Not only do providers need to make sure they are providing ABNs appropriately, but they need to use the correct version.  As of January 1, 2012, any ABN forms with a release date of 03/2008 (in the lower left hand corner) are considered invalid with CMS, so if you have any stock piles of these forms, get rid of them.  Make sure that you are using the ABN form with the release date of 03/2011 which became mandatory as of 1/1/12.

Since we have reviewed the basics of the ABN, here are a few tips on the billing process when submitting a claim with an ABN.

• Modifier GZ is used when providers expect Medicare will deny a service or item and they don’t have an ABN signed by the patient.
• All claims with modifier of GZ will be denied automatically & not subject to complex medical review.
• Modifier GA is used when providers expect Medicare will deny a service or item and they do have a signed ABN.
• Failure to report modifier GA could result in your assuming financial responsibility for denied service or item.

If you have any other questions, need additional information on the ABN process, or want to download the newest version of the form, visit the CMS website.

Title VII of this Act was passed to ensure equality in hiring, promotions, transfers, compensation and other employment-related decisions. The provisions of Title VII make it illegal for most employers to engage in the following:

1. Discrimination or segregation in all terms of employment based on race, color, religion, gender or ethnicity. (Please note that several state and local laws have expanded these protected classes to include sexual orientation, marital status and weight.)
2. Classifying employees based on their protected class with the intent to prevent that class from employment opportunities or career progressions. For example, Title VII would protect an employee from being denied a promotion based on being of the Muslim religious faith.
3. Discriminating against any employee because of pregnancy, childbirth, or related conditions.
4. Not providing equal opportunity to participate in training programs which offer opportunities for advancement.
5. Sexual harassment and harassment based on the other protected categories (race, religion, etc.). Tip: Employers should develop a policy prohibiting any form of harassment and should include an internal complaint procedure.
6. Discrimination in compensation practices. Tip: Always base compensation on seniority, merit or performance and ensure that systems are in place that measure the quality and/or quality of work.

Title VII applies to most employers in the United States, and any organization meeting one or more of the criteria listed below is subject to the rules and regulation of the Equal Employment Opportunity Commission (EEOC), which is the agency specifically set up by the government to monitor and administer the Act.

• Most private employers who employ 15 or more persons on their payroll for 20 or more weeks in the current or preceding year;
• Federal, state and local governments;
• Public and private employment agencies when functioning as employers and when referring individuals for employment;
• All educational institutions, public and private;
• Labor unions with 15 or more members;
• Joint (labor-management) committees for apprenticeships and training;

Several exceptions exist in regard to the definition of discrimination, such as:

• Work-related requirements – For example, if a company manufactures and ships an item that weighs 70 pounds, few women may be able to pass this requirement.
• Bona fide occupational qualification (BFOQ) – This is a criterion that is reasonably necessary to carry out the function of the job. For example, excluding males from consideration would be a BFOQ if you were hiring a women’s bathing suit model.  Similarly, filmmakers who hire actors based on race, gender or ethnicity would invoke the BFOQ.
• If your company has a seniority system in place that was not set up to discriminate.

The EEOC has field offices nationwide and individuals who believe they have been discriminated against can file a charge in any field office.

Coming next… The EEOC complaint process.

Using software. Most agencies employ a software program to manage their patients.  This system produces the Plan of Care and may even track staff visits and billing efforts.  Most systems will also allow you to create a list of your personnel file requirements and track expiration dates.  For example, you can probably enter dates for the driver’s license, auto insurance, CPR and professional license.  The key is to be consistent and enter expiration dates for all required aspects of the personnel file.

The next step is to run a report from the software program on a regular basis.  We suggest that you use a four-to six-week window of time, depending on the size of your agency.  Example:  in mid-April, run the report of items expiring in June.  This gives you ample time to contact each staff member and request the updated information.  As items are received, remember to key the new expiration date into your system.  That way, when you run another report – say, two weeks before the end of May – you will only see the items that are not current.  You can contact the staff members once again, with the explanation that they will be removed from active patient care if their materials are not current by end of May. Taking action will help you avoid being cited on an unannounced survey.

Using a manual system. Some agencies’ software programs cannot accommodate this task, or the managers don’t know how to properly use the system.  While you obtain training and bring your system up to date, use a manual process to track expiration dates.  A few suggestions follow, depending on your comfort level and computer skills.

• Use Outlook or another calendar program.  Key document expiration dates using the same four-to-six-week system mentioned above.  Example:  Sally’s CPR expires on June 3^rd.  Enter a calendar reminder for May 1^st and in the body of the reminder, list everyone’s materials that are expiring in June, and which require your follow-up. On May 1^st, when you log into your Outlook, the reminder will pop up and you can begin contacting staff members.  You can set another reminder two weeks before end of the month and depending on your staff load, can enter a final reminder on June 2^nd so that you can remove Sally from patient care at the end of that day.
• Use Excel or other spreadsheet program.  Some agencies enter all the aspects of the personnel file in an Excel spreadsheet, and use a column for expiration dates (Click Link).  You can then sort the columns in date order, again, using the same four-to-six-week schedule mentioned above.

• Use an expanding file.  Office supply stores have expanding files with the months of the year, and others with slots labeled 1 to 31, representing the days of the month.  In a manual system, you would place a notation or a copy of the expiring document in the appropriate slot.  Example:  Sally’s expiring CPR would be filed either in the June tab (if you’re using the monthly tab format) or in the tab labeled with a 3 (if you’re using the daily format because it expires on the third day of the month).
  • If using monthly slots, you will pull everything out that is in the June slot, again, in mid-April, and begin notifying the staff members.  This needs to be a regular task performed on the first business day of the new month.
  • If using 1-31 daily slots, the process is the same but with a twist:  every day, pull out the information filed in that day’s slot.  The challenge is that on the 3^rd, you will pull out materials for January 3^rd, March 3^rd, April 3^rd, etc. so you need to sift through and re-file the materials you don’t need at this time.  The other key is that items will be filed on dates that fall on the weekend or on holidays.  So on Monday, you will need to check the daily slots for Saturday and Sunday’s dates to make sure you don’t miss anything.  This is a much more cumbersome process, so if possible, we suggest you use the computer to simplify your job.

No system will work without consistency so it’s important to set up the process and then make sure your employees are following it.  Computerized systems lend themselves to auditing by the manager.  Simply run a report yourself at any point in the process to make sure no expired items are unattended.

Final point:  Tough love is needed to follow through on expiring documents.  Your staff needs to know without any doubt that you will remove them from patient care if they don’t comply with your requests.  It seldom happens more than once before employees get the message that you are not willing to risk your agency’s license or accreditation on their lack of compliance.

On November 17, 2011, OESS announced that, for a 90-day period, it would not initiate enforcement action against any covered entity that was not compliant with the updated versions of the standards by the January 1, 2012 compliance date. This was referred to as enforcement discretion, and during this period, covered entities were encouraged to complete outstanding implementation activities including software installation, testing and training.

Health plans, clearinghouses, providers, and software vendors have been making steady progress: the Medicare Fee-for-Service (FFS) program is currently reporting successful receipt and processing of over 70 percent of all Part A claims and over 90 percent of all Part B claims in the Version 5010 format. Commercial plans are reporting similar numbers. State Medicaid agencies are showing progress as well, and some have made a full transition to Version 5010.

Covered entities are making similar progress with Version D.0. At the same time, OESS is aware that there are still a number of outstanding issues and challenges impeding full implementation. OESS believes that these remaining issues warrant an extension of enforcement discretion to ensure that all entities can complete the transition. OESS expects that transition statistics will reach 98 percent industry wide by the end of the enforcement discretion period.

Given that OESS will not initiate enforcement actions through June 30, 2012, industry is urged to collaborate more closely on appropriate strategies to resolve remaining problems. OESS is stepping up its existing outreach to include more technical assistance for covered entities. OESS is also partnering with several industry groups as well as Medicare FFS and Medicaid to expand technical assistance opportunities and eliminate remaining barriers. Details will be provided in a separate communication.

The Medicare FFS program will continue to host separate provider calls to address outstanding issues related to Medicare programs and systems. The Medicare Administrative Contractors (MAC) will continue to work closely with clearinghouses, billing vendors, or healthcare providers requiring assistance in submitting and receiving Version 5010 compliant transactions.

The Medicaid program staff at CMS will continue to work with individual States regarding their program readiness. Issues related to implementation problems with the States may be sent to Medicaid5010@cms.hhs.gov.

OESS strongly encourages industry to come together in a collaborative, unified way to identify and resolve all outstanding issues that are impacting full compliance, and looks forward to seeing extensive engagement in the technical assistance initiative to be launched over the next few weeks.

For info or tips on Homecare Billing, contact Imark Consulting, Inc. at888-370-3339 or visit us at www.homehealthbilling.com

Obviously, this problem has ramifications as patients’ conditions can quickly worsen and/or lead to other illnesses – a vicious cycle of expense and disease. The price tag is greater than what we spend treating cancer, diabetes and congestive heart failure combined.

So how do you help patients remember to take their medications? This article summarizes Express Scripts’ new computer program that helps providers predict which patients will be non-compliant. This allows the Pharmacy Benefit Company to identify other resources to help the patients comply with treatment regimens. The results of a recent pilot project aren’t conclusive, but the company is hopeful. During the pilot, the Express Scripts team was able to – for example – put the patient with a medication concern in direct contact with a pharmacist to allay any misgivings.

Finally, patients will be informed of payment assistance programs or other low-cost alternatives. This summer, Express Scripts will begin offering the program to employers and focus on patients with specific illness, such as high blood pressure, high cholesterol, diabetes, asthma and osteoporosis. In addition, with the employer’s permission, the company can call patients with a medication reminder.

Security

Although the Privacy Rule contains some security provisions, and its guidelines cover all types of PHI, the federal government added the HIPAA Security Rule to the existing regulation in 2003.  This area of HIPAA added specific provisions for protecting the confidentiality, integrity and availability of electronic PHI.  Electronic PHI (or ePHI) is defined as individually identifiable health information that exists or is transmitted in electronic form.

Because of the proliferation of electronic mechanisms for receiving, creating, maintaining and transmitting PHI, the need for additional and specific protection is very great.

Where the Privacy Rule appears to be more “black & white” with regard to its specific requirements, the Security Rule is the complete opposite.  The main concept behind the Security Rule is its ‘scalability;’ in other words, Security Rule processes must be adapted to the uniqueness of each organization and cannot have a “one-size-fits-all” approach. A provider that has primarily paper records and very little electronic PHI would implement the Security Rule very differently from a practice with an electronic medical record (EMR) system.  The extent of the information that exists or resides in electronic systems dictates the provider’s activities with regard to security of ePHI.

Many practices have gone on ‘auto-pilot’ when it comes to protecting privacy.  It’s not uncommon to see offices being mindful of the visibility of computer screens and paper medical records.  They are generally careful not to leave PHI face-up in high-traffic areas and actually, some offices have gone a little overboard, removing patient names from files and sign-in systems. (This is unnecessary, by the way.)

The Security Rule, on the other hand, is a living, breathing process that must become second nature to the compliant provider organization.  It would be naïve and dangerous for you to believe that an annual security assessment and a policy book on the shelf are enough to demonstrate compliance with this regulation.  Monitoring security of ePHI and spotting breaches – or issues that could potentially lead to breaches  - in security must be continuous.

Well, that concludes our five-part blog series on the Basics of HIPAA.  By now, we hope you feel more knowledgeable about some of the nuances of this important legislation.  Remember that as a healthcare worker – and as patient yourself – HIPAA offers protection and control of healthcare information and that compliance is a team effort.  If you have any general HIPAA questions or need any clarification, feel free to call our office, or speak with your supervisor.

This article covers several other language issues in greater detail and highlights the need to query the physician in order to select the most correct and specific codes for the encounter.  Using proper codes also affects the integrity of the data which is used worldwide in tackling health concerns and establishing policy.

Protected Health Information

The focus of HIPAA’s Privacy Rule is protected health information.  This is individually identifiable information that has to do with the “past, present or future physical or mental health or condition of an individual.”  The key to PHI, as it’s called, is that it must identify or reasonably identify, the person.  For example, how many identifying characteristics can you think of for health information?  Some include:  the patient’s name, address, social security number and other contact information.  What about employer information?  That’s an identifier.  How about date of birth, medical record number or photograph?  Those are means of identifying a person as well. HIPAA has a list of at least 20 identifiers.

The important thing to remember is that a person has the right to expect privacy of his or her health information.  And don’t forget, PHI can be verbal, too, so it’s especially important to watch what we share about a person’s PHI, with whom and the circumstances in which we share information.

The HIPAA law says we can’t use or disclose PHI except in specific circumstances.  It’s crucial to understand that “using” PHI usually refers to what is done with it inside the practice or organization.  The law is very clear about when you can look at someone’s PHI, and basically, it must be in the course of performing your job responsibilities.

We’ll give you an example:  Suppose you answer the phones for a provider and have no need to access PHI as part of doing your job.  In that case, the law says you should not have access to it.  However, what if you happen to come across PHI that you know you shouldn’t have access to?  The law also says that you will not view the PHI since you know you really don’t have a right to do so.  That part is on the “honor system” as long as the provider has taken the steps to limiting your ability to view PHI.  It’s always a good idea to let your supervisor know of this incident so that revisions can be made to the office policies if necessary.

Disclosing PHI has to do with providing information outside the practice or organization.  The law obviously states that you may disclose PHI for the purposes of treating a person.  For example, if a patient was referred to a cardiologist, and this physician needed a test result, it would be permissible for you to fax the information to the cardiologist’s office, as long as you made sure you were faxing to the correct place.  Other permitted disclosures are outlined in the HIPAA law and are probably included in your organization’s HIPAA policies.

Penalties

As with any law, HIPAA has numerous provisions and standards.  Non-compliance with HIPAA, or any violation of this law, can result in fines and even criminal penalties.

When HIPAA was first implemented, the fine to a Covered Entity was $100 per violation up to $25,000 per year for negligent violation of a single standard.  When President Obama signed the Health Information technology for Economic and Clinical Health (HITECH) Act in 2009, the penalties escalated.

Moreover, HIPAA provides for severe criminal penalties for individuals who knowingly disclose protected health information.  Fines start at $50,000 and can reach up to $250,000, with the added possibility of one to ten years in prison.

In short, HIPAA shouldn’t be taken lightly.  Remember, when in doubt, always check with your practice’s Privacy and/or Information Security Official.  If you don’t know who that person is, ask your supervisor or the practitioner.  Next time, we’ll complete our five-part series on the Basics of HIPAA with a look at the Security Rule that governs electronic health information.

Incentive Payment

The program has two parts:  one is an incentive for participation. For medications prescribed in 2012 using eRx, EPs will receive an incentive payment equal to 0.5% (down from 1% in 2011) of their total Medicare Part B payments for the year.  This incentive will be reflected in the payments received by the EP from January 1 through December 31 of 2013.  Please note that EPs participating in the Medicare EHR incentive program are not eligible for the eRx incentive.

The target for the 2012 payment is at least 25 unique prescribing events when providing a billable Medicare Part B service during 2012.  Electronically generated refills do not count, and faxed prescriptions are not considered electronic submissions. The incentive payment is triggered by the addition of the G8553 code to the service codes submitted on the claim. Finally, it’s advisable for EPs to check their EOBs to ensure the G-code is reflected in the National Claims History (NCH) database.  If CMS does not indicate acceptance of 25 eRx codes, the incentive will not be paid.

Penalties

Some EPs believe that forgoing the incentive ends the eRx conversation for the calendar year.  This is a huge mistake because the second half of this program involves a penalty for non-submission.  For 2012, EPs must submit no less than 10 electronic prescriptions during the first six months of 2012 to avoid a penalty of 1.5% (up from 1% in 2011) to be reflected in all the payments for Medicare Part B services the EP receives from January 1 through December 31 of 2013.   This reduction is reflected on the Medicare allowable amount and will impact co-insurance payments as well.

Once again, checking EOBs is crucial to ensure the G-code is properly captured and reflected in the NCH database.   The deadline to make any changes or resubmissions to correct missing or faulty codes is July 27, 2012.

Some exemptions to the penalty exist for providers who prescribe less than 100 prescriptions in the first six months of the year; rural practices without high-speed internet access; and providers whose state laws prohibit electronic prescriptions or for whom a significant hardship precludes their participation.  The EP will need to submit a hardship exemption to avoid the penalty.

Who governs HIPAA?

The Department of Health & Human Services (DHHS) has delegated to the Center for Medicare and Medicaid Services (CMS) the responsibility of overseeing the electronic transaction portion of HIPAA.

DHHS’s Office of Civil Rights (OCR) is responsible for the privacy rules.

Who must comply with HIPAA?

HIPAA affects health plans, clearinghouses and providers, which are referred to as Covered Entities.  For our intentions here, let’s focus on providers.  HIPAA defines a provider as anyone who provides medical or health services and any other person or organization who “furnishes, bills or is paid for health care services or supplies in the normal course of business.”

The list of entities that are considered providers includes: physicians and physician group practices (which also encompasses physician assistants and nurse practitioners), hospitals, skilled nursing facilities, diagnostic centers, outpatient physical or occupational therapy centers, clinical psychologists and social workers, registered dieticians, and certified nurse midwives.  Keep in mind that there are other provider classifications, such as home health agencies and durable medical equipment companies.  The list is very comprehensive.

However, HIPAA also applies to Business Associates.  A Business Associate (BA) is a person or entity who performs a service or function on behalf of a covered entity and who uses protected health information in the process of performing its function.

Some good examples to clarify this concept include:

• A transcription service.  A transcription service receives information about patients’ health in the course of performing a function or service (transcription) on behalf of the covered entity (the provider).
• A billing agency.  Billing agencies receive health information about patients so they can perform a service (billing) on behalf of a covered entity (a provider).

Since BAs have access to protected health information, they must also uphold the standards of HIPAA and as a Covered Entity, the provider has the responsibility for contractually requiring this.  BAs are expected to follow all of the HIPAA regulations; this is usually outlined in a separate Business Associate agreement between the Covered Entity and the BA or with language in the two parties’ agreement which includes the same stipulations.

While all states have healthcare privacy laws, HIPAA specifically applies to Covered Entities and their Business Associates as described above.  This means that – for example – if a provider organization is still in the stone-age, with paper records and submitting paper claims, HIPAA compliance is not required.  Bet that surprises you, right??  However, many of the HIPAA guidelines make great sense and increase a patient’s sense of privacy so even if a provider doesn’t meet the Covered Entity definition, these rules are still good to follow.

So what exactly is covered under HIPAA?  Tune in on Thursday when we will explain the concept of Protected Health Information and what that means.