" for health care items and services provided to Medicaid beneficiaries. The DRA did not change the definition of "third parties," but rather clarified the entities subject to the provisions of section 1902(a) (25) (A) and (G) of the Act. Section Eligibility and Enrollment Systems5(a) of the DRA amended section 1902(a)(25)(A) of the Act to clarify that the "third parties" subject to the provisions of 1902(a)(25) include: (1) selfinsured plans, (2) pharmacy benefits managers (PBM), and (3) other parties that are, by statute, contract, or agreement, legally responsible for payment of a claim for a health care item or service, including workers compensation, automobile insurance, and liability insurance plans. The DRA also replaced reference to "a health maintenance organization" with "a managed care organization" (MCO) in identifying the types of third parties to which the provisions of section 1902(a) (25) apply.

Section 1902(a) (25) (G) of the Act prohibits health insurers from taking an individual's Medicaid status into account in enrollment or payment decisions.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB) 

FAQ ID:94051

Yes. PBMs and TPAs are considered to be ""third parties,"" as clarified in section Eligibility and Enrollment Systems5(a) of the Deficit Reduction Act of 2005 (DRA)'s amendment of section 1902(a)(25)(A) of the Social Security Act.

PBMs, TPAs, and similar entities may not have financial liability for actual payment of claims, depending on the nature and extent of services to be performed for the health insurer, as specified in the contract. However, if the PBM or TPA performs claims review and payment authorization for another third party, the PBM or TPA is expected to provide information to the Medicaid program, so the program can determine which party is the primary payer, for the purpose of coordinating benefits for the Medicaid beneficiary.

State law enacted to implement section Eligibility and Enrollment Systems5(a) of the DRA must require the health insurer that contracts with a PBM, TPA, or other such entity to administer the plan to provide the contracted entity with such information as may be necessary to enable that entity to furnish the state with information about when Medicaid beneficiaries may be (or may have been) covered by the health insurer, the nature of the coverage, and other necessary information.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB) 

FAQ ID:94056

Section Eligibility and Enrollment Systems5(b) of the Deficit Reduction Act of 2005 (DRA) created a new subparagraph (I) in section 1902(a)(25) of the Social Security Act (the Act), that requires states to establish laws that require the production of the information necessary for each state Medicaid agency to determine third party liability for services rendered to Medicaid beneficiaries. Specifically, section 1902(a) (25) (I) (i) of the Act directs states, as a condition of receiving federal financial participation (FFP) for Medicaid, to have laws in effect that require health insurers doing business in their state to provide the state with the requisite information with respect to individuals who are eligible for, or are provided medical assistance, i.e., Medicaid beneficiaries.

States pass their own laws regarding the submission of health insurance information to implement the provisions of the DRA. As with most federal laws that require some action on the part of the state to implement, states have some latitude in determining how best to comply. Since the information would be provided to the state Medicaid agency as required by that state's laws, it follows that the submission should conform to what is required under that state law. Such requirements would ensure the state Medicaid agency's access to the information is necessary and sufficient to determine third party liability for care provided to Medicaid beneficiaries.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB) 

FAQ ID:94066

States enact laws to comply with section 1902(a) (25) (I)(i) of the Social Security Act and must require health insurers to provide, upon the request of the state, information to determine during what period Medicaid beneficiaries may be (or may have been) covered by the health insurer and the nature of the coverage that is or was provided.

This information includes, at a minimum, four (4) data elements: the insured's name, address, group or member ID number, and periods of coverage. State laws determine exactly what information is required to be submitted by the health plans. Health plans are to provide these files to state Medicaid programs so that these programs can determine whether any third party payers are liable for the medical items and services that were, or will be, delivered to a Medicaid beneficiary. In essence, the point of the information gathering is to ensure that Medicaid benefits are paid correctly.

In the case of health insurers who contract with a pharmacy benefit manager (PBM) or other third party administrator (TPA) to administer the plan, states also will need to require that such insurers provide the PBM or TPA with such information as may be necessary to enable that entity to furnish the state with the prescribed data, or deal with such inquiries directly without the aid of their PBM or TPA.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB) 

FAQ ID:94166

The Deficit Reduction Act of 2005 (DRA) requires states to have laws in effect that require health insurers to honor claims submitted by the Medicaid agency within three years of the date of service.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB) 

FAQ ID:94181