Mary Pat: Your business is called “Health Security Solutions.” People often confuse privacy with security. Can you clear up the confusion for us?
Steve: The Privacy rules refer to the broad requirements to protect the confidentiality of Protected Health Information (PHI) in all its forms. So for example, a physician talking loudly on the phone in the lobby of a restaurant about a patient by name is a violation of the privacy rules. PHI on paper records is covered under the privacy rules.
The security rules are specifically concerned about protecting the confidentiality (i.e. privacy), integrity and availability of electronic PHI, or PHI that exists in a digital form. So once you are dealing with electronic health records and information systems, violations tend to fall under the security rules. (more…)
If you read my alert from August or the followup article on Audit Red Flags to Avoid, you are aware that CMS hired an accounting firm, Figliozzi & Company, to audit the compliance of eligible providers and eligible hospitals that had already received payment under the meaningful use (MU) program. According to a report from the GAO as many as 20% of eligible providers and 10% of eligible hospitals may be audited, on a post-payment basis to confirm that they actually met the requirements of the program.
I recently had the opportunity to interview a physician that is currently going through the audit process with Figliozzi & Company (an edited transcript of the interview can be found here). Although he wishes to remain anonymous, he was willing to report on his experience and provide redacted copies of the correspondence and requests that he has received from the auditors. (more…)
Over the past year or so, I have been involved in conducting post RAC (and other) audit analyses to determine whether the RAC (or other auditing agency) was using appropriate statistics and calculations to create their overpayment estimates.
As you can probably imagine, in nearly every case, I have found this not to be true. In fact, as it turns out, the errors I find nearly always are in favor of the auditor, not the healthcare provider.
RAC is able to take advantage of the practice in three areas
The first area has to do with pulling samples for review. If these samples are not random or worse yet, if they are intentionally biased, they can create a misrepresentation of overpayment that unfairly penalizes the provider and because RACs are paid a commission, benefits them.
The second area has to do with the way in which the overpayment point estimate is calculated. This is where they come up with something like the average overpayment per audited unit (i.e., claim, claim line, member event, etc.).
The third has to do with the methodology used to extrapolate the point estimate for the sample to the universe of units for the healthcare provider. An error in any one of these areas can result in a gross exaggeration of the final overpayment demand.
Understanding how to defend yourself from the results of an audit
I have developed a series of three short, free webinars to teach you how to catch potential errors in each of three areas.
Part 1 will be on validating random samples and is scheduled for Monday, December 13 from 1:00 to 2:00 EST.
Part 2 is on how to calculate the overpayment point estimate and is scheduled for Tuesday, December 14 from 1:00 to 2:00 EST.
Part 3 is on verifying extrapolation results and is scheduled for Wednesday, December 15 from 1:00 to 2:00 EST.
Each webinar will probably last around 30 minutes with an additional 30 minutes for questions. I plan to record these and post them later so if you can’t make it, don’t worry. Each session will be available for review after the last one is completed.
For more info or to register, go to www.frankcohen.com and click on the Webinar tab. Also, feel free to forward this on to co-workers or to post wherever you think folks may benefit.