Published on:

by

On May 31, 2012, Department of Health and Human Services (HHS) Director of the Office of Civil Rights Leon Rodriguez issued a memo to consumers regarding those consumers’ right to access their protected health information and medical records. In this memo, Rodriguez stressed that it is important for consumers and providers to remember that the Health Insurance Portability and Accountability Act (HIPAA) not only provides protection for personal health information, but also provides consumers with the right to view and obtain copies of health records.

Many providers, when dealing with HIPAA compliance, tend to focus on safeguarding protected health information, but fail to recognize the importance of patient rights including the right to access. Under HIPAA, patients have the right to view their health records from most providers, pharmacies, and health plans. Patients also have the right to obtain copies of those records in the form they choose, be it electronic or on paper, if the provider is able to do so.

Providers can charge patients a reasonable amount for the copies of health records the patient receives, and any cost for mailing the records. This amount is statutorily regulated in most states. It is important to note that a provider cannot charge a fee for searching for and retrieving records, and providers cannot withhold access to records because a patient has not paid for services received.
Continue reading

Published on:

by

The Office of Civil Rights (OCR) announced yesterday that its Health Insurance Portability and Accountability Act (HIPAA) Enforcement Training tools would be available to the general public today, June 5, 2012.

Since 2009, as part of the Health Information Technology for Clinical and Economic Health (HITECH) Act, State Attorneys General (SAGs) were given the authority to bring civil suit for HIPAA violations on behalf of the aggrieved patients. To assist SAGs, the OCR developed a wide range of HIPAA Privacy and Security Rules compliance, enforcement, and training tools.

Included in the materials are computer-based modules, and videos and slides from in-person training sessions covering the following topics:

  • General Introduction to the HIPAA Privacy and Security Rules
  • Analysis of the impact of the HITECH Act on the HIPAA Privacy and Security Rules
  • Investigative techniques for identifying and prosecuting potential violations
  • A review of HIPAA and State Law
  • OCR’s role in enforcing the HIPAA Privacy and Security Rules
  • SAG roles and responsibilities under HIPAA and the HITECH Act
  • Resources for SAG in pursuing alleged HIPAA violations
  • HIPAA Enforcement Support and Results

These materials may be a helpful training tool for health care providers and privacy officers. The materials highlight to whom, what, where, when, and how HIPAA Rules will be enforced and provide basic summaries of the HIPAA Privacy and Security Rule requirements.
Continue reading

Published on:

by

The Centers for Medicare and Medicaid Services (CMS) has announced it will release a national provider Comparative Billing Report addressing Home Oxygen Services. The release is scheduled for June 26, 2012.

The CBRs are produced by Safeguard Services under contract with CMS and will provide comparative data to help show how these individual providers compare to other providers within the same field. These comparative studies are designed to help providers review their coding and billing practices and utilization patterns, and take proactive compliance measures. Providers should view CBRs as a tool, rather than a warning, as a way to aid them in properly complying with Medicare billing rules. It is also important to understand that CBRs do not contain patient or case-specific data, but rather only summary billing information as a method of ensuring privacy.
Continue reading

Published on:

by

On May 29, 2012, Connolly added new approved issues to its Approved Issues List for providers in Region C states. The new approved issues are across five categories and include:

Medical Necessity: Other O.R. Procedure of the Blood & Blood Forming Organs MS-DRG 802, 803, 804 W/MCC, W/CC, w/o CC/MCC CMS Issue Number: C000672012. RACs will review documentation to validate the medical necessity of short stay, uncomplicated admissions. Medicare only pays for inpatient hospital services that are medically necessary for the setting billed and that are coded correctly. Medical documentation will be reviewed to determine that the services were medically necessary and were billed correctly for MS-DRG 802, 803 and 804.

Medical Necessity: Disease and Disorders of the Female Reproductive System MS-DRG 750, w/o CC/MCC CMS Issue Number: C000642012. RACs will review documentation to validate the medical necessity of short stay, uncomplicated admissions. Medicare only pays for inpatient hospital services that are medically necessary for the setting billed and that are coded correctly. Medical documentation will be reviewed to determine that the services were medically necessary and were billed correctly for MS-DRG 750.

Medical Necessity: Diseases and Disorders of the Kidney and Urinary Tract MS-DRG’S 656,659,662,665,671,686,687,709,710 and 711 W/CC, W/MCC, w/o CC/MCC CMS Issue Number: C000622012. RACs will review documentation to validate the medical necessity of short stay, uncomplicated admissions. Medicare only pays for inpatient hospital services that are medically necessary for the setting billed and that are coded correctly. Medical documentation will be reviewed to determine that the services were medically necessary and were billed correctly for MS-DRG’S 656, 659, 662, 665, 671, 686, 687, 709, 710 and 711.

For a full list of Approved Issues in RAC Region C, visit the Connolly website.
Continue reading

Published on:

by

CMS (Centers for Medicare & Medicaid Services) expects to publish Comparative Billing Reports (CBRs) on Evaluation and Management (E/M) Services on June 4, 2012.

Since 2010, CMS, through Safeguard Services (SGS), has produced national comparative billing reports in select fields. These comparative studies are designed to help providers review their coding and billing practices and utilization patterns, and take proactive compliance measures. A CBR outlines the provider’s billing patterns and compares those patterns to other similar entities. Pursuant to Safeguard Services website, E/M services CBRs will be given to providers that meet the following criteria:

  • Filed Medicare Part B final claims with dates of service from January 1 to December 31, 2011;
  • Claims were retrieved from the Integrated Data Repository (IDR) on April 13, 2012;
  • The provider is a specialty primary care provider (General Practice, Family Practice, Internal Medicine, Nurse Practitioner, Multispecialty Clinic or Group Practice, Preventive Medicine, or Physician Assistant);
  • Billed CPT codes 99201, 99202, 99203, 99204, 99205, 99211, 99212, 99213, 99214, and 99215;
  • Place of service was in the office (11);
  • Allowed charges greater than $0; and
  • Provided greater than or equal to 100 total units for the combination of the aforementioned CPT codes.

The sole intent of conducting CBRs is to educate providers as to potential fraud and abuse; they are not punitive. Providers should view CBRs as a tool, rather than a warning, as a way to aid them in properly complying with Medicare billing rules. It is also important to understand that CBRs do not contain patient or case-specific data, but rather only summary billing information as a method of ensuring privacy.

E/M services are specifically targeted because they are susceptible to fraud and abuse. From 2001 to 2010 Medicare payments for E/M Services increased by 48 percent. CMS will publish CBRs that analyze Medicare Part B final claims data from January 1, 2011 through December 31, 2011. Collective trends in the individual CBRs will be published for the nation to inspect.
Continue reading

Published on:

by

On May 10, 2012 the United States Court of Appeals for the Ninth District decided that criminal charges under the Health Insurance Portability and Accountability Act (HIPAA) do not require that an individual have knowledge that their actions are illegal. The case, United States of America v. Zhou, is the first such case to establish that the knowledge requirements of a criminal HIPAA violation apply only to the fact that the information accessed was protected health information, and not that obtaining the information was in violation of HIPAA.

Under the statute, HIPAA provides that a criminal penalty applies to a person who knowingly and in violation of the statute, uses, obtains, or discloses protected health information. Zhou argued that the statute requires knowledge that the information obtained was protected health information, as well as knowledge that obtaining it was illegal. The court rejected the argument and determined that the language of HIPAA is plain. The court found that the word “and” unambiguously indicates that there are two elements of a violation, and that knowingly applies only to obtaining the protected health information, and not to the fact that obtaining the protected health information was illegal.

The statute at issue in the decision is 42 U.S.C §1320d-6a, which reads as follows:

(a) Offense A person who knowingly and in violation of this part–

(1) uses or causes to be used a unique health identifier;

(2) obtains individually identifiable health information relating to an individual; or

(3) discloses individually identifiable health information to another person,
shall be punished as provided in subsection (b) of this section. For purposes of the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320d-9 (b)(3) of this title) and the individual obtained or disclosed such information without authorization.

Penalties for violations of the statute can include fines of up to $250,000, imprisonment for up to 10 years, or both.
Continue reading

Published on:

by

As part of healthcare reform, Section 6401(a) of the Affordable Care Act requires all providers and suppliers who enrolled in the Medicare program prior to March 25, 2011 to revalidate their provider enrollment under the new screening criteria. Providers and suppliers who enrolled after March 25, 2011 do not need to revalidate at this time as they have already been screened.

Medicare Administrative Contractors (MACs) will be sending revalidation notices to individual providers and suppliers between now and March 23, 2015. Providers and suppliers must complete the enrollment forms within 60 days of receiving the request from the MACs. If a provider fails to submit the provider enrollment forms after receiving the request, it may lead to a suspension of the provider’s Medicare billing privileges.

Providers and suppliers may not revalidate their provider enrollment until they have received a revalidation notice from their MAC. The CMS website provides a list of all the providers and suppliers to whom revalidation notices have been sent (See “download” section). The notices are listed according to the month in which the revalidation notice has been sent, and CMS updates these lists on a bimonthly basis. In case a revalidation notice has been sent but never received, every provider is encouraged to check the list to determine whether or not they are currently expected to revalidate. If you are listed, but have not received the request, you should contact your Medicare contractor.
Continue reading

Published on:

by

On May 3, 2012, the Centers for Medicare and Medicaid Services (CMS) announced, via the CMS blog, that CMS will not require data collection by applicable manufacturers and group purchasing organizations under the Physician Payments Sunshine Act (PPSA) before January 1, 2013. The announcement indicates that the final rule will be released later this year and that the additional time will allow CMS to address operational and implementation issues and provide time for organizations to prepare for data submission.

The PPSA was a section of the Affordable Care Act of 2010 intended to provide transparency in requiring reporting of payments or gifts to physicians, and physician ownership and investment interests. The proposed rule implementing the PPSA was released December 19, 2011, and the announced delay is partly a result of the comments received from stakeholders during the 60 day comment period. The final rule was originally scheduled to be released for implementation on January 1, 2012.

The proposed rule requires that applicable manufacturers that sell or distribute a covered drug, device, biological, or medical supply disclose certain payments or other transfers of value to covered recipients. A covered recipient is a physician, other than a physician who is an employee of the applicable manufacturer, or a teaching hospital. The rule also requires the disclosure of payments or transfers of value to the immediate families of covered recipients.
Continue reading

Published on:

by

On April 27, 2012 the Centers for Medicare and Medicaid Services (CMS) published a final rule that states new provider and supplier requirements. The final rule requires all providers and suppliers that qualify for a National Provider Identifier (NPI) to include their NPI on all enrollment applications for Medicare or Medicaid, and on all claims submitted for payment. The rule further states that any claim submitted without the appropriate NPIs will be denied. The final rule also requires that all prescriptions under Medicare Part D include an NPI for the prescribing physician. The rule is intended to help more efficiently and accurately detect fraud, and is estimated to save taxpayers an estimated $1.59 billion over ten years.

In a press release, CMS announced that the rule “ensures that only qualified, identifiable providers and suppliers can order or certify certain medical services, equipment, and supplies for people with Medicare.”

Additionally, the rule also requires that physicians and other professionals who are permitted to order and certify covered items and services for Medicare beneficiaries be enrolled in Medicare. In an effort to further track and monitor claims, Part B items and services ordered or referred by a physician or eligible professional can only be submitted if the physician or eligible professional has an approved enrollment record, or a valid opt out record in the Medicare Provider Enrollment, Chain, and Ownership System (PECOS).

Finally, the rule mandates document retention requirements for providers and suppliers that order and certify items and services for Medicare beneficiaries. Under the final rule providers and suppliers must maintain ordering and referring documentation, including the NPI, received from a physician or eligible non physician practitioner for seven years from the date of service. Further, failure to comply with the documentation retention requirements is reason for revocation.
Continue reading

Published on:

by

From July 2011 to February 2012 the Government Accountability Office (GAO) conducted a performance audit of the Centers for Medicare and Medicaid Services (CMS) efforts to strengthen the screening of providers and suppliers applying to take part in, and currently taking part in, the Medicare and Medicaid programs. On April 10, 2012 the GAO released its report to the Chairman of the Senate Finance Committee.

The purpose of the study was to determine weaknesses in the CMS enrollment procedures that leave the Medicare and Medicaid programs open to fraud and abuse. CMS currently has some procedures in place for screening applicants, and the GAO study reveals that there are planned procedures that will be proposed and implemented in 2012 to further improve the applicant screening process.

The Patient Protection and Affordable Care Act of 2010 (PPACA) provided CMS with increased authority to combat fraud and abuse in Medicare. Under this authority, CMS currently uses front end automated edits to check a provider’s National Provider Identifier to make sure it is active before processing a claim. PPACA also requires providers and suppliers be subject to licensure checks, and gives CMS the authority to require criminal background checks.

The GAO report addresses the extent to which CMS has implemented new provider and supplier enrollment screening procedures since the enactment of PPACA. On February 2, 2011 CMS published a final rule implementing a screening procedure based on a provider or supplier’s risk of fraud, waste, and abuse. These risk categories are limited, moderate, and high. Each risk category comes with varying degrees of application screening. High risk providers and suppliers could undergo unscheduled site visits and fingerprint based criminal background checks.

The report found that there are currently new screening procedures, the implementation of which remain in progress. CMS is in the process of drafting a proposed rule which will extend surety bond requirements for home health agencies, independent diagnostic testing facilities, and potentially outpatient rehabilitation facilities. Currently, surety bonds are only required for DMEPOS suppliers.

CMS is also planning to contract with Federal Bureau of Investigation-approved contractors to handle fingerprinting of providers and suppliers, and do criminal background checks of high risk applicants. CMS expects to have contracts in place for these screening procedures by the end of 2012.

PPACA has a requirement that Medicare providers establish compliance programs that contain core elements of compliance and ethics as established by CMS and the HHS OIG. A compliance program is a set of policies and procedures that a provider organization implements to help it act ethically and within the parameters of the law. CMS is working on developing a compliance program intended to help provider organizations prevent and detect violations of Medicare regulations, but there is no current target date for the implementation of this program.
Continue reading

Contact Information
210 E 3rd St #204
Royal Oak, MI 48067
Phone: 248-544-0888
Fax: 248-544-3111

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please do not include any confidential or sensitive information in a contact form, text message, or voicemail. The contact form sends information by non-encrypted email, which is not secure. Submitting a contact form, sending a text message, making a phone call, or leaving a voicemail does not create an attorney-client relationship.

Copyright © 2016 – 2024, Wachler & Associates, P.C.
JUSTIA Law Firm Blog Design