Posts Tagged ‘CMS’

« Older Entries

Billing Compliance, Q Codes, Edits and Audits: Compliance in the Home Health Industry an Update

Tuesday, May 7th, 2013

CMS revised the requirements on “April 19, 2013 to delete “and indicating whether services were added to the HH plan of care by a physician who did not certify the plan of care” from the Provider Action Needed” section of MLN Matters numberMM8136 Revised.

Implementation date remains: July 1, 2013

Please see the following updated article.

Statistical Data

Every time an OASIS is submitted to the state, portions of it may be parsed out to state, regional, and Federal groups such as the HEAT, MAC review groups, and Federal special projects in the DOJ and FBI. That means that when a review letter arrives, it may already be too late.

Each time a claim is submitted, it is being reviewed using sophisticated predictive analytics that review a number of indicators including: frequencies, certain HIPPS codes and now Q codes. Is your billing company or department aggressively assisting to protect you?

Each time a diagnosis code is assigned to a clinical record and attached to that patient claim, an audit can be triggered. Is your coding department aggressively assisting to protect you?

Alerts in billing, Q Codes, and with ICD-10 looming, are you prepared?

The Q codes

Recently, CMS issued Change Request 8136 that requests new data reporting requirements for Home Health Prospective Payment System (HH PPS) claims. It is to go effect July 1, 2013, Home Health Agencies (HHAs) must start reporting new codes indicating:

The location where services were provided

The location where services were provided should be reported along with the first billable visit in a home health PPS episode with one of three Q codes: • Small clarification in the wording, but it can mean a BIG difference. Q Codes will be required to identify where the services were PROVIDED not necessarily the place of residence. Note the difference in wording.

1.  Q5001  – Hospice oe Home Health Provided in a patient’s home/residence

2.  Q5002 – Hospice or Home Health Provided in an Assisted Living Facility

3.  Q5009 – Hospice or Home Health Provided in a place not otherwise specified (NO)

Further, changes in the location during an episode must be reported on the corresponding line to the first visit in the new location.

CMS’ requirement to report new Q codes and modifiers could cause claims denials and rejections for your agency. Industry leaders predict CMS auditors will use these new codes to target duplicate services for patients in an ALF.

The patient’s residence is where he or she makes their home. “This may be his or her own dwelling, an apartment, a relative’s home, a home for the aged, or some other type of institution. Refer to www.cms.gov/Outreach-and-Education/Merdicare-Learning-Network-MLN/MLNMatters/Articles/Downloads/MM8136.pdf.com for the entire update from CMS MLN.

These codes also can interrupt productivity if your agency does not have a process in place by July 1 for documenting these services and supplying your billing specialists with the necessary information. Select Data has been providing billing services to the home health and hospice industry for over 22 years. If we can assist, call us.

On another matter…EDITS

Per CMS, in a report released a while ago, the NHIC Corp Medical Review Department reviewed claims selected by three service- specific home health edits between July1 and December 31, 2012. The alert was entitled Home Health Prepay Results. These reviews have found continuing high error rates. The three edits are:

·         5ACO1- billing of the HHRGs 3AFK

·         5ACO2- billing the HHRG 1AFK

·         5ACO3- billing 5-7 visits for full episode

52% of the claims were denied. The top denial reason was 55H3A-skilled observation was not reasonable and necessary. This was the denial reason for 56% of the denials. They cite “CMS Publication 100-02, Medicare Benefit Policy Manual Chapter 7, Section 40.1.2.1 explains that nursing services for observation are covered when the patient’s condition is changeable. Once the condition stabilizes, the nursing services are no longer medically necessary.”

The next highest denial reason stated CMS. was no physician certification (about 15% of denied claims). “The face to face encounter must be documented by the certifying physician.” They referred to Publication 100-02, MBPM, Chapter 7, Section 30.5.1.

“Documentation not supporting the homebound status was the reason for denial in 14% of the denied claims. Reason code 55H2B is appended to the claim when the documentation does not support the patient is homebound.” This was the third most common denial. Homebound status should be one of the first things reviewed by the clinician and the first item reviewed by any coding specialist. If there is insufficient documentation to support homebound status or medical necessity, a coding specialist should not be coding this record as it does not meet Home Health regulations right from the start. Is this a requirement of your coding specialists? It is a standard at Select Data.

The fourth most frequent denial was “physician orders not signed timely.” Another reason found as a denial reason was that” therapy services were determined to not require a therapist.”

Agencies should be auditing records routinely for these errors as well as the completeness of the record. Consider developing or using a chart audit tool. A sample of such a tool can be found on the Select Data website. That tool may be modified for completeness to meet your agency specific needs.

The NHIC Corp Medical Review Department review of specific claims are not the only claims being reviewed. Palmetto GBA recently announced new medical prepay audits based on certain HIPPS codes that have the highest denial rates. While PGBA internally identified the top 20 HIPPS groupings that have the highest denial rate. Here are the two under specific review:

  • 2CGK*
  • 1BGP*

As an agency provider, you should be prepared for possible ADRs on claims with these HIPPS. When an End of Episode claim is submitted using one of the two above HIPPS groupings, Palmetto GBA may place the claims into ADR status and you will be required to submit additional documentation from the chart in order for a determination to be made on the claim either being paid or denied. If you have limited QA resources, these are the charts you may want to focus on.

PECOS is placed on Delay per CMS

Due to technical issues, implementation of the Phase 2 ordering and referring denial edits is being delayed.   These edits would have checked certain claims for an approved or validly opted-out physician or non-physician who is an eligible specialty type with a valid individual National Provider Identifier (NPI). If this information were missing or incorrect, the following types of claims would deny:
• Claims from laboratories for ordered tests;
• Claims from imaging centers for ordered imaging procedures; and
• Claims from suppliers of Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) for ordered DMEPOS.
• Claims from Part A Home Health Agencies (HHA)

CMS will advise you of the new implementation date in the near future. In the interim, informational edits will continue to be sent for those claims that would have been denied had the edits been in place.

Predictive Analytics for operations and clinical data

In home health care, predictive models are being used to exploit patterns found in historical and transactional data to identify risks and opportunities. The present models capture relationships among many factors to allow assessment of risk or potential risk associated with a particular set of conditions. The relationships should guide clinicians in their care plan decisions as well as care delivery. There are thousands of potential OASIS and coding combinations. Because of the patient profiles and patterns retained over the years, comparisons can be made readily. Add HHRGs and service information to the OASIS and diagnostic data and CMS can gather very significant data regarding your agency care delivery and outcomes. MANY analytic filters are utilized to screen the data.

The initial round of filters are termed MUEs (Medically Unbelievable Edits). These edits are the first predictors of fraud and can alert the Z-PICs of agencies that should be monitored. Auditors may monitor an agency for years, gathering data, analyzing data and patterns, and reviewing payments. The agency profile is completed.

This data and these pre-probe edits allow Z-PICs to have plenty of time to analyze data and monitor agency behaviors so that when they send a letter, they have already completed their initial audit and arrived at a solid conclusion.

Since experts state that 75-85% of all agencies are acutely unaware of business operations data and do not have necessary compliance rules built into or a part of their billing practices to protect them from wrongful claim submission. Agencies are at risk so questions must be asked. Who is auditing your clinical records and care, the ICD-9 coding, and the claim submission? Who is monitoring your data? Do you have clinical and operational benchmarks? In 2009, billing errors were found to have doubled. Be proactive now, because if your compliance rules and program are weak, you could be hearing from the Z-PICs soon.

If you are considering third party ICD-9 (soon to be ICD-10) coding or billing specialty services, consider Select Data, the Gold Standard in these services for over 20 years.  Call us at1.800.332.0555.

 

 

Tags: , , , , ,
Posted in Billing, CMS, CMS Guidelines, Compliance | No Comments »

HIPAA Rules and the HITECH Act- Patient Privacy

Tuesday, April 30th, 2013

Compliance officers were awaiting the Office of Civil Rights (OCR) final rules on Breach Notification, Enforcement, and the modification to Privacy and Security Rules of HIPAA HITECH. Now that we have the regulations, it is time to review the basics in this ezine and additional requirements in the next article. HIPAA may be one of your largest potential liabilities for your agency.

Key Definitions

Protected Health Information (PHI)

  • Individually identifiable health information
  • Transmitted or maintained in any form
  • Created or received by a covered entity, business associate, or employer

Covered Entity

  • Health Care Providers
  • Insurers
  • Clearinghouses
  • Covered entities may only use and disclose PHI according to Privacy Rule provisions

Disclosures

  • Treatment and  payment sources
  • Individual has opportunity to agree or object
  • Limited data set (facially de-identified, requires data use agreement between parties
  • With authorization

HIPAA Privacy Rule controls privacy unless a state law is stricter.

Treatment

  • CE may disclose PHI for treatment activities to another healthcare provider

Payment

  • CE may disclose PHI to another CE or healthcare provider for the CE payment

Health Care Operations

  • CE may disclose PHI to another CE for specific activities such as QI

Authorization

  • Individual may authorize the release of the PHI in writing with the signature and data provided

Compliance Officers need to keep HIPAA and compliance in front of personnel. Finding ways to do that can be challenging but well worth the effort. For most organizations, some of their greatest risks are those tied to PHI.

Build security into hardware, software, and processes to the greatest extent possible. Make security provisions operate automatically where possible. When replacing manual processes with technology, validate the process and the fact that it does not increase risk. Technology for the sake of technology needs to be monitored also. Review your processes. Educate personnel to be privacy alert.

Build a meaningful HIPAA and Compliance audit system foundation that has value for the organization. It is mandated by the OCR.  Agency audits of organizations  began last year.  Remember, not having an audit program can be costly, the OCR state fine can go up to $1.5 million.

Required elements of a Patient Authorization

When reviewing the patient authorization, be certain it includes:

  • A description of the PHHI to be used or disclosed. Be specific
  • The persons authorized to use or disclose the PHI
  • The person or agency  to whom the CE may disclose the PHI
  • The purpose of the disclosure use
  • The patient’s right to revoke the authorization
  • The consequences if the patient refuses to sign
  • An expiration date of the form
  • Signed and dated by the patient
  • PHI may be re-disclosed by a third party and if a business associate, subject to the same HIPAA regulations
  • Must be written in clear language

HIPAA continues to pose a growing liability for agencies. Review agency policies, procedures, and processes now. More to follow on that topic

Tags: , , , , ,
Posted in HIPAA, HIPPA HITECH, PHI | No Comments »

OCR and HIPAA

Tuesday, April 30th, 2013

At a recent HIPAA seminar, the Office of Civil Rights (OCR) identified that they are evaluating HIPAA audit models. The present model requests certain records, reviews, cites errors/omissions and calls for corrective action. Privacy and security of Protected Health Information (PHI) is of primary concern especially in light of social media and mandated Electronic Medical Record creation in healthcare.

Presently, organizations are reviewing their privacy and security programs. How compliant is your Compliance and HIPAA programs? Perhaps you should conduct a gap analysis.

Getting started

To conduct a review and analysis of your agency’s compliance program you must know if your program covers the required elements?

  • Complete written policies and procedure
  • Designation of a Corporate Compliance Officer
  • A training and education program regarding confidentiality, commitment to preventing fraud and abuse, and other elements of compliance
  • Communication lines to the Corporate Compliance Officer
  • Identification of compliance risk areas and a plan to mitigate risk
  • Responding to non compliance issues
  • Policy of non-intimidation and non-retaliation against employees who identify non compliance
  • Disciplinary policies regarding non compliant behavior

Consider the re-signing of the organization privacy policies annually by employees. This act can become a reminder of the importance of privacy and confidentiality in the organization. Identify who will conduct regular internal audits. Conduct this present review and analysis as if it were a surveyor visit, only this time, you get to be the surveyor.

Audit the HIPAA Program

As part of the compliance audit process, be certain to evaluate the HIPAA program. Are there plan objectives? Is an audit and monitoring system in place? Who has the responsibility for completion?  Identify the audit checklist. Is it inclusive? Is there a documentation process to record findings?

Are there annual goals to improve on privacy and security in the organization? How are audit findings reviewed? How does follow up occur?

The Audit

The following checklist should be considered a guideline (not necessarily all inclusive) and would require agency individual application.

  • Is the Compliance plan, particularly the HIPAA portion, in compliance with the HIPAA Security Rule? Has an assessment been conducted regarding environmental/operational impact on PHI?
  • Can the organization identify how it protects access to information? Is there a policy re access to PHI and “need to know?”
  • Can patients obtain their information in a timely manner? Can information be provided in electronic format, as required by HITECH. Has a security risk analysis been conducted?
  • Have security measures been implemented to reduce the risk? What are those measures?
  • Have the Compliance, Privacy, and Security risk analysis available for an OCR audit or questions from an accrediting surveyor.
  • At the very least, for privacy, look at the following:
  • Can patients/guests view PHI? See computer screens? Is there any place on the premises that PHI is readily available?
  • Are PHI posted on wall boards where those who have “no need to know” have access to the info?
  • Is PHI left on desks? Are computer screens left on when the user steps away?
  • Are recycling bins used? Is there a BAA with that recycling vendor?
  • Are all BAAs in place with all vendors and in compliance with HIPAA HITECH?
  • Communication:
  • Is PHI faxed? Is there a confidentiality/disclosure statement on each fax coversheet?
  • Does the online system require level logins?
  • Are screen savers activated in a short period of time?
  • Are emails used with PHI? Are the emails encrypted?
  • Are phone calls used to give and receive PHI? How is the individuals receiving or giving info identified and confirmed?
  • Responsibility:
  • Can each employee identify when PHI enters there area of responsibility?
  • Who handles PHI? Where is it stored? What is the back up process? What is the length of storage? Is it secure? How do you know it is secure?
  • Have all employees been trained in privacy? Has security at the specific employee level been conducted? Is compliance training mandatory? Is it conducted annually?
  • Is there a protocol for new employees? Is there a protocol regarding confidentiality upon employee departure?
  • Are BAAs in place holding contractors accountable for PHI protection. Have you seen their policies, procedures, and processes?
  • Reports:
  • Are reports created that have confidential information? Are they circulated to only those with “need to know”
  • Have the reports been reviewed to reduce the amount of sensitive information, if possible? Could de-identified information be substituted?
  • Is transmission of report information secure?
  • Security:
  • Is there a written policy to protect PHI? Is there policies re computer screens in view with PHI? Are there policies re passwords?
  • Are there policies re storage of data and how backup tapes and storage devices are accounted for and monitored?
  • Has every station been evaluated as to protection of PHI and view and accessibility to information by those who do not have clearance to that station.
  • How are SmartPhones used? Are they ever used to capture pictures of patient wounds?
  • Technical Security:
  • Does the technical team periodically verify the technological security is in place and working appropriately? Can the technical team identify if an unauthorized user has accessed PHI? What safeguards are in place to protect against unauthorized access?
  • Is technology in place to verify identity of users?
  • Are passwords and IDs routinely changed per a schedule?

OCR Investigations and Review:

If you have a breach that triggers an investigation by OCR, be certain to promptly respond as to what happened, how it happened, what was done to mitigate outcomes, and what has been implemented to prevent a future occurrence.  Be certain to identify the fact you have a full Compliance Program in place. Identify that all employees have routine education re Compliance and HIPAA.

If documents are requested, your counsel may request confidentiality for those documented being sent to OCR. Create and maintain a log of events, completes with dates, times, and people involved throughout the entire investigation process. Save all electronic documents. Keep statements by all employees involved in the incident and the investigation. Obtain counsel’s advice as to phone conversations with OCR as written correspondence maintains an investigation trail.

Focus on internal compliance. If there is a HIPAA breach, there must be remediation/education regarding the process and the prevention of a reoccurrence.

Summary:

  • Keep your plan objectives current.
  • Identify who is responsible for the audits and establish times and how findings will be transmitted.
  • Have corrective action plans in place.
  • Include documentation of audits, results, and remediation/corrective action/education
  • Report findings to the BOD, leadership, and counsel.
  • If there is an OCR audit/investigation have a team established to quickly respond, pull data, analyze, and report.
  • Have an ongoing risk analysis performed as specified by policy. Be certain the risk analysis encompasses the technical requirements of the Security Rule.
  • Be certain the Risk Analysis is well documented. Be certain the plan for mitigation of any adverse findings is in place.

Like the clinical documentation rule, “if it wasn’t documented you did not do it,” so it is true here also. Document each step of the plan. If ever there is an audit, the fact a full compliance plan is in place in your agency including a HIPAA Privacy and Security review, can speak volumes about you and your organization.

Tags: , , , ,
Posted in Audits, HIPAA, OCR, PHI | No Comments »

ICD-9-CM and ICD-10-CM: Some Differences and Similarities

Tuesday, April 30th, 2013

CMS is stating they expect 10% of all claims submitted to be denied with ICD-10 initially. Selecting and assigning accurate diagnoses in the proper sequence must be performed in compliance with Medicare rules and regulations, Coding Conventions and Coding Guidelines. That remains the same.

The accuracy of this information contained in the clinical record is directly tied to payment and to justification for homecare services, so understanding how to select and assign accurate diagnoses is very important. This is the same but the specificity of the documentation becomes very very important. Increased specificity in data means more robust design of algorithms to predict outcomes and care by MACS, RACs, and Z-PICs.

ICD-10-CM presents an even greater challenge for documentation by the clinician. The word “documentation” is stated 72 times in the ICD-10-CM guidelines document.  Querying for additional information is noted 23 times in the same document. The instructions and conventions of the classification take precedence over guidelines which requires a keen understanding of the conventions.

ICD-10 requirements have raised the documentation expectations. Have your clinicians had an overview of ICD-10-CM? Here are just some observations.

  • Coding assignment will be based on the agency’s documentation of the relationship between the condition and the care that is planned.
  • Not all conditions that occur during or following surgery will be classified as complications
  • A cause and effect relationship must be present between the care provided and the condition clearly delineated within the documentation
  • Query for Clarification re documentation that supports codes assigned is expected
  • There will be specific documentation needed for specific codes and without the documentation, the codes may not be used
  • Code only those diagnoses that are relevant, unresolved, and impact the plan of care. Diagnoses that are resolved or have no impact on the plan of care should be excluded since they do not meet the criteria for a home health diagnosis
  • Code only those diagnoses that are supported by the medical record including diagnoses supported by the plan of care and the comprehensive assessment.
  • There are placeholders in ICD-10
  • There is laterality
  • There are sixth and seventh characters
  • ICD-10 requires expertise in anatomy, physiology, diagnostics, and pharmacology

Agency clinicians are expected to understand the patient’s clinical status and overall medical condition very well before approving/assigning diagnoses, so the comprehensive assessment must be ­completed in its entirety prior to the diagnoses decision. All coders should be properly educated on ICD-10-CM including how to use coding manuals properly. 50 + hours are being identified as necessary for each coding specialist to be properly prepared for ICD-10.

Your agency’s integrity and financial health could well depend on your preparation for ICD-10. Selecting and assigning accurate diagnoses must be performed in compliance with Medicare rules and regulations, in addition to ICD-10-CM coding guidelines.

You have choices; either prepare VERY VERY well for ICD-10 or consider third party experts for coding and remove that burden and concern.

Consider joining Susan Carmichael for a general overview of ICD-10CM Coding on May 7, 2013. Check the Select Data website for more details.

Tags: , , , , , , , , ,
Posted in CMS, ICD-10-CM Coding, ICD9-CM Coding | No Comments »

Preparing to Be Surveyor Ready Always? 10 Steps to Success

Tuesday, February 26th, 2013

Educate clinicians to document for clear reading, substantive support for Coding, and to support reimbursement.  Expect QA team members to verify 10 key elements that can lead to successful surveys.

Documentation  Documentation  Documentation is the key:

Have a copy of Publication 100-2, Chapter 7, the Medicare Benefits manual available for every QA member. Use it as a basis for education for all field clinicians.

  •  § 20 – Conditions for Coverage of Home Health Services,
  •  § 30 – Conditions to Qualify for Coverage of Home Health Services,
  •  § 40 – Conditions to Cover Services Under a Qualifying Home Health Plan of Care
  •  § 50 – Conditions for Coverage of Other Home Health Services

1.Home Visit Documentation: To meet the conditions, each clinical note/home visit documentation must contain the following components:

a) Measurable progress towards stated goals listed on the plan of care / 485.

b) Skilled Service provided/Instructed to the Patient and or Caregiver:

CMS states, “A skilled nursing service is a service that must be provided by a registered nurse or a licensed practical (vocational) nurse under the supervision of a registered nurse to be safe and effective. In determining whether a service requires the skills of a nurse, the reviewer considers both the inherent complexity of the service, the condition of the patient and accepted standards of medical and nursing practice.”

NOTE: Every element of the plan of care is based on the assessment of the patient’s condition and must be addressed throughout the course of the home health care. Failure to document the completion or progress toward completion of the components of the care can result in a surveyor citation, as this has been a focus of updated surveyor education.

Remember, it is not quantity of goals listed in Locator 22, but it is the quality and relevance of the goals.

2. Homebound Status:

a). The clinician must identify considerable taxing effort is exerted to leave the home

b). The clinician must note the type of assistive devices utilized

c). The clinician must note caregivers providing assistance

d). The clinician must document type and frequency of skilled care provided

3. Reconcile Care Delivered to Care Planned

It is quality of the plan not the quantity of items on the plan that matters. The clinician must follow every item listed on the plan of care, and document specifically  to the Plan of care established. Note supplemental orders also.

4. Total body assessments

A total body assessment is to be performed and documented at each visit.

5. Note Change of Condition

Complete documentation of the patients change in condition must occur with corresponding change in care plan and any additional orders and goals. Changes must be clearly documented

for each visit as a move to clinical outcomes occurs.

6. Patient and Caregiver Teaching

  • Three Types of Teaching:
  • Initial Teaching of a patient requires instruction on a new order, new medication, new diagnosis
  • Reinforced Teaching requires teaching/instruction on something the patient and/or caregiver may be knowledgeable of, but needs additional teaching
  • Re-teaching involves evaluation and reinstruction on a medication, diagnosis, treatment, etc that the patient has had prior instruction

The clinician should note patient/caregiver response/reaction to teachings/interventions in rough percentage of understanding, 20%, 25%, 50% as well as competency of the return demonstrations.

7. Caregivers

There are certain expectations to qualify as a caregiver. They must be willing to provide the care and perform the level of skill necessary and have the ability to perform required tasks. The clinician must document clearly if caregiver or patient refuses to participate in care and not the particulars such  as to why and the date of the refusal.

8. Appropriate and timely communication

Care Coordination with all relevant clinicians, with the case managers and physicians is required. The documentation must be clear and dated.

9. Specific definitive documentation of wounds

The clinician must document wound size, depth of tunneling and other descriptions as well as describing the treatment performed in specific detail at each visit. Wounds may be safely photographed as appropriate. Describe changes in the treatment regime and the ongoing progress communicated with the physician. WOCN consultation assessments as needed and be certain pain levels are noted as well as the patient’s response or lack of response to the medications and treatments prescribed. Do not forget to note alternative means of relief such as heat, ice, massage being utilized along with their effectiveness.

10. Appropriate and timely interventions to problems and deficiencies observed and reported.

Consider a Mock survey once to twice per year to keep everyone sharp, and to identify any incongruent and unnecessary processes that have crept into the everyday workflow. Be certain that when deficiencies are identified, a comprehensive plan of correction must be developed, the corrective actions need to be implemented and monitored to assure continued compliance with state and federal regulations.

Show the Surveyors the proactive plans of correction and your agencies march toward excellence. As you work toward demonstrating your agency value for ACOs, this proactive excellence plan works towards a positive survey, increasing agency value in collaborative efforts and of course, toward quality patient care.

Tags: , , , , , , , , , , , , ,
Posted in CMS, CMS Guidelines, Documentation, Home Health, Medicare | No Comments »

« Older Entries