Key Flaws with CCHIT Criteria

In reviewing the criteria required for Certification Commission for Health Information Technology (CCHIT) credentialing, the American Academy of Professional Coders (AAPC) uncovered multiple areas for concern. Many of the CCHIT requirements conflict with federal mandates for correct coding or with what AAPC promotes as appropriate coding principals. 

The following is a catalog of some of CCHIT’s principal flaws, quoting (in italics) CCHIT source documents followed by a discussion of the problem each specific criterion creates, and proposed solutions to these problems. The flaws are:

Flaw #1: IGNORES CODING RULES

CCHIT requires codes be provided, but it does not require rules-driven coding. The physician can select any code he or she chooses, without consideration of guidelines or compliance issues.

Manage problem list: Create and maintain patient specific problem lists.

(Original line 234 in Phase 1 CCHIT Ambulatory Functionality source document)

7. The system shall provide the ability to associate orders, medications and notes with one or more problems; association to be structured, codified data.

8. The system shall provide the ability to maintain a coded list of problems.

For example: ICD-9-CM, ICD-10-CM, SNOMED-CT, DSM-IV-TR. The Functionality WG will not specify which code set(s) are to be employed.

If physicians are selecting codes in their electronic medical records (EMRs), they are doing so using pick lists that are a subset of the full code sets (which totals more than 28,000 codes). EMR pick lists are not in compliance with coding standards as outlined by the Office of Inspector General (OIG) (OIG Compliance Program for Individual and Small Group Physician Practices, published in the Federal Register, Volume 65, No. 194, Oct. 5, 2000, page 59439).

According to OIG’s recommendations, all coding should follow “the official coding guidelines are promulgated by HCFA, the National Center for Health Statistics, the American Hospital Association, the American Medical Association, and the American Health Information Management Association. See International Classification of Diseases, 9th Edition, Clinical Modification (ICD- 9-CM) (and its successors); 198 Health Care Financing Administration Common Procedure Coding System (HCPCS) (and its successors); and Physicians’ CPT. In addition, there are specialized coding systems for specific segments of the health care industry.”

The complex guidelines within CPT®, ICD-9-CM, and HCPCS Level II are not available in pick-lists or cheat sheets, and this practice leads to coding errors. The Obama administration is calling for wholesale adoption of EMRs within six years.

At the same time, the Centers for Medicare & Medicaid Services (CMS) is targeting EMRs in its compliance audits. Medicare Compliance Alert, on May 29, 2006,( Medicare Compliance Alert, Vol. 18, No.11).

1. “CMS, auditors target E/M documentation software,” May 29, 2006, Elizabeth Crawford, editor.) warned that “On a page obtained by Medicare Compliance Alert from an internal National Medicare Fraud Alert, CMS notifies state and federal government law enforcement agencies about the ‘use of medical documentation software programs in a manner that results in the upcoding of office evaluation and management services.'” The 2009 OIG Workplan also targets E/M reporting rules containing nuances that are difficult for EMRs to query and for physicians to apply consistently.

AAPC recommends codes be omitted from EMR credentialing requirements. Automated coding is an EMR vendor sales point that has failed to deliver quality in the marketplace. Instead, focus EMR credentials on pertinent issues of portability, interoperability, security, privacy, and clinical quality. As part of the interoperability requirement, require EMRs to be able to dovetail with software systems that specialize in coding. For the physician who has time to code, this could be a software system with complex and complete code lookup capabilities. For the physician who doesn’t code, it allows the EMR to link to the next generation of coding, which may be computer-assisted coding (CAC) software or some other software. These systems would be purchased separately as adjunct to EMRs because coding software requires expertise and evolving knowledge bases too complex to include in the base EMR requirements. Selected codes should always be audited by professional coders before the claims are filed, as clinicians don’t have the time or resources to keep abreast of all the coding rules.

Flaw #2: PROMULGATES BAD DATA.

CCHIT encourages the use of pick-lists for code selection, which won’t provide effective data.

Manage clinical documents and notes: Create, correct, authenticate, and close, as needed, transcribed or directly entered clinical documentation.

(Original line 54 in Phase 1 CCHIT Ambulatory Functionality source document)

18. The system shall provide the ability to associate standard codes with discrete data elements in a note.

Examples include  SNOMED-CT, ICD-9 CM, ICD-10 CM, DSM-IV, CPT-4, MEDCIN, and LOINC. This would allow symptoms to be associated with SNOMED terms, labs with LOINC codes, etc. The code associated with a note would remain static even if the code is updated in the future.

There are more than 28,000 valid medical codes within ICD-9-CM, CPT®, and HCPCS Level II. Including all appropriate codes in pull-down menus or pick lists is sometimes easy, but getting to those codes may be complex. For example, there are only three joint injection codes in CPT®: one for the major, one for intermediate, and one for minor joints. This makes for an easy pick-list for physicians. However, the diagnostic codes that map to these three CPT® codes number in the hundreds, in part because the symptoms/disorders that would require an injection are many, and in part because each joint is enumerated with a code (i.e., 719.01 effusion of shoulder joint; 719.05 effusion of joint; pelvic region and thigh).

It’s difficult to get all the appropriate codes winnowed into a manageable list. In the past 20 years, what has emerged as a workaround for lengthy pick-lists is a trend toward nonspecific codes (i.e., 719.00  effusion of joint, site unspecified or 719.08 effusion of joint, other specified sites) instead of the more specific codes.

CMS has long recommended against using “cheat sheets” or pick lists for coding (See Lessons for All Coders, TriSpan Health Services).

This is partly because short lists don’t provide the coding guidance found within code books, but primarily because a truncated list does not promote specificity in coding. The ICD-9-CM Coding Guidelines tell us, “Unspecified codes are for use when the information in the medical record is insufficient to assign a more specific code.” Yet EMRs regularly use nonspecific codes on pick-lists for physicians who know, in most cases, exactly what is wrong with the patient.

CMS wants specificity in coding because medical codes are used to shape payments and policies, and because they contribute to the study of outcomes that advance evidence based medicine. CMS cites specificity as a major reason to implement ICD-10-CM and ICD-10-PCS, new coding systems that greatly expand the detail provided in coding. The Final Rule for ICD-10, published in the Federal Register (Vol. 74, No. 11, Friday, Jan. 16) states, “We anticipate that the use of ICD-10-CM, with its greater detail and granularity, will greatly enhance our capability to measure quality outcomes…. The greater detail and granularity of ICD-10-CM and ICD-10-PCS will also provide more precision for claims-based, value-based purchasing initiatives.” This can only occur if the data provided in the codified medical record is as specific as possible. If pick lists continue to promote “dump codes,” the United States will not see the financial or clinical benefits outlined in the final rule.

AAPC recommends again that codes be omitted from EMR credentialing requirements. Instead, focus EMR credentials on pertinent issues of portability, interoperability, security, privacy, and clinical quality. As part of the interoperability requirement, require EMRs to dovetail with software systems that specialize in coding.

Flaw #3: GENERATES FRAUDULENT CPT® CODING.

CCHIT auto-selects elements of E/M coding without consideration of MDM.

Rules-driven financial and administrative coding assistance: Provide financial and administrative coding assistance based on the structured data available in the encounter documentation.

(Original line 234 in Phase 1 CCHIT Ambulatory Functionality source document)

1. The system shall have the ability to provide a list of financial and administrative codes.

For example, ICD-9 CM, ICD-10 CM, and CPT-4 codes.

2. The system shall provide the ability to select an appropriate CPT Evaluation and Management code based on data found in a clinical encounter. May be accomplished via a link to another application.

3. The system shall have the ability to provide assistance in selecting appropriate billing codes based on codified clinical information in the encounter.

Criterion satisfaction will require that the system can automatically count elements in the history and examination documentation to accomplish this calculation. MDM complexity will still require specification by the provider/coder.

Selection of E/M codes requires a complex equation of many elements. Missing from the CCHIT “auto-coding” system is a key element: MDM. While the criteria states that “MDI complexity will still require specification by the provider/coder,” because it is the sole element lacking, its absence will be overlooked. Errors will be made. EMR pick lists are not in compliance with coding standards as outlined by the OIG. If physicians are selecting E/M levels in their EMRs, they are doing so using pick lists that are a subset of the full code sets (which totals more than 100 codes). To require there be codes in the EMR without requiring there be access to a guidelines and instructions sets the stage for noncompliance.

It’s worth noting here that professional coders are constantly honing their skills and working to keep up with the rule changes in coding. Certified coders are required to obtain nearly 20 hours of education every year. Physicians have their own continuing education requirements, but these are spent with clinical issues, as they should be. A half-baked code selection process like the one CCHIT certifies does a disservice to physicians, who depend on the certification to keep them compliant and accurate.

AAPC recommends that the certifying body for EMRs limit its criteria for coding to those areas regarding clinical documentation. Robust clinical documentation will ensure proper coding, whether performed by a physician or computer-assisted coding, and reviewed by a certified professional coder.

Flaw #4: PUTS PHYSICIANS IN HARM’S WAY.

CCHIT inadvertently provides a framework for cloning data that may lead to institutionalized upcoding, putting physicians in harm’s way.

Manage clinical documents and notes: Create, correct, authenticate, and close, as needed, transcribed or directly entered clinical documentation.

(Original line 54 in Phase 1 CCHIT Ambulatory Functionality source document)

21. The system shall provide templates for displaying medical summary data in a structured format.

Examples might include the continuity of care record or the DCA. This requirement does not specify a particular format although many vendors will choose to use the harmonized CCR/CDA/CRS once available.

One of the key components of CCHIT’s criteria is management of patient history, which in addition to being an important component of the clinical picture, is also a factor in determining the level of E/M. Medicare has identified E/M leveling by EMRs as a compliance risk, because information not gathered during the current encounter can be weighted to raise payment for the physician. Pinnacle’s position (PBSI Medicare Services for the state of Arkansas, SEM 090808 published 9/23/2008) is:

With the advent of increasingly popular EMR templates comes an increased risk of noncompliance. Although many positive aspects related to EMRs have been identified, they may also lead to “cloning” of medical records if not properly used. Each E/M service should stand alone. According to the 1997 Documentation Guidelines for E/M Services, “Medical record documentation is required to record pertinent facts, findings, and observations about an individual’s health history….” Medical record cloning will not satisfy that E/M requirement.

The July 2008 article, “Electronic Medical Records May Lead To Decreased Payment,” (Pinnacle Medicare Providers News, page 41) stated:

Medicare Contractors are noting increasing frequency of cloned records. Each E/M service should stand alone. When no documentation differences are noted for several services for one beneficiary or for services for multiple beneficiaries, there may be a question of potential fraud. According to Change Request (CR) 5644, Transmittal 252, “The PSC [Program Safeguard Contractor] shall determine if patterns and/or trends exist in the medical record which may indicate potential fraud, waste or abuse. Examples include, but are not limited to:

  • The medical records tend to have obvious or nearly identical documentation
  • In reviews that cover a sequence of codes (Evaluation & Management codes, therapies, radiology, etc.) there may be evidence of a trend to use the high ends codes more frequently than would be expected….”

Safeguards specific to cloning are not in place in CCHIT credential criteria because, AAPC contends, physician coding experts were not engaged in the criteria development process. As a result, physicians are being held liable for overcharges they didn’t intend, couldn’t predict, and don’t understand.

AAPC again recommends E/M selection be performed by software or by the clinician, and then reviewed by a certified coding professional.

Flaw #5: PROVIDES A LESSON IN MISDIRECTION.

 In today’s hyper-regulatory healthcare environment, compliance is a very important word. And CCHIT is misusing it.

 Clinical decision support system guidelines updates: Receive and validate formatted inbound communications to facilitate updating of clinical decision support system guidelines and associated reference material.

(Original line 244 in Phase 1 CCHIT Ambulatory Functionality source document)

1. The system shall provide the ability to update the clinical content or rules utilized to generate clinical decision support reminders and alerts. Growth charts, CPT-4 codes, drug interactions would be an example. Any method of updating would be acceptable. Content could be third party or customer created.

2. The system shall provide the ability to update clinical decision support guidelines and associated reference material. Any method of updating would be acceptable. Content could be third party or customer created.

The biggest disservice that CCHIT has done for its provider population is to say a certified EMR meets the criteria for “compliance.” For providers today, the word “compliance” is forever linked to coding compliance. But there is no coding compliance in CCHIT certification. As it says above “Any method … is acceptable.” It even suggests the complex updates for coding systems could be “customer created.” The whole issue of coding with CCHIT is laissez-faire: There are no rules provided and no guarantees given.

The OIG Compliance Program for Individual and Small Group Physician Practices lists the following components for compliance:

This compliance program guidance for individual and small group physician practices contains seven components that provide a solid basis upon which a physician practice can create a voluntary compliance program:

  • Conducting internal monitoring and auditing;
  • Implementing compliance and practice standards;
  • Designating a compliance officer or contact;
  • Conducting appropriate training and education;
  • Responding appropriately to detected offenses and developing corrective action;
  • Developing open lines of communication; and
  • Enforcing disciplinary standards through well-publicized guidelines.

All seven points focus on coding and reimbursement. With the advent of Recovery Audit Contractor (RAC) and private payer audits, providers are feeling the pinch of regulatory scrutiny like no other business group. To suggest a word like “compliance” is appropriate to a piece of software that only dabbles in coding gives providers a false sense of confidence.

AAPC recommends that whatever course is taken regarding criteria, the term “certification” is replaced with another less ambiguous term so providers are not misled as to what a system can provide them. Possible replacement terms include sanctioned, recognized, tested, or proven.

2017-code-book-bundles-728x90-01

Latest posts by admin aapc (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *