Training Programs
Audits & Assessments
Regulatory MonitoringArchive for February, 2009
The next CMS Hospital Hospital Quality Open Door Forum conference call is scheduled for February 25 at 2 p.m. Eastern time. To access the call, dial 800/837-1935 and enter 70014827 as the conference ID.
CMS will also allow access to the "encore" (i.e., recorded) playback of this call beginning two hours after the live conference call has ended. It will expire after three business days. To listen to the encore playback, dial 800/642-1687 and enter 70014827 as the conference ID.
Find out how the economic stimulus plan can help offset your EHR implementation costs
Title XIII of the American Recovery and Reinvestment Act of 2009 focuses on healthcare information technology (IT) and quality, with $19 billion in grants and loans set aside for infrastructure and incentive payments under Medicare and Medicaid for providers who adopt certified EHR technology. The grants and loans include $17 billion slated for incentives, with $2 billion allotted to jump-start health IT adoption.
The Act outlines incentive plans for eligible professionals for their ‘meaningful use’ of EHRs. The Act specifies that ‘meaningful use’ requires the following:
- Use of certified EHR technology
- Information exchange
- Reporting on yet-to-be-selected clinical quality measures using EHRs
Incentive payments begin in 2011, and they encourage early adoption. For example, when a hospital implements an EHR in 2011, it will receive 100% of the incentive amount for which the hospital is eligible. However, when the hospital delays implementation until 2012, it will only receive 75%. After 2015, there will be no incentive payment.
Nonhospital-based physicians will receive incentive payments based on a similar—though not exactly the same—payment structure; however, they will also receive payment reductions for failing to adopt by 2015.
Critical access hospitals are eligible for incentive payments; however, they will be subject to a different calculation that is not currently available.
See Title IV on p. 360 of the PDF for more information regarding payment incentives.
Effective January 1, coders can report HCPCS code C9899 when providers implant a prosthetic device for a Medicare beneficiary who is an inpatient but who doesn’t have Part A coverage of inpatient services on the date of the procedure. This concept—receiving reimbursement for an inpatient service under the outpatient prospective payment system (OPPS)—isn’t new. In fact, there are 11 categories of inpatient Part B services that providers can bill under the OPPS. However, the recent guidance from CMS about HCPCS code C9899 offers a good reminder of financial opportunities that your hospital might be missing.
Medicare will pay for 11 categories of inpatient Part B procedures under the OPPS:
- Diagnostic x-ray tests and other diagnostic tests (excluding clinical diagnostic laboratory tests)
- X-ray, radium, and radioactive isotope therapy, including materials and services of technicians
- Surgical dressings applied during an encounter at the hospital, as well as splints, casts, and other devices used for reduction of fractures and dislocations
- Implantable prosthetic devices
- Hepatitis B vaccine and its administration, as well as certain preventive screening services such as pelvic exams, screening sigmoidoscopies, and screening colonoscopies
- Bone mass measurements
- Prostate screening
- Immunosuppressive drugs
- Oral anticancer drugs
- Oral drugs prescribed for use as acute antiemetics and used as part of an anticancer chemotherapeutic regimen
- Epoetin Alfa, an injectable drug used to treat anemia
Medicare will reimburse providers for the eligible items or procedures when one of the four criteria is met:
- The patient has exhausted his or her Part A coverage
- The inpatient stay is deemed unreasonable and unnecessary
- The patient is not eligible for Part A coverage
- The service is never covered under Part A coverage
Editor’s note: For more information about how to receive payment for these services, visit the HCPro Web site. This article was adapted from the February issue of Briefings on Coding Compliance Strategies.
By Dom Nicastro
HIPAA privacy and security officers received their second major wakeup call this week that HIPAA enforcement efforts are on the rise.
The Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) announced Wednesday that CVS, the nation’s largest retail pharmacy chain, will pay the U.S. government $2.25 million and take corrective action in a settlement for potential privacy breaches affecting millions of patients.
The settlement ends an investigation by the HHS Office for Civil Rights (OCR) that began with media reports that CVS used industrial trash containers to dispose of patient information outside selected stores. The containers weren’t secured and were publicly accessible, according to a February 18 HHS press release.
CVS also settled potential violations of the FTC Act with the FTC.
According to HHS, CVS Caremark Corp., the pharmacy chain’s parent company, violated the privacy of millions of its customers when it improperly disposed of patient information, such as pill bottle labels. According to HHS, CVS:
- Failed to implement adequate policies and procedures to appropriately safeguard patient information during the disposal process
- Failed to adequately train employees on how to dispose of such information properly
The announcement comes just one day after U.S. President Barack Obama signed into law the $787 billion economic American Recovery and Reinvestment Act of 2009 that includes provisions for heightened enforcement of HIPAA and stiffer penalties for privacy and security violations.
“[HHS] needed a poster child, and CVS was that poster child,” says Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR.
“All of these things are culminating to totally revise HIPAA security, which I think is great,” says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA. “The government has been saying for years one of the biggest stumbling blocks to adopting electronic health records (EHR) is patient privacy. The public has to feel confident that their information is well protected.”
According to the terms of the resolution agreement, CVS must implement a robust corrective action plan that requires:
- Privacy rule compliant policies and procedures for safeguarding disposed patient information
- Employee training on HIPAA
- Employee sanctions for noncompliance
In addition, CVS must monitor its compliance with the HHS and FTC orders by having a third party conduct assessments and report to the federal agencies. The HHS corrective action plan lasts three years; the FTC requires monitoring for 20 years.
“I think we have become lax in our compliance assurance,” says Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, FHIMSS, president of Margret\A Consulting, LLC of Schaumburg, IL, and cofounder and member of the board of examiners of Health IT Certification.
Amatayakul says because there is not an overabundance of enforcement, complaints, or activity from patients who request their privacy rights, providers have regressed in their compliance efforts.
CVS’ settlement comes nine months after HHS tagged Providence Health & Services for $100,000 as part of a resolution agreement that also included a corrective action plan for the Seattle-based health system to settle potential HIPAA privacy and security rule violations that occurred in 2005 and 2006, according to a July 17, 2008 HHS press release.
Nor was the resolution agreement with Providence Health & Services the only major news last year surrounding HIPAA privacy and security enforcement. The Office of Inspector General (OIG) issued a largely critical report, “Nationwide Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight [A-04-07~05064],” reviewing CMS’ HIPAA security rule oversight, implementation, and enforcement on October 27, 2008.
In addition, the FTC’s new Red Flags rules that will help facilities prevent identity theft with proper policies and procedures become enforceable May 1.
“It’s a lot of things converging at the same time,” Borten says. “It gives us a real impetus to really take this seriously.”
Though she has yet to see the full report on the investigation, Amatayakul says CVS may have had a hard time disposing of the labels “because the labels are hard to put through a shredder. If they were on bottles that’s even more difficult to discard. Still, these are not excuses for inattention to appropriate safeguards.”
Borten reminds providers not to overlook the fundamental details of protecting patients’ privacy, such as shredding documents. “Even things that seem obvious are still tripping us up,” she notes.
Editor’s note: The HHS Resolution Agreement and Corrective Action Plan can be found on the OCR Web site.
OCR has posted new FAQs that address the HIPAA privacy rule requirements for disposal of protected health information. They can be found on the OCR Web site.
Information about the FTC consent order agreement is available at www.ftc.gov.
- Will CMS use calendar days or business days when determining the number of days a provider has to submit medical records?
- According to CMS, through August 31, 2008, providers chose to appeal what percentage of RAC determinations?
- How many states will CMS phase into the RAC permanent program on March 1, 2009?
When coding for outpatient procedures, coders should base the patient’s diagnosis on his or her medical condition. When a physician is unable to determine a diagnosis at the time of the visit, coders should determine the code based on the initial symptoms the patient experienced. Consider the following outpatient coding rules: Read More→
The announcement from CMS officially kicks the RAC program back into gear. Hospitals and providers should begin fine-tuning their RAC preparedness programs; particularly those hospitals in states CMS has slated to be among the first to begin the permanent RAC program (as indicated on the updated CMS phase-in map in yellow and light green).
CMS has promised as part of the permanent project that the RACs will make outreach programs available to providers to familiarize them with their policies and contact information. Hospitals should begin watching for these town hall meetings and make sure they have representation at any and all meetings scheduled by their RAC.
Editor’s note: RAC Report Advisory Board member, Tanja Twist, MBA/HCM, director of patient financial services for Methodist Hospital in Arcadia, CA, provided this tip.
CMS announced February 6 the permanent RAC program is once again underway as the RAC bid protests filed by Viant, Inc., and PRG Schultz, USA, Inc. have been withdrawn. Viant and PRG’s protests were resolved February 4, which means the stop work order has been lifted, according to CMS.
The Government Accountability Office (GAO) had 100 days to issue a decision after the unsuccessful bidders filed their protests November 4, 2008. The GAO had been set to render a decision on the protests on February 9 for Viant, and February 11, for PRG Shultz.
As a result of the protest settlements, these RACs will be subcontracting with PRG-Schultz and Viant. (PRG-Schultz will work with Diversified Collection Services in Region A, CGI in region B, and HealthDataInsights in Region D. Viant Payment Systems will work with Connolly Consulting in Region C.) PRG-Schultz and Viant will have different responsibilities—including possible claim review—in the various regions.
In the meantime, CMS has published a revised RAC expansion schedule as seen in the new “RAC Phase In Map” posted February 10 to the CMS Web site. The first phase is set to begin March 1. The second and final stage will begin August 1, according to the map. The prior expansion schedule was set to occur in three stages, however, the protests delayed the initial onset of the permanent RAC program.
CMS plans to begin audit activity in May for the states involved in the March phase-in, according to an American Hospital Association (AHA) February 11 news release in AHANewsNow. CMS will spend time between now and May conducting RAC educational sessions for hospitals, according to the AHA.
Get blog updates in your e-mail
Subscribe to our free RAC Report e-zine
