Home

  • Home
    • » e-Newsletters

Radiology Administrator's Compliance & Reimbursement Insider, April 2005

Radiology Administrator's Compliance and Reimbursement Insider, April 1, 2005

Inside:

2005 CPT code changes: Carotid artery stents

HIPAA authorizations are often overlooked

Eight factors that affect an incorporated practice's risk of criminal charges

HIPAA security rule implementation date draws near

When your hospital demands performance criteria, meet it head on with demands of your own

 

2005 CPT code changes: Carotid artery stents

In August 2004, the FDA approved the first-ever carotid artery stent, manufactured by Guidant Corporation. The stent was approved for use in patients who have had symptoms of a stroke, whose carotid arteries are at least 80% blocked, or who are not good candidates for endarterectomy. The FDA required Guidant to conduct a post-approval study to evaluate the stent's long-term performance, says Jackie Miller, RHIA, CPC.

The day after the FDA approval, Miller says, the Centers for Medicare & Medicaid Services (CMS) announced it would cover carotid artery stenting when performed as part of the post-approval study. Concurrently, the American Medical Association issued new CPT codes to be used for carotid artery stenting in 2005.

Medicare had previously covered carotid stenting only when performed as part of a Category B investigational device exemption clinical trial. A draft coverage decision memo issued by CMS in December 2004 (CAG-00085R), however, expanded that coverage. It stated carotid artery stenting is reasonable and necessary for patients who have symptomatic carotid artery stenosis greater than 70% and are at high risk of carotid endarterectomy. In the memo, CMS proposed to limit Medicare coverage to procedures using FDA-approved carotid stents and embolic protection devices.

Carotid artery stenting was previously reported using CPT Category III codes. Category III codes are used for new technology procedures that may not yet have FDA approval, says Miller. Third-party payers frequently do not cover these codes, she says. The new carotid artery stenting codes, 37215 and 37216, are Category I codes, which are used for procedures that are FDA-approved and widely performed.

Codes 37215 and 37216 are used to report stent placement in the cervical carotid artery. The cervical carotid artery consists of the mid and distal portions of the common carotid artery and the proximal portions of the internal and external carotid arteries, Miller says. Typically the stent is placed across the carotid bifurcation (i.e., where the common carotid splits into the internal and external carotid).

Code 37215 is used to report cervical carotid stenting with distal embolic protection. Miller notes that a distal embolic protective device is a type of filter or trap that catches clot fragments dislodged during the stenting. These devices prevent debris from flowing distally into the brain and potentially causing a stroke. Code 37216 describes placement of a cervical carotid stent without use of distal embolic protection, says Miller.

Under current CMS coverage guidelines, use of embolic protection is required for the procedure to be reimbursed by Medicare, Miller points out.

Tips for compliance

The new carotid stenting codes include all components of the stent placement procedure. Specifically, codes 37215 and 37216 include ipsilateral selective carotid catheterization, ipsilateral cervical and cerebral carotid diagnostic angiography, and radiological supervision and interpretation. Coders must ensure that these services are not unbundled, Miller says.

However, if bilateral carotid angiography is performed, followed by unilateral stent placement, the catheter placement and diagnostic angiogram on the nonstented side are separately reportable, says Miller. This means that coders may need to report a unilateral angiogram code even though bilateral angiography was performed. "This is really counterintuitive for coders," Miller says.

Because the new codes are also challenging for payers, Miller recommends closely scrutinizing payments for carotid stent procedures to ensure that the insurance company has not bundled procedures that are separately payable. n

Insider source

Jackie Miller, RHIA, CPC, senior consultant, Coding Strategies, Inc., 5041 Dallas Hwy., Suite 606, Powder Springs, CA, 770/445-5566.

 

 

 

HIPAA authorizations are often overlooked

Are you obtaining all the authorizations you need under the HIPAA privacy rule? Maybe not, says Lawrence "Doc" Muhlbaier, assistant research professor at Duke University. Privacy issues relating to functional MRIs tend to be overlooked. Several of these MRIs are done within noncovered entities-namely by psychologists on campuses where they are trying to understand brain function. Occasionally something these psychologists see raises suspicions of a disease process (often called "incidental findings"), and they need further interpretation of the scans. They then turn to radiologists for assistance.

The psychologists can provide the scans to radiologists to interpret, but getting the interpretation back to the psychologists requires an authorization from the subjects, a step that is often overlooked. Identifiable MRIs are not protected health information until they reach the radiologist, who is a covered entity.

Insider says: Obtain an authorization from the subject if your organization engages in this type of relationship with outside organizations. n

Insider source

Lawrence "Doc" Muhlbaier, PhD, assistant research professor of biostatistics for the Department of Biostatistics and Bioinformatics and assistant research professor for the Department of Surgery, Duke University Medical Center, Durham, NC.

 

 

 

Eight factors that affect an incorporated practice's risk of criminal charges

Being incorporated won't protect your radiology practice from criminal charges. In fact, not only can these charges carry penalties of crippling fines and mandatory exclusion from federal health insurance programs, but officers of a convicted corporation can end up in jail. So any time is a good time to assess your radiology practice's vulnerability.

The Department of Justice (DOJ) considers eight factors when bringing criminal charges against a practice. It weighs these factors in addition to the normal considerations for bringing a criminal case, such as the likelihood of success at trial and the evidence's sufficiency. The following is an explanation of these eight factors. We'll also provide tips on how to reduce the risks associated with them so your incorporated medical practice is less likely to face criminal charges.

1. Enforcement priorities. According to the DOJ, the nature and seriousness of the crime-including the risk of public harm-is the first factor to consider. This should be a concern for physician practices because the DOJ has made fighting healthcare fraud a government priority, says healthcare attorney Matthew Kupferberg. So the government may consider certain corporate misconduct in the healthcare field more serious than similar misconduct by a corporation in another field. For example, a physician practice that submits false claims to Medicare may be treated more harshly than a trucking company that submits false reports of its cargo to federal authorities, says Kupferberg.

  • What to do. The best way to deal with the government's enforcement priorities is to take them seriously, Kupferberg says. "Behave as if your every move is being scrutinized-because it is," says Kupferberg. Start to consider now where your practice may be vulnerable.

    2. Pervasiveness of wrongdoing within a corporation. The next factor prosecutors must consider is the extent of the wrongdoing within a corporation.

    "If one lower-level employee is mostly responsible for the problem, the corporation is much less likely to face criminal charges than if the company's upper management knew [about] or condoned what was going on," says Kupferberg. "But if the upper management directed the illegal behavior or turned a blind eye to it, the chances the corporation will face criminal charges skyrocket," he says.

  • What to do. The best way to protect yourself is to be sure that you create a corporate culture in which legal compliance is constantly stressed, Kupferberg advises. If there's wrongdoing-or even a willingness to look the other way-at the top of your corporation, you're far more likely to face criminal charges than if the problem is confined to a low-level employee.

    The people in charge of your corporation must be committed to full compliance and must convince their employees of that commitment. If you always look for a way to bend a rule to make an extra buck, your employees will pick up on that, making them more likely to engage in behavior that may get you into trouble.

    3. Past history. If your corporation (or its officers) have been in trouble before, you're less likely to catch a break if you're investigated again, Kupferberg says. The DOJ expects corporations to learn from their mistakes and believes that a history of similar conduct may prove that the corporate culture encourages-or at least condones-such conduct. Awareness of this stance is important because it shows that prosecutors will look behind the façade to see how the corporation actually operates when deciding whether to bring charges. If you've been in trouble before, the guidance memo says you've lost the benefit of the doubt, Kupferberg stresses.

  • What to do. Don't repeat past mistakes. If you've ever been in trouble with the government regarding anything relating to your medical practice, it will catch up with you again. Seek the advice of an experienced healthcare attorney before attempting to design and implement a compliance plan, Kupferberg advises. An attorney can compose a plan that best addresses your most vulnerable areas.

    4. Cooperation and voluntary disclosure. It's a fixture of every TV police show-the bad guy is told that if he cooperates and spills the beans, he'll get off easier. That's also the official government policy when dealing with corporations, according to the DOJ. A corporation that is willing to help investigators by making witnesses available, identifying culprits within the corporation, and even reporting wrongdoing before the government realizes a problem exists may have a better chance of avoiding criminal charges, Kupferberg says. However, statements by the DOJ indicate that cooperation includes a corporation's willingness to waive two important legal rights: attorney-client privilege and work product privilege. These privileges protect the confidences you reveal to your attorney, keep private the advice the attorney gives you, and keep secret any documents your attorney prepares when he or she works for you.

    Kupferberg is concerned that this provision means that candid conversations between attorneys and clients-and documents that explain to clients what their attorneys are doing for them and why-may have to be shared with the government in exchange for avoiding criminal charges. Requiring organizations to waive usually recognized privileges to avoid criminal charges is "draconian," he says. There are few circumstances in which waiver of those privileges would be a viable option, he adds.

  • What to do. Seek good legal advice as soon as there's a hint of a problem-and preferably before then. It's best to look for a competent healthcare attorney before the government knocks on your door, says Kupferberg. The attorney can help you correct problems and design an effective compliance plan. If there's systemic noncompliance in your practice, an attorney can advise you about whether and how to report it to the government, he says. And an attorney can also help you decide whether it's worth waiving your privileges, he adds.

    5. Corporate compliance programs. The DOJ has also said that even if a corporation has a compliance plan, there still may be circumstances in which criminal charges are appropriate. Although a compliance plan that's designed well and implemented effectively can be a big help, it's definitely not a cure-all.

    "A compliance program helps identify problems before they merit criminal charges, and if the compliance plan is generally effective, it may lessen any criminal penalties," Kupferberg says. But be aware that the DOJ has also made it clear that a compliance program that's only for show is worse than no program at all.

  • What to do. To ensure that your compliance plan won't be found lacking, make sure it's designed specifically for your practice and will help you identify problem areas early. Let everyone in your practice know that medical practices are vulnerable and that skirting the edge of what's proper will be costly in the long run. When implementing your compliance plan, take the following basic steps:

    - Warn everyone that noncompliance won't be tolerated and stick to your guns. If that means you have to fire an employee who insists on bending the rules, so be it.

    - Communicate your compliance plan's policies and the compliance records of managers' subordinates during their annual reviews.

    - Keep the lines of communication open to all employees-make sure they're comfortable reporting noncompliance.

    - Adequately investigate all noncompliance reports and correct any problems.

    - Give the compliance officer enough authority to solve problems that arise. The compliance officer should be a high-level person within your practice.

    6. Repayment and other remedies. The DOJ asks prosecutors to review whether the corporation has repaid any money it wrongfully received and whether it has fixed the problem that led to the noncompliance.

  • What to do. Fixing the problem might mean firing an employee, revamping your corporate structure, or designing and implementing new procedures to ensure that everything is done properly. The more comprehensive your corrective steps are, the more likely the DOJ is to not bring criminal charges, Kupferberg says.

    7. Consequences for innocent parties. DOJ prosecutors must evaluate the effect a corporation's criminal conviction would have on innocent third parties (e.g., patients or employees who did nothing wrong) before proceeding with criminal charges. Prosecutors must also take into account other consequences that follow criminal charges, such as a physician's loss of medical license or a practice's exclusion from the Medicare and Medicaid programs, says Kupferberg.

  • What to do. Don't take too much comfort from this factor, says Kupferberg. A pattern of legitimate compliance efforts-starting at the top-is far more protective. According to the DOJ, being barred from the Medicare program may be entirely appropriate "where the top layers of the corporation's management or the shareholders of a closely held corporation were engaged in or aware of the wrongdoing and the conduct at issue was accepted as a way of doing business for an extended period." Just because the corporation is prosecuted doesn't mean innocent employees or patients wouldn't also be charged, he emphasizes.

    8. Noncriminal alternatives. It's usually quicker, easier, and cheaper for the DOJ to settle matters without bringing criminal charges, so it won't prosecute a corporation if there are noncriminal alternatives that would lead to an appropriate result.

    "The point of criminal prosecution is supposedly to deter, punish, and rehabilitate," says Kupferberg. If there are alternatives that will accomplish those ends, the DOJ is likely to go along, he says. Prosecutors want to save their resources for cases in which the noncriminal alternatives are inadequate, Kupferberg says.

  • What to do. If your compliance plan effectively deters future misconduct and you can demonstrate that they are already rehabilitated, you may be able to avoid criminal charges. If you can show that deterrence and rehabilitation are already accomplished, then the only thing left is punishment, and the DOJ probably can do that adequately through fines and other civil penalties, Kupferberg says.

    Insider source

    Matthew Kupferberg, Esq., Arent Fox, PLLC, 1615 Broadway, New York, NY 10019.

     

     

     

    HIPAA security rule implementation date draws near

    The government plans to enforce the Health Insurance Portability and Accountability Act of 1996 (HIPAA) security rule starting April 20, ready or not.

    Because they have historically been more technologically advanced, radiology departments may be better equipped to deal with the new requirements. Most of these departments were electronically reading, viewing scans, and signing reviews long before other areas of medicine even considered doing so, says Lawrence "Doc" Muhlbaier, a HIPAA expert at Duke University.

    Even so, that doesn't mean you are meeting all the requirements of the security rule, says Muhlbaier. "[Radiology departments] don't necessarily dot the i's and cross the t's the same way, so some fine-tuning may be necessary," he says.

    The HIPAA security regulations are designed to safeguard PHI that is maintained or transmitted in electronic form. All HIPAA covered entities (e.g., health plans, healthcare clearinghouses, and provider organizations that transmit patient information electronically in conjunction with at least one of several specified transactions) must comply with the rule.

    Although some common aspects of security rule compliance may be easier for radiology departments, they will face additional challenges, including a proliferation of automated instruments, says Muhlbaier.

    There are thousands of automated instruments within hospitals, and manufacturers may be reticent to update these devices-which include most radiology and mammography equipment-to meet the security standard.

    If this is the case at your organization, conduct assessments to determine what type of security risk the devices pose and take appropriate steps to protect them. Your organization must have an inventory of all this equipment that notes your protection measures, says Muhlbaier. Many organizations may not know that they must perform this step or may not have already completed the process, he adds.

    "I think people are ready for [the security rule] intellectually, but whether the nuts and bolts are implemented for everybody, it is hard to tell," says Muhlbaier.

    There are several other areas under the security rule that pose challenges, says Muhlbaier, including the following:

  • Ensuring user authentication. This is an area that may be more difficult for some organizations than for others. Authentication ensures that employees holding their IDs are who they say they are. If your organization has 10 employees, it will be a lot easier to verify their IDs than if your organization has 10,000 employees.

  • Background checks on personnel. The security rule requires background checks for all personnel, but the extent of the check depends on the roles and responsibilities of the individual being investigated. Writing policies with regard to this issue can be challenging-make sure your human resources department is up to the task, says Muhlbaier.

  • Audit trails. "One of the problems we had beentrying to figure out at Duke is how to adequately do audit trails," says Muhlbaier. The definition of an audit trail can vary among software products. In some cases, software-based audit trails are so extensive that it would take all of an organization's disk space just to maintain those records, says Muhlbaier.

    Additional tip

    The HIPAA security rule requires that your policies and procedures address your compliance steps. You will be held to the standards of whatever you have written if they go beyond the minimum required by the law, so documents that are too extensive or too precise can wind up working against you.

    Make your policy general. It helps the policy endure over time-time you won't spend making constant updates. Details of the policy can be worked out in guideline documents that can address what you will do to comply and how. n

    Insider source

    Lawrence "Doc" Muhlbaier, PhD, assistant research professor of biostatistics for the Department of Biostatistics and Bioinformatics and assistant research professor for the Department of Surgery, Duke University Medical Center, Durham, NC.

    Security rule

    According to the Health Insurance Portability and Accountability Act of 1996 security rule's mandates, organizations must

  • analyze risks to determine information security vulnerabilities

  • establish policies and procedures that allow access to electronic protected health information on a need-to-know basis

  • implement audit controls that record and examine who has logged into information systems that contain PHI

  • limit physical access to facilities that contain electronic PHI

  • establish and enforce sanctions to all work force members who don't follow information security policies and procedures

    Additionally, all work force members, including management, must receive security awareness training.

     

     

     

    When your hospital demands performance criteria, meet it head on with demands of your own

    The growing shortage of qualified radiologists is forcing hospitals into direct competition with health plans-and justifying the large salaries and other perks that come with the territory. Today, more hospitals are inserting performance criteria into their contracts with radiologists and proposing benchmarks or goals to measure performance that practices must meet under the terms of the agreement.

    Although they have positive aspects, the performance-based criteria also can hammer away at hospital-based radiology practices-many of which are justifiably wary about agreeing to such language in their contracts with hospitals, explains Philadelphia healthcare attorney Joan Roediger, who counts several large radiology practices and medical staffs among her clients.

    Some radiology practices are offended by hospitals' attempts to quantify and qualify their performance. So if the hospital you're affiliated with isn't flexible on this point and wants to continue to provide radiology services, you may have to bend your rules. If you're willing to spend time negotiating, you may be able to work out performance criteria that both you and the hospital can live with. You also may be able to add performance criteria that you want the hospital to meet under the contract. We'll explain how to make a hospital's demand for performance criteria work to your benefit.

    Performance criteria is probably here to stay

    There are several factors motivating the trend toward hospitals inserting performance criteria into contracts with physicians, Roediger says, including the following:

  • Competitive pressure from managed care plans. Managed care plans penetrate even the most resistant markets, making it difficult for hospitals to survive if they're not approved by the plans that operate in a given area. Just as managed care plans judge hospitals based on quantifiable data, hospitals are beginning to apply this method to their staff. By establishing performance criteria and proving that staff meet or exceed those criteria, hospitals offer plans a basis for comparison and strengthen their ability to compete for plan business, says Roediger.

  • 'Private inurement' concerns. Not-for-profit hospitals have a legal obligation to work toward a charitable purpose and can get into trouble with the Internal Revenue Service, the Centers for Medicare & Medicaid Services, and state regulators if a private individual reaps an "excess benefit" through his or her affiliation with the hospital. Paying an excess benefit is called "private inurement," Roediger explains.

    Although it may seem like a reach to think that a radiologist's salary could be considered a private inurement, if the salary is considered excessive for the required duties, it could be construed that way. So hospitals that demand performance criteria are being extra prudent by spelling out exactly what's expected in return for a salary, Roediger says. They also give themselves a way to measure performance against those expectations.

  • Typical performance criteria demands. Hospitals are generally looking for contractual assurances that their radiologists provide quality services, meet patient satisfaction goals, and conduct their practices in accordance with hospital policy by

    - performing services promptly

    - documenting services appropriately

    - billing for services correctly (if the practice handles its own billing)

    - maintaining productive relationships with treating physicians

    - educating medical residents, students, colleagues, and other staff

    - caring for patients sensitively

    Hospitals likely will want to quantify these demands to give themselves some method of measuring your practice's ability and willingness to pursue these goals, Roediger says. To this end, she has seen contracts in which a hospital attempts to insert clauses that do one or more of the following:

    - Require that patients receive radiology services within a certain period after the physician order is entered in the chart.

    - Require that tests be interpreted and a report entered in the patient chart within a specified period after the test is performed.

    - Demand that charts be subject to, and pass, periodic audits meant to determine adequacy of documentation.

    - Demand that billing records be available to the hospital for periodic audits, if the practice handles its own billing.

    - Mandate that a certain number of hours per month be devoted to education through teaching clinics, grand rounds, mortality and morbidity conferences, seminars, etc.

    - Demand that radiologists participate in a specified number of attempts to market hospital-based radiology services to referring physicians/the patient community.

    - Demand that the radiology department achieve a particular score on patient satisfaction surveys. Some of these demands can be couched in terms that may be acceptable for your practice, Roediger says. You may need to reject others outright.

    Make performance criteria work for you

    If your hospital wants to incorporate performance criteria into, Roediger advises the following:

  • Determine which criteria you can control -and firmly refuse to agree to those criteria you don't have control over. Example: Your hospital may want you to agree to a clause mandating a minimum average score on patient-satisfaction surveys. But obstacles you can't control (e.g., the attitude of orderlies or the length of waiting time for a procedure to be performed) are likely to affect your scores. For this reason, don't agree to this clause, Roediger says.

  • Try to negotiate reasonable performance expectations.Example: If the hospital wants to require your practice to read a minimum number of images per week, make sure that number is in line with your present workload. If the hospital aims too high, negotiate a lower number, Roediger suggests.

  • Try to persuade the hospital to reward you if you exceed the performance criteria.Example: Using the situation above, get the hospital to agree to bonus payments for every time you exceed the mandated image counts by 5%.

  • Agree to accept performance criteria only if the hospital will agree to certain performance standards.Example: If the hospital handles your billing and collections, make it agree to increase its collection rate. Or if the hospital handles transcription for your practice, make it agree to transcribe reports within a certain time period.

    Make hospital demand benefit you

    Here's an example of how you can negotiate a hospital's demand for certain performance criteria: The hospital wants to insert a clause that will obligate your practice to complete interpretive reports and forward them to medical records within 96 hours of a patient's examination. This may seem like a tall order, and maybe it is. Depending on your practice's circumstances, Roediger suggests the following ways to adapt the clause:

  • Set a more reasonable goal. Agree to complete the interpretive report within four business days for at least 80% of the radiological examinations you perform, and agree that the practice will make its best effort to forward complete interpretive reports to the medical records department within five business days.

  • Demand a bonus if you exceed the goal. For example, demand a cash payment for each incremental improvement of performance over and above the stated goals.

  • Set goals for the hospital. If the hospital performs transcription services for your practice, set a standard for its transcription turnaround (e.g., two business days). By considering how to make performance criteria work to your benefit, a clause such as this can be a win-win situation. With a little negotiating, the clause may look like the one below, which assumes the hospital provides the transcription.

    Insider says: Depending on your preferences, you may want to personally negotiate your practice's contract with the hospital or have your attorney do it. If you negotiate the contract yourself, it's crucial to have a competent and experienced health law attorney review it before you sign, Roediger says.

    Insider source

    Joan Roediger, Esq., Obermayer Rebmann Maxwell & Hippel, LLP, 1617 John F. Kennedy Blvd., 19 th Fl., Philadelphia, PA 19103.

    Model language

    A. Interpretive reports. Radiology practice shall make its best efforts to complete interpretive reports for 80% of all radiological examinations within four business days of the patient's examination, and to complete all interpretive reports no later than five bus

    • Most Popular