Comment 2

TO: Center for Beneficiary Choices

Centers for Medicare & Medicaid Services

FROM: Candace Schaller

Senior Vice President, Regulatory Affairs

DATE: November 20, 2006

RE: AHIP Comments on the Draft 2008 Prescription Drug Plan Solicitations

America’s Health Insurance Plans (AHIP) appreciates the opportunity to submit comments on the Draft 2008 Prescription Drug Plan Solicitations for Medicare Advantage (MA) plans, stand-alone Prescription Drug Plans (PDP), and Cost Based Plans (collectively Part D plans). AHIP is the national trade association representing nearly 1,300 member companies. The draft 2008 Part D solicitations are of significant interest to AHIP’s member organizations, many of which currently participate or anticipate participating in the Medicare Part D Prescription Drug Benefit (Part D) program.

While we support CMS’ efforts to issue the 2008 solicitations as quickly as possible, we note that the review period for these draft applications has been very short and has occurred at a time when plan resources have been focused intensively on the initial days of the annual election period for 2007. Consequently, our comments are brief and limited to a quick review of the changes highlighted in the CMS high level summary of revisions. Our comments are included below.

COMMENTS

General

• Citations. In light of the evolving nature of Part D guidance, we recommend that CMS consistently provide citations to the source of the requirements described in each item to which applicants must attest. This step would ensure that applicants seeking clarification of these items would be able to review readily the underlying guidance.

Section 3.4.7 Specialty Pharmacy

• Section 3.4.7.A3 (Page 48). The first half of the second sentence of this item reads “Applicant further agrees that requiring different reimbursement rates for certain ‘specialty’ drugs is inconsistent with standard industry practice…” While we understand that CMS has reached a conclusion about “standard industry practice”, we believe that it is inappropriate for the Agency to require Part D applicants to attest to the Agency’s evaluation. We also believe that this portion of the item is unnecessary to satisfying the purpose of the attestation which is to obtain a commitment from the applicant to comply with CMS’ requirement regarding reimbursement rates for specialty drugs. Therefore, AHIP recommends that CMS delete the portion of this item concerning “standard industry practice”.

Section 3.16 Reporting Requirements

• Section 3.16.A14 (Page 60). It appears that this item contains a typographical error, and we recommend that the language be revised as follows: “Applicant agrees to report 100% of the remuneration it receives, including any process price concessions for PBM services.”

Section 3.19 Health Insurance Portability and Accountability Act of 1996 (HIPAA) 

• Section 3.19.A6 (Page 61) and Section 3.19.A8 (Page 62). Section 3.19.A6 requires an attestation that the applicant will report to CMS any unauthorized public disclosure of protected health information within 48 hours of the Applicant’s detection of such disclosure. Section 3.19.A8 requires an attestation that the applicant will obtain certification from a qualified, unrelated organization of its systems, policies, and procedures for the protection of individual beneficiary information from unauthorized disclosure and will obtain recertification every two years as required in forthcoming guidance. It is our understanding that both of these items specify details with respect to requirements for data security that are not currently included in CMS guidance. We believe that the application should not be a vehicle for announcing new guidance, and to address this concern, we urge CMS to revise the draft by combining these two sections and substituting language such as the following:

Consistent with applicable CMS guidance, Applicant agrees to implement systems, policies, and procedures sufficient to protect individual beneficiary information from unauthorized disclosure and to notify CMS immediately upon discovery of any security breach of beneficiary personally identifiable information in a manner.

We believe that this revised language signals a commitment by the Applicant to comply with current CMS guidance, as well as more detailed future guidance, and is consistent with existing CMS guidance issued on June 9, 2006.

In addition, we note that we have significant concerns regarding inclusion in future CMS guidance of the new requirements outlined in Section 3.19.A6 and Section 3.19.A8. Our concerns relate to the clarity and workability of the requirements as stated, and, with respect to the requirement for certification and re-certification, consistency with data security requirements under the Health Insurance Portability and Accountability Act (HIPAA). We agree that the security of individually identifiable data is of the highest priority and support CMS’ goal of providing additional guidance in this area. We request an opportunity to meet with CMS to discuss the issues we have identified prior to CMS’ decision to finalize such guidance.

AHIP appreciates the opportunity to submit these comments. If you would like to discuss any of the issues we have raised or would like additional information, please contact me at (202) 778-3209 or at cschaller@ahip.org.