1

Medical Coding Expert Doug Palmer Talks About the Future: Computer-Assisted Coding, and ICD-10

Doug Palmer is a practice management, billing and coding and revenue cycle consultant with over 17 years of experience in the industry. He was nice enough to answer some questions for our readers about his experiences and where he sees coding going in the future.

Medical Records

 MMP: How did you get started in coding?

Doug:  I started in the industry as a medical biller with a billing company in NY City. In a rather short period of time, I became familiar with the coding systems (COT, ICD-9, and HCPCS) and began to want to know more. I also wanted to know more about the overall Revenue Cycle Process. That starting point in billing led me to coding for several reasons. Aside from personal and professional development, I realized that I would be more marketable with that skill set. I was right. As I learned more and more about coding…more and more opportunities seemed to come my way.

MMP: What type of coding education and certification do you have?

Doug: I have gotten most of my education in coding “on the job”. I have attended many seminars, CEU courses, internal education opportunities with employers, etc., however, I have never matriculated into any formal or long term courses of study in coding other than a BS in Health Administration which did not specifically focus on coding. At the same time, with my CCS-P Certification through AHIMA, I have taught coding and related courses both in a formal classroom environment in several adult education schools as well as providing on site education as well as web based instruction to other coders as well as medical providers across the country.

MMP: What was your first coding consultant position and how did it come about?

Doug: After a very bad employment experience where I had to stand up for being compliant against a manager that had no regard for regulations nor the impact it had on the organization we worked for, I sought a different environment. A company based in California contacted me about a travel consulting position and it felt right and seemed to be just what I needed, and indeed it was. I have been consulting ever since. It has afforded me growth I do not think possible remaining in one environment. It has exposed me to countless organizations giving me the opportunity to see what works well, what doesn’t, and has made me a better coder, manager, and consultant.

MMP: What tools do you use to assist you in your day-to-day coding?

Doug: Of course, the basics are the CPT, ICD-9, and HCPCS publications which are the cornerstone of coding. There are a wide variety of resources out there that help you think outside of the your environment and open up a more global perspective. Some examples are Coding Alerts from The Coding Institute which are published in a number of specialties, Coding Clinic, and  Medicare NCDs and LCDs. These resources provide great insight, clarification, and education on a broad range of coding scenarios.

MMP: What do you find interesting about coding?

Doug: This is a tough question to answer only because there are so many fascinating aspects to coding. To be a part of the health field and know that coding goes beyond mere reimbursement, is one of the elements that I find both intriguing and satisfying. When a news report states a statistic such as a higher or lower incidence of a particular condition in a particular area, I know that those statistics are captured in large part from the coding that goes on.

MMP: What have you seen change about coding over the years?

Doug: I began in healthcare at a time when E&M Codes were assigned by the provider in essentially an arbitrary fashion based on what they believed the services they rendered were worth on an ascending scale. Largely, government programs such as Medicare and Medicaid with their dual role as payor and regulator of health services have led the way in changing, shaping, defining, and standardizing coding. E&M codes in particular, at least on the professional services side, have become much more standardized and in theory are more equitably assigned then they were prior to the 1990’s. Payment methodologies such as fee-for-service, DRG (Diagnosis Related Groups), capitation, HCC (Hierarchical Condition Categories), and CRG (clinical risk groups) all influence or depend on the core of coding and thus depend on complete and accurate coding to be optimal.

MMP: Would you encourage people to go into medical coding as a career? Why or why not?

Doug: Well, as an educator in this field, I would encourage people to explore it and find out enough about it to make a sound decision for them. While I find this field fascinating, rewarding, fulfilling, and have made a successful career of it, it may not be for everyone. There can be long arduous hours in front of a computer screen, with the requirement to think critically and analytically. This may not appeal to everyone. Reading some records may make some people squeamish or depressed. The many rules, which change regularly, may not necessarily be for everyone to digest. However, for those that are looking for not just a job, but a career with so many opportunities, a career where one can feel that they play a valuable role in a process and can learn so much, I would highly encourage coding as a possibility. It really is a wonderful field to work in.

MMP: Do you think computer-assisted coding (CAC) will ever take the place of coders?

Doug: Absolutely not. At least not as long as the coding methodology is as it is now. I have actually worked with a number of these systems, and there are too many areas where context is involved and these systems are yet to be able to accurately and reliably handle context. If that hurdle is ever solved, then perhaps. But, until then, I can not envision this being nearly as reliable as the human element.

MMP: Do you think the change to ICD-10 is being underrated as a healthcare-wide change in the US, or do you think people are making more fuss over it than is really necessary?

Doug: I view the transition to ICD-10 as a positive step forward. It offers a much more accurate and precise means of reporting conditions, circumstances, anatomical locations, and other important and relevant information. Of course, change is always disruptive and polarizing. The issue is still being deliberated at many different levels and lobbied by many different organizations based on so many different agendas. I think that is to be expected when a change of this magnitude is proposed and initiated.

MMP: What has been the most interesting or unusual coding job you’ve ever had?

Doug: I have been so many places, performed so many functions in such a wide variety of roles and specialties, this is difficult to choose only one. However, I believe that a project for a large health organization in Northern California would have to be the one I choose. In this capacity, I supported the transition to physicians, PAs, and NPs being responsible for assigning their own Evaluation and Management codes. This was all new to these providers and a task that they did not wish to be responsible for. It was a great challenge to go in and not only teach them a topic that they were not embracing, but to accomplish this in a very short period of time, and ALSO to achieve proficiency while changing a mind set. I got to do this over and over at each location and in the end did so successfully to the satisfaction of not only the organization but to the reluctant providers as well. I have to choose this over many equally interesting accomplishments based on my passion for providing education to new and veteran coders as well as health care providers.

Doug Palmer, Medical Coding Consultant

Douglas B. Palmer, BS Health Administration, CCS-P has over 17 years of Practice Management, Revenue Cycle Management, HIM and Consulting experience. He has worked with medical practices of all sizes, been on the management team of some of the countries leading healthcare facilities, and has consulted with prominent insurance carriers. He is expert in all reimbursement methodologies, revenue cycle issues, EMR implementation and HIM management. He has overseen and managed the recovery of millions of dollars in revenue for clients and past employers. As the principal at Phys Assist Consulting, he prides himself on being personally involved and connected with each end every client and exceeding clients expectations as the minimum acceptable outcome.

He can be contacted at d.palmer@phys-assist.com or at (888) 873-0735.

Enhanced by Zemanta



David Brooks of qliqSoft Talks to Us about Secure Communications, Replacing the SMS, and BYOD

a picture of David Brooks of qliqSoft, interviewed in this post

 

Last week Mary Pat and I had a chance to meet and sit down for a while with a smart guy whose new venture is doing some really exciting things in the healthcare space. One of our favorite things to do! In an effort to keep on readers on the edge of what’s new, and to give more of the people we meet a chance to say hello and connect to our audience, we present the first in the MMP Interview series.

We first got in touch with David when he commented on one of our 2.0 Tuesday posts on Medigram– a new, private beta secure communications service. David let us know that Medigram wasn’t the only player in the space, and we agreed to meet for coffee and a chat. We got a chance to sit down with David soon after for a coffee and a demo of his company’s flagship product qliqConnect– also currently in Beta.

David is a sharp, passionate guy, and we loved having the chance to talk to him. Check out the interview below!

MMP: I know that qliqSoft offers a secure method for healthcare communication – what exactly does that mean?

David: Technically, it means that our secure messaging application – qliqConnect – addresses 3 key areas of security necessary to support HIPAA/HITECH compliance, as well as satisfy guidance provided by the Joint Commission last November:  authentication, encryption and auditability.

In plain English, it means that qliqConnect allows all users within an organization (physicians, nurses, and staff) to participate in secure conversations using a variety of devices – computers (Mac & PC), laptops, tablets, and smartphones (iPhone & Android) – running familiar applications:  texting on smartphones and chatting on computers.  We’ve simply borrowed these phenomenally popular and successful consumer applications and integrated them into a single, secure communication platform that stands up to healthcares many rigors.

MMP: What is BYOD and how does that promote physician engagement with this technology?

David: BYOD stands for “bring your own device.”  It’s a pretty basic idea that represents a sea change, not just in healthcare, but across many other industries in organizational attitude towards mobile devices.  For years, conventional wisdom held that organizations could better secure and better manage devices if they standardized on a single platform and single device.  In other words, the organization purchased the devices and issued them to employees.  Think of Blackberry’s golden years.  While it is still arguably true that it is easier to secure and support a single device, the iPhone revolution proved that personally-liable (end-user owned) devices could not be kept outside of the work environment.  Over the last couple of years, many organizations have moved away from the single-device approach and have instead sought ways to reign-in end-user devices.

At the end of the day, it is a trade-off.  Organizations that accept a BYOD approach may give up a little control but should end up with higher end-user adoption, and in turn, higher productivity.  Let’s face it, who wants to carry around a second (typically inferior) device?

At qliqSoft, we are basically neutral on the subject of deployment models.  I say “basically” because we are focused on supporting the platforms and the devices that end-users are using.  Currently, we support iOS, so our application runs on iPhone, iPod Touch, and iPad.  We are releasing Android in the next couple of weeks, and then we will begin working on a native iPad application soon after.  We are not seeing enough demand on other platforms at this time to warrant the investment, but are always open to reassessing this.

MMP: We’ve heard a lot about HIPAA breaches recently – can you explain how qliqSoft protects patient information from being exposed on the internet or being accessed through lost or stolen laptops or smartphones?

David: I expect we’ll continue to hear about HIPAA breaches for quite some time.  In fact, growing enforcement is driving many organizations to take a closer look at well-known gaps, such as SMS texting.  Although we have developed a powerful and highly extensible secure communication platform, secure messaging is getting a lot of attention right now, as it should.

Our secure messaging solution, qliqConnect, addresses 3 primary security requirements needed to satisfy HIPAA/HITECH compliance, as well as guidance provided by the Joint Commission:

1)  Authentication:  our application requires end-users to log in using secure credentials.

2)  Encryption:  all data is encrypted both in transit and at rest.

3)  Auditability:  organizations have the option to store all message traffic on an organizational asset for archiving and audit purposes.

Additional security features include:

  • remote lock and remote data wipe
  • all messages are data/time stamped, along with message status (sent, pending, delivered/received)
  • acknowledgement request to ensure message was received, read and understood by recipient

In addition to application features, it is worth mentioning a little about our architecture, as we do not employ a typical cloud-based client/server design.  We do not store, nor can we access any of the information that flows through our network.  All information is stored within customer resources (both smartphone and desktop computer clients).  Although we utilize a cloud-based server to route message traffic in real-time, information is persisted in the cloud only long enough to complete message delivery, at which point it is deleted from our servers.  The message traffic itself is encrypted using 1024-bit RSA encryption while attachments are encrypted using 256-bit AES encryption.  Furthermore, all traffic is sent across port 443.  The payload is encrypted using public keys and decrypted with private keys, which are locked inside end-user devices and clients.  No one, other than the message recipient, can decrypt messages.  In other words, storage is distributed and controlled by end-users and their organizations.

a screenshot of the qliqConnect program in use

MMP: Who is your target market for qliqSoft – is it hospitals, or practices, or essentially all healthcare providers?

David: We believe that a secure communication solution must address all personnel in an organization, regardless of role and regardless the size of the organization.  Everyone involved in patient care should have the opportunity to participate in secure conversations.  Solutions that address only one set of constituents or that exclude key team members are of limited value and only contribute to healthcare IT’s never-ending “silo-fication”.

I should add that while there are no doubt opportunities to extend secure messaging into other industries, qliqSoft is a healthcare-focused company.  Every aspect of our solution, from our platform with it’s built-in HL7 integration engine to end-applications that support a number of healthcare-specific features, were designed to improve communications across healthcare.

MMP: How does qliqSoft compare with solutions already on the market?

David: For starters, we believe that our technology and our architecture provides superior security.  For example, many larger organizations appreciate that we do not store all end-user traffic in a single cloud-based server.  In addition to increasing the risk of a potential breach as well as the impact, centralized-storage places a tremendous burden on vendor organizations to properly manage stored PHI.

Nevertheless, I expect that most competitors in this space will offer credible answers to the requisite security questions.  Increasingly I suspect conversation will evolve to the more fundamental question of usability.  And, by “usability” I am not referring to minor features and functionality.  Any vendor is capable of adding market-driven bells and whistles.  I am talking about the most important question an end-user cares about:  can I reach the people I need to?

Texting is a great application, but the reason SMS is the most popular application on the planet is because it doesn’t require any special software.  If you know someone’s cell number, you can send them a text.  Unfortunately, there is no way to secure SMS without introducing client-side software, at which point you would move away from SMS to superior technologies.  The challenge then becomes how to build a secure solution that scales relatively easily so that end-users can reach the people they need to.

Although there is not a lot of discussion on this topic yet, I think it will quickly move to center-stage.

Unlike a number of our competitors that have deployed physician-only solutions, we have been inclusive of all healthcare professionals from day one.  Additionally, we are getting ready to roll out a number of enhancements to our platform that will make it much easier for users to expand their secure network both within and beyond their direct organization.

MMP: If I gave this solution to my providers and staff, what immediate value can we expect? Longer term?

David: Honestly, if you gave your providers and staff qliqConnect, the most immediate benefit you would notice is that your compliance officer is sleeping better at night.  I do not mean to minimize the value of qliqConnect or the potential it possesses.  Rather, my point is to emphasize the degree to which people are currently abusing unsecure communication tools like SMS and chat.  In other words, we are providing tools that your people are already using.  And I hardly blame them.  In an industry plagued by longstanding communication challenges, it only makes sense that healthcare professionals would turn to these great tools to improve workflow, and ultimately the care they provide.  With qliqConnect, they can use these tools without fear and without looking over their backs.

Longer term there is no limit to the value users can gain.  I mean that.  Once we establish a secure connection between two individuals or two organizations, there are an infinite number of possibilities for exchanging both structured and unstructured data.  In fact, most conversations I have these days start on the topic of secure texting and end on accountable care organizations (ACOs) and collaboratives.

MMP: What else does qliqSoft offer?

David: For the time being we are completely focused on making qliqConnect the best solution on the market.  As I mentioned, we have a few exciting technical milestones coming up over the next couple of months, including support for Android as well as a number of enhancements to our underlying platform.  Once those milestones are reached, we will resume work on both qliqCharge, our mobile charge capture application, as well as qliqCare, an enterprise-based variation of qliqConnect that expands functionality through integration with both clinical and telephony systems.  Despite the incredible demand we have for additional tools and capabilities, we know that a laser-tight focus on our platform right now is going to pay huge dividends for qliqSoft and our customers going forward.  These are exciting times for us.

Thanks so much to David for taking the time to show us qliqConnect and answer our questions!

You can learn more about qliqSoft at their website or follow them on Twitter




2.0 Tuesday: ONC Offers Compliance Guidelines, BYOD In The Practice, And A Shazam App For Heartbeats

As managers, providers and employees, we always have to be looking ahead at how the technology on our horizon will affect how our organizations administer health care. In the spirit of looking forward to the future, we present “2.0 Tuesday”, a feature on Manage My Practice about how technology is impacting our practices, and our patient and population outcomes.

We hope you enjoy looking ahead with us, and share your ideas, reactions and comments below!

Office of the National Coordinator for Health Information Technology Releases Privacy and Security Guide

In the wake of the HIPAA breach incident settlement at Phoenix Cardiac Surgeons, the ONC has released a 47-page guideline document to ensure providers can stay compliant. The guide offers overview information about the information security issues facing all practices and organizations today, and what they can do to stay compliant while working with vendors and adapting to change. With all providers needing to stay on top of compliance issues to not only achieve incentive goals but to avoid rate reductions, this free guide is a great place for all concerned managers to start.

(via Healthcare Info Security)

7 Ways “BYOD” Could Boost Business in Your Practice

One of the buzzwords making its way into the conversation of managers and administrators in charge of IT decisions these days is “BYOD”, an acronym for “Bring Your Own Device”. As more and more employees own their own smartphones with fast cellular connections and widely-used mobile application platforms, more and more organizations are considering the possibility of having their employees provide their phones for work, while employers provide software applications that run on popular operating systems like Android, iOS, Blackberry and Windows Mobile. With high mobile device adoption rates in Healthcare workers, conditions seem right for BYOD initiatives to flourish. At the blog VentureBeat Jack Newton, the CEO of Clio, a Practice Management Software System for Lawyers argues for 7 ways that the BYOD trend could boost your business.

(via VentureBeat)

CEO Predicts “Shazam App for Heartbeats.

Have you heard of the popular audio recognition app Shazam? The mobile phone program allows you to use the mic on your cell phone to identify songs, tv shows and movies you haven’t heard of before by letting the program “hear” them. Pretty handy when you hear that song you can’t get out of your head, but can’t seem to find out the title or name of the artist. Speaking last week at the HIMSS mHealth Symposium in Copenhagen, Denmark, Steinar Pedersen, Founder of Tromsø Telemedicine Labs predicted that the market would one day see a “Shazam App for Heartbeats”, in essence, a ECG that would use an internet connection and database access to give a rough evaluation of a heartbeat uploaded by the user. Similar in ambition to projects hoping to use telemedicine to remotely diagnose skin rashes, or coughing sounds, Mr. Pedersen’s speech has reminded us once again what bright future could be in store for the intersection of technology and Healthcare.

(via MobiHealthNews)

 

Be sure to check back soon for another 2.0 Tuesday!




The Best of Manage My Practice – November, 2011 Edition

In between polishing off leftover turkey and stuffing, we’re looking back over some of our most popular posts from the month in case you might’ve missed them the first go round. Thankfully Presenting, The Best of Manage My Practice, November 2011!

We’ve started this monthly wrap-up to make sure you don’t miss any of the great stuff we post throughout the month on Manage My Practice, but we also want to hear from you! What were your favorite posts and discussions this month? Did we skip over your favorite from November? Let us know in the comments!




Stark, False Claims and Anti-Kickback Laws: Easy Ways to Stay Compliant with the Big Three in Healthcare

In health care, we are “blessed” with an abundance of rules, policies, standards and laws. In Health Care Regulation in America: Complexity, Confrontation, and Compromise, Robert I. Field, professor of health management and policy at Drexel University School of Public Health, observes the following:

 “Regulation shapes all aspects of America’s fragmented health care industry, from the flow of dollars to the communication between physicians and patients. It is the engine that translates public policy into action. While the health and lives of patients, as well as almost one-sixth of the national economy depend on its effectiveness, health care regulation in America is bewilderingly complex.”

Here are some of the most important regulations in health care that you should not only know about, but should be actively managing with a robust compliance plan.

Stark Law (Physician Self-Referral)

When: Section 1877 of the Social Security Act, also known as the physician self-referral law, is commonly referred to as the Stark Law. When enacted in 1989, it applied only to physician referrals for clinical laboratory services. In 1993 and 1994, Congress expanded the prohibition to the additional designated health services listed below.

What: Stark Law “prohibits physicians from making referrals for designated health services (DHS) payable by Medicare to an entity with which he or she (or an immediate family member) has a financial relationship (ownership, investment, or compensation), unless an exception applies,” according to the Centers of Medicare & Medicaid Services (CMS). Specifically covered designated health services include:

  • Clinical laboratory services
  • Physical therapy services
  • Occupational therapy services
  • Outpatient speech-language pathology services
  • Radiology and certain other imaging services
  • Radiation therapy services and supplies
  • Durable medical equipment (DME) and supplies
  • Parenteral and enteral nutrients, equipment, and supplies
  • Prosthetics, orthotics, and prosthetic devices and supplies
  • Home health services
  • Outpatient prescription drugs
  • Inpatient and outpatient hospital services

Penalties: Penalties for violating the Stark Law include denial of payment, refund of payment, imposition of a $15,000 per service civil monetary penalty, and imposition of a $100,000 civil monetary penalty for each arrangement considered to be a circumvention scheme.

The following will help you remain compliant with the Stark Law:

1. Offer all patients a written list of choices for obtaining the care your physicians are recommending.

2. Disclose any financial relationship with any entity that is on the list offered to patients.

 

False Claims Act

When: Originally enacted during the Civil War, and sometimes known as the Lincoln Law, the False Claims Act (FCA) as we know it today was signed by President Reagan in 1986.

What: Under the FCA, those who knowingly submit – or cause another person or entity to submit – false claims for payment of government funds will be subject to liability. The FCA contains qui tam, or “whistleblower,” provisions.

Penalties: Medicare and Medicaid fraud and abuse prohibit the knowing and willful making of a false statement that affects reimbursement under a federal health program. That provision imposes felony penalties of up to five years’ imprisonment and/or fines up to $250,000 for an individual and $500,000 for an organization.

In addition to criminal penalties, the Office of Inspector General (OIG) may impose civil penalties under the Civil Monetary Penalties Act for submitting false claims. Civil penalties can be up to $11,000, plus three times the amount claimed. According to the Telehealth Resource Center, “The Civil Monetary Claims Act prohibits claims for services not provided as claimed; false or fraudulent claims; claims for physician services not furnished by physicians; or claims for services provided by an excluded physician or provider. The False Claims Act gives the federal government, as well as any person, a cause of action against any person who submits false claims to the government.”

To help your practice remain compliant with the False Claims Act, keep the following in mind:

1. Perform background checks and obtain references on all potential employees, making sure they are not sanctioned by the OIG.

2. Have an audit performed by a third-party biannually to make sure that your billing department is following your compliance policy to the letter.

 

Anti-Kickback Statute

When: Congress enacted the anti-kickback statute, 42 U.S.C. § 1320a-7b(b), in 1977 as a prohibition against the payment of kickbacks in any form.

What: The anti-kickback statute states that criminal penalties will be issued for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration intended to induce or reward referral of business reimbursable under any of the federal health care programs (Medicare, Medicaid, etc.)

Penalties: The anti-kickback statute is a criminal statute, the violation of which constitutes a felony punishable by a fine of not more than $25,000 per offense and/or imprisonment for up to five years. A conviction also will lead to mandatory exclusion from participation in federal health care programs. The OIG also may impose civil monetary penalties of up to $50,000 for each violation, plus damages of three times the amount of the remuneration.

To help you remain compliant the anti-kickback statute:

1. Seek the advice of an experienced health care attorney before entering into any agreements with parties to pay or receive payment for goods or services where a kickback might be construed.

2. Make sure your compliance plan addresses the acceptance of gifts by physicians and staff.

 

Put It All Together: Your Compliance Plan

A compliance plan does not have to be long or overly complex. The federal government recommends a seven-component compliance plan that covers the critical points in a simple and easy-to-understand way:

1. Designate a compliance officer, which can be the manager or a staff member.

2. Implement compliance and practice standards, and have all employees sign an agreement to comply with the standards. Make compliance training a part of new employee orientation and conduct annual re-training for all staff.

3. Conduct initial compliance training and education for physician and staff. Training can be outsourced, and is also available online. Document all training.

4. Oversee internal monitoring and auditing, and document the results.

5. Respond appropriately to detected offenses and develop corrective action plans. Document offenses and responses.

6. Develop open lines of communication and encourage employees to discuss compliance at staff meetings, or in one-on-one meetings.

7. Enforce disciplinary standards through well-publicized guidelines.

Make sure that your compliance plan is not just a binder on the shelf! All employees must understand the seriousness of the penalties (There are lots of examples online to illustrate this.) and the importance of compliance to the success of your practice.

 

Common Sense Billing and Coding Compliance

Compliance can be a little tricky to define, but in the context of health care billing and coding, compliance is all about what we don’t do, rather than what we do. Here are 16 common sense and simply-worded rules:

1. Don’t bill what wasn’t documented.

2. Don’t bill what wasn’t done, thinking it probably was or will be.

3. Don’t provide unnecessary services.

4. Don’t name someone in the medical record or on the claim who wasn’t there.

5. Don’t double bill the payer.

6. Don’t change the place of service to maximize payment.

7. Don’t unbundle services that are part of a single service.

8. Don’t charge for related services during the global period.

9. Don’t upcode or downcode services.

10. Don’t neglect or misuse modifiers that would change the payment.

11. Don’t discount care to patients for referring other patients.

12. Don’t waive patient balances unless a financial need is documented.

13. Don’t keep the money if a patient or payer overpays.

14. Don’t change the diagnosis to achieve payment if the payer denies payment based on the diagnosis.

15. Don’t accept money or gifts to prescribe drugs, refer patients, or order procedures or tests.

16. Don’t direct patients to the facility that you own for a necessary test or procedure without disclosing that you own part or all of the facility.

 

Do you have any compliance tips, guidelines, or maxims that help keep your group on track? Share them in the comments below!




ARRA Changes Rules for HIPAA – Did You Miss These Three February Deadlines?

With so much going on in healthcare, it would not surprise me if a lot of practices missed the February 2010 deadline for three expanded HIPAA rules.  This expansion was dictated by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed by Congress in February 2009.

If you haven’t already, get started now with the new requirements.

  1. New obligations for business associates (BA) – February 17, 2010 Remember that a BA is a person or organization outside of your entity with whom you share protected health information (PHI) so they may provide services to you.  Good examples are your billing service, collection agency, attorney, consultant, computer vendors, attorneys and providers of documentation abstracting or coding services.  Under HITECH, BA have the same responsibilities for breaches as the healthcare entity does, but it is the healthcare organization’s responsibility to have an updated, signed BA agreement in place that describes this new responsibility.  Here is an excellent example of a BA agreement (first link under Publications) that you can download and tweak for your practice.
  2. New disclosure agreement provision – February 18, 2010 This is a big one! Patients now may waive their right to have you file their medical insurance, pay for your services themselves and request that their medical information NOT be disclosed to their insurance plan or any other entity.  In other words, patients may elect to become “self-insured”.  I recommend that you create a new financial class for these patients so they neither fall into the standard self-pay/financial assistance class or into their actual insurance class.  These patients, if you have any, will need to be identified according to their wishes, which could mean that they want you to file insurance for some services and not for others.  This means their record must be tagged for what records can be released and what records cannot.  There could be an argument made either way for whether or not these patients should receive self-pay discounts that you have in place for your non-insured patients.  I would be interested to know how different groups have decided to handle this.  There are sample forms for PHI disclosure accounting and for patients to request an accounting of PHI disclosures in the Manage My Practice Library under Operations.
  3. Information breach notification – February 22, 2010
    We’ve heard a lot about this one as the media (along with HHS) must now be notified if a PHI breach involves 500 people or more.  Breaches are being reported weekly as non-encrypted laptops are stolen or repurposed, and as copier hard drives (story here) go unnoticed as a security risk.  If a breach involves 500 people or less, each individual must receive written notice with details of the breach, the information disclosed, and the steps being taken by the practice or entity to avoid any future breaches, as well as explaining the rights of the patient(s) in protecting their private healthcare information.  Several of my employees have received notification letters from health plans and they have been horrified that this could happen.  Note that entities that secure health information through encryption or destruction don’t have to provide notification in the event of a breach!

Enforcement is also beefed up.
Criminal penalties will apply to covered entities that violate privacy rules AND to those organizations’ individual employees (can you track who accesses whose records when?)  Civil penalties have been increased and harmed individuals may share in the booty.  Probably most importantly, HITECH gives state attorneys general the power to enforce HIPAA rules.

Other resources:

HHS FAQ on HIPAA Privacy

AMA HIPAA Resources

Healthcare Blog Listing




Best Practices in Developing an Orientation Program for Your New Medical Practice Employees

© Bernad | Dreamstime.com

My personal list of new employee orientation best practices has been shaped by my experiences in private practices as well as hospitals. Every organization has different resources to draw upon, but each group has core goals that must be fulfilled by a good orientation:

  • completion of paperwork including federal and state W-4s, I-9, direct deposit and benefit elections
  • emergency contact information (included in hospital employee health intake)
  • orientation to the organization, including designations, specialties, departments, sites, affiliates and an organizational chart
  • completion of mandatory annual training such as safety, standard precautions, and HIPAA
  • mechanics of name tags, parking tags, lockers, keys and codes
  • signing off on understanding and agreement to confidentiality, compliance and personnel policies

In addition to these core goals, critical information to be shared during this time should minimally include:

  • personnel policy review with emphasis on important (typically abused?) policies
  • code of conduct/ shared basic competencies (mission and values, professionalism, communication, chain of command)
  • computer security (passwords, internet policy, protection of PHI)
  • workstation ergonomics and patient lifting policy (sadly lacking in many medical practices)

Important training that is rarely covered:

  • Customer service (what is it and how do we measure our success or lack thereof?)
  • Cultural sensitivity and diversity training
  • Non-clinical employees’ role in medical emergencies
  • Personal safety (coming in early or leaving late, patients threatening staff by phone or in person)
  • Expectations for the first 90 days (training, communication, questions, problems)

Making Orientation Memorable


Most managers do not have the expertise to design a custom orientation program to address all types of learning styles (see below), but you can try to integrate a variety of techniques to assist learning and retention of information.  For instance, you can incorporate PowerPoint programs, videos, worksheets, lectures, interactive discussion, a physical activity and a team activity.  Not only will you keep your program from being boring (for you and your new employees), but you will increase the potential for a prepared employee stepping into the clinic.  According to learning-styles-online.com, the major types of learning styles are:

  • Visual (spatial). You prefer using pictures, images, and spatial understanding.
  • Aural (auditory-musical). You prefer using sound and music.
  • Verbal (linguistic). You prefer using words, both in speech and writing.
  • Physical (kinesthetic). You prefer using your body, hands and sense of touch.
  • Logical (mathematical). You prefer using logic, reasoning and systems.
  • Social (interpersonal). You prefer to learn in groups or with other people.
  • Solitary (intrapersonal). You prefer to work alone and use self-study.

Characteristics of a Successful Program:

  • The employee has been given adequate breaks, and has been regularly fed and watered.
  • The employee feels welcome.
  • The employee feels informed and excited about the organization s/he is joining.
  • The employee feels that the information delivered is truly important and the orientation team is not just “going through the motions.”
  • The employee feels confident that the employer cares about the employee’s safety, satisfaction and success.
  • The employee has a sense of belonging, and feels prepared to start workstation training.

What other aspects of orientation (also called “onboarding” – a new buzzword!) do you place importance on, or what ways do you help your new employees to assimilate a lot of information in a short amount of time?




What Does a Medical Practice Manager Do?

clockWhether the title is manager, medical practice manager, physician practice manager, administrator, practice administrator, executive director, office manager, CEO, COO, director, division manager, department manager, or any combination thereof, with some exceptions, people who manage physician practices do some combination of the responsibilities listed here or manage people who do.

Human Resources: Hire, fire, counsel, discipline, evaluate, train, orient, coach, mentor and schedule staff. Shop, negotiate and administer benefits. Develop, maintain and administer personnel policies, wellness programs, pay scales, and job descriptions. Resolve conflicts. Maintain personnel files.  Document Worker’s Compensation injuries.  Address unemployment inquiries.  Acknowledge joyful events and sorrowful events in the practice and the lives of employees. Stay late to listen to someone who needs to talk.

Facilities and Machines: Shop for, negotiate, recommend, and maintain buildings or suites, telephones, hand-held dictation devices, copiers, computers, pagers, furniture, scanners, postage machines, specimen refrigerators, injection refrigerators, patient refreshment refrigerators, staff lunch refrigerators, medical equipment, printers, coffee machines, alarm systems, signage and cell phones.

Ordering and Expense Management: Shop for, negotiate and recommend suppliers for medical consumables, office supplies, kitchen supplies, magazines, printed forms, business insurance, and malpractice insurance as well as services such as transcription, x-ray reads/over-reads, consultants, CPAs, lawyers, lawn and snow service, benefit administrators, answering service, water service, courier service, plant service, housekeeping, aquarium service, linen service, bio-hazardous waste removal, shredding service, off-site storage and caterers.

Legal: Comply with all local, state and federal laws and guidelines including OSHA, ADA, EOE, FMLA, CLIA, COLA, JCAHO, FACTA, HIPAA, Stark I, II & III, fire safety, crash carts and defibrillators, disaster communication, sexual harrassment, universal precautions, MSDS hazards, confidentiality, security and privacy, and provide staff with documentation and training in same.  Make sure all clinical staff are current on licenses and CPR.  Have downtime procedures for loss of computer accessibility.  Make sure risk management policies are being followed.  Alert malpractice carrier to any potential liability issues immediately.  Make sure medical records are being stored and released appropriately.

Accounting: Pay bills, produce payroll, prepare compensation schedules for physicians, prepare and pay taxes, prepare budget and monthly variance reports, make deposits, reconcile bank statements, reconcile merchant accounts, prepare Profit & Loss statements, prepare refunds to payers and patients, and file lots and lots of paperwork.

clockBilling, Claims and Accounts Receivable: Perform eligibility searches on all scheduled patients.  Ensure that all dictation is complete and all encounters (office, hospital, nursing home, ASC, satellite office, home visits and legal work (depositions, etc.) are charged and all payments, denials and adjustments are posted within pre-determined amount of time.  Transmit electronic claims daily.  Send patient statements daily or weekly. Negotiate payer contracts and ensure payers are complying with contract terms.  Appeal denials. Have staff collect deductibles, co-pays and co-insurance and have financial counselors meet with patients scheduling surgery, those with an outstanding balance, or those patients with high deductibles or healthcare savings plans.  Make sure scheduling staff know which payers the practice does not contract with.  Liaison with billing service if billing is outsourced.  Credential care providers with all payers.  Perform internal compliance audits.  Load new RBRVS values, new CPTs and new ICD-9s annually.  Run monthly reports for physician production, aged accounts receivable, net collection percentage and cost and collections per RVU. Attach appropriate codes to claims for e-prescribing and PQRI.  Have plan in place for receipt of Recovery Audit Contractor (RAC) letters.  Make friends and meet regularly with the provider reps for your largest payers.

Marketing: Introduce new physicians, new locations and new services to the community.  Recommend sponsorship of appropriate charities, sports and events in the community. Recommend sponsorship of patient support groups and keep physicians giving talks and appearing at events.  Thank patients for referring other patients.  Track referral sources.  Recommend use of Yellow Pages, billboards, radio, television, newspaper, magazine, direct mail, newsletters, email, website, blog, and other social media. Prepare press releases on practice events and physicians awards and activities.  Recommend practice physicians for television health spots.

Strategic Planning: Prepare ROIs (Return on Investment) and pro formas for new physicians, new services, and new locations.  Forecast potential effect of Medicare cuts, contracts in negotiation or over-dependence on one payer.  Discuss 5-year plans for capital expenditures such as EMR, ancillary services, physician recruitment, and replacement equipment.  Explore outsourcing office functions or having staff telecommute.  Always look for technology that can make the practice more efficient or productive.

Day-to-day Operations: Make the rounds of the practice at least twice a day to observe and be available for questions.  Arrange for temporary staff or rearrange staff schedules for shortages, meet or speak with patients with complaints, and meet with vendors, physicians and staff.  Open mail and recycle most of it.  Unplug toilet(s).

Stay Current in Healthcare: Attend continuing education sessions via face-to-face conferences, webinars, podcasts and online classes.  Maintain membership in professional organizations.  Pursue certification in medical practice management.  Network with community and same specialty colleagues.  Participate in listservs, LinkedIn and Twitter.

What did I leave out?  Take a lunch?

Read my post on “How Much Do Medical Practice Managers Make?” here.




What Health Care Providers Need To Know About Medicare and the RAC

Carla Hannibal

By Carla Hannibal, CMM,CPM,CIMBS

Recovery Audit Contractors (RACs) will pursue corrections of Medicare claims by auditing for overpayments and underpayments under Part A or B of the title XVIII of the Social Security Act.  Health care providers will be affected as Medicare has recently contracted with RACs for 2009 and beyond.  RACs will audit every United States and Peurto Rico health care provider who files with Medicare.  The audit and recovery plan is expected to be in place by 2010 in all 50 states and Puerto Rico on a permanent basis. Based on findings, if compliance with Medicare billing rules is not up to standard, penalties may be assessed including fines and in severe cases, the loss of Medicare billing privileges.

What should providers do?
Health care providers would be wise to ensure their offices are in compliance because Medicare will not provide any specific guidance to the physician or provider of care outside of basic written guidelines.  RAC contracts fees are contingency-based which means they will have every incentive to find errors.  It should be noted that each RAC’s contingency fee is established during contract negotiations with CMS and varies for each RAC.

Region A: 12.45%
Region B: 12.50%
Region C: 9.00%
Region D: 9.49%

For practices, internal changes need to be established to monitor documentation and coding for compliance as well as establishing a framework to track RAC requests.  These are not new requirements to providers.  The provider application and contract clearly states that it is the sole responsibility of the Physician to follow all documentation rules and regulations, coding and billing rules 100% of the time.  Offices setting up compliance guidelines should appoint someone who will be responsible for monitoring compliance within the practice.

Is there a limit to what records RACs will audit?

Yes there is a medical records limit, established by NPI, of records the RAC will audit.

Ӣ Solo Practitioner
Limit = 10 medical records/45 days

Ӣ Partnership of 2-5 individuals
Limit = 20 medical records/45 days

Ӣ Group of 6-15 individuals
Limit = 30 medical records/45 days

Ӣ Large Group (16+ individuals)
Limit = 50 medical records/45 days

What are the RACs focusing on?

Under the program, RACs will focus on CMS-established payment criteria and will consist of both automated claims history reviews from the CMS database as well as complex clinical reviews of patient medical records.   Specific areas of concentration include “not medically necessary services” (or those not meeting the established CMS clinical payment criteria), non-covered services, incorrectly coded claims, duplicate services and incorrect payment amounts.

What is involved in the RAC claims audit process?

The Process consists of six phases.

I.     Data Screening & Claim Selection

II.    Medical Record Request

III.  Record Review and Status Determination

IV.  Post Review Notification

V.    Overpayment Recoupment

VI.   Post Determination- Other Provider Options and Data Tracking

Does the RAC program cover Medicare Replacement policies?

No the RAC program does not detect or correct payments for Medicare Advantage or the Medicare prescription drug benefit.

What happens after a RAC audit?

In those cases of overpayments, the physicians may choose to send a rebuttal of the findings directly to the RAC within 15 days of receiving the RAC’s letter identifying an overpayment.  However this does not stop the clock on the 120-day time period during which you can request a redetermination (first level appeal) from your Medicare contractor or on the interest accrued when money is not refunded to CMS within 30 days of request.  If the RAC discovers that an underpayment has been made to the provider then the RAC will inform the carrier or intermediary who will proceed with the claim adjustment and payment to the provider.

When does all this begin?

Implementation will take place on a rolling basis in 3 phases which began 10/1/08.  The schedule for the program rollout can be found here.


Will your practice be ready?


Carla Hannibal, CMM, CPM, CIMBS is President of Hannibal Professional Services, LLC (HPS).  HPS is a practice management company that provides services for small to medium-sized physician groups.  Carla is a writer, speaker, trainer and highly skilled manager with 27 years of clinical and administrative experience in the healthcare industry.  Her experience in the healthcare industry ranges from claims processing to practice management.  If you need more information on RAC, or help in implementing a compliance process in your practice, Carla can be reached at 623- 204-8992.