- Section 1 Introduction
- Introduction
- Federal Government Administration
- Fundamentals of Medicare: State Responsibilities
- Fundamentals of Medicare: Participating Providers
- Voluntary and Involuntary Termination of Provider Agreement
- Disclosure of Health Insurance Information
- Privacy Act
- National Provider Identifier
- Legacy Provider Numbers/Provider Transaction Access Numbers (PTANs)
- Medicare Administrative Contractors
- Fundamentals of Medicare: Information References
- Acronyms
- Fundamentals of Medicare: Glossary of Terms
- Section 2 Medicare Basics
- The History of Medicare
- What Is the Medicare Program and How Is It Funded?
- Medicare Eligibility and Premiums
- The Social Security Administration and Medicare Enrollment
- The Medicare Card
- Medicare Part A
- Inpatient Hospital Care
- Skilled Nursing Facility Inpatient Care
- Home Health Care Benefit
- The Hospice Benefit
- Medicare Part B Medical Insurance
- Fundamentals of Medicare - Medicare Program Exclusions
- Medicare Advantage Organizations
- Medicare Secondary Payer
- Supplemental Insurance
- Coordination of Benefits Trading Partners
- Section 3 Fraud and Abuse
- Section 4 Getting Ready to Bill Medicare
Section 1: Introduction
Privacy Act
The purpose of the Privacy Act of 1974 (Act), Title 5, United States Code, Section 552a, is to balance the government’s need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy stemming from federal agencies’ collection, maintenance, use, and disclosure of personal information about them.
The Act applies to federal agencies in the executive branch of the federal government (including the Executive Office of the President) and private companies that are under contract with the federal government. National Government Services has a contract with the federal government to process Medicare claims, therefore National Government Services as a company and employees of National Government Services are bound by the rules and regulations of the Privacy Act.
The Act requires each agency or contracted company to maintain only the information about an individual that is relevant and necessary to accomplish the purpose of that agency’s existence or the contractual obligation.
There are ten exemptions to the Privacy Act. Exemptions include records that are maintained by the Central Intelligence Agency (CIA), related to law enforcement activities, classified in the interest of national security, regarding protective services to the President of the United States, and regarding specific circumstances of federal civilian employment, military service and access to classified material.
Unlawful disclosure of information can lead to civil and criminal penalties for the agency and the individual(s) involved. Penalties can be up to $5,000 for each violation.
More information regarding the Privacy Act can be found in the CMS IOM, Publication 100-01, Medicare Financial Management Manual, Chapter 6, Section 10.
How Does the Privacy Act Impact Medicare?
Since all MACs are under contract with the federal government, the Privacy Act’s rules and restrictions bind all employees and systems of Medicare contractors.
The Privacy Act is why providers need to have individual passwords to obtain access into the Medicare claims systems, and why providers can only see the claims that they submitted.
In addition, the Privacy Act restricts the information that the Provider Contact Center, customer care representatives (CCRs) can disclose to providers and outside individuals. It is due to these restrictions that people calling on behalf of a provider, including the billing office or the billing service, will always need to identify themselves and inform the CCR of their provider number and additional information as requested by the CCR. Note: CCRs cannot disclose claim information to collection agencies.
CCRs cannot disclose information regarding claims that were not submitted by the calling provider. The only exception to this is where a provider’s claim has been rejected due to an overlap with a claim submitted by another provider. In this situation, the CCR is allowed to inform the calling provider of the dates of service on the overlapping claim only.
Revised 1/2021