Recent Articles
HCPro Watchdog Service
Providers and payers alike have to stay on top of a regulatory environment that is constantly evolving. You can accomplish that with alerts, analysis, and ongoing access to our regulatory specialists. It’s a powerful solution to the demands created by changes in reimbursement regulation.
- Customized email reports delivered each month
- Virtual advisors to provide regulatory analysis
- Regularly scheduled teleconferences and Web conferences
- Subscriptions to MedicareFind, HCPro’s online regulatory database
The Revenue Cycle Institute team stays on top of regulatory changes and provides expert insight and analysis so you can gauge impact to your organization. We’ll tell you what you need to do to move forward today, how to look ahead to next month, next quarter, next year.
For more information, please call (877) 233-8734 or visit www.revenuecycleinstitute.com.
Sutter Health breach includes medical diagnoses
TRICARE should soon have some company on the Office for Civil Rights (OCR) large patient-breach website.
Sutter Health in Sacramento, CA, reported on its website November 16 the theft of an unencrypted desktop computer including records for more than 4.2 million patients from the health system’s administrative offices the weekend of October 15.
The database contained personal health information for the 3.3 million patients under its Sutter Physician Services (SPS) umbrella from 1995 to January 2011, the company said. The patient information included:
- Name
- Address
- Date of birth
- Phone number
- E-mail address (if provided)
- Medical record number
- Name of the patient’s health insurance plan
SPS provides billing and managed care services for healthcare providers with which it contracts, including facilities within the Sutter Health network.
In addition, the database contained the following information for approximately 943,000 Sutter Medical Foundation (SMF) patients from January 2005 to January 2011:
- Dates of services
- Description of medical diagnoses and/or procedures used for business operations
Because the data of SMF patients was broader in scope, Sutter Medical Foundation began notifying these patients by mail. Patients should receive letters no later than December 5.
Sutter Health in its website statement said the computer was password-protected. Sutter Health immediately reported the theft to the Sacramento Police Department and began an internal investigation. The database contained no actual medical records but medical data for many patients.
TRICARE’s breach involved 4.9 million patients treated at military hospitals and clinics during the last 20 years. Their PHI was exposed because of a data breach that occurred in Texas and was reported September 14.
The TRICARE breach is easily No. 1 on the OCR website for breaches of unsecured PHI affecting 500 or more individuals. Behind TRICARE is Health Net, Inc. of California, whose January 21 breach affected 1.9 million patients. OCR lists 372 entities on its website. Sutter Health's breach is not officially posted on OCR's website.
HCPro, Inc.’s HIPAA/HITECH video
HCPro, Inc. is proud to release the updated version of its best-selling HIPAA training video that covers both privacy and security training -- Privacy, Security and You: Protecting Patient Confidentiality Under HIPAA and HITECH, Second Edition.
One of the best ways to train staff is to show them the right and wrong way to do their job. And that’s what our DVD video does.
Check out this clip from the video.
Benchmarking in patient access
We presented an audio conference, “Use Patient Access Benchmarks to Improve Registration Accuracy."
These days, it seems all patient access departments are ramping up efforts to be accurate, considering the economic climate.
Take a look at some of the tools we offered during the show:
- Audit tool for consistent education
- Training checklist
- Manual monitoring tool
- Outline of Albany Medical Center's training program
- Productivity standards
- Dashboards
- Audit QA
- Standard set of elements of scorecard
News: Feds nab 91 suspects in Medicare billing scheme totaling $295M
Federal authorities September 7 detailed an eight-city sweep by the Medicare Fraud Strike Force that netted 91 suspects—including 11 physicians and two nurses – for various fraud schemes involving false billing.
The $295 million in false Medicare billings represents the largest single amount of fraud uncovered in a single investigation in the four-year history of the Strike Force. More than 400 investigators from the Department of Justice, FBI, Office of the Inspector General, and state and local law enforcement agencies took part in the raids, federal authorities said in a joint media release.
“Today’s arrests are a powerful warning to those who would try to defraud taxpayers and Medicare beneficiaries,” HHS Secretary Kathleen Sebelius said in the press release. “These arrests illustrate close cooperation between the Medicare program that identified these fraudsters and the law enforcement officials who acted swiftly to cut them off. And our efforts to stop criminals don’t end here because the Affordable Care Act gives us new tools to prevent Medicare fraud before it is committed – better protecting seniors and the integrity of the Medicare program for generations to come.”
Federal prosecutors detailed the allegations in each city:
In Miami, 45 people, including a physician and a nurse, were charged in various fraud schemes involving a total of $159 million in false billings for home healthcare, mental health services, occupational and physical therapy, durable medical equipmentDME, and HIV infusion services. In one case, 24 people are charged with participating in a community mental health center fraud scheme involving more than $50 million in fraudulent billing. The defendants allegedly paid patient recruiters to refer ineligible beneficiaries to the mental health center. In some instances, recruiters allegedly threatened beneficiaries who were residents of halfway houses with eviction if they did not attend the mental health center.
In Houston, two people were charged with fraud schemes involving $62 million in false billings for home health care and DME. One defendant allegedly sold beneficiary information to 100 different Houston-area home healthcare agencies in exchange for illegal payments. The indictment alleges that the home agencies then used the beneficiary information to bill Medicare for services that were unnecessary or never provided.
Read the full story on HealthLeaders Media.
Tip: Manage your password properly
Share this tip about passwords with your staff:
Selecting a strong computer password—one that is easy for you to remember but difficult for someone else to guess—is an essential step in securing your organization’s information. Generally, you should select a password that:
- Includes both letters and numbers
- Consists of at least six characters (your organization may require seven or eight)
- Incorporates upper- and lowercase letters, if your system supports them
- Includes special keyboard characters (such as #), if your system permits
- Isn’t a personal name, special date, fictional character, or real word
Editor's note: This was adapted from HCPro, Inc. book, “The HIPAA and HITECH Toolkit: A Business Associate and Covered Entity Guide to Privacy and Security.” For more information about the book or to order your copy, visit the HCMarketplace.
Tip: Monitor social media
Compliance officers—and patient access managers—should be auditing and monitoring social media.
"Look to make sure that employees are not posting confidential information on these sites," says F. Lisa Murtha, a partner at SNR Denton in Washington, D.C. "A good strategy is to run periodic Google or other searches against employee names."
The changes that come with social media throw people off—the advent of the telephone probably caused some consternation as well, says Roy Snell, CHC, CCEP-F, CEO of HCCA. But social media, just like the phone, is a valuable tool. "People just need to learn to use it professionally," Snell says.
This tip was adapted from the July 2011 issue of Strategies for Health Care Compliance. More information about Strategies for Health Care Compliance is available at the HCMarketplace.
ABNs revisited
The purpose of an ABN is to provide prior notice to a beneficiary (or his or her representative, in the event that the beneficiary is not competent) when the provider believes that Medicare will not pay for certain outpatient services because limitation on liability applies.
Limitation on liability applies when outpatient services fall into one of three categories:
- The services do not meet Medicare’s medical necessity guidelines for that patient’s condition;
- The services are screening services that are being provided more frequently than Medicare provides a benefit for; or
- The services are custodial.
Once the beneficiary knows that Medicare is not expected to pay for these services, he or she (or his or her representative) can decide whether to have these services performed, even though he or she is likely to end up paying for them.
In addition, there are a number of highly detailed requirements that must be met in order for the ABN to be effective. All of these requirements are designed to assure that the beneficiary has sufficient information to make an informed decision and that he or she is not being coerced. For example, the ABN must be provided enough in advance of the performance of the services so that the beneficiary has an opportunity to review the facts, seek additional information and clarification, etc. Providers also are required to provide the following information, with specificity, for each item or service they expect to be denied:
- Identification of each item, in language that the average beneficiary can understand;
- The reason that the provider believes that Medicare will not pay for that particular item; and
- A reasonable cost estimate, determined in good faith, for each item.
The reasonable cost estimate should approximate the provider’s usual billed charges for the item in question, which is the same as the amount that would be charged to any other individual without coverage. In other words, if Medicare does not pay for an item, the beneficiary is to be treated no more, and no less, favorably, than any other similarly situated patient.
The purpose and importance of notification to beneficiaries is obvious: it puts them in the position of making what might be a difficult, but at least an informed, decision about their health care. The purpose and importance to providers, in addition to permitting beneficiaries to play an active role in health care choices, is to preserve their own financial integrity by reserving the right to bill beneficiaries for these services if Medicare denies payment.
As noted above, for hospitals, the real challenge is creating and maintaining an effective ABN process. The following suggestions are offered to facilitate that process:
- Begin. Stop waiting for the right time and enough resources. Rome wasn’t built in a day, nor can an effective ABN process be implemented overnight.
- Identify and quantify the scope of the problem by tracking revenue loss as a result of failure to provide ABNs, including specific services, providers, and departments involved.
- Provide information and opportunities for individuals and departments to identify and compare their performance, need for improvement and progress.
- Identify and begin to address, based upon areas of highest priority (revenue loss/compliance risk).
- Identify those areas that are the easiest to operationalize and, therefore, where you can quickly achieve success:
- Too frequent screenings—Medicare permits routine ABNs;
- Clinical diagnostic laboratory services—Medicare has created 23 diagnosis-specific lab NCDs.
- Develop a strategic approach that works in your facility—departmental vs. centralized, registration vs. clinical staff.
- Identify potential internal and external resources—staff, software, CMS coverage guidelines (NCDs, LCDs, etc.).
- Develop applicable internal policies and procedures.
- Implement training and communication programs and materials for hospital staff, physicians, etc.
- Provide ongoing communication on progress—celebrate and share your successes—as well as constructive feedback where improvement is needed.
- Develop and implement appropriate monitoring and auditing policies and procedures.
- Assess and evaluate the effectiveness of efforts to date and make appropriate changes
Your efforts are bound to produce positive results for your patients and your facility.
Editor’s note: This post was authored by Judith Kares, instructor for HCPro’s Medicare Boot Camp – Hospital Version.
How are you complying with Red Flags Rule?
I am looking how other facilities are complying with the Red Flags Rule and how they are documenting these? How do you determine what a ‘true” Red Flag is?
HCPro, Inc. unveils HIPAA/HITECH video
HCPro, Inc. is proud to release the updated version of its best-selling HIPAA training video that covers both privacy and security training -- Privacy, Security and You: Protecting Patient Confidentiality Under HIPAA and HITECH, Second Edition.
One of the best ways to train staff is to show them the right and wrong way to do their job. And that’s what our DVD video does.
Check out this clip from the video.