On November 17, 1997, the Health Care Financing Administration (HCFA) issued a memorandum to all Medicare contractors regarding compliance with Year 2000 (Y2K) issues. The memorandum is significant in that it requires all intermediaries and carriers to design systems that will exceed the current Y2K requirements in the Federal Acquisition Regulations (FAR). Because of the impact this memorandum may have on businesses and the potential ramifications for failing to comply with the HCFA memorandum, it is important that the new requirements be carefully reviewed.
HCFA has been analyzing the Y2K issue for some time, and the recent memorandum is its first step in requiring contractors to institute Y2K compliance in HCFA-related systems. The memorandum is explicit in detailing the steps HCFA intends to follow and impose upon contractors. Keep in mind, however, that the memorandum is not a regulation and does not have the force and effect of law. The principles outlined in the memorandum, however, are expected to guide HCFA’s proposed implementation of its Y2K policy.
The steps outlined in the memorandum require HCFA contractors to perform tasks and subject themselves to third-party scrutiny. Keep in mind that these tasks may not be required in existing HCFA contracts. As a result, HCFA most likely will issue contract modifications to incorporate the principles and actions detailed in the memorandum. Because the steps described below and the other actions described in the memorandum may be outside original contract requirements, HCFA’s insistence that a plan be prepared and outside testing of systems be allowed may be compensable under the changes clause of existing contracts. In any event, HCFA contractors should review their contracts to determine: (a) whether continued operations into the next century are already required by the contract; and (b) whether the actions described below are outside the original requirements of the contract.
Step 1: Issuance of HCFA guidelines for Y2K
HCFA is in the process of developing guidelines that must be used by contractors to develop the implementation plans discussed in Step 2. These guidelines will detail the minimum testing requirements to be used by HCFA to determine a system’s compliance with Y2K standards. The memorandum does not indicate when these guidelines will be issued. HCFA also will be issuing contract modifications to all existing contracts that will require Y2K compliance by December 31, 1998.
Step 2: Contractor development of Y2K implementations
The memorandum states that the HCFA Office of Information Services will soon contact intermediary and carrier contractors to require each to develop a Y2K Implementation Plan. That Plan, which must be based upon the HCFA guidelines to be issued in Step 1, must detail "what needs to be done, the time line and resources required for accomplishing all tasks, and any additional costs which may be incurred." HCFA recognizes that the actions it plans to impose upon its contractors are compensable.
HCFA intends to require contractors with existingcontracts to create such plans although it is unlikely that such a requirement currently exists in contracts. Contracts should be reviewed carefully: If the development (and implementation) of such a Y2K Implementation Plan is not required in current contracts, a contract modification should be issued by the cognizant contracting officer.
As stated, additional requirements may be outside original contract requirements, thus entitling HCFA contractors to an increase in estimated costs as well as in fees under the Changes clause. And fixed-price contracts would also be entitled to an equitable adjustment.
Step 3: Independent verification and validation
HCFA has retained an outside contractor that will provide "independent verification and validation of each contractor’s plans, processes and products necessary to bring systems into compliance." The identity of this contractor has not been provided, and it is not clear what actual or potential conflicts of interest this contractor may have with existing or future HCFA contractors. Moreover, HCFA has not yet published what standards or procedures the "independent" contractor will employ and what, if any, rights a HCFA contractor might have if it disagrees with or challenges the "independent" contractor’s assessment.
As in Step 2, current HCFA contracts most likely do not require adherence to any requirements imposed by any "independent" contractor regarding verification and validation of Y2K Implementation Plans. In other words, the contract modification that must be executed requiring the development of the Plan also should detail the identity of the "independent" validation and verification contractor, the standards that contractor will use to assess your system, appropriate statements and representations regarding limiting the use of any confidential or proprietary data the "independent" contractor may gain access to, and your rights in the event you wish to challenge the contractor’s assessment. The modification should also allow the right to reject any "independent" contractor with which there may be a conflict of interest.
Step 4: Independent testing to certify compliance
HCFA has retained another contractor that "will provide independent testing to certify that the systems are compliant." As in Step 3, the identity of the testing contractor and its state of independence has not been provided by HCFA and should be closely scrutinized by HCFA contractors.