Email not displaying correctly? View it in your browser.

Issue #2 - October 17, 2012

Auditing/Compliance Tips and Resources

Define and Act on a Privacy or
Security Breach

By Julie E. Chicoine, Esq., RN, CPC

New federal rules add additional responsibilities and accountabilities affecting those who allow a breach of privacy or security. Knowing these new rules and concepts in case patients' information is released may ease a provider's recovery from the crisis.

The Office of Civil Rights (OCR) generally defines a breach as an impermissible use or disclosure under the Health Insurance Portability and Accountability Act (HIPAA) that compromises the security and privacy of personal health information (PHI) such that the subsequent use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual (see Breach Notification Rule). This definition has not changed; however, the Health Information Technology for Economic and Clinical Health (HITECH) Act adds the notion of willful neglect, defined as willfully disregarding knowledge of a privacy and security violation.

The HIPAA privacy rule imposed general requirements including investigation, mitigation, correction, and notification of privacy breaches under certain circumstances. HITECH amends those requirements to include three levels of reporting for breach that qualifies as a "wrongful use/disclosure" of PHI.

Read more & comment »

Stay Compliant: Documentation Must Support Medical Necessity

Defining the level of care a patient requires while proving medical necessity can be a chore. Here are some tips to help you assure compliance.

Medical necessity determines the type and level of service that should be billed. Because the evaluation and management (E/M) guidelines are complex and subjective, providers may rely on a template so notes are documented the same way each time they see a patient. The problem is that not all patients require the same level of care at every visit. Only services that are required to treat the patient's problem that day should be provided.

Read more & comment »

OIG: The Secret to an Effective
Compliance Plan

By Charla Prillaman, CPCO, CPC, CPC-I, CCC, CEMC,

Changes to the Office of Inspector General's (OIG) Work Plan for 2013 includes reviews of the use of commercial mailboxes, provision of motorized wheelchairs and prosthetics, payments to providers subject to debt collection, and continuous positive airway pressure (CPAP) and diabetes suppliers. Special attention is being paid in 2013 to providers who are enrolling or reenrolling in Medicare, repeatedly submitting claims with errors, and submitting anesthesia claims for personally performed services.

The OIG publishes an annual work plan that identifies compliance and investigative initiatives that are ongoing or are planned for the upcoming year with respect to U.S. Department of Health & Human Services (HHS) programs. The Work Plan for Fiscal Year 2013 (Work Plan) defines the OIG's responsibilities and its mission, which encompasses 300 programs, as this:

"Our organization was created to protect the integrity of HHS programs and operations and the wellbeing of beneficiaries by detecting and preventing fraud, waste, and abuse; identifying opportunities to improve program economy, efficiency, and effectiveness; and holding accountable those who do not meet program requirements or who violate Federal laws."

The OIG's Work Plan is a resource to help you understand which areas in your practice are identified as high risk. If the OIG feels the risk of errors is high enough to place a topic in their Work Plan, you should take heed and add to your compliance plan a process to inspect policies, procedures, coding, and billing in similar scenarios.

Read more & comment »

In This Issue
Privacy/Security Breach Medical Necessity
Compliance Plans

Auditing/Compliance: Tips and Resources is offered as a benefit to AAPC members and we hope you find the information useful. If you'd rather not receive future issues, please log in to your account and change your email preferences.

2233 S Presidents Dr., Suite F | Salt Lake City, UT 84120 | (801) 236-2200

Copyright © 2012 AAPC - All rights reserved.
CPC®, CPC-H®, CPC-P®, CIRCC®, and CPMA® are registered trademarks of AAPC.

CPT® codes Copyright 2012 American Medical Association. All Rights Reserved. CPT® is a trademark of the AMA. No fee schedules, basic units, relative values or related listings are included in CPT®. The AMA assumes no liability for the data contained herein. Applicable FARS/DFARS restrictions apply to government use.