CMS Launches Far-reaching Audit on Health Plans for Electronic Transactions

by Matthew Albright, Chief Legislative Affairs Officer, Zelis Healthcare

Earlier this month, the Centers for Medicare & Medicaid Services (CMS) launched a far-reaching audit program that reviews health plan and clearinghouse compliance with mandated rules on electronic billing and payment transactions.  The program is the broadest audit on health plans that CMS has ever conducted: any health plan, including self and fully funded health plans with or without Medicare or Medicaid business, can be chosen by CMS to be audited.

The random audits on health plans and clearinghouses will evaluate an entity’s administrative transactions for compliance with standardized format rules that have been adopted under the administrative simplification requirements of the Health Insurance Portability and Accountability Act (HIPAA).

Three things payers should know about the audits

  1. Healthcare electronic payments and other business transactions will be under review
    A health plan’s compliance with healthcare EFT and electronic remittance advice (ERA) standards and operating rules will be a part of the audit program.  One foundational requirement for the EFT & ERA is that, when requested by a provider, a health plan must deliver payments via EFT and ERA without delay, using appropriate standards, operating rules and code sets.
  2. While the goal is remediation, plans and clearinghouses can be penalized
    CMS states that, if the audit discovers violations, CMS would apply corrective action plans (CAP) and technical assistance with no financial penalties. However, CMS did not exclude monetary penalties as a possible outcome and that, in general, it could “impose financial penalties on any entity that is non-compliant and has failed to correct their violations.”  Note that the civil money penalties (CMPs) that can be imposed on HIPAA transaction violations are the same as those assessed for HIPAA security and privacy violations.
  3. CMS will use an in-house test engine to test health plans’ transaction files
    For the audit, health plans and clearinghouses will be asked to submit transaction files to CMS for testing and to review through CMS’ in-house testing system.


As Zelis is always looking to sharpen its conformance with legislation, a Zelis Payments team self-tested our ERA using the CMS in-house testing system last year. We learned how the audit tests would be conducted and a few tricks to get through the system.  For instance, since the results from the test engine only validate the format and not the data content, health plans can use dummy data to test.

Check out Zelis’ free step-by-step guide on how to self-test with the CMS system BEFORE you are audited.

Starting in April, CMS stated it will “randomly select 9 HIPAA-covered entities, a mix of health plans and clearinghouses” for the “Compliance Reviews,” and then do similar random selections going forward.