Frequently Asked Questions

The Deficit Reduction Act of 2005 (DRA) requires states to have laws in effect that require health insurers to honor claims submitted by the Medicaid agency within three years of the date of service.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. 

State Medicaid agencies and their business associates can use the data obtained pursuant to the process established under section 1902(a)(25)(I) of the Social Security Act and applicable state laws, as permitted or required by law. This should include the coordination of payments for services covered under the Medicaid state plan and actions to ensure that correct payment amounts are made under the Medicaid program and that mistaken payments are recovered. If the appropriate legal relationships are established (e.g., business associate agreements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)), we expect that the data could be released to entities working under contract with a state agency for use in activities such as claims adjudication activities, or for the purpose of recovering improper Medicaid payments. State Medicaid agencies must have procedures in place to ensure that the privacy of individuals is appropriately protected, and that information concerning applicants and beneficiaries is protected in accordance with the requirements of 42 CFR Part 431 Subpart F and the regulations at 45 CFR Parts 160 and 164, which were promulgated under HIPAA and Health Information Technology for Economic and Clinical Health (HITECH) Act.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. 

State laws determine what information is required of the health plans. A health plan's disclosure and use of information that is required to be submitted under state law - such as, information from insurer eligibility files sufficient to determine during what period any individual may be, or have been, covered by a health insurer and the nature of the coverage that is or was provided by the health insurer — is consistent with the HIPAA privacy provisions.

Under HIPAA, both the state Medicaid agency and most health insurers are covered entities and must comply with the HIPAA Privacy Rule in 45 CFR Part 160 and Part 164, Subparts A and E. In their capacities as covered entities under HIPAA, the state Medicaid agency and health insurers are restricted from using and disclosing protected health information (PHI), as that term is defined in 45 CFR section 160.103, other than as permitted or required by the HIPAA Privacy Rule. However, as relevant here:

1. A covered entity may use or disclose PHI to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of the law. (45 CFR 164.512(a)(1)) Under this provision, each covered entity must be limited to disclosing or using only the PHI necessary to meet the requirements of the law that compels the use or disclosure. Anything required to be disclosed by a law can be disclosed without violating HIPAA under the ""required by law"" provisions. Therefore, health insurers may disclose data elements in addition to the four minimum data elements, up to and including submission of an entire insurer eligibility file, to the extent such information is required to be submitted by state law. (45 CFR 164.512(a))
2. Separately, a covered entity may use or disclose PHI, without the consent of an individual, for payment activities, including to facilitate payment. (45 CFR 164.502(a)(1) and 164.506) Under HIPAA, the term payment includes activities undertaken by a health plan to determine or fulfill its responsibility for coverage and provision of benefits under the health plan. These activities include determinations of eligibility or coverage, adjudication or subrogation of health benefits claims, and collection activities. (45 CFR 164.501) To the extent plans are releasing this information to the Medicaid program for payment purposes; this is a separate basis for disclosure under HIPAA.
3. The HIPAA Privacy Rule generally requires covered entities to take reasonable steps to limit the use and disclosure of PHI to the minimum necessary to accomplish the intended purpose. (45 CFR 164.502(b)(1)) However, among other limited exceptions, the minimum necessary requirements do not apply to uses or disclosures that are required by law under 45 CFR 164.512(a).

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. 

Generally, the purpose of the 1202 payment increase is to directly benefit physicians performing primary care services. In the instance of salaried physicians, including those working for clinics or other employing organizations that bill on the Medicaid physician fee schedule, this could come in the form of an increased salary. Alternatively, where there is an employment agreement between the physician and the employing entity, the employment agreement might account for the payment increase by noting that the physician accepts his or her salary as payment in full, regardless of Medicaid reimbursement levels.

To the extent that physicians are already receiving payment for Medicaid services that is at least equal to the Medicare rate as required under section 1202 of the ACA, no additional payment under section 1202 should be made to either a managed care health plan or to a group practice or similar organization that employs physicians. The additional payment is to ensure that payment to the physician is at least equal to the 1202 Medicare rate.

States that pay for vaccine administration using the vaccine product codes were required to include a crosswalk to their administration codes as part of their ACA 1202 state plan amendment (SPA). They will therefore be required to submit a new SPA to reflect any changes in those codes. If a state does not use vaccine product codes to pay for vaccine administration and therefore there is no crosswalk in their 1202 SPA, then no updates are necessary to reflect the code changes.

Yes. The original SPAs contained a list of codes that had been added since 2009 that the state was planning on reimbursing at the higher ACA 1202 rate. Therefore, if a state adds codes, it should submit a revised SPA page, updating that list of codes eligible for higher payment.

A state may not add any of the eligible service codes solely for the purpose of obtaining enhanced federal matching funds. For example, a state may not eliminate a code currently in use and attempt to substitute it with another Evaluation and Management (E&M) code. However, we recognize that a handful of codes have been added to the E&M code set since 2009. States which added those codes to their fee schedules will receive higher match for those services.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set.

Under Medicare and Medicaid principles, payment is to be made at the lower of provider charges or the rate, which in this case is the applicable Medicare rate. This language was inadvertently omitted from the final rule. The Center for Medicare & Medicaid Services (CMS) is processing a technical correction to the regulatory text at 42 CFR 447.405 to restore this language.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set.

The primary care provider rate increase does apply to the Children's Health Insurance Program (CHIP) Medicaid expansions but not separate (stand-alone) CHIPs. Qualified physicians who render the primary care services and vaccine administration services specified in the regulation will receive the benefit of higher payment for services provided to these Medicaid beneficiaries.

The State will receive 100 percent federal matching funds for the difference between the rate in effect 7/1/09 and the rate in calendar years (CYs) 2013 and 2014. The remainder of the payment will be funded at the CHIP matching rate, through the CHIP allotment. Services provided under separate (standalone) CHIPs are not eligible for higher payment.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set.