Is Your Credit Card Terminal PCI HIPAA Compliant?


World Pay is a company that I have come across that has some really good educational information for clients and perspective clients on Payment Care Industry or PCI Compliance.  HIPAA extends to protect the financial information of clients.  It is important that you have policies regarding your PCI practices or accepting and processing credit card payments.  If your credit card processing company helping you?  Is your credit card terminal PCI Compliant, feel free to check the lists for WPVeriFone EOL Products and WPHypercom T7Plus End of Life that have reached”End of Life” or are no longer compliant.

A company can be out of PCI compliance in two ways 1) the terminal they use does not meet criteria and 2) through processes of gathering, transmitting and storing data.

Let me tell you what impressed me about World Pay.  They have a terminal that is end to end encrypted to protect financial data.  This company has a tremendous about of education materials on this topic. There fee of $14.99/month of PCI compliance includes 24/7 customer service, guidance to get your policies and procedures in place, a third party vendor to provide PCI Accreditation and Certification for that process only, and $30K of indemnity coverage when using their standard terminal or $100K indemnity coverage if your are using their end to end encrypted terminal, they help with negotiations with visa, master card, etc., if their is a breach.  Additional medical audit and HIPAA breach defense coverage may be obtained through Jim Patterson at Agape Insurance

It is important that you ensure your credit card processing machine and process is HIPAA compliant.  Educate yourself and make an informed decision.  I have included links to PCI websites for further explanation of PCI Compliance.

What will you need to have a free PCI Compliance review provided?

1.  Your Credit Card Statement; Does your statement say “non-validation of PCI” with a fee?

2.  Name/Model# of the Terminal(s) being used

3.  Do you have policies and procedures for use, storage and transmission?

4.  Mention this blog from Medical Auditing Solutions

How do you get this complimentary PCI Compliance Review?

Have the information above available and Contact Martin Anderson with World Pay at *martin.anderson@worldpay.us*

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Advertisements

Senate Finance Committee Seeks Feedback on Fighting Fraud & Abuse as They Look at ZPICs


Reposted from email blast received May 2, 2012.
FOR IMMEDIATE RELEASE
May 2, 2012
CONTACT:  Julia Lawless/Antonia Ferrier (Hatch)              (202) 224-4515
                            Communications Office (Baucus)                          (202) 224-4515 

HATCH, BAUCUS LEAD FINANCE COMMITTEE MEMBERS IN BIPARTISAN EFFORT TO COMBAT WASTE, FRAUD, & ABUSE IN
MEDICARE & MEDICAID PROGRAMS
In an open letter to members of the health care community Senators write, “Drawing on the collective wisdom and accumulated insights of thousands of professionals and individual experiences could offer a fresh perspective and potentially identify solutions that may have been overlooked or underutilized.”


WASHINGTON – Today, six members of the Senate Finance Committee, led by Ranking Member Orrin Hatch (R-Utah) and Chairman Max Baucus (D-Mont.), announced a bipartisan effort to begin soliciting ideas from interested stakeholders in the health care community regarding effective solutions to improve federal efforts to combat waste, fraud, and abuse in the Medicare and Medicaid programs. Joining Hatch and Baucus in the effort are:  Senators Tom Coburn (R-Okla.), Ron Wyden (D-Ore.), Chuck Grassley (R-Iowa), and Tom Carper (D-Del.).

In an open letter to members of the health care community, the Senators wrote, “We believe federal efforts would be strengthened by input from members across the health care community – providers, payers, health plans, contractors, non-profit entities, consumers, data analytics entities, governmental partners, and patients. Drawing on the collective wisdom and accumulated insights of thousands of professionals and individual experiences could offer a fresh perspective and potentially identify solutions that may have been overlooked or underutilized.”

This week, the lawmakers invited interested stakeholders to submit white papers offering recommendations and innovative solutions to improve program integrity efforts, strengthen payment reforms, and enhance fraud and abuse enforcement efforts. Submissions are due by June 29, 2012. A summary document highlighting key proposals will be compiled and released later this year.

The Senate Finance Committee has jurisdiction over the Medicare and Medicaid programs.

To view a signed copy of the letter click HERE.

Below is the full text of the letter:

May 2, 2012

To Members of the Health Care Community:

According to the Government Accountability Office (GAO), few programs are as much at risk for fraud, waste and abuse as the Medicare and Medicaid programs.  Estimates of the amount of fraud and misspending in these programs vary widely, from $20 billion to as much as $100 billion. Just this week, testimony before the Senate Finance Committee underscored the seriousness of this problem, as witnesses testified that while much has been accomplished in the fight against fraud and abuse, much more needs to be done.  As Senators and members of the Finance Committee, we have a duty to ensure that taxpayer funds are being spent wisely.

Combating fraud in Medicare and Medicaid has long been a challenge for the Centers for Medicare & Medicaid Services (CMS), the Department of Health and Human Services Inspector General (HHS OIG) and the Department of Justice (DOJ).  To date, numerous efforts have been made to reduce fraud, yielding a mixed record of successes and failures.  We believe federal efforts would be strengthened by input from members across the health care community – providers, payers, health plans, contractors, non-profit entities, consumers, data analytics entities, governmental partners, and patients. Drawing on the collective wisdom and accumulated insights of thousands of professionals and individual experiences could offer a fresh perspective and potentially identify solutions that may have been overlooked or underutilized.

Today we are announcing an effort to solicit ideas from all interested stakeholders in the health care community, regarding solutions and suggestions for how to better prevent and combat the multi-billion dollar problem of waste, fraud and abuse in the Medicare and Medicaid programs.  We invite you to submit white papers offering your best ideas, built on years of experience and insight.  We want to know what areas you see for improvement in current program integrity efforts, as well as additional solutions that we should consider. Working together, we hope to identify innovative solutions that will provide taxpayers with a better return on the investments being made to combat the overpayments in these federal health care programs.

Below are the general categories in which we seek input, though some recommendations may include multiple categories:

&#61623      Program Integrity Reforms to Protect Beneficiaries and Prevent Fraud and Abuse

&#61623      Payment Integrity Reforms to Ensure Accuracy, Efficiency and Value

&#61623      Fraud and Abuse Enforcement Reforms to Ensure Tougher Penalties Against Those Who Commit Fraud

 

Entities interested in submitting white papers should email a PDF or Microsoft Word document to ProgramIntegrityWhitePapers@finance.senate.gov by June 29, 2012.  Submissions should include summary information about the entity or individual submitting a white paper, as well as phone and email contact information. White papers should be as succinct and concrete as possible.  When possible, please include cost-benefit or potential savings information.  Our staff will review submissions and compile a summary document highlighting key proposals later this year.

We appreciate your submission of thoughtful and constructive solutions, as we work to conduct targeted oversight to improve federal efforts to reduce fraud and abuse in Medicare and Medicaid. Together, we believe we can improve program integrity and be better stewards of taxpayer dollars.

Sincerely,

BAUCUS
HATCH
COBURN
WYDEN
GRASSLEY
CARPER

###

OIG Work Plan 2012


I participated in a call on Thursday January 19, 2012, on the OIG Work Plan for 2012.  Please reference the link for the full OIG Work Plan spelled out by provider type.  Many items on the Work Plan never change but there were a few points I felt important to draw your attention to for risk management purposes.  Here are a few notes I made because I think the audit risk is high since the result can be subjective:

1.  Outpatient Observation Billing

2.  Critical Access Hospitals:

A.  Distance to nearest, non-critical access hospital

B.  Herceptin and other Chemo Drug quantity

3.  Hospice because 82% of patients do not meet criteria to be admitted to hospice.

4.  Incident to Services by non-qualified personnel.  Even Blue Cross and Blue Shield is recouping and extrapolating on commercial claims for mid-level practitioner billing.  Make sure modifier is used when appropriate and the mid-level meets the licensing requirements to provide the services billed.

5.  Off Label Prescriptions.  Physicians ordering a drug that is approved for Diagnosis A but the drug is used for diagnosis B.

6.  Home Health-but not specific because they are going to review 2010 billing before they decide.

7.  Dialysis and ESRD Drug costs.  What is the drug cost to the provider versus the reimbursement.

8.  Contracts providers have with other providers/facilities.  Make sure you have a health care attorney to review the contract before executing because the health care attorneys are familiar with the Stark and Anti-Kickback provisions which typically the corporate business attorney does not have to consider.

9.  Checking employees, vendors, and providers against Sanction Databases MONTHLY.  You may find the federal links on my website.  The states have their own links.

10.  NY Medicaid reduced the annual revenues to $500K in Medicaid/Medicaid HMO/Managed Care Organizations (MCO) funds for compliance program requirement.

11.  Compliance Program Requirement under Federal Deficit Reduction Act that required all healthcare providers to have a compliance program in place by 2007 if their annual collected revenue of State reimbursement was $5M or more.  This would include Medicaid and respective Medicaid HMO or MCO.

12.  As of 2013 a healthcare compliance program is required for all providers billing Federal or State plans no matter what the annual billing revenue may be.  This would include dental practices because they bill Medicaid!

13.  Overpayments must be disclosed and refunded within 60 days of identification that it is an overpayment.  Failure to refund this money can result in “False Claims” charges and penalties.  Ensure you have someone that is accountable for working your credit balance reports monthly.  Keep documentation of these reviews and refunds issued as a result in a manner that can easily be explained and found.

The OIG Work Plan can be used to determine risk analysis, structure audit plans, and determine growth opportunities.

Do you have a Healthcare Compliance Program?

Do you review the OIG Work Plan Annually?

What else do you review to determine your audit plan?

We can help you analyze the status of your healthcare compliance program and ensure you have focused on the correct risks for your business model.  We are the compliance expert with a vast history and a cost effective way to ensure your compliance program is operating and managing your risk.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Medtrade-Atlanta Want to Shake Your Hand


Medtrade will be here in just a few short weeks.  I would like to meet the health care providers attending.  I am taking appointments now.  This is a tough time for health care providers and I would like to take the opportunity to shake your hand and pat you on the back for all your hard work to make a difference in this industry.

I speak on Thursday, November 18, 8:30am on Got Your KX? Get Cash.  This is a may audit issue.  We will discuss how to safe guard your business.  You can still register to attend now at Medtrade.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Date of Death Audits for DME & Inpatient Facilities


Beware, this is just one region that has published the date of death audit for DME and inpatient facilities such as rehab, hospital, LTC, SNF facilities.  This audit is done periodically and most suppliers are hit with a few thousand to upwards of $20K in overpayment refund requests.  Be prepared with a reserve of cash based on the size of your business.  At a minimum, I would suggest a set back of $5K even if you are outside of Region A.  Region A tends to publish this type of information earlier than other areas. These audits typically take place about every three years which is why the dollar amounts are so high.

We all know that payment after date of death will never be paid; however accidents will happen.  Ensure your billing staff doesn’t just “resubmit” claims without working the denial, this can cause a fraud audit even if you are not getting paid!  Likewise, if payment does occur it is usually less than 90 days from date of death when family fail to contact suppliers because they think the equipment belongs to the patient.  It could be a pick up ticket was not entered or a facility span date was not stopped at date of death instead of the full episode.  Note these are being audited by the RAC!

Republished:
NHIC, Corp.
DME MAC A ListServe
For Immediate Release
August 12, 2010

CMS Approved Audit Issues Posted for Region A Recovery Audit Contractor

DCS, the Medicare Recovery Audit Contractor (RAC) for Region A, recently posted new CMS approved audit issues for RAC review.

The new CMS approved audit issues are listed below and apply to the states of Connecticut, Delaware, District of Columbia, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island and Vermont.

* Date of Death – DME
* Date of Death – Inpatient

See the CMS approved audit issues at DCS’ RAC website: http://www.DCSRAC.com for more information.

Region A includes the states of Connecticut, Delaware, District of Columbia, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island and Vermont.

Medtrade Spring 2010 – Vegas


The HME & Pharmacy industry has been hit hard the last couple of years with reimbursement cuts, competitive bidding and much more.  The big focus on Medtrade Vegas 2010 is to help the suppliers be proactive and more efficient with their business.  Medical Auditing Solutions will be there to meet with clients and vendors as well to be an active participant in these solutions.

Angela Miller will be speaking Wednesday, May 12,  at 9:15am on “Developing a Risk Protocol for Auditing.”  This program will discuss how to identify the risk model(s) for your business.  Every business will have a different risk model.  The program will review areas for auditing the risk model.   This program will be a tool to help you develop your audit plan.

We look forward to speaking with you.  If you miss the session and would like to schedule a meeting with Ms. Miller, you may contact her by email (angela@medicalauditingsolutions.com) or by mobile (409.673.7103).  No sales calls will be accepted.  This is a time for our clients.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

What’s New with HITECH HIPAA Rules?


Are you wandering what in the heck is HITECH and how this impacts your business?  Let’s do a very simple review of the increased accountability and higher penalties.  All existing HIPAA requirements are unchanged; however, if you have not effectively implemented HIPAA policies, training, compliance auditing, and security within your office it is crucial to get busy.  The penalties are as substantial as with penalties associated with billing non-compliance.

With the new HITECH requirements:

  1. The privacy and security requirements and penalties extend to the business associates,
  2. Establish a mandatory reporting requirement for any breach by covered entities and business associates of unencrypted data,
  3. Creates new privacy requirements for covered entities and the business associates which include accounting requirements for the electronic health records, restrictions on marketing and fundraising activities, and others,
  4. Creates new criminal and civil penalties for non-compliance which are substantially more than in the past,
  5. Establishes a federal audit protocol to ensure compliance, it is no longer complaint driven audits.

This means you need to cover your back-side through a proactive HIPAA security & privacy audit.  It will be much cheaper to pay a little up front for protection than be hit with the outrageous penalties plus face criminal and/or civil action.  I have included a short check list for the basics:

  1. Do you have Privacy Notice of Uses and obtain a Signed Acknowledgement for them?
  2. Do you obtain a Authorization to Release information to spouses or any other party prior to sharing information?
  3. Does each employee have a unique username and password to the EMR or billing system?
  4. If you have a patient portal, how often do you require them to change their username and password?
  5. Are patient files stored in a locked file cabinet or locked room at the end of the day?
  6. Do you obtain business associate agreements for vendors that work with your company?
  7. Do you have annual HIPAA training?
  8. Do you have an annual security audit for all systems access and back-end IT fields?
  9. Do you have annual privacy compliance audits, which is more patient “chart” related?
  10. Are all your programs and network encrypted with the latest or highest encryption possible?

This is a short list of areas for HIPAA Compliance but is not all inclusive.  If you have answered no to any of the above questions, it is very important that you improve those areas to prevent costly penalties.   The penalties associated with unauthorized disclosures or breaches of information can be as severe as penalties associated with false/erroneous billing.  We can help you get in compliance.  You may be doing some of these things but don’t have the policies to back it up.  It is important as with any compliance program to have written policies and procedures, implement the program, have on going training, periodic audits to test policies, and options for reporting potential violations or concerns.  All of these actions will show best efforts and mitigate exposure becoming criminal and/or penalties that may be associated with any breach.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back end collections. You can visit our website at Medical Auditing Solutions LLC.