OCR and HIPAA audits. Give you chills, don't they? Most covered entities (CE) naturally fear getting the letter from the HIPAA privacy and security enforcers saying that they're coming?or that they want something. "Something" usually means your policies and procedures, risk analysis, and mitigation efforts if you've suffered a breach. Bottom line: CEs want to avoid OCR unless they need to go to the agency for information on the HIPAA Privacy, Security, or Breach Notification rules
The new modifier -PO (services, procedures, and/or surgeries furnished at off-campus provider-based outpatient departments [PBD]) and the alternative payment provisions under the Bipartisan Budget Act Section 603 are both related to off-campus PBDs but define "off-campus PBD" slightly differently.
In February 2016, just four months after ICD-10 go-live, sister publication HIM Briefings (formerly Medical Records Briefing) asked a range of healthcare professionals to weigh in on their productivity in ICD-9 versus ICD-10.
When the Quality Improvement Organizations (QIO) took over the role of education and enforcement for the 2-midnight rule on October 1, 2015, many anticipated that their reviews would only look at records from that date forward. But in an unpleasant turn of events, some hospitals have reported QIO record requests zeroing in on cases as far back as May 2015, says Ronald Hirsch, MD, FACP, CHCQM, vice president of the Regulations and Education Group for AccretivePAS in Chicago.
"It caught everybody off guard. No one expected them to audit any earlier than October 1," he says. "But audits are starting hot and heavy, and it's important for organizations to understand that it's permitted and that the QIOs can request charts going back six months."
According to a fact sheet, CMS is specifically using "Beneficiary and Family Centered Care (BFCC) QIOs, rather than MACs or Recovery Auditors, to conduct the initial medical reviews of providers who submit claims for short-stay inpatient admissions on October 1, 2015. Beginning in 2016, BFCC-QIOs will begin reviewing inpatient cases under the revised Two Midnight Rule being announced today." (For more information, visit www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2015-Fact-sheets-items/2015-10-30-4.html.)
Another surprise? BFCC-QIOs are requesting charts for inpatient-only surgeries, something they weren't supposed to do, says Hirsch.
When the Quality Improvement Organizations (QIO) took over the role of education and enforcement for the 2-midnight rule on October 1, 2015, many anticipated that their reviews would only look at records from that date forward. But in an unpleasant turn of events, some hospitals have reported QIO records requests zeroing in on cases as far back as May 2015.
CMS giveth and CMS taketh away. More than $21 billion in payments under the Medicare EHR Incentive Program and more than $10.1 billion in Medicaid EHR Incentive Program payments has been doled out between 2011 and 2015?but not every payment remains with its intended recipient. Contractors will perform audits to ensure that those eligible for the program can support their attestation through examination of supporting documentation to back a claim that a provider or hospital has fulfilled the requirements for meaningful use.
CMS contracted Figliozzi and Company to conduct pre- and postpayment desk audits of the meaningful use program.
"What we have been seeing from our clients' experience is Figliozzi is attempting to perform audits on 5% of attestations submitted to CMS," says David Holtzman, JD, CIPP, vice president of compliance at CynergisTek, Inc., in Austin, Texas.
Holtzman also notes a spike in state Medicaid offices and the Office of Inspector General (OIG) performing audits for those attesting to meaningful use. These audits are conducted on site by a team of auditors.
"Both Medicaid and Medicare meaningful use audits are pass-fail audits," Holtzman says. "Therefore, if any requirement or measure is not met, the result is that the provider or hospital will not receive the incentive payment in the case of a prospective audit or will be required to return any payment received for the prior period as a result of the audit."
Under the Affordable Care Act, the latter would be considered an overpayment by Medicare or Medicaid, and the provider or organization would be required to return the incentive dollars within 60 days or face fines and penalties subject to the False Claims Act.
"There is increased attention by the U.S. Attorney's Office and the Office of Inspector General for investigating and prosecuting fraudulent attestations for meaningful use that results in incentive payments," Holtzman says. "I look at this as a claims recovery effort."
CMS may occasionally report on overall rates of audit failure by eligible providers and hospitals. However, it will not provide any specific guidance on how to resolve identified issues, Holtzman says. "Once the reporting year has ended, the attestation is filed or the hospital/provider selected for audit, no substantive changes are permitted," he says. "Best practices are to carefully review documentation for meaningful use attestation using internal experts or bring in a third-party reviewer to ensure accuracy."
