This summer, the University of Iowa will ask employees with dependents listed on their UIChoice plan to verify their eligibility for plan coverage. The university has hired Health Management Systems (HMS), a third-party vendor that provides services to organizations, to conduct this verification.
Health Management Systems
HMS is a comprehensive solutions provider for organizations in America. HMS was selected via the university RFP process and has provided higher education institutions, including a number of our larger Big Ten peers, their dependent verification services.
HMS has a long history of properly maintaining the privacy of PHI and extensive experience in the secure handling of client information. HMS has developed a comprehensive privacy and security policy, which fully comply, and often exceed, the privacy and security mandates set forth by:
- HIPAA Privacy and Security Regulations
- Statement on Auditing Standards 70 Type II audits/SSAE 16 Reporting
- ISO 27001 certification
- Employee Retirement Income Security Act (ERISA)
- Federal Trade Commission (FTC)
Learn more about the HMS Information Security Program (pdf)
As questions are asked, we will post them and the answer on this webpage as a source for all UI employees throughout the verification process.
Frequently Asked Questions (FAQ)
Why is the UI conducting a dependent verification audit?
Making sure that health plan dependents are eligible to receive those benefits is common among our peer institutions, has been recommended by an internal audit, and is considered a best-practice in the field. It also will help the university keep its benefits competitive by keeping down costs and better controlling premiums, co-insurance, and co-pay levels.
Who qualifies as an eligible dependent?
Spouses, partners, and children are the major categories of people who are eligible to be listed as dependents. Children are usually eligible till the age of 26 with some exceptions, such as a disability. The materials mailed by Health Management Systems will provide further details.
What types of documents am I required to submit?
Marriage, birth and adoption certificates, and affidavit of common law marriage or domestic partner relationships, are a common way to verify eligibility. Affected employees will receive a letter from Health Management Systems that details the specific document(s) required to validate each eligible dependent.
If a dependent listed on my plan is ineligible for coverage, how will I be affected?
The verification process is intended to ensure that every dependent enrolled in the health plan is accurately listed and eligible for coverage. Employees may choose to remove dependents from their plan without having to provide a reason. Dependents without verification documentation, dependents who are found ineligible, and anyone dropped as a dependent from an employee's plan will be removed from the UIChoice plan beginning January 1, 2019.
What processes are in place to ensure data is kept private and secure?
Protecting personal information is a priority to the University of Iowa and to HMS. In compliance with applicable U.S. (federal) and state regulations, information and documentation submitted to HMS for the dependent verification program will be stored, processed and protected by physical, electronic, and procedural safeguards.
HMS meets all of the professional and legal standards associated with providing service to employers, including the Health Insurance Portability and Accountability Act (HIPAA), Employee Retirement Income Security Act (ERISA), and disposal rules as enforced by the Federal Trade Commission. In addition, every employee of HMS submits to a thorough and multi-tiered background check. Only HMS employees directly involved in the University of Iowa dependent verification program will have access to these documents.
How often are HMS's security measures audited?
Each year, external auditors perform a SSAE 16 service provider audit that includes testing of their system's controls. The UI Security Office was satisfied with the results of the latest audit report.
What happens in the event of a compromise in HMS's security?
HMS is required to self-report any infractions by notifying any impacted individual.
What happens to the documentation we provide to HMS?
All documents will be securely stored for six months following completion of the verification program. Upon expiration of the retention period, all documents and electronic files will be securely destroyed by HMS and a Certificate of Destruction will be supplied to the university. Please note that documents provided will NOT be returned.