ICD 10 is coming quickly. What has your organization done to prepare?
What do ICD 10, HIPAA and Meaningful Use have in common?
The answer is--they are driven by federal regulatory agencies that could financially cost your organization.
ICD 10 is slated to launch October 1, 2015. Is your organization prepared? The Centers of Medicare and Medicaid Services (CMS) recently stated on June 2, of their 875 participating providers and billing companies that submitted claims, eighty eight percent achieved no rejections. Less than one percent were rejected due to invalid ICD 10 codes. The CMS goes on to say that they “strongly encourage practices to contact each of their payer partners to get confirmation on ICD 10 readiness by the October start date”. The numbers CMS is reporting are promising. However, when I read that CMS is strongly encouraging providers to contact the payer partners to ensure that they are ready, I am reminded of historical events.
Some of you may not remember the coding changes in the Behavioral Health field a few years back. Many of the payer partners were not ready to accept the new coding, and this resulted in doctors treating patients, month after month, with no reimbursement. Many of the independent doctor lost their practices. They were not prepared.
In preparation for the October 1st deadline, I have recommended that all organizations that rely on health insurance reimbursements should prepare by having a safety net to cover the possible short fall of incoming revenue.
Analyze your monthly revenues over a minimum of a 90 day period. Mitigate this foreseeable risk to your organization by preparing and having a safety net of cash and an available credit line in place for any cash short falls.
HIPAA-- I have written about the long arm of HIPAA in previous publications. The long arm of HIPPA not only reaches the medical related covered entities, health plan providers, health plans and health care clearing houses, but it extends across to those non-medical professions: CPA’s, law firms, and those that have entered into a Business Associates Agreement. Also, anyone that has access to patient names along with medical records which is considered Protected Health Information (PHI).
These professions must incorporate acceptable and reasonable policies and procedures in order to protect the PHI that they have access too. Organizations must comply with many of the Privacy and Security Rules. An example would be performing regular risk assessments, incorporating the required technical requirements, physical safeguards, and workforce classification to ensure the minimum necessary standard, also referred to as “need to know policy”.
An organizational culture should be one of compliance, with policies that follow through on the stated protocols. Without a culture of compliance and robust protocols, the fines, sanctions, penalties and loss of brand can cost you millions in dollars.
Meaningful Use--Recently it was reported that a former Texas hospital CFO had been sentenced to 23 months in federal prison for submitting false documents. The medical center at which he was employed as the CFO received payments under the HITECH ACT electronic health records financial incentive program. This is also known as meaningful use. White oversaw the implementation of electronic health records (EHR) and was responsible for attesting to the meaningful use of the EHR’s to qualify to receive the HITECH incentive payments totaling $786,000 for Shelby Regional.
In addition to his prison term, Joe White, the former CFO, of the now-shuttered Shelby Regional Medical Center in East Texas, was ordered to pay restitution of $4.5 million dollars to the HITECH incentive program. Court documents stated, in order to assist in paying the restitution, White was ordered to liquidate his personal IRA account and an annuity account for a total of $135,000.
Shelby Regional was one of a number of hospitals owned and operated by Tariq Mahmood, M.D. of Cedar Hell, Texas. Mahmood was indicted by a federal grand jury and charged with conspiracy to commit healthcare fraud and seven counts of healthcare fraud. April 14th, Mahmood was sentenced to 135 months in federal prison and ordered to pay restitution to CMS, Texas Department of Health and Human Services, and Blue Cross Blue Shield of nearly $100,000. In total, the hospitals that Mohmood owned were paid more than $16 million dollars.
A Justice Department spokeswomen stated that the $4.5 million dollar restitution, which White was ordered to pay represents the EHR incentive money that Shelby Regional received under false attestation, as well as EHR incentive money that the other hospitals owned by Mahmood received. White was also CFO of those other hospitals that received incentive money. Although White did not personally receive money, the spokeswomen stated, “Restitution is mandatory pursuant to the Mandatory Victim Restitution Act of 1996.” “ Notwithstanding any other provision of law, when sentencing a defendant convicted of an offense described in subsection (c), the court shall order, in addition to..any other penalty authorized by law, that the defendant make restitution to the victim of the offence” 18 USC 3663A (a) (1).
That brings me back to my question, what do ICD 10 have in common with HIPAA and Meaningful Use? MONEY!
Judith Lindsay, owner of JAL Consulting & Associates tackles all the elements of the HIPAA compliance puzzle, successfully assisting organizations to make sense of it all. Judith uses a holistic approach by providing guidance on which policies, procedures and processes are needed for any size or complex organization. Judith's blogs can be found weekly at her Linkinedin account and is available for speaking engagements related to the world of compliance. Connect on Twitter or Linkedin.
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.