Compliance

Are HIPAA Changes Coming?

On December 14, 2018, the Office for Civil Rights (OCR) issued a Request for Information (RFI). They are considering making changes to some of the HIPAA regulations. Earlier this year at the HIMSS (Healthcare Information and Management Systems Society) meeting, Roger Severino, the head of the Office for Civil Rights (OCR) gave a presentation in which he outlined some possible changes to the HIPAA regulations. This RFI is the first step.

Dual Medicare-Medicaid Billing Problems

It is important to keep in mind that Medicaid is run at a state level so there can be some differences when it comes to coverage. However, the rules regarding balance billing of covered services is set at the federal level. The law states (emphasis added):

PSAVE Pilot Program - What Does it Mean to You?

Noridian, the Jurisdiction F Medicare Administrative Contractor (MAC), recently announced that they will be extending their pilot program: Provider Self-Audit with Validation and Extrapolation (PSAVE). Whenever a program is extended, that means that it has been successful for the payer, which likely means that they are saving money. It doesn’t state precisely HOW they are saving money. Historically, when a pilot program is proven to be successful, it isn’t too long before other MACs follow. Before signing up to participate, providers need to carefully evaluate the program.

Two recent reports should make providers stop, take notice and make sure their practice's policies and procedures are up-to-date.

How to Properly Report Prolonged Evaluation and Management Services

Have you ever had a patient take more time with the provider than they were scheduled for? Do you understand which codes to report and the rules that govern them to allow for better reimbursement?

HIPAA and the Opioid Crisis

In response to the opioid crisis, the Trump administration and the Department of Health and Human Services (HHS) have issued additional information relevant to both providers and patients. A December 18, 2017 press release included the following highlights of these actions:

Healthcare providers must be vigilant in ensuring that software upgrades, also known as patches, are kept current. Failure to do so can lead to a HIPAA Security Breach with all its associated penalties. For example Windows XP no longer has security updates and should not be used in healthcare settings.

On January 17, 2018, the OCR released another known problem with the chips on some computers. The notice stated:

Healthcare and Public Health Sector partners-

60 Day Final Rule

Effective March 14, 2016, the CMS Final Rule regarding the reporting of overpayments took effect. This ruling clarifies the standards that have been unclear for years since the the PPACA created what is called the "60-day rule." The problem has been the unclear standards on what it means to "identify" an overpayment and when the 60 day clock begins running.

Now, the 60-day rule requires anyone who has received an overpayment from either Medicare or Medicaid to report and return the overpayment within the latter of:

It is important for providers to understand the critical nature of the Business Associate Agreement (BAA). Far too many healthcare providers are neglecting this component of HIPAA, which can be a costly mistake. For years providers have been warned that if they are a HIPAA Covered Entity (CE) they MUST have properly executed BAAs for all their business associates. Failure to do so could cost millions. Penalties begin at $50,000 per violation with a maximum of $1.5 million per year for repeats of the same violation.

NAMAS Weekly Auditing and Compliance Tips

Pages

Subscribe to RSS - Compliance