The list of topics covered at the recent RIHIMA meeting truly ran the gamut: Medicare payment reform, Office for Civil Rights (OCR) enforcements, the 21st Century Cures Act, FY 2018 ICD-10-CM coding changes, and more. The meeting, which drew approximately 50 people, was held in Warwick on October 20. The theme? Looking ahead to 2018 and beyond.
Health IT updates
Jennifer L. Cox of Cox and Osowiecki, LLC kicked off the morning with an update on health IT, the future of which she said is unclear in light of unprecedented budget cuts to infrastructure. What can HIM professionals expect during the next year and beyond? Cox told attendees to keep their eyes open for the 21st Century Cures Act, which she said is one of the most significant regulations that will affect the HIM profession. The legislation, which was enacted in December 2016, includes a section on health IT interoperability that requires data sharing and prohibits data blocking. A first set of draft rules is due by March 2018.
“This is going to be bigger than HIPAA and Meaningful Use–it will be the biggest thing in our careers that will shift how we use health information,” said Cox.
Cox also touched on the federal government’s efforts to remove Social Security Numbers (SSN) from Medicare cards by 2019. Although this may reduce identity theft, she said it creates an inability for HIM professionals to verify patient identity using this unique identifier. HIM may eventually need to create consistent verification standards in lieu of having access to the SSN, she added. They may also need to retrospectively sanitize records to remove the SSN. Cox encouraged attendees to make a list of all the ways in which they currently rely on the SSN so they can work collaboratively with the legal/compliance department to develop a strategy for how they’ll handle these scenarios once the SSN is no longer available.
Cox also warned of increasing OCR activity, stating that high-dollar settlements have increased over the last year and a half. She encouraged attendees to monitor the OCR’s running list of resolution agreements because she said it’s often a roadmap for potential vulnerabilities. “Learn from your colleagues’ misfortune,” she said. “This is what [the OCR] cares about, and what they care about, we should care about.”
Risk assessments should be a top priority, she said, adding that many independent physician practices are failing Meaningful Use audits because they didn’t conduct an assessment during the year of attestation. Also remember to fix any problems discovered during the assessment, she added.
Staff education is equally as important, said Cox. For example, employees should notify their IT department when a computer is particularly slow, as this could signal an impending cyber attack. “These are very sophisticated attacks,” she added. “It takes minutes–not hours–to infect the entire system.”
FY 2018 coding updates
Mary Beth York, senior associate at Barry Libman, Inc. discussed several important ICD-10-CM coding changes that took effect October 1, 2017. She encouraged attendees to review the FY 2018 ICD-10-CM coding guidelines as well as the 2018 Addendum. When coders rely entirely on the encoder–and don’t review all of the additions, deletions, and revisions–they aren’t as aware of these oftentimes subtle changes, she said.
Third-party release of information
Amy Derlink and Laureen Rimmer, both of MRA Health Information Services, gave an informative presentation on ROI best practices.
Derlink encouraged attendees to create a third-party audit record review policy that addresses these and other questions: Will you ask to see the business associate agreement between the health plan and third-party auditor before releasing information? Will you allow the third-party auditor onsite? What access will you provide to the third-party auditor? Will it include remote access? How will you comply with HIPAA’s minimum necessary requirements? “We need to protect privacy,” she said. “That’s our number one obligation.”
Don’t let auditors bypass HIPAA to access protected health information, said Derlink. Quality audits (e.g., HEDIS) are not included in uses and disclosures for treatment, payment, and operations, she added.
Rimmer said HIM must leverage technology and tap into data analytics to identify compliance risk and prepare for audits. “Understand your data, and know what’s going on so you can be proactive with your own internal audits,” she said. “As you see themes, you need to drill down.”
Embracing leadership qualities
Karen A. Benz of Benz Strategic Group gave an interesting presentation on leading vs. managing. “Management is doing. Leadership is being,” she said. “As a leader, you set the culture and tone of your department.” She described managers as productivity-oriented implementers, and she identified leaders as open-minded agents of transformational change. Managers ask people to follow, but when you’re a leader, people will follow naturally, she explained.
She challenged attendees to embrace leadership qualities and not succumb to negativity. Doing so improves employee retention and satisfaction. And when employees are happy, they’re often willing to go the extra mile for patients as well.