Category Archives: Compliance & RACs

Regulatory Audit Contractors; ABN; Advanced Beneficiary Notice; Centers for Medicaid & Medicare Services; CMS news; CMS rules; CMS regulations; Medical Necessity; Recovery Audit Contractors; Compliance; RAC audit

Employees as the Teachers: What an Organization Can Learn

As a compliance officer I have the opportunity to publish training on various compliance topics to our workforce. We just completed a required training and I think I learned as much about how the organization works as the workforce may have learned from the training.

From an employee’s perspective, completing a required compliance training course may be the last thing they want to do, yet from the organization’s standpoint, it’s one of the most important things for them to do. Protecting the privacy and security of patient data is of utmost concern for any compliance officer in health care. The Ponemon Institute just published its Fourth Annual Benchmark Study on Patient Privacy and Data Security which emphasized the role employees have in detecting data breaches, while at the same time noted that employee negligence is considered a worry by many of the respondents to their survey. Organizations in the Ponemon study reported that they rely upon policies and procedures to achieve compliance and secure data. What this tells us is that training employees on proper security methods, policies and our code of conduct, as well as guidelines for how to report an issue is paramount. Continue reading

Don’t Blame ICD-10

Lately, OIG is reminding us we can’t seem to comply in ICD-9. I suggest that whatever happens by this time next year, don’t blame ICD-10. Coding is complicated with tons of rules and regulations. And yes, as soon as one learns something new the regulations change and even newer codes, modifiers, documentation, and incantitations are required. It’s been this way for years; and for years there has been noncompliance regardless of the code version. Not news you say? Where am I going with this? I just read another OIG audit report on yet another large provider. It makes me sad to learn they will have to pay back upwards of 1.6 million dollars in over payments for both inpatient and outpatient coding and billing issues. According to OIG, “The errors occurred primarily because they did not have adequate controls to prevent the incorrect billing of Medicare claims within the selected risk areas.” Continue reading

Goals Gone Wild: Setting the Wrong Tone at the Top

When I recently read that a former hospital Chief Financial Officer (CFO) had been charged with health care fraud for falsely attesting to Meaningful Use, I could not believe the corners that he decided to cut. My first thought was that he had not been aware of the Centers for Medicare and Medicaid Services (CMS) track record for auditing to stop improper payments. In fact within a few months of his alleged fraud, CMS announced their pre-payment audits for the Medicare Electronic Health Records Incentive Program which would audit the meaningful use attestations. (See my April 2013 blog on CMS Follows the Money with New Audits.)

Then I wondered, “What must his Chief Executive Officer be thinking of such behavior?” Continue reading

CMS: It’s All About Compliance Actually

I’ve spent years reading healthcare rules, regulations, and laws (I know what you are thinking – better you than me!). Often, it’s necessary to connect the dots with the regulations to clearly see their purpose. Lately, everyone in the industry is talking about ‘documentation compliance.’ Actually it’s nothing new – some providers have struggled with documentation for years. I admit, when I worked in the hospital, charting was not the favorite part of my day either. But CMS has been dogged in its documentation improvement efforts which have routinely been ignored by some.

Recalcitrant Providers

On 12/13/13 CMS released Transmittal 495, CR 8394, which became effective 1/15/14. According to CMS, “Any provider referred (to OIG) as a potential recalcitrant provider case should be an ‘outlier,’ meaning a provider who has been the least receptive to changing and has a significant history of non-compliance. Continue reading

Can EHR convenience features lead to fraud?

Well, it appears that the convenience features in Electronic Health Records (EHRs) can be perceived as a method to cheat the government. In a new report issued by the Office of Inspector General (OIG) on January 8, 2014, the function of copy-paste was highlighted as an area of concern. To conduct the study the OIG surveyed CMS administrative and program integrity contractors about their review methods related to EHRs and reviewed guidance provided by the contractors and CMS related to EHRs and possible vulnerabilities. The OIG found that little had changed in contractors’ practices since the shift to EHRs.

The OIG cited copy-paste functions and overdocumentation as two EHR practices that can be used to commit fraud. The issue with the copy-paste function was that it may be used without updating the information, leading to inaccuracies in the record and inflated payments. Continue reading

Searching for the OIG Work Plan

In November I was reviewing a report by the Office of Inspector General for the Department of Health and Human Services (OIG) and I started to wonder, where is the annual Work Plan? The one slated for 2014? Did the government shutdown have anything to do with the delay? I had not heard any buzz about it so I went looking and found that the OIG released a Strategic Plan in advance of the Work Plan. My curiosity was aroused: Why would they do this?

The OIG website described the delay as necessary to better align with priorities in a time of continuing fiscal challenges and the Work Plan is to be released in January 2014. Is the OIG worried about funding being cut for fraud and abuse activities? Continue reading

Can an organization’s culture help to shape decisions?

Recent events have reminded me that most of the time people want to do the right thing. Some examples include the bus driver in Buffalo, New York who stopped his bus and calmly encouraged a woman to come with him instead of jumping off a bridge. Although he was later rewarded, his actions were independent of any personal gain. Another event was the Connecticut Rabbi who had bought a desk from Craigslist, found $98,000 that had fallen behind the drawers and returned it to the former owner of the desk. He too was rewarded, although he accepted the reward reluctantly. His actions were based upon motives to do the right thing, not for a potential gain.

If people are willing to extend themselves to others in these ways, why not extend themselves to their organization where they spend the bulk of their time? This is a follow up to my blog on Why Unethical Behavior Goes Unchecked in which I discussed how studies have shown that employees are reluctant to report misconduct because they fear retaliation or expect no follow through on their concerns. How can organizations change to help employees decide to not only report misconduct, but offer recommendations for a better workplace? Continue reading

The Perfect is the Enemy of the Good – a Tale of Improving Accounting for Disclosures

This is a tale that begins in 2009 and has yet to have a successful ending. The government must have determined that with the adoption of EHRs the health care industry no longer needed an exemption for treatment, payment, and health care operations when providing the HIPAA required accounting for disclosures of patient information. In 2009 the HITECH Act introduced the new requirement that technologies as part of a qualified EHR are to provide an accounting for disclosures to include those for the purposes of treatment, payment and health care operations. HITECH listed two things to keep in mind in relation to this change, which are:

1. The interests of the patients and

2. The administrative burden for such an accounting. Continue reading

Striking the Right Balance with Oversight of Health IT

Strides seem to have been made towards a moderate approach to the oversight of Health IT. When I read recently that the Health Information Technology Policy Committee (HITPC) of the Office of the National Coordinator (ONC) approved the recommendations of its workgroup related to oversight of Health IT, I was intrigued. It seems that the Food and Drug Administration (FDA) has been increasingly interested in regulating Health IT. It is understandable that when software is directly linked to patient safety, regulation may be necessary to prevent unintended consequences. But where did that leave the rest of the software that managed administrative and other functions that providers rely upon? Does the non-patient care software require the same level of overhead and oversight as software that functions with a medical device? Continue reading

Making Bad News Work in Your Favor

Have you ever noticed that when a sensational news article emerges everyone is attuned to the topic? And the more negative the subject matter, the more people are interested? It happened this week as the Office of Civil Rights (OCR) announced that Affinity Health Plan is being fined over $1.2 million. This fine is part of the settlement for alleged HIPAA violations such as neglecting to remove all patient identifiable information from leased photocopiers before returning them to the leasing agent.

Although the issue arose out of actions that took place in 2010, some people seem to be noticing the issue for the first time due to the size of the fine. I wondered why that is, that negative news garners more attention than neutral or positive messages. Continue reading