Pain Management Coding Alert
Take Steps, Be Prepared if OCR Comes Calling
PDF
Question: In addition to being the coding lead at our practice, I’m also part of our risk management team. Another team member told me that Health Insurance Portability & Accountability Act (HIPAA) audits are going to focus on risk assessments in 2016. Is this true?
Nevada Subscriber
Answer: The Office for Civil Rights’ (OCR) updated audit protocol will cover a lot more HIPAA regulations than any of the prior protocols. And yes, risk management is certainly a big focus for the Feds in 2016.
OCR — a branch of the Department of Health and Human Services (DHHS) — last updated the protocol in 2012. Back then, the plan didn’t even have an audit inquiry for risk management. The 2016 protocol changes that, according to a blog post by Bob Chaput, CEO and founder of Clearwater Compliance LLC in Florida.
“Not only will the auditors be looking for policies and procedures for a risk management process, but also the details of how risk will be managed, by whom, how often, and documentation of management’s acceptable level of risk,” explained Chaput.
Impact: Overall, the audit processes related to risk management “have become significantly more comprehensive,” Chaput warned. “Now, in addition to looking for the who, what, and how in the policies and procedures, audits will be requesting evidence of management’s involvement in determining an acceptable level of risk, risk-rating registers, and a determination of the sufficiency of security measures put in place for mitigating or remediating identified risks.”
Auditors will also want evidence that you’ve implemented security measures as a result of your risk analysis, and that those measures are sufficient to mitigate or remediate identified risks to an acceptable level according to the risk rating, Chaput said.
Also: Another new audit inquiry for 2016 is assessing “criticality” of specific applications and data with respect to other components of your contingency plan, Chaput stated. Auditors will specifically review your policies and procedures for assessing application and data criticality, and then review the list of critical electronic protected health information (ePHI) applications and the criticality levels you assigned to them.
The protocol provides that the auditors must ensure that the assigned criticality levels “should have been categorized based on importance to business needs or patient care, in order to prioritize for data backup, disaster recovery, and emergency operations plans.”
Pain Management Coding Alert
- News You Can Use:
Be Ready for ICD-10 Changes Coming in October
Feds currently reviewing proposals for ICD-10 updates. While the ICD-10 authors haven’t updated the diagnosis [...] - Clip & Save:
Post These Chronic Migraine Diagnosis Rules Where You'll Need Them
Remind coders what qualifies as ‘chronic.’ Pain management clinics see their share of patients suffering [...] - E/M Coding:
Count ROS Carefully to Arrive at Correct E/M Level
High-level E/Ms might be possible with complete ROS. One of the most important elements of [...] - Reader Question:
Appending QW Indicates Office's Waived Status
Question: Our practice recently received its clinical laboratory improvement amendments (CLIA) waived certification. I’m a little [...] - Reader Question:
Get Specific When Reporting Ankle Pain
Question: A patient presents with pain in the ankle, and the physician performs arthrocentesis without ultrasound. [...] - Reader Question:
More Injections Doesn't Always Mean More Pay
Question: If the physician gives two injections into the (same) knee in two separate locations, one [...] - Reader Question:
Use This Coding Technique for Longer 1-Day Observations
Question: One of our physicians performed an observation service for a Medicare patient that lasted a [...] - Reader Question:
Repel PHI Hackers With Frequent Updates
Question: In the past year, we have had to deal with several Health Insurance Portability & [...] - Reader Question:
Take Steps, Be Prepared if OCR Comes Calling
Question: In addition to being the coding lead at our practice, I’m also part of our [...] - Reader Question:
Use These Tips for Airtight Locum Claims
Question: Our practice recently hired a locum tenens (LT) physician to fill in for a physician [...] - You Be the Coder:
Coding the Second Encounter for a Neck Strain Patient
Question: A patient visits the office for a second time. Notes indicate that the physician performed [...]