Health Information Compliance Alert

Published on Thu Jul 05, 2012 PDF

The American Medical Association (AMA) has made no secret of the fact that it is less than enthralled with the proposition of adopting ICD-10 as the new diagnosis coding system. Not only did the AMA's House of Delegates vote last year to repeal ICD-10 (which CMS did not adopt), but the group also applauded the news earlier this year that ICD-10 would be delayed from its original implementation date of 2013.

Now the AMA has taken additional steps to express its disillusionment with ICD-10, announcing on June 19 that its House of Delegates adopted a policy to evaluate ICD-11 as a potential "alternative" to replace ICD-9, an AMA news release noted.

"ICD-10 coding will create unnecessary and significant financial and administrative burdens for physicians," said AMA President-elect Ardis Dee Hoven, MD in a June 19 statement. "It is critical to evaluate alternatives to ICD-9 that will make for a less cumbersome transition for physicians and allow physicians to focus on their primary priority -- patient care. AMA voted today to consider ICD-11 as a possible alternative. The policy also asks the AMA and other stakeholders, such as the Centers for Medicare and Medicaid Services, to examine other options."

CMS has not yet responded to the AMA's news. Keep an eye on these pages for more on this story.

Stolen PHI-Filled Jump Drive Leads to $1.7 Million Settlement

If your employee's car gets robbed, you typically don't expect the crime to cost you millions -- but that's exactly what happened last week when the Alaska Department of Health and Social Services (DHSS) agreed to pay $1.7 million to settle potential HIPAA violations.

Background: A USB hard drive that potentially contained electronic protected health information (ePHI) was stolen from the car of a DHSS employee, after which the Office for Civil Rights found that DHSS "did not have adequate policies and procedures in place to safeguard ePHI," a Department of Health and Human Services news release said. Further investigation revealed that DHSS had not performed a risk analysis or implemented risk management controls, nor had it addressed device encryption.

The DHSS paid the settlement fee and also agreed to a corrective action plan to comply with the HIPAA Security Rule. "Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices," said OCR Director Leon Rodriguez in a June 26 statement. "This is OCR's first HIPAA enforcement action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities."

To read the complete news release, visit www.hhs.gov/news/press/2012pres/06/20120626a.html.

Avoid These Common 5010 Rejection Reasons

You must have met CMS's June 30 deadline for use of the 5010 transaction standard by now. To avoid unnecessary rejections, CMS offers the following tips that will combat the most common problems that the agency has seen so far, according to a May 31 email to practices:

• Include a nine-digit ZIP code. If you're still using the old five-digit ZIP code and ignoring the "plus four" digits that the U.S. Postal Service began using several years ago, you could see claims rejections under 5010. "You should work with your vendor to make sure that your system captures the full nine-digit ZIP," CMS advises.
• Use your physical address. You won't be able to file your claims using a P.O. box number as your "billing provider address" under 5010, so you should be sure to record your physical street address under this field. "You can still use a P.O. box, however, as your address for payments and correspondence from payers, as long as you report this location as a pay-to address," CMS notes.
• Record your NPI. You may have grown accustomed to using your employer's Tax ID number as a primary identifier for the billing provider, but those days are over. "For Version 5010 claims, however, you are only allowed to report an NPI as a primary identifier," the agency clarifies.

New Home Health CAHPS Data Wave Coming In July

If your CAHPS data didn't show up on Home Health Compare in April, it may be there when CMS refreshes the data in July. Referral sources and patients can now look up your Health Consumer Assessment of Healthcare Providers and Systems (HHCAHPS) data online if you are submitting it, but only if you have 12 months' worth, reminded Lori Teichman with the Centers for Medicare & Medicaid Services in the May 23 Open Door Forum for home care providers.

Reminder: Home health agencies must participate in HHCAHPS "for patients served in April 2012 and after to be eligible for the full market basket payment increase for CY2014," CMS explained in a message to providers earlier this year. "Therefore, it is in your agency's best interest to participate in HHCAHPS so that your agency can receive the full annual payment update."

Be sure to independently double-check on the CAHPS website that your approved vendor is submitting your data monthly as agreed, Teichman urged forum listeners. CMS won't hold agencies harmless if their vendors fall down on the job. Ultimately it's the HHA's responsibility to make sure the data is submitted timely.

Home Health Request for Anticipated Payment: Refile RAPs For Claims Booted In Error For PECOS

If you had claims that received reason code 32072 before the PECOS edit was turned off, you'll need to take action on them. That reason code states "FOR HOME HEALTH CLAIMS (32X AND 33X) THE ATTENDING PHYSICIAN ON THE PECOS PHYSICIAN FILE HAS A TERMINATION DATE PRESENT AND IT IS EQUAL TO OR LESS THAN THE CLAIM FROM DATE OF SERVICE."

Home Health & Hospice Medicare Administrative Contractor Palmetto GBA adjusted final claims affected by this problem, but canceled such Request for Anticipated Payment (RAP) claims, it reports on its website. Now agencies need to refile those RAPs, Palmetto directs.

Submit ADR In CDs or DVDs as TIFFs

One Home Health & Hospice MAC wants to make the Additional Development Request (ADR) response process simpler for everyone. "If you send a CD or DVD for medical record or appeal documentation, please send these to us in a TIFF format," says Palmetto GBA. But, "Please don't TIFF each page. One TIFF file per record is acceptable."

You don't have to require a password for your medical record file, Palmetto says. "However, if you do use a password, please ensure that we are able to link the CD with the password," the MAC says on its website.

Another tip: If you send your ADR response on paper, don't staple it, Palmetto instructs. "The staples impede the scanning process. We will not change the order of your submitted documents."