Using a bot on the POSC is a convenience to organizations. Any organization that violates the RPA Policy may have its access to submit transactions via the POSC using RPA technology revoked.
MassHealth will monitor the status of all RPA registration requests and each organization’s adherence to the RPA policy. Some of the key provisions of monitoring, enforcement and compliance are listed below.
- Each approved bot request will be monitored through activation and stabilization.
- All approved bots will be monitored on an ongoing basis to validate that the activity performed on the POSC is consistent with the relevant RPA approval.
- Organizations using bots that perform functions inconsistent with the approved use will be subject to one or more of the following:
- Outreach and validation,
- Remediation of violation (opportunity to cure),
- Suspension or termination of the bot User ID,
- Prohibition from performing functions on the POSC,
- Organization-wide ban on the ability to use RPA tools on the POSC, and/or
- Other remedial actions or sanctions that MassHealth determines to be appropriate. See regulations at 130 CMR 450.238: Sanctions: General.
MassHealth will continue to monitor its MMIS to identify any bot used on the POSC that has not been approved by MassHealth. Any organization using a bot that has not been approved by MassHealth will be subject to the following:
- Outreach and validation,
- Compliance mandate. The organization must complete the RPA registration process.
- If compliance is not achieved within the timeframe set by MassHealth, the organization will be subject to:
- Suspension or termination of the bot User ID,
- Prohibition from performing functions on the POSC,
- Organization-wide ban on ability to use RPA tools on the POSC,
- Other remedial actions or sanctions that MassHealth determines to be appropriate. See regulations at 130 CMR 450.238: Sanctions: General.
Each approved organization is wholly responsible for the actions of its bots within the MMIS POSC and must attest to that fact by signing the RPA Agreement and submitting it with the RPA Stage II Registration Form. The terms of this RPA Policy are incorporated into the RPA Agreement.
Organizations must comply with the RPA Policy including, but not limited to, the following statements
- The bot will not troll for data within the POSC and will use the minimum necessary data to complete its transaction in support of an impending service to a MassHealth member or the submission or validation of transactions in support of services provided.
- The bot will perform transactions in accordance with the approved RPA Registration Form.
- The information submitted by the bot is true and accurate and is based upon information required to support an impending service to a MassHealth member or in support of services rendered.
- The activities of the bot must comply with MassHealth provider regulations, including the approved organization’s specific provider regulations found under 130 CMR and 130 CMR 450.000: Administrative and Billing Regulations. This includes, but is not limited to 130 CMR 450.307: Unacceptable Billing Practices.
(A) No provider may claim payment in a way that may result in payment that exceeds the maximum allowable amount payable for such service under the applicable payment method.
(B) Without limiting the generality of 130 CMR 450.307(A), the following billing practices are forbidden:
(1) duplicate billing, which includes the submission of multiple claims for the same service, for the same member, by the same provider or multiple providers;
(2) overstating or misrepresenting services, including submitting separate claims for services or procedures provided as components of a more-comprehensive service for a single rate of payment is established; and
(3) submitting claims under an individual practitioner's provider ID or service location number for services for which the practitioner is otherwise entitled to compensation.
- An approved bot User ID can be terminated, and an approved organization subject to sanctions or overpayment actions, if it does not comply with the regulations governing the MassHealth program, including the regulations referenced above or if it otherwise violates the terms of the MassHealth RPA Agreement. See regulations at 130 CMR 450.238: Sanctions: General and 130 CMR 450.235: Overpayments.
- Organizations must perform key administrative functions to support the delivery of health care to MassHealth members regardless of bot use. If bots are used, organizations must ensure that there are appropriate business continuity plans in place including, without limitation, plans to mitigate performance impacts of bot error or unavailability, such as manual data entry. The use of bots, including bot error or unavailability, does not excuse or waive the obligations of organizations to execute necessary transactions on the POSC to facilitate the delivery of health care to MassHealth members.
Organizations must validate RPA access on an annual basis.
- MassHealth will notify all grandfathered organizations and those organizations that have received an RPA Stage II Approval notice of their annual validation requirements.
- Organizations must complete the RPA Annual Validation Form provided by MassHealth and validate the following:
- Baseline organization data, such as contact information, PID/SL,
- Baseline RPA data, such as functions, tool, etc.,
- Changes made to any data associated with the bot, such as approved user IDs,
- Changes made to the utilization of the bot,
- Anticipated modifications or requests, and
- Other pertinent information requested by MassHealth on the RPA Annual Validation Form.
- Organizations must submit the completed RPA Annual Validation Form to MassHealth within 14 calendar days from the date that MassHealth notifies the organization that it must complete the RPA annual revalidation,
- Upon receipt, MassHealth will evaluate the RPA Annual Validation Form and determine the organization’s continued compliance with the MassHealth RPA policy,
- Organizations deemed to be out of compliance with the RPA policy must immediately rectify the compliance issue in accordance with this section—Monitoring, Enforcement, and Compliance—of this Policy,
- Organizations that do not rectify the compliance issue or do not complete the annual validation will have their approval to submit transactions using RPA tools revoked.
- Organizations deemed to be compliant with the MassHealth RPA policy will receive an annual validation approval letter and may continue to use the approved RPA tool and functions on the POSC.
Please review the RPA policy to view the full scope of the monitoring, enforcement, and compliance requirements.