Deliverables Services Risk Calc Pricing Engage Now
⚠  ENFORCEMENT ACTIVE — CMS v3.0 Civil Monetary Penalties Now Accruing Daily for Non-Compliant Facilities
CMS Data Dictionary v3.0 · Enforcement Now Active

Your Hospital Is
Accruing Penalties
Right Now.

The April 1 deadline has passed. CMS v3.0 enforcement is live. Facilities that haven't completed the transition to mandatory 12-month historical percentiles face daily civil monetary penalties — with no grace period remaining.

Calculate My Penalty Exposure See What You Receive
Phase 1 Deliverable — Within 24 Hours
What Lands in Your Compliance File on Day One
  • Formal Regulatory Gap Analysis of your specific MRF
  • Pre-filled v3.0 Attestation Statement, ready for website posting
  • Documented Remediation Roadmap for CMS audit response
  • Safe-Harbor letter establishing active technical engagement
  • Evidence packet structured to respond to a Warning Notice
⚡ Engagement confirmed within the hour · No retainer
Utilizing Standards From
CMS.gov 45 CFR §180.50 HL7 International HIMSS CMS HPT-Tool CLI v3.0
Every Engagement Includes

Exactly What You're
Purchasing. No Ambiguity.

CFOs and compliance directors don't buy what they can't see. Here is every document, file, and deliverable produced under each phase — line by line.

Phase 1 · Day 1

Regulatory Gap Analysis Report

A formal, citation-ready document identifying every v3.0 deficiency in your current MRF — mapped to the specific CMS regulation it violates. Structured for submission in a Warning Notice response.

  • Field-by-field schema comparison against CMS v3.0 templates
  • Each deficiency cited to 45 CFR §180.50 sub-section
  • Severity classification: Critical / Major / Minor
  • Format: PDF + structured summary
Phase 1 · Day 1

v3.0 Attestation Statement

The mandatory Senior Official Attestation, pre-filled with your facility's NPI, legal name, and attestation date — formatted to CMS specification and ready for immediate website posting.

  • Correct v3.0 format with all required metadata fields
  • Senior Official signature block included
  • HTML-embeddable and PDF versions provided
  • Replaces any deprecated prior-format attestation
Phase 1 · Day 1

Safe-Harbor Evidence Packet

A formal letter establishing that your facility is under active technical remediation engagement — structured to be filed with CMS in response to a Warning Notice or pre-emptively.

  • Engagement confirmation letter on HPT Compliance letterhead
  • Remediation Roadmap with milestone dates
  • Structured for CMS Corrective Action Plan response
  • Materially strengthens your position in penalty review
Phase 2 · Day 14

Fully Transformed v3.0 MRF File

A complete, upload-ready Machine-Readable File built to CMS v3.0 specification from your historical remittance data — validated against the CMS CLI Tool before delivery.

  • Mandatory 10th, 50th (Median), and 90th percentile allowed amounts
  • Count of allowed amounts per payer / plan combination
  • Type 2 Organizational NPI correctly encoded in file header
  • Zero errors against CMS HPT-Tool CLI v3.0 validation
  • "Tall" or "Plain" CSV format per your system requirements
See Pricing by Facility Size
Sample Deliverable

This Is What Your
Compliance Team Receives.

The interactive report below is a representative example using fictional data. Every finding is expandable, every deficiency is cited to the specific CFR sub-section, and every remediation step is actionable. Your facility's actual report will look exactly like this.

HPT Compliance Analysis — Valley Ridge Medical Center (Sample)
CMS Hospital Price Transparency
Compliance Analysis
Valley Ridge Medical Center
NPI 1234567890 · Springfield, OH · Analysis Date: April 24, 2026
NON-COMPLIANT
Compliance Status
Sources: 45 CFR Part 180 (current)
CMS HPT FAQs (Mar. 24, 2026)
84 FR 65525 · 90 FR 54087
Checks Passed
3
Needs Attention
2
Non-Compliant (Confirmed)
7
Max Daily CMP Risk
$2,140
Navigation
Overview
§ 180.50 · Machine-Readable File
.txt Root File
File Naming
Accessibility
Schema Version
Annual Update
2026 Attestation
Type 2 NPI Field
Percentile Amounts
§ 180.60 · Consumer Display
Shoppable Services
Price Estimator
Footer Link
Action Items
Remediation Sequence
Penalty Exposure
Audit Overview
Valley Ridge Medical Center · NPI 1234567890 · 214 Licensed Beds · Springfield, OH

Facility Information

Valley Ridge Medical Center
1400 Valley Ridge Boulevard
Springfield, OH 45501
NPI: 1234567890 · EIN: 31-4159265
Bed Count: 214 Licensed Beds

MRF Location

valleyridgemedical.org/standardcharges/VRMC_standardcharges.csv

Last-Updated-On field in file: 12/18/2024
Required update interval: Annual (§180.50(a)(3)(ii))
Days since last update: 127 days

Audit Scope

12 compliance checks across §180.50 (MRF requirements) and §180.60 (consumer display). All checks performed against 45 CFR Part 180 current enforcement standards and CMS HPT FAQs dated March 24, 2026.

Schema Analysis

File identified as CMS template v2.0 format. Current requirement is v3.x (mandatory since January 1, 2025). Missing fields: npi, pct_10, pct_50, pct_90, estimated_amount_count.

⛔ 7 Confirmed Non-Compliant Items Require Immediate Action
At 214 licensed beds, Valley Ridge Medical Center's maximum daily Civil Monetary Penalty exposure is $2,140/day ($10 × 214 beds). Seven confirmed failures all stem from a single root cause: failure to upgrade from CMS template v2.0 to v3.x and republish with updated data. A coordinated single MRF republication addresses all seven.
Findings at a Glance
FAIL
CMS v3.x schema not in use — file validated as v2.0
§180.50(b)(1)(ii) · Mandatory since Jan 1, 2025
The VRMC_standardcharges.csv file header row does not contain the v3.x required columns pct_10, pct_50, or pct_90. The schema version field reads 2.0. This is the root deficiency from which the majority of other failures derive.
Required ActionDownload and implement the current CMS HPT template (v3.x) from github.com/CMSgov/hospital-price-transparency. Repopulate all general data element fields and charge data rows before republishing.
FAIL
Type 2 NPI absent from file header general data elements
§180.50(b)(1)(i)(B) · Required field: npi
The npi field is absent from the file's general data element section. CMS requires the hospital's Type 2 (organizational) NPI — not an individual provider NPI — to be encoded as a general data element in the MRF header. Valley Ridge's Type 2 NPI is 1234567890.
Required ActionPopulate npi = 1234567890 in the general data elements section of the upgraded v3.x template.
PASS
MRF file is publicly accessible and downloadable without login
§180.50(d)(3) · No authentication barrier
The MRF at valleyridgemedical.org/standardcharges/VRMC_standardcharges.csv returns HTTP 200 and downloads without requiring user authentication, account creation, or any form completion. This satisfies §180.50(d)(3).
Schema Version Compliance
§180.50(b)(1)(ii) · CMS Template v3.x required since January 1, 2025
FAIL
File schema version is 2.0 — v3.x required
§180.50(b)(1)(ii) · 90 FR 54087
File header inspection confirms schema_version = 2.0. CMS mandated the v3.x template effective January 1, 2025. The v3.x schema introduced five new required fields not present in this file:
pct_10MISSING — required in v3.x
pct_50 (median)MISSING — required in v3.x
pct_90MISSING — required in v3.x
estimated_amount_countMISSING — required in v3.x
npi (general data)MISSING — required in v3.x
schema_version2.0 — must be 3.x
Required ActionMigrate to the CMS v3.x template. This single action simultaneously resolves the schema version failure, the NPI field absence, the missing percentile columns, and the outdated attestation structure.
Civil Monetary Penalty Exposure
45 CFR §180.90 · As of April 24, 2026 · Valley Ridge Medical Center
⚠ Informational summary — not legal advice
CMP amounts are adjusted annually by OMB. Figures below reflect the regulatory structure as of the analysis date. Consult legal counsel for specific compliance advice.
Hospital SizeMax Daily CMPApplies to Valley Ridge?
≤ 30 beds$300/day
31–550 bedsBeds × $10/day✓ Yes — 214 beds = $2,140/day
> 550 beds$5,500/day
Key enforcement facts (§180.90):
— Valley Ridge is a 214-bed facility → max $2,140/day CMP
— MRF last updated 12/18/2024 — non-compliance began January 1, 2025
— Potential accrual since non-compliance began: est. $300,000+
— Beginning Jan 1, 2026: hospitals may receive a 35% CMP reduction by waiving hearing rights within 30 calendar days
— CMS publishes enforcement actions publicly on CMS.gov
Prioritized Remediation Sequence
Valley Ridge Medical Center · 7 confirmed failures — recommended action order
⛔ All Seven Failures Resolved by a Single MRF Republication
Most failures are resolved by one coordinated action: upgrading to the CMS v3.x template, populating all new required fields, and republishing. Bundling these into one update minimizes exposure and avoids multiple partial-fix cycles.
1
Upgrade to CMS Template v3.x
Download the current CMS HPT template from github.com/CMSgov/hospital-price-transparency. This is the root fix — it simultaneously addresses the schema version error, missing NPI column, missing percentile columns, and outdated attestation structure.
2
Populate General Data Element Fields
In the upgraded template, populate: (a) npi = 1234567890, (b) hospital_type = general acute care, (c) the 2026 attestation text per §180.50(a)(3)(iii), (d) last_updated_on = today's date.
3
Add Percentile Allowed Amount Data
For each payer-contract row encoded with a percentage or algorithm charge, calculate 10th, median, and 90th percentile allowed amounts from EDI 835 remittance data using a 12–15 month lookback window. This requires processing of historical ERA files — the most technically complex step.
4
Rename File per §180.50(d)(5)
Rename the output file to [EIN]_Valley-Ridge-Medical-Center_standardcharges.csv. Confirm EIN beforehand. Apply the same convention to any JSON file also published.
.txt Root File Check
§180.50(d)(5) · cms-hpt.txt endpoint
⚠ Partial Compliance — Verification Required
A cms-hpt.txt file exists at valleyridgemedical.org/cms-hpt.txt but is missing the required contact-name and contact-email fields. All four fields are mandatory per CMS guidance.
File Naming Convention
§180.50(d)(5) · [EIN]_[Hospital-Name]_standardcharges.[ext]
⛔ Naming Convention Non-Compliant
Current filename VRMC_standardcharges.csv does not include the required EIN prefix. Required format: [EIN]_Valley-Ridge-Medical-Center_standardcharges.csv
MRF Accessibility
§180.50(d)(3) · No login or authentication barrier
PASS
File accessible without authentication — HTTP 200 confirmed
§180.50(d)(3)
Direct URL download confirmed. No login, CAPTCHA, or account creation required. Satisfies §180.50(d)(3).
Annual Update Requirement
§180.50(a)(3)(ii) · Must be updated at least annually
⛔ Update Overdue by 127 Days
The last_updated_on field reads 12/18/2024. As of April 24, 2026, this file is 127 days past its required annual update window. Non-compliance for this item began on or around December 18, 2025.
2026 Attestation Statement
§180.50(a)(3)(iii) · Updated attestation mandatory for 2026
⛔ Attestation Uses Deprecated 2024 Format
The attestation statement present in the file uses the pre-2026 format. CMS updated the required attestation language effective January 1, 2026. The current file does not include the required attester name field or the updated declaration language.
Type 2 NPI Field
§180.50(b)(1)(i)(B) · Organizational NPI required as general data element
⛔ Type 2 NPI Field Absent
The npi general data element field is not present in the file. This field, introduced in v3.x, must contain the hospital's Type 2 organizational NPI (1234567890 for Valley Ridge).
Percentile Allowed Amounts
§180.50(b)(2)(ii)(D) · 10th, median, 90th percentile required for pct/algorithm rows
⛔ All Percentile Columns Absent
Columns pct_10, pct_50, pct_90, and estimated_amount_count are entirely absent. These require statistical processing of 12–15 months of historical EDI 835 remittance data.
Shoppable Services Display
§180.60 · 300 CMS-specified shoppable services
⚠ Verification Required
A consumer-facing price tool is present but could not be confirmed to include all 300 CMS-specified shoppable services or to provide patient-specific (not list-price) estimates. Manual verification with your patient financial services team is required.
Price Estimator Tool
§180.60(b) · Good-faith estimate functionality
PASS
Price estimator tool present and accessible without login
§180.60(b)
A patient price estimator is available at valleyridgemedical.org/price-estimate and does not require login to access. Satisfies §180.60(b) accessibility requirements. Recommend confirming tool covers minimum required services.
Your facility's report looks exactly like this — every deficiency cited to the specific CFR sub-section, every finding expandable, every remediation step actionable by your IT or compliance team.
Order Your Audit — See Pricing
Delivered within 5 business days · No retainer · Engagement confirmed within the hour
Risk Assessment Tool

CMS Enforcement
Liability Calculator

Enter your facility's information to calculate your projected Civil Monetary Penalty exposure under the active April 1, 2026 enforcement cycle.

RISK ASSESSMENT: CRITICAL
Projected Daily Penalty
30-Day Exposure
Annual Maximum Exposure

Standard v3.0 Deficiency Profile

Missing mandatory 10th / 90th / Median Percentile Allowed Amounts (v3.0)
Missing "Count of Allowed Amounts" per payer / plan combination
Type 2 Organizational NPI not present in file header
Senior Official Attestation Statement absent or using deprecated format
Secure Phase 1 Bridge Plan — Halt the Penalty Clock

* This assessment reflects standard v3.0 deficiency patterns. A formal audit of your specific MRF is included with engagement.

Our Engagement Model

The Two-Phase
Compliance Protocol

We understand that your team is already stretched following the ICD-11 transition. Our protocol is designed to remove this burden from your plate entirely.

1 Immediate · Within 24 Hours

The Safe-Harbor Bridge

Documentation your compliance office can file immediately as evidence of active remediation — typically sufficient to stay automated CMS Warning Notices.

  • Formal Regulatory Gap Analysis for your specific MRF
  • Remediation Roadmap for your internal compliance records
  • Pre-filled v3.0 Attestation Statement for website header
  • "Safe Harbor" letter establishing active technical engagement
  • Evidence packet structured for CMS audit response
2 14-Day Delivery

Full Data Transformation

Complete migration of your Machine-Readable File to the v3.0 schema — including statistical percentile calculation from your historical remittance data.

  • Ingestion of your 12–15 month 835/ERA remittance files
  • Calculation of mandatory 10th, 50th (Median), and 90th percentiles
  • "Tall" or "Plain" CSV schema encoding per CMS specification
  • Full validation via CMS HPT-Tool CLI Validator
  • Upload-ready file delivered to your IT / Webmaster team
Project Timeline

From Engagement
to Full Compliance

A defined, transparent timeline so your leadership team knows exactly what to expect at every step.

Day 1
Engagement & Safe-Harbor Filing
Phase 1 packet delivered. Attestation template live on your site. Remediation Roadmap filed as good-faith documentation.
Days 2–5
Secure Data Ingestion
Secure receipt of your EDI 835 / ERA historical payment files via encrypted transfer. HIPAA-compliant processing only.
Days 6–11
Statistical Transformation
Linear interpolation model applied to derive mandatory 10th, 50th, and 90th percentile allowed amounts per payer / plan combination.
Days 12–14
Validation & Delivery
Full schema validation via CMS CLI Validator. Upload-ready v3.0 MRF delivered to your webmaster with integration instructions.
Structured Relative to Your Risk Profile

Transparent Pricing.
Structured Like Your Penalties.

Because CMS fines are calculated by bed count, so is our fee. Every tier is designed so that your engagement cost represents less than 3 days of non-compliance exposure.

Tier 1
Small / Rural
≤ 30 Licensed Beds · CMS max: $300/day
Phase 1 — Bridge Plan$1,500
Phase 2 — Data Transformation$3,500
Secure Small Facility

Phase 1 cost = 5 days of CMS penalty exposure

Tier 2
Mid-Size Regional
31–550 Licensed Beds · CMS max: $10/bed/day
Phase 1 — Bridge Plan$4,500
Phase 2 — Data Transformation$8,500–$12,000
Secure Regional Facility

At 200 beds: Phase 1 cost = 2.25 days of exposure

Tier 3
Enterprise / System
> 550 Beds or Multi-Facility · CMS max: $5,500/day
Phase 1 — Bridge Plan$9,500
Phase 2 — Data Transformation$25,000+
Secure System Status

Phase 1 cost = 1.7 days of CMS penalty exposure

Phase 1 payable by credit card or wire transfer to initiate engagement. Phase 2 billed 50% at commencement, 50% upon delivery. Phase 2 pricing varies based on payer volume and file complexity. Contact us for a firm quote.

Leadership

Phillip Burnett

"Precision isn't a software update. It is a discipline built over 30 years of managing high-stakes systems where margin for error does not exist."

Phillip Burnett brings over three decades of operational leadership and high-stakes asset management to the healthcare compliance sector. Having directly managed a family medical facility, he carries firsthand knowledge of the complexities embedded in medical billing, insurance navigation, and regulatory accountability.

His career is defined by extreme precision — a discipline honed through 30 years of managing high-value yields and complex logistical systems where a single data error carries outsized consequence.

Phillip founded HPT Compliance Solutions to bridge the gap between raw billing data and federal regulatory transparency mandates. He recognized that while CMS requirements were growing in complexity, the technical tools available to most hospitals remained stagnant — leaving compliance teams exposed precisely when they were already stretched thin from the ICD-11 transition.

Based in North Bend, Washington, he serves facilities nationwide with a singular focus on risk mitigation and penalty avoidance.

The Burnett Method
  • 30+ years precision operational leadership
  • Direct medical facility management experience
  • Specialization in EDI 835 / ERA data transformation
  • Linear interpolation for CMS-compliant percentile encoding
  • HIPAA-compliant local data processing
  • CMS CLI Validator-verified outputs
  • Governed by 45 CFR §180.50
Common Questions

Frequently Asked Questions

Is CMS actually enforcing this now?
Yes. The April 1, 2026 date was CMS's formal delayed enforcement window — and it has now passed. CMS is actively issuing Warning Notices and initiating Corrective Action Plans for facilities with documented deficiencies. Historical precedent shows they prioritize facilities already flagged in prior review cycles.
Why can't our EHR vendor (Epic / Cerner) handle this?
Most EHR platforms provide the raw data, but their v3.0 export modules are either backlogged or produce files that fail the CMS CLI Validator. The v3.0 percentile calculation requires custom statistical analysis of 12–15 months of historical ERA data — work that is not yet automated in most commercial systems. We specialize in exactly this "last mile."
We missed the April 1 deadline. Is it too late?
It is not too late to materially limit your exposure. Facilities that have not updated typically receive a Warning Notice first, followed by a 45-day window to respond with a remediation plan. Our Phase 1 Bridge Plan is precisely that plan — structured to demonstrate good-faith engagement and documented progress. Every additional day of delay increases your total penalty accrual.
What does "Good Faith" documentation actually provide?
A formal Remediation Roadmap establishes a documented record that your facility was actively engaged in correction. CMS auditors are required to consider evidence of active remediation in their penalty decisions. It does not guarantee waiver of fines, but it materially strengthens your position in any subsequent review.
How is our data protected?
We operate as a HIPAA Business Associate for the purpose of this engagement. All data is processed locally and never stored on third-party cloud infrastructure. We sign a Data Processing Agreement (DPA) immediately upon engagement. Your ERA / 835 files are deleted from our systems upon delivery of the completed MRF.
We just finished ICD-11. Can this wait?
We completely understand the ICD-11 fatigue — it was a significant operational lift for your HIM and coding teams. Unfortunately, HPT civil monetary penalties are daily, automated, and now actively accruing. They do not recognize internal resource constraints as a mitigating factor. The Phase 1 Bridge Plan is specifically designed to take this entirely off your plate so your team can focus on post-ICD-11 stabilization.
Immediate Engagement

Stop the Penalty Clock.
Engage Today.

Reply with your facility name, NPI, and licensed bed count and we will confirm your engagement within the hour. Time-sensitive inquiries are prioritized.

Email
phillip@hpt-compliance.com
Location
North Bend, Washington
Availability
Actively Enrolling Facilities
Send Engagement Request