CMS Introduces New HETS EDI Attestation Requirement: What Providers Need to Know

C MS is introducing a new oversight process for the Medicare Health Eligibility Transaction System (HETS) and its Electronic Data Interchange (EDI) functions. This update adds an annual attestation requirement that providers and suppliers will need to complete to maintain uninterrupted access to Medicare eligibility verification. Because HETS plays a crucial role in confirming beneficiary coverage, any disruption in access could directly affect billing accuracy and reimbursement timelines.

Why CMS Is Adding the Attestation Requirement

The purpose behind this new step is to strengthen control over which organizations can retrieve Medicare eligibility information. Many providers depend on clearinghouses or other third‑party vendors to submit 270 eligibility inquiries and return 271 responses on their behalf. CMS now wants each provider to formally confirm that any third party accessing HETS data for them is properly authorized.

Since many healthcare organizations do not submit eligibility transactions directly, this attestation gives CMS and Medicare Administrative Contractors (MACs) better visibility into who is acting on behalf of each provider and ensures these relationships are legitimate and active.

Key Dates to Know

March 31, 2026

Recommended deadline for completing attestation

May 11, 2026

CMS launches the updated system

Although CMS hasn’t outlined specific penalties yet, providers should proceed as if completing the attestation is essential to avoid potential access issues.

Potential Operational Challenges

While the risk of immediate access loss may be low, the new requirement can still create practical complications:

1. Only PECOS Authorized/Delegated Officials Can Sign

CMS limits who can complete the attestation to individuals listed in PECOS as authorized or delegated officials. Vendors—including MEDTEAM staff—can assist, but they cannot submit the attestation on behalf of a provider. Delays in locating the correct official or securing time with them may slow down compliance efforts.

2. Data May Be Scattered Across Multiple Teams and Vendors

To complete the attestation accurately, organizations need detailed information from various sources such as contracts, IT departments, and vendor records. This is especially challenging for multi-facility systems with numerous sites.

3. It’s Not a One-Time Task

This is now an annual requirement. New provider locations must also be included each year. If a newly added site begins running eligibility checks through a vendor but isn’t attested, it may experience transaction failures later.

4. Technical Compliance Considerations

CMS requires that the originating IP address for every HETS transaction be transparent and unaltered. Organizations using complex network routing or security layers should verify that their systems do not unintentionally mask or alter IP information.

Steps Providers Should Take Now

To stay ahead of the requirement and avoid workflow disruptions, providers should:

1. List all third‑party vendors involved in Medicare 270/271 transactions, including clearinghouses and eligibility verification partners.
2. Compile all required details, such as NPI, PTAN, vendor HETS ID, effective dates, and the name and email of the authorized PECOS signer.
3. Confirm who the PECOS‑authorized or delegated official is and ensure they understand the process.
4. Submit attestation through the appropriate MAC, since all MACs support these submissions.
5. Validate accuracy and scope, noting that MEDTEAM currently interprets site‑level enrollment as acceptable, though CMS could update expectations.
6. Prepare for annual recertification, maintaining organized records of vendor relationships and updating them when locations or vendors change.
7. Review network and IP configurations to ensure they meet CMS transparency requirements.

Bottom Line for Revenue Cycle Leaders

The new HETS EDI attestation should be treated as an ongoing compliance and operational safeguard. By coordinating early among enrollment staff, operational teams, and vendors, health systems can avoid last‑minute issues and maintain uninterrupted eligibility verification — a critical component of sustaining cash flow.