Compliance Q&A: Survey protocols, CoPs, HIPAA, ACOs, and Transitions of Care

Questions regarding 2011 Survey protocols

Q. We have several questions re the new survey protocols. What are some of the key differences? What does the pre-survey preparation include?

A. The new survey protocols focus on specific standards within identified conditions that are related to quality care. To identify the care delivered and its relationship to the assessment and plan of care designed, besides reviewing the clinical record, the surveyor will also rely on personnel interviews as well as home visits. The survey is data-driven, patient-focused, and outcome-oriented.

The surveyor is expected to collect data and review State file data, prior survey results, OASIS reports, and agency specific characteristics. (S)he will review outcomes, potentially avoidable events of both active and discharged patients, and make visits for higher risk patents. The new protocols provide specific guidance on citing standard and condition-level deficiencies.

Q. Can you explain the survey levels? How is a standard survey extended?

A. A Standard Survey focuses on Level 1 standards (9 of 15 CoPs) which focus on the delivery of high quality patient care using not only clinical records but inclusive of interviews. If the home health agency is in compliance with all Level 1 standards and there are no identified concerns requiring investigation, the survey will be concluded and form CMS 2567 is issued.

Partial Extended Survey begins/expands when expected outcomes are not met for one or more Level 1 Standards. It requires a review of Level 2 standards. It should be expected that related information would be sought for areas of concern such as agency policies and procedures, personnel competency evaluations, and inservice training

Condition-Level Deficiencies can occur with serious findings related to or not related to Level 1 and 2 standards. Immediate patient jeopardy is always cited at the condition level. All conditions are reviewed.  Refer to the State Operations Manual, Appendix B Guidelines.

Questions re CoPs

Q. What are the required leadership positions stated in the CoPs?

A. The Conditions of Participation cite three administrative positions:  a governing body, an administrator, and a supervising physician or RN.  You may title these three positions whatever  your agency prefers, however the positions must exist and the individuals appointed must perform the duties identified in the CoPs. Be certain job descriptions, policies and procedures, and other necessary documentation clearly define that the positions perform all required designated responsibilities.

Do not forget the delegates required. Be certain that agency policy identifies who will function as the administrative delegate. The agency must also be in compliance with state requirements, which frequently are more stringent. Compare both State and Federal requirements so the agency is in compliance.

Q. Is it true that we must have a realistic end point for intermittent services for a patient who has a chronic diagnosis, such as Alzheimer’s disease?
A.The CMS Publication 100-2, Chapter 7, § 40.1.1,  states  services can be provided “without regard to whether the illness or injury is acute, chronic, terminal, or expected to extend over a long period of time.”According to the publication, if the patient with a chronic disease is homebound and needs skilled, reasonable, and necessary services that meet the part-time or intermittent requirements, then the agency can provide care.  That documentation must carefully be documented, The agency must be certain there exists an intensive assessment of the patient and their support services with interventions and goals clearly stated.  Carefully delineate the SKILLED need for each visit made. If the patient with Alzheimer’s disease qualifies for Medicare coverage through a need for monthly catheter changes and receives home health aide services 1x per mon, be certain each visit shows progress and document pt/cg response to care.Up to a maximum of 28 hours per week of skilled nursing care and home health aide services combined completed in less than 8 hours per day or up to 35 hours per week of skilled nursing and home health aide services and subject to review by the fiscal intermediary. Medicare requires supporting evidence of the continued skilled care need. The agency must reflect the need for compliant skilled care through clear documentation.

Questions about ACOs and New Payment Methods

Q. I am hearing about bundled services. Should I be concerned?

A. Home Health Agencies should be aware of potential ACO formation in their respective markets.  Does your agency have a specialty you should be marketing to local hospitals? Some hospitals are looking at the bundled payment options as well as ACOs. Read more at the CMS website but know that the proposed pilot gives participants the opportunities to make choices regarding patients to include, length of episodes of care, whether acute inpatient care should be included, and the target payment to be established. There are a variety of proposed models. Go to to learn more.

Q. I have heard there will be new payment methods. What are they?

A. Select Data will be providing ezine articles in late November and December regarding some of the proposed payment and treatment methods being considered and presently being evaluated. Those may include:

Accountable Care Organizations (ACOs) with Bundled Payments or Shared Savings Programs where the ACO shares risk. There will be various types of risk sharing programs. There may be Value- based Payment plans. Expect to see ACOs lead by hospitals or physician groups. Home Health Agencies will need to show value to become a part of such collaborative formalized groups.  Expect CMS to utilize comparative-effectiveness techniques of evidenced-based practices. Become familiar with the following terms:

ACOs: Integration of providers to assume responsibility for the quality, costs, and outcomes of care.

Total Costs of Care: A reimbursable methodology that is being designed to reduce cost by person by episode.

Predictive Modeling: A methodology to estimate how clients may use services and the related costs based upon variables, prior behavior, and attributes assigned.

Transition of Care: The movement of patients from one health care practitioner or setting to another as the condition and care needs change. Under this model, there will be NO discharge summary. Instead expect a “Transition Summary”. See the next Select Data article: CMS and Transitions of Care.

Questions re Face to Face

Q. Is anyone working to get some help for home health agencies regarding the face-to-face rule?

A. Yes, several state associations as well as NAHC are working to obtain some legislative relief. NAHC has called for 1) exemptions in specific hardship circumstances, 2) a reduction in documentation required, 3) expanded use of telehealth to meet the face to face requirement, 4) protection of home health agencies from denials without fault, 4) allow one physician/NPP to complete the Face to Face and another to certify (CMS has proposed this but is limiting it only to an inpatient physician).

Q. Could you give a summary of key points of the proposed 2012 Home Health PPS Rate Rule?

A. Agencies will need to be efficient as there is a proposed 2.5% inflation update, a 5.06% case mix creep adjustment, and a 3.56% rate reduction for 2012. In addition there is a recalculation of case mix weights proposed that includes elimination of two hypertension codes (401.1 Benign essential hypertension and 401.9 Unspecific essential hypertension). Also, there would be lower therapy episode coding weights. This would include a deceleration of a higher number of visits with a removal of the therapy visit step indicators. There will also be a recalculation of points to clinical and functional scores. Additionally, if an agency failed to complete a successful dry run  in Q3 of 2010 for HHCAHPs, they risk a 2% reduction in payment. (See October, 2011 Select Data ezine for more regarding HHCAHPs).

A few questions regarding HIPAA


Q. Could you give a brief summary of HIPAA HITECH? Can you discuss breach? Can you discuss best practices needed?

A. The American Recovery and Reinvestment Act (ARRA) of 2009 brought changes to HIPAA regulations in three broad areas: breach notifications, business associations, and penalties. It increases enforcement of HIPAA and allocates billions of dollars to invest in the implementation and exchange of health information technology such as the EMR.

Under HITECH, if a breach compromises the privacy and security of the patient’s information and poses a significant risk of financial, reputational, or other harm, patient notification is required.

Five new definitions have been added:

  • Breach Electronic
  • Health Record (HER)
  • National Coordinator
  • Personal Health Record (PHR)
  • Vendor Of PHI

HITECH strengthens the specifics of privacy, significantly increasing penalties, establishing a heightened enforcement scheme and giving state attorney general enforcement authority. Individuals may now be held accountable for wrongful disclosure (HITECH Act section 13409).

If a breach involves 500 or more individuals, the department of HHS should be immediately notified. DHHS began posting names on March 1, 2010. Breaches below 500 must be logged and annually sent to DHHS.

For Business Associates, the Covered Entity must ensure that BAs have implemented the administrative, physical, and technical safeguards of HIPAA security. The CE must also specify that the BA must comply with use and disclosure rules in the HIPPA Privacy Rule. The BA should demonstrate how they will negotiate security/data breach coordination. There should also be an agreement on reporting and dispute resolution.

If the health care organization suspects or knows that a BA has committed a material breach or violation of the agreement, “the health care organization is in violation of the business associate rules unless it takes reasonable steps to cure the breach or end the violation {45CFR 164.504 (e)(1)(ii)” (Decision Health, HIPAA, 2010).

Penalties include a Tiered System for assessing both the level and penalty for each violation. There is a cap of $50,000 per violation and 1.5 million for the calendar year for the sametype of violation.

Health care organizations should have in place policies that address various levels of violation, such as failing to sign off a computer terminal when not attended, sharing passwords, assessing a patient record without legitimate reason, releasing data for personal gain, and intentionally destroying or altering data.

Use Best Practices for:

Authentication: pre-boot and intricate passwords

Access: Need to know basis on approved devices

Retention: Destroy if not needed

Encryption: Laptops, notebooks, desktops, email, and social networks

For some peace of mind, have a written information security program, an active HIPAA privacy program, and a living Corporate Compliance Program.

Tags: , , , , , , , , , , ,

Leave a Reply