A clear checklist for strengthening compliance and reporting accuracy.

By Patti Scamardo

Recent guidance from the Centers for Medicare and Medicaid Services (CMS) provides much-needed clarity on how to avoid Civil Money Penalties (CMPs) under the Medicare Secondary Payer (MSP) framework.

Instead of focusing on internal systems and technical rules, this guidance highlights what all Non-Group Health Plan (NGHP) Responsible Reporting Entities (RREs) need to put in place to maintain compliance with confidence: clear communication channels, reliable internal processes, and documented outreach efforts that prove they’ve done their part.

Make Sure the Right People Receive CMS Penalty Notices

To protect against missed deadlines or surprise enforcement actions, CMS now directs all penalty‑related communications only to an RREs Authorized Representative (AR) and Account Manager (AM). Suppliers and reporting agents will not receive these notices.

What this means:

• AR and AM contact information needs to be current and actively monitored.
• If these contacts change or their inboxes aren’t watched closely, potential penalties may not be identified in time to respond.
• This simple administrative detail can be the difference between effortless compliance and costly consequences.

Know What Suppliers Can Help With — and What They Can’t

Reporting agents play an important role in reviewing files, flagging issues, and ensuring timely submission, but CMS makes it clear that RREs remain responsible for compliance.

Many compliance failures originate before files ever reach suppliers in processes that only the RRE can control. Reporting agents can help identify mistakes, but they cannot shield organizations from penalties if their internal workflows break down.

Keep Reporting Process Timely, Accurate, and Verifiable

CMS expects RREs to have internal processes that ensure:

• Quick and consistent record entry. Delays or incomplete documentation can’t be fixed later by the reporting agent.
• Prompt correction of any errors. If a reporting agent flags formatting issues or missing fields, CMS expects them to be resolved quickly.
• Verification that CMS actually accepted the files. One of the biggest compliance risks comes from unreviewed response files, because silent failures can snowball across quarters. 

These steps ensure that nothing slips through the cracks, especially items CMS considers high risk.

Document Claimant Outreach With Consistency and Care

CMS now clarifies exactly what it expects when an RRE needs information from a claimant or their lawyer:

Three documented attempts must be made to get the required information from both the plaintiff’s lawyer and the plaintiff. These attempts must follow a consistent, auditable documentation process, not ad hoc notes.

If the lawyer doesn’t respond, the next step is to reach out directly to the plaintiff. Lawyer silence does not release the RRE from responsibility.

Build a Compliance Program That Works 

The message from CMS is unmistakable. Organizations that prioritize structure, documentation, and proactive communication avoid penalties. 

A strong compliance program helps RREs:

• Stay ahead of CMS notices
• Move efficiently through the reporting cycle
• Minimize risk tied to missing data or silent file failures
• Demonstrate diligence during audits
• Keep reporting predictable and manageable

The goal isn’t just to comply; it’s to feel confident that protective measures are in place. These practices make that possible by creating a reporting environment where issues are caught early, documentation is always defensible, and teams move through CMS requirements with clarity instead of uncertainty.

Patti Scamardo is the client services project director in the Mass Tort division at Epiq. She specializes in MMSEA’s Section 111 mandatory insurer reporting.