Research shows that ethnic and racial minorities may wind up back in the hospital after discharge more often than their white counterparts for certain conditions, such as pneumonia and heart failure. This increased rate of readmissions is due to many factors, including:
A higher incidence of some chronic diseases
Social, economic, cultural, and linguistic barriers to care
CMS is hoping to change that with a new publication, "Guide to Preventing Readmissions Among Racially and Ethnically Diverse Beneficiaries." Its authors said that the guide aims to accomplish three main goals:
Providing an overview of the issues that can lead to higher readmission rates among this group
Outlining actions hospital leaders can take to reduce these avoidable readmissions
Providing case studies and examples of initiatives that have worked to reduce readmissions among racial and ethnically diverse Medicare beneficiaries
Interoperability isn't a new goal, but 2016 may be the year it becomes closer to a reality. HHS' 2017 budget includes a boost in the Office of the National Coordinator for Health Information Technology (ONC) funding specifically for the development of interoperability guidelines and standards, like an interoperability code of conduct, as well as efforts to combat information blocking.
Staying ahead of change
Being a hot-button issue alone won't solve interoperability's problems. It's a complex initiative, and reaching the goals outlined in the ONC's Interoperability Roadmap means providers, vendors, and policymakers have to work together to create practical guidelines and products that meet all applicable existing legislation, including HIPAA and other privacy and security laws. Interoperability also requires software vendors and developers to go against the very nature of their business and work with the competition.
It's a tall order, but achieving interoperability could greatly reduce the technical burdens many security officers struggle with, as well as create an atmosphere in which providers and vendors can work together to keep PHI safe. If it's not achieved, greater administrative burdens, technological problems, and, at worst, significant security weaknesses could result, cautions Chris Apgar, CISSP, president of Apgar and Associates, LLC, in Portland, Oregon.
Security officers need to pay close attention to interoperability, Apgar says. "Any time code is touched or changes are made in how an application or interface works, [it] raises the risk that the end product will not include the required security controls."
If 2016 is the year the healthcare industry starts making real progress on the road to interoperability, security officers need to make sure they read the map and scout the territory to ensure their organizations don't take any wrong turns.
Our readers have been asking for an updated medical record documentation guide, and here it is?new and improved! The guide provides references to the associated CMS Conditions of Participation and new and revised standards and elements of performance (EP). A recent Joint Commission column discussed ongoing record reviews and the continued focus of Joint Commission surveyors related to documentation in the medical record. The guide takes the Record of Care, Treatment, and Services chapter and breaks it down into an easy-to-use tool for comprehensive record reviews by topic.
Email encryption, file sharing, and mailbox security
by Chris Apgar, CISSP
Q: We are in the process of building a new office. Would it be HIPAA compliant to have an outside locked mailbox for our general postal mail and therapist paperwork that is dropped off at night? If not, would a mail slot on our front door work better?
A: An outside locked mailbox will suffice to secure incoming mail and therapist paperwork. Ensure that the mailbox is secure and not easily broken into. If the mailbox is secured with a key, it's a good idea to implement a solid key management program so it's known who has a key. Keys should be recovered when an employee resigns or is terminated. If an employee leaves without returning his or her key, it's wise to re-key the lock on the mailbox.
Editor's note
Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Email your HIPAA questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
Last year, as ICD-10 implementation approached, organizations throughout the U.S. reported varying levels of comfort with regard to readiness and understanding of the impact of ICD-10 on physician workflow. For some, it was business as usual. For other physicians, ICD-10 became one more check box on the list of reasons to leave practice.
Do you recall the recent humorous television commercial for phone services that featured children who wanted more and tried to explain why? The core message was that more isn't always better. I believe there are many applications of this principle in healthcare. To understand why this is the case, since large evolves from small, you might have to engage your sense of recall to visualize the past compared to the present. We'll look at some examples below.
Big (bad?) data
For all the talk about population health and big data, there is less discussion about data integrity, a key principle in data usage. Anyone who has worked with the most basic of databases, the master patient index, knows how many errors occur in collecting up-front patient access data. Errors still abound in duplicate medical record and account data. How can any of the data associated with these accounts be considered valid and worthy of basing conclusions upon? How confident are we, really, in our interpretation of this data?
For example, comparative MedPAR data will not display ICD-10-CM/PCS data until at least 18 months after ICD-10 implementation. There is no way to measure if we are undercoding, overcoding, erroneously coding, or problematically grouping any cases until we have enough data to make some judgments. Even then, the only true audit is one that compares the collected data with the source documents (in this case, the medical record). Organizations must conduct multiple rounds of these audits before findings can even be discussed.
The best approach is to begin your own audit of small segments (e.g., most common, most at risk) of diagnoses and procedures rather than waiting until the MedPAR data arrives. Be aware that if you are looking at any comparison databases, there is likely a crudely mapped comparison going on between ICD-9 databases (and ICD-10). As we all know, comparisons are not possible in all cases, and the more cross-mapping we do, the less granularly correct the comparison outcome data is, which decreases the validity of the universe of data.
In HIM, there are other data quality issues that have an unknown impact on integrity comparisons. For example, are we comparing apples to apples for sites that are using computer-assisted coding applications versus those that are not? Is it fair to compare outsourced coding with in-house coding? In a recent study conducted for a client, I observed that the time for coding of outsourced cases was dropping in a direct ratio to the case mix. Are we gaining productivity but sacrificing quality and reimbursement potential?
