The status of the regulatory environment has been all over the news lately as the new presidential administration continues to make its mark. In this rapidly evolving environment, protecting your organization from noncompliance – and the resulting fines, penalties, negative litigation, and potential reputational damage – will require a dedicated focus and constant monitoring.

Meantime, here are three important regulatory changes already set to go into effect in 2017 and 2018:

1. The Social Security Number Removal Initiative (SSNRI) of Section 501 of the Medicare Access and CHIP Reauthorization Act (MACRA). The U.S. Centers for Medicare & Medicaid Services will be issuing new Medicare Beneficiary Identifiers (MBI) to replace Health Insurance Claim Numbers (HICN) in use today, which are based upon an individual’s social security number.  The new MBIs will better protect private health care and financial information, as well as federal health care benefit and payments. Transition to the new MBIs will occur from April 1, 2018, to December 31, 2019; however, your systems must be ready to accept the MBIs by April 2018. Review your organization’s systems and business processes to determine what changes are needed to accommodate the change.

2. OSHA Electronic Reporting of Injury and Illness Data. This new rule will require certain employers to electronically submit the injury and illness data currently recorded on OSHA Injury and Illness Forms (300, 300A, and 301).  The new reporting requirements will be phased in over a two-year period starting with 2016 Form 300A data, which is due by July 1, 2017.  Depending on the organization size or industry type, all three forms may be required for 2017 data — or the 300a form only — which need to be filed by July 1, 2018.  Yearly reporting will be required by March 2 of each year, starting in 2019.  Make sure your organization has the ability to transmit the reports electronically one of the following three ways offered by OSHA:

  1. Manually enter data into a web form
  2. Upload a CSV file to process single or multiple establishments concurrently
  3. Transmit data electronically via an application programming interface

A trusted service provider will ensure your data is transmitted electronically to OSHA efficiently and accurately so your organization can stay free of fines and penalties.

3. First Report of Injury / Subsequent Report of Injury Changes. The State of Idaho will be implementing release 3.0 of the IAIABC Electronic Data Interchange (EDI) Claims Reporting Standard (mandatory date: 7/1/2017). The State of Oklahoma will also be implementing release 3.0 of the standard (mandatory date: 1/1/2018). Both of these releases will transition the paper filing of FROI/SROI reporting by insurers, self-insured employers, and claims administrators to EDI reporting.  Insurers, self-insured employers, and claims administrators will need to review the implementation guide and coding tables and begin discussions with their service providers, internal management, and IT staff to ensure they can report this way.

System and process modifications to accommodate regulatory requirement changes can be very costly.  It is important to know when regulations are added or changed — and it is equally important to know when they are eliminated.  The recent Presidential Executive Order on Reducing Regulation and Controlling Regulatory Costs stipulates that every time a new regulation is issued, two prior regulations must be identified for elimination. These changes, together with the multitude of industry specific/state specific regulatory changes and the uncertainty of changes that will be made in the next few years, provide the ideal time to reevaluate your service provider’s regulatory review processes.

Service providers that offer regulatory compliance services need to do more than proactively monitor rule changes. They also need to participate in key industry groups, such as the IAIABC (a network of industry contacts for assistance) and have competent, experienced regulatory compliance professionals to conduct and manage the work.  What regulations will be changed or eliminated is anyone’s guess at this point, but with proactive regulatory compliance monitoring, you can rest assured your organization is protected no matter what happens.

Written by Vince Homer

Vince Homer is the Director of Regulatory Professional Services at Marsh ClearSight. Vince has over 30 years of experience in the software/product development industry, including 19 years at Marsh ClearSight. Vince manages a team focused on claims administration regulatory reporting requirements, electronic submission requirements, and other claims compliance analysis activities within the self-insured, self-administered, third party administrator, and healthcare marketplaces.