• ICD 10 is coming quickly. What has your organization done to prepare?

  • What do ICD 10, HIPAA and Meaningful Use have in common? 
    The answer is--they are driven by federal regulatory agencies that could financially cost your organization. 

    ICD 10 is slated to launch October 1, 2015. Is your organization prepared? The Centers of Medicare and Medicaid Services (CMS) recently stated on June 2, of their 875 participating providers and billing companies that submitted claims, eighty eight percent achieved no rejections. Less than one percent were rejected due to invalid ICD 10 codes. The CMS goes on to say that they “strongly encourage practices to contact each of their payer partners to get confirmation on ICD 10 readiness by the October start date”. The numbers CMS is reporting are promising. However, when I read that CMS is strongly encouraging providers to contact the payer partners to ensure that they are ready, I am reminded of historical events. 

    Some of you may not remember the coding changes in the Behavioral Health field a few years back. Many of the payer partners were not ready to accept the new coding, and this resulted in doctors treating patients, month after month, with no reimbursement. Many of the independent doctor lost their practices. They were not prepared. 

    In preparation for the October 1st deadline, I have recommended that all organizations that rely on health insurance reimbursements should prepare by having a safety net to cover the possible short fall of incoming revenue. 

    Analyze your monthly revenues over a minimum of a 90 day period. Mitigate this foreseeable risk to your organization by preparing and having a safety net of cash and an available credit line in place for any cash short falls.

    HIPAA-- I have written about the long arm of HIPAA in previous publications.  The long arm of HIPPA not only reaches the medical related covered entities, health plan providers, health plans and health care clearing houses, but it extends across to those non-medical professions:   CPA’s, law firms, and those that have entered into a Business Associates Agreement. Also, anyone that has access to patient names along with medical records which is considered Protected Health Information (PHI). 

    These professions must incorporate acceptable and reasonable policies and procedures in order to protect the PHI that they have access too. Organizations must comply with many of the Privacy and Security Rules. An example would be performing regular risk assessments, incorporating the required technical requirements, physical safeguards, and workforce classification to ensure the minimum necessary standard, also referred to as “need to know policy”. 

    An organizational culture should be one of compliance, with policies that follow through on the stated protocols. Without a culture of compliance and robust protocols, the fines, sanctions, penalties and loss of brand can cost you millions in dollars. 

    Meaningful Use--Recently it was reported that a former Texas hospital CFO had been sentenced to 23 months in federal prison for submitting false documents. The medical center at which he was employed as the CFO received payments under the HITECH ACT electronic health records financial incentive program. This is also known as meaningful use. White oversaw the implementation of electronic health records (EHR) and was responsible for attesting to the meaningful use of the EHR’s to qualify to receive the HITECH incentive payments totaling $786,000 for Shelby Regional.  

    In addition to his prison term, Joe White, the former CFO, of the now-shuttered Shelby Regional Medical Center in East Texas, was ordered to pay restitution of $4.5 million dollars to the HITECH incentive program. Court documents stated, in order to assist in paying the restitution, White was ordered to liquidate his personal IRA account and an annuity account for a total of $135,000. 

    Shelby Regional was one of a number of hospitals owned and operated by Tariq Mahmood, M.D. of Cedar Hell, Texas. Mahmood was indicted by a federal grand jury and charged with conspiracy to commit healthcare fraud and seven counts of healthcare fraud. April 14th, Mahmood was sentenced to 135 months in federal prison and ordered to pay restitution to CMS, Texas Department of Health and Human Services, and Blue Cross Blue Shield of nearly $100,000. In total, the hospitals that Mohmood owned were paid more than $16 million dollars. 
    A Justice Department spokeswomen stated that the $4.5 million dollar restitution, which White was ordered to pay represents the EHR incentive money that Shelby Regional received under false attestation, as well as EHR incentive money that the other hospitals owned by Mahmood received. White was also CFO of those other hospitals that received incentive money. Although White did not personally receive money, the spokeswomen stated, “Restitution is mandatory pursuant to the Mandatory Victim Restitution Act of 1996.” “ Notwithstanding any other provision of law, when sentencing a defendant convicted of an offense described in subsection (c), the court shall order, in addition to..any other penalty authorized by law, that the defendant make restitution to the victim of the offence”  18 USC 3663A (a) (1). 

    That brings me back to my question, what do ICD 10 have in common with HIPAA and Meaningful Use? 
    Judith Lindsay, owner of JAL Consulting & Associates tackles all the elements of the HIPAA compliance puzzle, successfully assisting organizations to make sense of it all.  Judith uses a holistic approach by providing guidance on which policies, procedures and processes are needed for any size or complex organization.  Judith's blogs can be found weekly at her Linkinedin account and is available for speaking engagements related to the world of compliance.  Connect on Twitter or Linkedin.  

    Protecting you in a million different ways