Both CMS and MACs have to follow federal regulations in responding to FOIA requests, and provide documents that are not otherwise protected (due to national security, due personal information like birthdays, due to bona fide protected business secrets).
I've done many FOIA requests to both CMS and MACs, and this week I got by far the "lamest" FOIA response ever - from NOVITAS MAC, and on a timely topic. See below.
The topic: Coverage Decisions that are not LCDs or Posted
This summer, I've gotten a lot of requests about companies that announce Medicare coverage, but there's no public supporting documentation that you can find, like an LCD or an Article coming from the relevant MAC.
On June 12, I wrote a blog about this topic on June 12 (here). Even more recently, on July 31, a company halted trading when a new draft LCD appeared to possibly supercede previous coverage that wasn't clearly laid out in any particular LCD or article (here).
Enter FOIA requests.
The federal government, including CMS and its MACs, have FOIA offices or FOIA officers and they respond to Freedom of Information Act requests by providing relevant documents. The starting position is that documents on file are releasable, unless they fall into a stated protected category, such as national security, business secrets, personal information (like birthdays), etc. See the CMS FOIA pages here.
MACs must have a FOIA office and follow FOIA rules - see their SOW here.
I've personally gotten FOIA responses as voluminous as a big PDF representing two years of emails on a topic, variably redacted for confidential information. Generally, I've seen that every FOIA response includes appeals information (e.g. the address of a higher-level FOIA appeals officer). In the case of Noridian MAC, when faced with possible "business secret," they forward the PDF's to their regional office for a decision on what is releasable.
In June, I requested from Novitas FOIA information on coverage decisions (such as emails) about codes 0206U/0207U (Discern Neurodiagnostics Alzheimer skin cell test) and 0108U (Barret's esophagus test). I did this because I had gotten client requests about the coverage process, after the client seeing saw a press release or website indicating the test was covered by Medicare. In the case of 0108U, the test had been validated by CMS as "covered by Medicare" because that's a step in the ADLT process (here).
Here are the Novitas code-specific requests and response: cloud PDF.
It's the lamest FOIA response I've ever seen.
It opens by acknowledging my request as "correspondence" and providing a reply from the "Customer Service Center." Novitas seems to deliberately avoid using the word "FOIA" in its response to my FOIA request. They don't even pretend to be following FOIA laws and regulations in responding to my FOIA request. They simply give some boilerplate paragraphs about the ability fo MACs to make coverage decisions and ability to publish LCDs. They they close with a "Customer Service Survey" request ("How are we doing?") (??!!).
Let me say again, I've been around the block many times with FOIA requests, and they've always included FOIA logging numbers, an answer that is written with respect to FOIA rules, and finally, a FOIA appeal method if I was not satisfied.
This FOIA response is NOT satisfactory! I believe the next steps for em are to either (1) file a FOIA appeal with CMS (which will bring a senior level FOIA official quickly into the exchange) or (2) file a new FOIA request with the CMS FOIA office in Baltimore (rather than the local NOVITAS FOIA office), either of which will pull the process back on track with FOIA rules and regulations. Update August 19: I filed an appeal with CMS, Baltimore, on the original requests (codes 0108U, 206U 207U).
I believe there's a body of case law that Medicare MACs have to respond to FOIA requests under FOIA rules. And I believe all Medicare MACs have FOIA webpages on their websites. However, I've also read that Medicare Advantage plans don't have to respond under FOIA in the same way (interesting paper here).
See CMS "FOIA Processing Guidance" for Contractor FOIA requests, pdf here. Exemptions described p. 10ff. MAC rules described at many points in this 79 page PDF. MACs must log and account for FOIA requests, for example. Appeals rules at page 15. A model letter shows the required information to the customer about his appeal rights (page 40).