This week’s note is about the changes to the 2-Midnight Rule in the 2016 OPPS proposed rule. In the 2016 OPPS Proposed Rule, CMS announced that October 1, 2015 they will be transitioning the medical review of inpatient admissions from Medicare Administrative Contractors (MAC) to Quality Improvement Organizations (QIO). This policy will limit the future review of inpatient admissions by the Recovery Auditors and may be related to CMS’ withdrawal of the Request for Quotes for new Recovery Auditors announced July 10.
Conducting pre-billing audits can be challenging, but when done correctly, it can save organizations from spending time recoding and rebilling claims that payers deny. These audits can be conducted on the front end, in both inpatient and outpatient settings, once records have been coded.
The Office for Civil Rights (OCR) announced December 8, 2014, that it fined an Alaska behavioral health service $150,000 for potential HIPAA violations. OCR entered into a resolution agreement with Anchorage Community Mental Health Services (ACMHS), a nonprofit behavioral healthcare service, per the announcement (see www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/acmhs/amchs-capsettle...).
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is an editorial advisory board member for SHCC's sister publication Briefings on HIPAA.
