Category: HIPAA

What HIM can expect in 2018 and beyond

On By Lisa A. EramoIn AHIMA, Audits, EMR and EHR, HIM management, HIPAA, ICD-10, medical coding, Revenue integrity, Uncategorized

The list of topics covered at the recent RIHIMA meeting truly ran the gamut: Medicare payment reform, Office for Civil Rights (OCR) enforcements, the 21st Century Cures Act, FY 2018 ICD-10-CM coding changes, and more. The meeting, which drew approximately 50 people, was held in Warwick on October 20. The theme? Looking ahead to 2018 and beyond.

Health IT updates

Jennifer L. Cox of Cox and Osowiecki, LLC kicked off the morning with an update on health IT, the future of which she said is unclear in light of unprecedented budget cuts to infrastructure. What can HIM professionals expect during the next year and beyond? Cox told attendees to keep their eyes open for the 21st Century Cures Act, which she said is one of the most significant regulations that will affect the HIM profession. The legislation, which was enacted in December 2016, includes a section on health IT interoperability that requires data sharing and prohibits data blocking. A first set of draft rules is due by March 2018.

“This is going to be bigger than HIPAA and Meaningful Use–it will be the biggest thing in our careers that will shift how we use health information,” said Cox.

Cox also touched on the federal government’s efforts to remove Social Security Numbers (SSN) from Medicare cards by 2019. Although this may reduce identity theft, she said it creates an inability for HIM professionals to verify patient identity using this unique identifier. HIM may eventually need to create consistent verification standards in lieu of having access to the SSN, she added. They may also need to retrospectively sanitize records to remove the SSN. Cox encouraged attendees to make a list of all the ways in which they currently rely on the SSN so they can work collaboratively with the legal/compliance department to develop a strategy for how they’ll handle these scenarios once the SSN is no longer available.

Cox also warned of increasing OCR activity, stating that high-dollar settlements have increased over the last year and a half. She encouraged attendees to monitor the OCR’s running list of resolution agreements because she said it’s often a roadmap for potential vulnerabilities. “Learn from your colleagues’ misfortune,” she said. “This is what [the OCR] cares about, and what they care about, we should care about.”

Risk assessments should be a top priority, she said, adding that many independent physician practices are failing Meaningful Use audits because they didn’t conduct an assessment during the year of attestation. Also remember to fix any problems discovered during the assessment, she added.

Staff education is equally as important, said Cox. For example, employees should notify their IT department when a computer is particularly slow, as this could signal an impending cyber attack. “These are very sophisticated attacks,” she added. “It takes minutes–not hours–to infect the entire system.”

FY 2018 coding updates

Mary Beth York, senior associate at Barry Libman, Inc. discussed several important ICD-10-CM coding changes that took effect October 1, 2017. She encouraged attendees to review the FY 2018 ICD-10-CM coding guidelines as well as the 2018 Addendum. When coders rely entirely on the encoder–and don’t review all of the additions, deletions, and revisions–they aren’t as aware of these oftentimes subtle changes, she said.

Third-party release of information

Amy Derlink and Laureen Rimmer, both of MRA Health Information Services, gave an informative presentation on ROI best practices.

Derlink encouraged attendees to create a third-party audit record review policy that addresses these and other questions: Will you ask to see the business associate agreement between the health plan and third-party auditor before releasing information? Will you allow the third-party auditor onsite? What access will you provide to the third-party auditor? Will it include remote access? How will you comply with HIPAA’s minimum necessary requirements? “We need to protect privacy,” she said. “That’s our number one obligation.”

Don’t let auditors bypass HIPAA to access protected health information, said Derlink. Quality audits (e.g., HEDIS) are not included in uses and disclosures for treatment, payment, and operations, she added.

Rimmer said HIM must leverage technology and tap into data analytics to identify compliance risk and prepare for audits. “Understand your data, and know what’s going on so you can be proactive with your own internal audits,” she said. “As you see themes, you need to drill down.”

Embracing leadership qualities

Karen A. Benz of Benz Strategic Group gave an interesting presentation on leading vs. managing. “Management is doing. Leadership is being,” she said. “As a leader, you set the culture and tone of your department.” She described managers as productivity-oriented implementers, and she identified leaders as open-minded agents of transformational change. Managers ask people to follow, but when you’re a leader, people will follow naturally, she explained.

She challenged attendees to embrace leadership qualities and not succumb to negativity. Doing so improves employee retention and satisfaction. And when employees are happy, they’re often willing to go the extra mile for patients as well.

 

 

 

 

Revenue integrity, HIM advocacy discussed at RIHIMA

On By Lisa A. EramoIn AHIMA, CPT, Freelance writing, Healthcare writing, HIM advocacy, HIM management, HIPAA, Revenue integrity, Social media, Uncategorized

0207141454.jpg

Social media in healthcare, revenue integrity, HIM advocacy, and 2017 CPT updates were among the many topics discussed at the Rhode Island chapter of AHIMA’s winter meeting held January 20 in Warwick. Approximately 30 people attended the four-hour event.

2017 CPT updates take effect
Barbara Japhet, BS, CCS, manager of coding education and health information manager at Rhode Island Hospital, kicked off the meeting with an overview of CPT changes for 2017, including the nearly 500 code revisions primarily due to the unbundling of conscious sedation.

Though Japhet focused mostly on hospital-based CPT codes, she did highlight several changes that may be of interest to ambulatory-based providers. Two examples included the following:

  1. A new code for cognitive impairment assessment and testing (G0505). She said that physicians may bill this code in addition to chronic care management and transitional care management when certain requirements are met.
  2. The addition of low-, moderate-, or high-complexity descriptors for physical therapy and occupational therapy evaluation codes. More detailed codes will help CMS examine utilization more closely, she added.

Social media and healthcare: Can the two coexist?
Angela Carr, JD, partner at Barton Gilman, gave a very interesting presentation about the impact of social media on healthcare privacy and security. In particular, she said hospitals increasing rely on social media for the following purposes:

  1. Attract and engage patients
  2. Improve Google hits
  3. Recruit patients for clinical trials
  4. Attract employees

However, she urged organizations to think about the implications of social media on patient privacy, adding that an internal social media policy for employees is paramount. Such a policy should include the following components, she said:

  1. Definition of social media (including websites that fall under this category)
  2. Who can access social media, and why
  3. Fines for violating HIPAA
  4. Examples of what is considered a HIPAA breach
  5. Specific consequences for non-compliance
  6. Contact information of someone who can answer questions about the policy and its application

Note: Massachusetts General Hospital provides an employee social media policy that you can view here. Carr cited this policy as an example to which other organizations can refer when developing their own guidelines.

Provide an in-service to explain the policy, and apply it consistently to all employees, she added. Remind employees that even the most well-intentioned individuals can inadvertently breach confidential patient information. She provided this example: An employee takes a picture of herself eating birthday cake at her desk and posts it on Facebook. The employee doesn’t realize that five patient records are visible on her desk. This ‘background information’ is what many people fail to think about, she says.

She also urged organizations to create a social media policy for external users. This policy basically sets the ground rules for interacting with the organization’s social media sites. It should include clear terms of participation, the purpose of the organization’s social media presence, the prohibition of abusive terms, and more. Click here to view an example of Massachusetts General Hospital’s social  media guidelines for individuals who wish to interact with the hospital through social media.

Creating a revenue integrity program
Bettyann Carroll, director of revenue integrity (RI) at South Shore Hospital, spoke about how she created an RI program from the ground up commensurate with the hospital’s new EHR and billing system. She said those working on the RI team have tackled many projects, a few of which include the following, :

  • Incorporating clinical providers into the process for obtaining ABNs
  • Performing chargemaster review and validation in each hospital department
  • Creating consistent processes to ensure revenue and documentation integrity when new service lines are added

“You don’t want to be reactive–you want to be proactive in revenue integrity,” she added.

Raising awareness of HIM
Michele Mahan-Smith, RHIA, CCS, director of inpatient/observation coding at Rhode Island Hospital, and Kelly Doyle, RHIA, manager of HIM operations at Rhode Island Hospital, both reiterated the importance of promoting HIM internally as well as within the community.

For example, if you haven’t done so already, consider developing an HIM elevator speech. Also refer to the AHIMA website for more tips and tools to help raise awareness of the HIM profession–a profession that continues to grow and expand in an electronic environment.

OCR audits, risk-adjustment coding discussed at RIHIMA

On By Lisa A. EramoIn AHIMA, Clinical documentation improvement, HIM management, HIPAA, ICD-10, Physician practices, Risk adjustment

OCR audits, FY2017 coding updates, and risk-adjustment coding were among the many topics covered during the most recent RIHIMA meeting on October 7 in Warwick, RI. These meetings provide an affordable opportunity to stay abreast of industry changes and network with peers. Another perk: Free coffee and donuts. 🙂

HIPAA branding, OCR audits

Norma Chitvanni, RHIT, CHPS, privacy officer and director of privacy and confidentiality at Beth Israel Deaconess Medical Center, spoke about her efforts to lead an awareness campaign to help employees understand the importance of HIPAA. She reminded attendees that employees are an organization’s biggest vulnerability, and she urged others to consider creative ways to brand an internal privacy and security program.

For example, Chitvanni worked with the hospital’s communications department to create an educational video in which members of a patient/family advisory group spoke about the importance of keeping information private (KIP). She and her team also:

  • Created a padlock logo for the program
  • Identified internal KIP coaches to help educate staff
  • Put KIP labels on salad contains and food wrappers in the cafeteria
  • Created a staff portal with resources about how to secure laptops
  • Handed out promotional materials about KIP (e.g., pens, phone wipes)

Chitvanni also urged attendees to prepare for upcoming OCR audits. She provided these tips:

  • Provide HIPAA education to all staff. Ensure that you have some way to monitor and assess staff member’s understanding along the way (e.g., test-your-knowledge questions or a final exam).
  • Use the OCR audit tool as a foundation for compliance. Do your policies and educational materials support each of the 109 elements included in the tool?
  • Compile information for your business associates in advance. HHS provides a complete list of necessary information.
  • Use technology to monitor and mitigate risk. For example, some applications can identify and flag unencrypted emails that include medical record numbers, patient information, or medical codes.

FY 2017 coding updates

Mary Beth York, CCS, CCS-P, CIC, senior associate at Barry Libman Inc., provided a helpful overview of important coding changes that took effect October 1. She encouraged attendees to review the updated ICD-10-CM guidelines and also pointed out several surprises, including:

  • 1.A.19: The assignment of a diagnosis code is based on the provider’s diagnostic statement that the condition exists.  The provider’s statement that the patient has a particular condition is sufficient. Code assignment is not based on clinical criteria used by the provider to establish the diagnosis.

“I think we have to see how this is going to play out,” she said, adding that it remains unclear as to how insurance companies and Recovery Auditors will handle this guideline when a condition doesn’t meet clinical criteria.

  • 1.C.12.a(6): If a patient is admitted with a pressure ulcer at one stage and it progresses to a higher stage, two separate codes should be assigned: one code for the site and stage of the ulcer on admission and a second code for the same ulcer site and the highest stage reported during the stay.

She urged HIM professionals to work with members of the quality team to raise awareness of this new guideline.

Risk-adjustment coding

Gerry Petratos, MD, MS, CEO of Hiteks Solutions, Inc. said HCC coding is becoming the “gold standard” in healthcare because of its ability to capture clinical complexity and predict costs.

Many organizations are already using HCC modeling in the outpatient arena, necessitating the need for documentation improvement, he said. “Ambulatory CDI will be the biggest growth area in which there are the fewest people to do the work,” he added.

Accountable Care Organizations can also use HCC data to segment populations and target preventive care.