HCPro.com - Corporate Compliance - DO NOT USE Top Stories

Start date announced for recovery audit prepayment review demo

Thu, 09 Feb 2012 05:00:00 GMT

On November 15, 2011, CMS unveiled three demonstration projects aimed at reducing improper payments in the Medicare program. More than a month later on December 21, CMS held a special open door forum detailing one of the programs: the recovery auditor prepayment review demonstration. As comments and concerns from providers made their way to CMS, news of a delay on two of three of the demos transpired shortly thereafter

Today, CMS announced that both the recovery auditor prepayment review and the prior authorization of power mobility devices (PMDs) demonstration projects are expected to move forward on or after June 1, 2012. The prior authorization of PMDs demonstration was significantly revised as a result of provider and supplier concerns, according to CMS.

For additional information on these demonstrations, click here:

http://go.cms.gov/cert-demos

Tip: Perform your own internal investigation prior to government audit

Wed, 08 Feb 2012 14:49:00 GMT

If the government is paying your facility a visit, you'd better understand what they're looking for and figure out whether your organization did something wrong, says Lawrence Vernaglia, a partner in the Boston office of Foley & Lardner, LLP. "I think the goal is always to conduct your own analysis," he says. "You want to understand what the rules are and what is billable and not billable.” This investigation is not necessarily something you want to share with investigators unless you are specifically requested to do so.

One problem organizations may run into when they try to investigate a problem is the tight turnaround time they face as a result of the government's new 60-day rule. The Patient Protection and Affordable Care Act now requires all organizations that participate in Medicare and Medicaid to self-report and return overpayments within 60 days after the organization discovers the problem, says Vernaglia. This doesn't give the compliance officer a lot of time to evaluate the situation before responding, he says.

"This has caused a virtual panic among compliance officers. When they have their first sniff of an overpayment, they have an urge to whip out their checkbook," says Vernaglia. While they're right to worry about meeting the new deadline, they shouldn't let the deadline threat force them to forgo internal investigation efforts. If you pay up without looking into the issue, you may actually be negligent in your duties to the organization you represent, he says.

Editor’s note: This tip has been adapted from an article originally published in the February issue of HCPro’s 12-page newsletter Strategies for Health Care Compliance.

HIPAA 5010 deadline extended, but threat remains, says AMA

Wed, 08 Feb 2012 14:43:00 GMT

CMS' Office of E-Health Standards and Services (OESS) has announced a 90-day period of "enforcement discretion" for compliance with the 5010 HIPAA transaction standards, but leading professional organizations say that is not enough, according to a February 6 HealthLeaders Media article.

Expressing serious concerns about the ability of physician practices and payers to make the conversion to the 5010 electronic transaction standards and ICD-10 (a new code set for medical diagnoses) in time, both MGMA and the AMA are calling for change. The two agencies say that the government needs to form a comprehensive contingency plan permitting health plans to adjudicate claims that may not have all the required data content; or the government needs to call an outright halt to the transition.

CMS has extended the 5010 compliance deadline to March 31, 2012. OESS announced that it is delaying compliance enforcement in order to allow more physician practices the opportunity to implement the new billing coding standard without incurring penalties. The 90-day delay did not affect the implementation date for the coding systems, which took effect January 1, 2012 (January 1, 2013, for small health plans).

Read more on the HealthLeaders Media website.

MPPR to apply for certain diagnostic imaging procedures for Method II CAHs

Wed, 08 Feb 2012 05:00:00 GMT

On January 26, CMS issued a transmittal that implements the multiple procedure payment reduction (MPPR) for physician services for certain diagnostic imaging procedures in critical access hospitals (CAHs). Many facilities may not yet be aware of this implementation so CAHs billing under Method II need to take immediate notice, according to Debbie Mackaman, RHIA, CHCO, regulatory specialist for HCPro, Inc.

Section 1848(c)(2)(K) of the Social Security Act was added into the Affordable Care Act, thus specifying that the Secretary will identify potentially misvalued codes by examining codes that are frequently billed in conjunction with furnishing a single service. As a result of this examination, Medicare is making a change to the MPPR for physician services of certain diagnostic imaging procedures, according to MLN Matters article MM7684.

The release of transmittal R2395 applies the MPPR to physician services of certain diagnostic imaging procedures billed by CAHs that had elected the optional method (Method II) for outpatient billing. Payment made to the CAH for physician services billed on its outpatient claim form using revenue codes 96X, 97X, or 98X is based off of the Medicare Physician Fee Schedule (MPFS) supplemental file, according to the transmittal.

“Although this is good news for patients, since they will pay less out of pocket for the professional fees related to the imaging studies, this change could have a significant impact on CAHs that do a high volume of these services,” says Mackaman. “When looking at the list in attachment 1 (of the transmittal) it is quite lengthy and includes the highest-paying imaging services such as MRIs and CTs with and without contrast, as well as angiography.”

She continues, “A 25% reduction on the lower paying multiple service(s) does not seem like much until you consider how often a hospital provides multiple imaging services during the same session, both for high quality care and for the convenience of the patients. Hospitals should analyze their volume reports, imaging services combinations and payments for those services to anticipate the financial setback to their facilities.”

When the reduction is applied, the remittance advice will show a claim adjustment reason code of 59 (Processed based on the multiple or concurrent procedure rules) and a Group Code of CO (contractual obligation). In addition, deductible and coinsurance are based on the reduced amount, but the 115% add-on after deductible and coinsurance still applies, according to CMS.

The application of the MPPR for diagnostic imaging will apply to the professional fee when multiple services are furnished by the same physician to the same patient in the same session on the same day. Full payment is made for the service that yields the highest payment under the MPFS, and for subsequent services, payment is made at 75%.

Even though the implementation date for the FIs/MACs to begin paying the reduced amount is not until July 2, 2012, the effective date for providers is January 1, 2012. Once the Medicare contractors update their systems to align with this change, hospitals will begin to see the reductions in payments, says Mackaman.

In addition, she added: “It is unclear from the transmittal if contractors will mass adjust claims with dates of service from January 1 forward, so until the claims processing systems are updated hospitals should monitor related transmittals for more information.

“It is not uncommon for CMS to direct contractors to ‘reprocess claims brought to their attention’ and thereby leaving the CAH responsible for resubmitting claims for the proper reimbursement, which would include copayment refunds to their patients as well.”

The current list of codes subject to the MPPR on diagnostic imaging can be found in attachment one of transmittal R2395CP.

Minnesota debt collector sued over stolen medical data

Mon, 06 Feb 2012 20:04:00 GMT

Minnesota Attorney General Lori Swanson filed a lawsuit January 19 against a debt collection agency that she said violated state and federal health privacy laws when it lost a laptop containing patient information from two Minnesota hospitals, according to a press release from the Attorney General’s office.

The unencrypted laptop containing the patient data was stolen from the car of an Accretive Health, Inc. employee in July, while the car was parked in the Minneapolis restaurant district. According to the lawsuit, a screenshot with a patient’s name, date of birth, address, Social Security number, and medical conditions was among the data contained on the laptop.

Accretive Health, Inc., a debt collection agency that is part of a New York private equity fund conglomerate, used the data of more than 23,000 patients to:

Create medical checklists evaluating patients’ physical conditions
Score patients’ risk of hospitalization
Compile per-patient profit and loss statements

Accretive “found a way to essentially monetize portions of the revenue and healthcare delivery systems of some nonprofit hospitals for Wall Street investors, without the knowledge or consent of patients,” according to the lawsuit.

Source: The Office of Attorney General Lori Swanson

Report: Breaches reach 19 million records

Mon, 06 Feb 2012 19:58:00 GMT

Covered entities and business associates reported a total of 385 breaches of unsecured PHI affecting 500 or more individuals since OCR issued the August 2009 interim final breach notification regulation under HITECH, according to a report released by Redspin. This included more than 19 million records.

In its “2011 Breach Report / Protected Health Information,” authors say improvements in healthcare IT security must be measured by the reduction of the number of breach incidents and people impacted.

Redspin also provides specific recommendations for preventive action and corrective measures to reduce the most critical vulnerabilities. The authors hope those recommendations will prompt quicker adoption of electronic health records (EHR). In turn, EHR adoption will improve the cost efficiency, care delivery, and patient outcomes within the U.S. healthcare industry, the authors claim.

Redspin determined that health data breaches in the US increased by nearly 100% in from 2010 to 2011. The data also reveals that 60% of all breaches consist of malicious attacks such as theft, hacking, and insider incidents.

Nurse pleads guilty to Medicare fraud

Wed, 01 Feb 2012 16:59:00 GMT

Jorge Pineiro, a registered nurse in Miami who worked for ABC Home Health Care Inc. and Florida Home Health Care Providers, Inc., pleaded guilty to one count of conspiracy to commit healthcare fraud, according to a January 24 Department of Justice press release.

Court documents indicate that between June 2008 and March 2009, Pineiro submitted nursing notes with non-existent symptoms such as tremors, impaired vision, and inability to walk without assistance for Medicare beneficiaries. Pineiro was aware that these beneficiaries did not have these symptoms and did not receive the bill for services. Medicare was billed approximately $118,000 as a direct result of these filed claims.

Pineiro is scheduled for sentencing in April and faces a maximum prison sentence of 10 years in addition to fines and supervised release.

Read more on the OIG website.

Physician referral patterns ripe for scrutiny

Wed, 01 Feb 2012 16:55:00 GMT

When is a general practitioner's referral of a patient to a specialist an appropriate one that will likely lead to better outcomes, and when is it a categorical waste of money? Even worse, when is it something that provokes an unnecessarily harmful intervention involving more radiation, more specialists, false positives, or even useless surgery?

According to a January 26 HealthLeaders Media article, these questions surround the latest quality issue emerging from the dramatic increase in referrals to specialists, highlighted by Harvard Medical School researchers. In a study, they pose even more questions about whether and when a generalist should recommend a patient see another doctor.

The report, by Michael Barnett, MD, Zirui Song, and Bruce Landon, MD, and published in the Archives of Internal Medicine, looks at a sample of data from nearly one million ambulatory visits to primary care providers collected by two respected surveys. They found the number of referrals to a specialist doubled from 1999 to 2009, while during the decade before, rates were stable.

"That fact alone has significant implications for the cost of care and care patterns, because the referral isn't a single visit to a specialist," Landon explains in an interview with HealthLeaders Media. "It potentially opens up a whole cascade of testing and treatments and hospitalizations and procedures, and additional referrals.

Read more on the HealthLeaders Media website.

HHS task force: Consider privacy, security with text messages

Mon, 30 Jan 2012 05:00:00 GMT

The government should take a better look at privacy and security concerns before it encourages and helps develop health text messaging and mobile health programs, an HHS task force recommends.

HHS should conduct further research into the privacy and security risks associated with text messaging of health information and establish guidelines for managing such privacy/security issues, according to the task force’s January 26 report.

“The exchange of health information via text messages raises privacy and security issues specific to this medium,” the Text4Health task force wrote in the report. “Text messaging programs may be subject to numerous privacy and security laws, including [HIPAA's] privacy and security rules.”

According to the release, in recent years, mobile health technologies have seen the expansion of:

Health text messaging
Mobile phone apps
Remote monitoring
Portable sensors

These technologies have changed the way healthcare is being delivered in the U.S. and globally, according to an HHS release. According to HHS, the task force was charged with helping identify ongoing initiatives and proposals for the delivery of health information via mobile phones.

Dealing with data breaches

Mon, 30 Jan 2012 05:00:00 GMT

This article by Greg Freeman appeared on the HealthLeaders Media website January 23 and in the January 2012 issue of HealthLeaders Magazine.

You pick up the phone and someone tells you that a laptop containing thousands of patient files was left behind on the morning train. Or you learn that your own employees have been snooping into sensitive patient records for fun and profit. Or you discover that, for some odd reason, patient records have been posted on a completely unrelated public website for anyone to see, and they’ve been there for nearly a year.

Each of these scenarios has played out for some unfortunate healthcare executive, and they hold lessons in how to avoid such disasters, plus the best way to respond to such a crisis. Some of the most notorious HIPAA violations occurred within the UCLA Health System at the UCLA Medical Center, where singer Britney Spears was hospitalized in early 2008.

After the Los Angeles Times reported that employees had been caught perusing Spears’ records with no legitimate reason, the hospital confirmed the HIPAA violations, fired 13 employees, and took disciplinary action against others. It also suspended six physicians.

Demi Moore's medical records redacted

Mon, 30 Jan 2012 05:00:00 GMT

As we’ve been saying all along in HIPAA compliance circles, everyone has privacy rights under HIPAA – even celebrities.

Los Angeles officials planned last week to release an edited record of actress Demi Moore’s 911 call made from her LA home January 23, according to the Los Angeles Times. How will they edit? By removing any personal information about her medical condition and medications.

The Los Angeles City Attorney's office made the recommendation to comply with HIPAA.

CMS posts Q4 improper payment figures, top issues by region

Thu, 26 Jan 2012 05:00:00 GMT

Each quarter CMS issues a recovery audit program update that details the total amount of overpayments and underpayments indentified in that quarter. In addition, CMS posts the top recovery auditor issue for each region.

The most recent update, which provides information on the time period July 1, 2011 to September 30, 2011, identifies $277.1 million in overpayments and $76.6 million in underpayments, for a total of $353.7 million in improper payments. These numbers are up from the previous quarter, for which CMS reported $233.4 million in overpayments and $55.9 million in underpayments for a total correction amount of $289.3 million.

For each quarter CMS has issued these reports, the total correction amount numbers have raised dramatically:

October 2009 – September 2010: $92.3 million
October 2010 - December 2010: $94.3 million
January 2011 - March 2011: $208.9 million
March 2011- June 2011: $289.3 million
July 2011 – September 2011: $353.7 million

Perhaps most telling of all the figures, however, is the quarterly difference in the correction amount of the total national program since its inception. The Q3 update lists the total correction amount of the national program at $684.8 million, while the latest report has the amount at $939.4 million. This jump is indicative of the individual recovery auditors ramping up their efforts to identify improper payments nationwide—specifically targeting medical necessity issues, as indicated by the Q4 report:

Region A: Renal and urinary tract disorders (Medical necessity)
Region B: Surgical cardiovascular procedures (Medical necessity)
Region C: Acute inpatient admission neurological disorders (Medical necessity)
Region D: Minor surgery and other treatments billed as inpatient (Medical necessity)

For Region A and D, the top identified issues didn’t change from the Q3 report, but the fact that Region B and C now both identify a medical necessity issue as their top issue truly signifies that the recovery auditors have increased their efforts and focus on issues that may have not been medically necessary for the setting in which they were billed.

To view the Q4 report, click here: http://www.cms.gov/Recovery-Audit-Program/Downloads/FY2011QtrlyReport.pdf

To view the Q3 report, click here: http://www.cms.gov/Recovery-Audit-Program/Downloads/NatProg.pdf

To stay on top of the latest RAC-approved issues in your state, visit the Revenue Cycle Institute website.

Confusing the rebuttal process with the discussion period

Wed, 25 Jan 2012 05:00:00 GMT

The following question and answer is an exchange between a reader and the Revenue Cycle Institute team:

Question: I’m new to handling RAC audits, so I was reading up on the rebuttal process, also known as the “discussion period,” which must be filed within 15 calendar days of the date on the demand letter. I called my RAC (Connolly Healthcare) and was told that the rebuttal letter along with the “stop recoupment” letter should go to my local Medicare administrative contractor (MAC).

The letter we received from Connolly states that we are to notify the “claim processing contractor” and they will review and advise of their decision within 15 days. I’m confusing about who should be receiving the rebuttal letter. When I spoke with Palmetto (our MAC) they were under the impression that I submitted an appeal letter and that they have 60 days to respond. Can you please clarify?

Peeling away the confusion: Split billing guidance

Wed, 25 Jan 2012 05:00:00 GMT

The concept of split billing in both the inpatient and outpatient setting is a hot topic amongst providers as of late, according to Debbie Mackaman, RHIA, CHCO, regulatory specialist for HCPro, Inc.

The guidance for billing in these two settings can both be found within the Medicare Claims Processing Manual, first of which comes in chapter 1, section 70.8.1.

Outpatient split billing

There are a number of prescribed situations where a claim is received for certain services that require the splitting of the single claim into one or more additional claims, according to CMS. Splitting claims is necessary for the following reasons: Proper recording of deductibles, separating expenses payable on a cost basis from those paid on a charge basis, or for accounting and statistical purposes.

According to the manual, expenses incurred in different calendar years cannot be processed as a single claim, so a separate claim is required for the expenses incurred in each calendar year. In addition, Palmetto GBA, a Medicare administrative contractor (MAC), elaborates by stating: “All outpatient claims, SNF claims and non-PPS inpatient claims (e.g. critical access hospitals), which can be billed on an interim basis, should be split at the provider’s fiscal year end and at the calendar year end. It should not be split at Medicare’s fiscal year end unless it corresponds with the provider’s fiscal year.”

Inpatient split billing

For inpatient split billing requirements for the inpatient setting, Trailblazer Health Enterprises, LLC, another MAC, offers a sound summary: Non-PPS providers and providers who are reimbursement through periodic interim payments (PIPs) split-bill their claims at the fiscal year end (FYE), and the days are allocated to the provider year in which they occurred. When services span a non-PPS provider’s FYE for inpatient bills, a provider must submit two claims, the first of which reflects the admission date to the FYE using TOB 112 and status code 30 (still patient). The second claim reflects the first day of the new FY to the discharge date using TOB 115 and the appropriate discharge status code.

Guidance on split billing for inpatient and outpatient services is important to providers since it can prevent delays in payment because they will have to rebill their claims if their outpatient, rural health clinic and swing bed claims cross over calendar years, says Mackaman.

“If providers keep in mind that every calendar year, the patient’s deductibles and coinsurance amounts change for both Part A and Part B services, they can put the split billing process on their radar as part of their annual procedures.”

She continued, “CAHs also need to remember this at the end of their fiscal years for these services as well as their inpatient claims.”

For more information on when to split Part A bills, click here:

http://www.trailblazerhealth.com/Publications/Job%20Aid/WhentoSplitPartABills.pdf

For information on split billing for IPPS hospitals that are paid under the DRG, see section 20.7.2 of the Medicare Claims Processing Manual:

http://www.cms.gov/manuals/downloads/clm104c03.pdf

Atlanta man gets jail time for stealing PHI

Mon, 23 Jan 2012 19:01:00 GMT

A federal judge sentenced an Atlanta man to 13 months in prison January 10 for intentionally accessing a competing medical practice’s computer without authorization in order to send marketing materials to patients, according to a U.S. Attorney’s office release.

Eric McNeal, a 38-year-old IT specialist, accessed the computer owned by A.P.A, a perinatal medical practice in Atlanta and his old employer, according to United States Attorney for the Northern District of Georgia Sally Quillian Yates. After leaving A.P.A. in November 2009, McNeal joined a competing practice located in the same building.

McNeal downloaded the names, telephone numbers, and addresses of A.P.A.’s patients, and then deleted all the patient information from A.P.A.’s system in April 2010. McNeal then targeted those patients with a direct-mail marketing campaign for his new employer, according to federal officials.

HHS releases interim final rule on electronic fund transfers

Mon, 09 Jan 2012 17:27:00 GMT

If you’re a privacy and/or security officer who last week saw an HHS final rule with the acronym “HIPAA” in it, you probably jumped out of your seat. The HIPAA compliance world has been waiting on multiple rules out of HHS related to privacy, security, and HITECH.

Though the HHS interim final rule released Jan. 5 – “Administrative Simplification: Adoption of Standards for Health Care Electronic Funds” – technically falls under HIPAA, it has little to do with privacy and security, our experts say.

The rule sets standards for electronic funds transfers in healthcare required by the Affordable Care Act in order to reduce costs and streamline efforts for physicians, hospitals, private health plans, states, and other government health plans. The measures in the rule will save providers $4.5 billion over the next 10 years, according to its press release.

Chris Apgar, CISSP, CEO and president of Apgar & Associates, LLC, said the rule only pertains to the transaction side of HIPAA.

“It defines requirements for electronic funds transfer and remittance advices [both part of the 5010 835 transaction],” Apgar says. “It really has nothing to do with privacy [and] security.”

Kate Borten, CISSP, CISM, president of The Marblehead Group, agrees, saying the rule certainly impacts IT, but does not significantly impact privacy and information security.

The rule pertains more to a hospital’s business office, according to Frank Ruelas, a HIPAA consultant for HIPAA College in Phoeniz, AZ.

“However there would be some relativity to security given the use of IT infrastructure for the processing of electronic payments,” Ruelas adds.

The regulation is effective January 1, 2012. All health plans covered under HIPAA must comply by January 1, 2014.

DME company owner sentenced for Medicaid fraud scheme

Wed, 04 Jan 2012 17:58:00 GMT

U.S. District Judge Grey Miller of the Southern District of Texas sentenced the former owner of two Houston DME companies to 12 years in federal prison for his involvement in a Medicaid fraud scheme, according to a December 21, 2011 Department of Justice press release.

The judge also ordered the defendant, Benjamin Essien, to pay $1,455,837.91 in restitution to the Texas Medicaid program. Essien’s father and sister, Bassey Essien and Rose Essien, previously were found found guilty for their participation in the scheme and will be sentenced this month.

Court documents indicate that between April 2004 and February 2010, Essien submitted approximately $2,341,293.64 in Medicaid claims for adult incontinence supplies that were never provided to Medicaid beneficiaries or that cost less than the amount billed. Medicaid subsequently paid Essein approximately $1,455,837.91 before investigators uncovered the scheme.

Read more on the Department of Justice website.

CMS to delay two out of three new demonstration projects aimed at reducing improper payments

Wed, 04 Jan 2012 17:47:00 GMT

On December 29, CMS issued a notice announcing the delay of the recovery audit prepayment review demonstration and the prepayment review and prior authorization for power mobility devices (PMDs) demonstration.

The notice states that CMS has received many comments and suggestions on these demonstrations and that they are considering these comments carefully. As a result, CMS will delay implementation of these demonstrations, but will provide at least 30 days notice before the start of the demonstrations. The Part A to Part B rebilling demonstration remains on schedule and will begin on January 1, 2012, according to CMS.

To view the entire CMS notice, click here.

Visit HCPro's Revenue Cycle Institute for more information.

CMS releases details of recovery auditor prepayment review demonstration

Thu, 29 Dec 2011 05:00:00 GMT

On November 15, CMS announced that it will launch a number of demonstration programs that are set to begin in January 2012, one of which is its recovery auditor prepayment review initiative. On December 21, CMS held a special open door forum to further discuss the program.

Each year as part of its financial reports, CMS produces an estimate of its improper payments in the Medicare program. In fiscal year 2011, the rate of error in the Medicare program was 8.6%, which translates to roughly $29 billion in error, according to George Mills, director of provider compliance group at the office for financial management at CMS, who spoke on the call.

The goal of the prepayment recovery auditor demonstration, as stated on the open door forum by Amy Cinquegrani, Division of Recovery Audit Operations at CMS, is to prevent improper payments before they are made and to thereby lower this error rate.