HITECH Compliance & Implementation Tips Happy Hour

Starts:	Wednesday October 27, 2010, 05:30PM CDT
Ends:	Wednesday October 27, 2010, 07:00PM CDT
Event Type:	Conference
Location:	BlackFinn 4440 Beltline Rd Addison, TX  US
Intended for:	Physicians, Office Managers, Information Technology Managers, Privacy Officers, Health Care Attorneys, Owners, Upper Management, Senior Level Management
Industry:	hospital, physician, dental, pharmacy, DME, home health care
RSVP:	kpearson@marjencapital.com or angela@medicalauditingsolutions.com
Organization:	Marjen Technology Group & Medical Auditing Solutions LLC

This event is exclusively for health care providers and health care attorneys due to the content of the program. Please RSVP as seating is limited to 35.

HIPAA HITECH Happy Hour Drink Coupons & Appetizers Provided

We will provide a short presentation on new HITECH HIPAA highlights 6:00pm-6:30pm allowing time for Q&A

Topics:  Meaningful Use, What is Encrypted, and Tips to encryption without breaking the bank

Speakers:   Karen Pearson & Raj Croager Marjen Technology Group

Angela Miller Medical Auditing Solutions LLC

There will be prizes worth showing up for such as a new WatchGuard firewall that protects PHI before it leaves and Consulting Certificates.

MARJEN Technology Group is a privately held technology services company located in Arlington, Texas, bringing over two decades of experience to Dallas/Fort Worth area businesses.  Our mission is to bring enterprise class technology and services, at affordable prices, to small and medium size businesses.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Advertisement

Date of Death Audits for DME & Inpatient Facilities

Beware, this is just one region that has published the date of death audit for DME and inpatient facilities such as rehab, hospital, LTC, SNF facilities.  This audit is done periodically and most suppliers are hit with a few thousand to upwards of $20K in overpayment refund requests.  Be prepared with a reserve of cash based on the size of your business.  At a minimum, I would suggest a set back of $5K even if you are outside of Region A.  Region A tends to publish this type of information earlier than other areas. These audits typically take place about every three years which is why the dollar amounts are so high.

We all know that payment after date of death will never be paid; however accidents will happen.  Ensure your billing staff doesn’t just “resubmit” claims without working the denial, this can cause a fraud audit even if you are not getting paid!  Likewise, if payment does occur it is usually less than 90 days from date of death when family fail to contact suppliers because they think the equipment belongs to the patient.  It could be a pick up ticket was not entered or a facility span date was not stopped at date of death instead of the full episode.  Note these are being audited by the RAC!

Republished:
NHIC, Corp.
DME MAC A ListServe
For Immediate Release
August 12, 2010

CMS Approved Audit Issues Posted for Region A Recovery Audit Contractor

DCS, the Medicare Recovery Audit Contractor (RAC) for Region A, recently posted new CMS approved audit issues for RAC review.

The new CMS approved audit issues are listed below and apply to the states of Connecticut, Delaware, District of Columbia, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island and Vermont.

* Date of Death – DME
* Date of Death – Inpatient

See the CMS approved audit issues at DCS’ RAC website: http://www.DCSRAC.com for more information.

Region A includes the states of Connecticut, Delaware, District of Columbia, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island and Vermont.

15 Minute Thoughts: NP and PA Visits: Can the non-physician provider be billed under the physician?

Reminder for our call TODAY Wednesday

Program your Phone and Calendar:

Date & Time:                                        August 11, 2010,   8:30am-8:45am CST

MAS Conference Call Dial-in#:     218-862-1300

Conference Code:                               622911

MAS Office number:                          972-459-1508

Who should call in?

Any health care provider, Health care business owner or manager, Attorneys, Compliance Officer, Physicians, Non-physician providers, and Office Managers

Topic

NP & PA Visits: Can the non-physician provider be billed under the physician? I  have heard many questions in the last few months about whether a NP, PA, CNS can be billed under the physician’s provider number for any reason.  Can it be done while the non-physician provider is waiting on their only provider number?

Join myself and guest speaker, Edward Vishnevetsky as he provides input on whether non-physician providers can be billed under the physician provider number.  Mr. Vishnevesky is with Thompson & Coe in the Dallas, Texas office.  Edward L. Vishnevetsky has extensive experience in the area of health law and commercial litigation. He routinely argues before state and federal courts in areas of health law, employment law, and complex commercial litigation, and also represents hospitals, physicians, durable medical equipment (DME) providers and manufacturers before various state and federal regulatory agencies. Edward advises health care clients on operational matters, liability exposure, privacy issues, federal and state health care regulatory compliance, health care reimbursement disputes, as well as risk management issues. Edward is fluent in Russian and has conversational knowledge of Spanish.  To read his complete & extensive biography visit Thompson & Coe or Edward Vishnevetsky.

Join the next discussion in one week:

August 18, 2010         Payer Audits Giving “RAC’d” a Whole New Meaning: Tips to Manage Audits

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

HIPAA Privacy Settlement – $1 Million

With all the new enforcement efforts for privacy violations, better read this and take note.  If you are not sure you are HIPAA compliant MAS can provide security as well as chart and process assessment to help you.  This article is so important, I couldn’t find the short link so recopied exact with all Ms. Stamers contact information as well.

Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case As Office of Civil Rights Proposes Tighter HIPAA Privacy & Security Regulations

August 4, 2010 <!–Cynthia Marcotte Stamer–>

Stay Tuned To Solutions Law Press For More Details

One of the nation’s largest drug store chains, Rite Aid Corporation and its 40 affiliated entities (Rite Aid) will pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.  The U.S. Department of Health and Human Services (HHS) Office of Civil Rights announcement of the HIPAA resolution agreement with Rite Aid and the concurrent negotiation of a separate consent order of potential FTC Act violations between Rite Aid and the Federal Trade Commission (FTC) follows HHS’ announcement of proposed changes to its HIPAA Privacy Rules and associated penalties in response to changes enacted under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).  The Rite Aid settlement and the proposed Privacy Rule changes illustrate the growing penalty risks that health care providers, health plans, healthcare clearinghouses and their business associates (Covered Entities) face for violating the Privacy Rules.

Rite Aid Resolution Agreement

The Rite Aid resolution agreements settle charges that Rite Aid failed to appropriately safeguard the privacy of its customers when disposing of identifying information on pill bottle labels and other health information. The settlements apply to all of Rite Aid’s nearly 4,800 retail pharmacies and follow an extensive joint investigation by the HHS Office for Civil Rights (OCR) and the FTC.

OCR opened its investigation of Rite Aid after television media videotaped incidents in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public in a variety of Rite Aid locations in cities across the United States.  OCR and FTC previously settled a similar case involving the national drug store chain CVS in February 2009.

The HIPAA Privacy Rule requires covered entities to safeguard the privacy of patient information and other “protected health information” including during its disposal.  In addition to the detailed requirements for protection and safeguarding of protected health information and electronic protected health information under the Privacy Rules, breach notification rules added to HIPAA under the HITECH Act also generally require that Covered Entities investigate and provide timely notification of breach to patients, OCR and in some cases the media when “unsecured protected heath information” is breached.  Meanwhile, the FTC Act and associated regulations require those retailers and certain other parties receiving personal financial information to comply with certain requirements for the protection and use of that information and to provide certain notifications of their privacy polices for protecting personal financial information.

The joint OCR and the FTC investigations raised concerns that:

• Rite Aid failed to implement adequate policies and procedures to appropriately safeguard patient information during the disposal process;
• Rite Aid failed to adequately train employees on how to dispose of such information properly; and
• Rite Aid did not maintain a sanctions policy for members of its workforce who failed to properly dispose of patient information.

Under the HHS resolution agreement, Rite Aid agreed to pay a $1 million resolution amount to HHS and must implement a strong corrective action program under which Rite Aid agreed to:

• Revise and distribute its policies and procedures regarding disposal of protected health information and sanctioning workers who do not follow them;
• Train workforce members on these new requirements;
• Conduct internal monitoring; and
• Engage a qualified, independent third-party assessor to conduct compliance reviews and render reports to HHS.

In addition, under its FTC consent order, Rite Aid separately agreed to external, independent assessments of its pharmacy stores’ compliance with the FTC consent order.

The HHS corrective action plan will be in place for three years; the FTC order will be in place for 20 years.

Proposed Privacy Rule Changes

The Rite Aid resolution agreement and consent order follows the July 8, 2010 publication by OCR of proposed changes to its existing HIPAA Privacy, Security, and Enforcement Rules in response to amendments enacted under the HITECH Act. Because of the lead time required to implement needed changes in policies, technology and training, Covered Entities need to begin preparations to adjust their health information privacy and data security policies and practices in anticipation of the finalization and implementation of these rules as well as to act quickly to submit their comments about the proposed changes.  .

The more than 220 page Notice of Proposed Rulemaking (NPRM) proposes to revise the existing Standards for Privacy of Individually Identifiable Health Information (Privacy Rule); the Security Standards for the Protection of Electronic Protected Health Information (Security Rule); and the rules pertaining to Compliance and Investigations, Imposition of Civil Money Penalties, and Procedures for Hearings (Enforcement Rule) issued under HIPAA.

The author of this update, attorney Cynthia Marcotte Stamer, has extensive experience advising and assisting health care providers and other health industry clients with HIPAA and other privacy and data security, reimbursement, compliance, public policy, regulatory, staffing, and other operations and risk management matters. Ms. Stamer also is regularly conducts training on HIPAA and other health industry compliance, management and operations matters.  You can get more information about her health industry experience here.  If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872  or via e-mail here.  You may link to her on Plaxo and Linkedin as well where she posts she articles.