Q: CMS released guidance last summer about not auditing or counting errors for the specificity of an ICD-10-CM code. CMS is not going to count the code as an error as long as the first three digits are correct. Does this apply to medical necessity diagnoses and edits?
This week’s updates include change requests regarding payments to home health agencies that do not submit required quality data; the July 2016 update of the ambulatory surgical center payment system; and more!
The right physician advisor can be an ally for case managers, helping to improve communication and cooperation with physicians, bolstering compliance efforts, and helping to avoid delays in care that can keep patients from moving seamlessly through the system.
Creating secure passwords, guest wireless networks, and emailing PHI
by Chris Apgar, CISSP
Q: I work at a doctor's office. If a patient calls and asks to have a copy of his or her medical records sent to his or her home address, are we required to obtain any additional verification beyond checking that the address matches the one we have on file? We have a patient portal where most of our patients are able to access their records, but some still prefer to have copies sent to them.
A: As with any request for PHI from an external party, whether it be the patient or someone else, proper authentication is necessary. This means you need to ask questions such as what is the patient's birthdate before agreeing to send the patient a copy of his or her medical record or designated record set (DRS).
It's a good idea to ask the patient to make the request in writing. Per the HIPAA Privacy Rule, "The covered entity may require individuals to make requests for access in writing, provided that it informs individuals of such a requirement" (45 CFR §164.524(b)(1). This is not a "you shall." It's a "may" so in the end you may elect to not require the request be in writing. However, this might leave your practice vulnerable to the risk of someone impersonating the patient and requesting the record or the patient later complaining you sent a copy of his or her DRS without his or her permission.
If you require patients to make the request in writing, you can't make it too burdensome. For example, you can't require patients get the signed request notarized or walk the request in to the doctor's office. OCR recently published guidance regarding a patient's right to access his or her DRS (www.hhs.gov/hipaa/for-professionals/privacy/guidance/access). It provides more detailed information about the dos and don'ts of meeting the HIPAA Privacy Rule requirement that patients are entitled to view or request a copy of their DRS.
Editor's note: Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are that of the author and do not represent HCPro or ACDIS. Email your HIPAA questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
The new modifier -PO (services, procedures, and/or surgeries furnished at off-campus provider-based outpatient departments [PBD]) and the alternative payment provisions under the Bipartisan Budget Act Section 603 are both related to off-campus PBDs but define "off-campus PBD" slightly differently.
CMS recently published FAQs on modifier -PO, giving providers valuable guidance on how the modifier will apply to hospital services. Last week, CMS also indicated that it will wait until the CY 2017 OPPS proposed rule provides further guidance on Section 603. Nevertheless, some of the guidance related to modifier -PO seems to indicate that CMS is trying to bring the requirements in line with off-campus PBDs covered by Section 603, rather than simply relying on preexisting regulatory definitions of off-campus departments.
Modifier -PO was adopted January 1, 2015, with a required use date of January 1, 2016. It was originally adopted as a modifier to track statistics and information related to hospitals' off-campus PBDs. The modifier nominally applies to all items and services provided in an off-campus PBD, according to the Medicare Claims Processing Manual, but there are some significant exceptions.
The recent FAQs make it clear that modifier -PO does not apply to non-OPPS services. These services include therapy and a few other services still paid on other fee schedules, noted with a status indicator A under the OPPS, as well as dialysis, which is paid under the ESRD PPS. This guidance would dovetail with Section 603, which arguably only applies to services that would otherwise be payable under OPPS, exempting them from OPPS and providing alternative payment. Additionally, because critical access hospital (CAH) services are not paid under the OPPS, the modifier will also not apply to any services at PBDs of a CAH.
Similarly, the FAQs and other guidance indicate modifier -PO is not used for off-campus emergency departments. This guidance is in line with Section 603, which excludes the off-campus alternative payment methodology from items and services furnished at dedicated emergency departments.
