Connect Magazine - 2024 Spring Edition

M A G A Z I N E

A Quarterly Publication for the Compliance Community

A Quick Guide to Policy Management

At First Healthcare Compliance, we understand the challenges of navigating policy landscapes Here we share invaluable tips for handling policy management like a seasoned pro.

Managing the Chargemaster: The Fuel of the Revenue Engine

Your chargemaster is the fuel that runs your revenue cycle engine, serving as the basis for your reimbursement and financial success

The First Healthcare Compliance solution is the most comprehensive turnkey solution for addressing your compliance program management needs. It is:

Online. A secure, cloud-based, centralized management system.

Comprehensive. Automates the entire compliance management process from customizing policies and procedures, identifying and assessing risks, to training employees and more. An executive dashboard provides oversight to monitor the compliance needs of your business, network, or healthcare clients.

Access to real-time data and reporting ensures you stay informed and remain in compliance with federal regulations and best practices.

Actionable alerts notify you of emerging risks or issues allowing for timely remediation.

Fully integrated. Includes Document Library, LEIE Employee Screening, Training, and Anonymous Hotline, CME courses, CEU courses/Webinars, Articles, White Papers, and a Compliance Blog.

Well-supported. Live, personalized toll-free support from trained professionals.

Cost-effective. Multiple solutions to select from based on your needs.

Can MRF data be used for comparative benchmarking?

Findings of a recent study underscore why hospital finance leaders should be alert to the limited usefulness for benchmarking of the machinereadable files (MRFs) required under the final rule addressing hospital price transparency

The impetus for the MRF requirement as outlined by the U S Department of Health & Human Services (HHS) in its 2019 hospital price transparency fi nal rule was to enable informed decision-making about healthcare services based on their pricing, thereby helping to drive down the cost of healthcare. Yet signifi cant obstacles continue to block the path to realizing this objective

OBSTACLES TO MRF EFFECTIVENESS

As noted in the sidebar on page 28, HHS has acknowledged limitations in the usefulness of MRFs because of diff erences in data elements among fi les currently being developed. Simply put, hospitals should exercise caution in using these fi les for comparative benchmarking because the current MRF requirements fail to address two essential elements: a standardized methodology fi eld and standard payer and plan naming convention A 2023 study, conducted by Panacea Healthcare Solutions, LLC, examined how the lack of these two elements undermines the comparability of providers’ MRFs

Standardized methodology field. Currently, with respect to any of hundreds if not thousands of HCPCS codes, a provider could have an all-inclusive or bundled negotiated case rate for the single line item Yet other providers may instead have negotiated a per-visit rate that includes the reimbursable costs for all services except those revenue codes or areas covered by separate fee schedules And still other hospitals may simply have negotiated a percentageof-charge method to be used

A Quick Guide to Policy Management

In the intricate web of regulatory requirements and organizational standards, effective policy management is the pillar that keeps healthcare businesses running smoothly At First Healthcare Compliance, we understand the challenges of navigating policy landscapes, and below, we share invaluable tips for handling policy management like a seasoned pro

1

2

CentralizeYourPolicies

One of the first steps towards efficient policy management is centralization Having a centralized repository for all policies ensures that they are easily accessible, updated, and readily available to relevant stakeholders. This not only streamlines the policy review process but also enhances transparency across the organization

RegularAuditsandReviews

Policies are not static documents; they should evolve with the changing regulatory landscape and organizational needs. Conduct regular audits and reviews to ensure that policies remain current, compliant, and aligned with the organization’s strategic goals This proactive approach helps in identifying gaps and addressing issues before they escalate

3 ClearCommunication

Effective policy management goes together with clear communication Ensure that policies are communicated to all relevant stakeholders in a language that is easily understandable Utilize various communication channels such as training sessions, workshops, and accessible documentation to convey the importance and implications of policies

4 AutomateWherePossible

Embrace technology to streamline policy management processes Automation tools can significantly reduce the administrative burden associated with policy creation, distribution, and tracking By automating routine tasks, organizations free up valuable time for staff to focus on strategic aspects of policy compliance

5

TrainingandAwareness Programs

An educated workforce is a compliant workforce Develop comprehensive training programs that provide employees with a deep understanding of organizational policies, the reasons behind them, and the consequences of non-compliance Regular training sessions foster a culture of compliance and accountability

6

Cross-FunctionalCollaboration

Policy management is not the sole responsibility of a single department. Encourage cross-functional collaboration to gather diverse perspectives and insights Involving representatives from different departments ensures that policies are comprehensive, well-balanced, and consider the varied operational aspects of the organization

7 DocumentVersionControl

Maintaining clear version control is vital in policy management Clearly label and date each policy version, and track changes meticulously This ensures that stakeholders are aware of the latest revisions and understand how they impact their roles and responsibilities

8 ResponsivetoChange

Adaptability is key in policy management As the regulatory landscape evolves or the organization undergoes changes, policies must be agile enough to accommodate these shifts Build a framework that allows for timely updates and revisions in response to external and internal changes.

Effective policy management is not just about ticking boxes; it’s about creating a robust framework that safeguards the organization and promotes a culture of compliance By implementing these tips, organizations can navigate the complexities of policy management with confidence, ensuring that policies are not just documents on paper but integral components of a thriving and compliant healthcare business environment

Navigating the HIPAA Security Landscape: A Comprehensive Guide to Security Risk Assessments

Understanding the HIPAA Security Rule

In the ever-evolving world of healthcare, safeguarding patient information is not just a best practice – it’s a legal imperative

The Health Insurance Portability and Accountability Act (HIPAA) sets the stage for securing Protected Health Information (PHI), and at First Healthcare Compliance, we understand the critical role of a HIPAA Security Risk Assessment in achieving this goal Below, we unravel the basics of this essential process.

The HIPAA Security Rule establishes standards for protecting electronic PHI (ePHI) Covered entities and their business associates are mandated to implement safeguards to ensure the confidentiality, integrity, and availability of ePHI. A Security Risk Assessment is the cornerstone of compliance with this rule

Scope Identification

The first step in a Security Risk Assessment is defining the scope Identify all systems, processes, and people that create, receive, maintain, or transmit ePHI This includes electronic devices, networks, and any third-party entities with access to ePHI.

Data Flow Analysis

Map the flow of ePHI within the organization Understand how information is created, received, processed, and stored This analysis forms the basis for identifying potential vulnerabilities and implementing appropriate safeguards.

Threat Identification

Identify potential threats to the confidentiality, integrity, and availability of ePHI These threats can range from cyberattacks and data breaches to physical incidents A thorough understanding of potential risks lays the groundwork for effective risk mitigation.

Vulnerability Assessment

Assess vulnerabilities in the systems and processes that handle ePHI This includes evaluating the effectiveness of security controls, such as access controls, encryption, and audit logs Identify weaknesses that could be exploited by threats.

Risk Analysis and Evaluation

Combine the identified threats and vulnerabilities to perform a risk analysis Evaluate the likelihood and impact of each risk on the confidentiality, integrity, and availability of ePHI. This step allows organizations to prioritize risks based on their potential impact

Risk Mitigation Strategies

Develop and implement risk mitigation strategies to address identified vulnerabilities This may involve implementing additional security controls, updating policies and procedures, or enhancing staff training. The goal is to reduce the likelihood and impact of identified risks

Documentation and Reporting

Thorough documentation is crucial for demonstrating compliance Maintain records of the Security Risk Assessment process, including identified risks, mitigation strategies, and ongoing monitoring efforts Regularly report on the status of security risks to relevant stakeholders

Ongoing Monitoring and Updates

HIPAA compliance is an ongoing commitment

Establish processes for continuous monitoring of security controls, periodic risk reassessment, and updates to the Security Risk Assessment based on changes in the organization’s environment.

Clarification on Three Common HIPAA Misconceptions

Rachel V. Rose, JD, MBA

Despite the Health Insurance Portability and Accountability Act of 1996 (HIPAA) being around since August 1996 and the Final Omnibus Rule being promulgated in the Federal Register on Jan 25, 2013, it never ceases to amaze me when individuals ask me the following questions, often times after receiving inadequate training or wrong advice

So, here goes three common items and the correct responses.

Employee health records fall under HIPAA.

True or False?

False.

While entities have a duty to keep employee health records, whether vaccinations, incidents or doctors notes, secure and respect the privacy and security of the records, employee records that are kept internally do not fall under the HIPAA umbrella Both the Department of Labor (DOL) and the Department of Health and Human Services (HHS) have highlighted this notion Moreover, the Occupational Safety and Health Administration (OSHA) provides a right of access for employees or a personal representative via OSHA Standard No 19101020(a)

If an employee of a covered entity or a business associate's workforce member is treated at or receives prescriptions/products from a covered entity in which they are a workforce member, then another workforce member can view their medical record.

True or False?

False. Without the proper authorization from the employee, absolutely not As June 15, 2023 HHS enforcement action illustrates, snooping in medical records by either a workforce member of a covered entity or a business associate is a HIPAA violation. The action is detailed as follows in an HHS press release

An employer can reach out to an employee's medical provider without authorization. True or False?

False.

See 45 CFR §§ 160103 and 164512(b)(1)(v) An “employer can ask you for a doctor’s note or other health information if they need the information for sick leave, workers’ compensation, wellness programs, or health insurance” The caveat: “If your employer asks your health care provider directly for information about you, your provider cannot give your employer the information without your authorization unless other laws require them to do so.”

Key questions for providers after more than 2 years of the price transparency rule

Evidence amassed from over two years of experience with compliance reinforces why providers need to focus on chargemaster prices and self-pay discount policies and how they can benefi t from analyzing trends in consumers’ price searches

Effective Jan 1, 2021, under CMS’s fi nal outpatient prospective payment system (OPPS) fi nal rule for CY2020, hospitals nationwide were required to publish their negotiated rates, chargemaster prices and drug prices for all items and services in a machine-readable fi le (MrF) and generate a more user-friendly consumer display showing pricing information for 300 shoppable items and services.a Compliance among U.S. hospitals overall proved less than stellar. One study found that fewer than half of hospitals even attempted to comply with the requirements.b Nonetheless, by January 2022, compliant MrFs were available for more than 1,000 hospitals, with about twice that compliance level for consumer displays Moreover, with penalties having been increased 20-fold in 2022, and with more aggressive actions by CMS having been announced

for 2024, it is reasonable to expect that more than 90% of providers will be fully compliant within the year Despite the delays in enforcement and expansion of CMS requirements, many hospitals currently enjoy the advantage of having two complete years of experience with meeting price transparency requirements And they can glean from that experience factual information regarding the following key questions

ARE CONSUMERS USING PRICE ESTIMATION SYSTEMS?

Before CMS published its original final price transparency rule, many providers and payers have questioned the extent to which consumers would use a consumer display or patient estimation system. The answer to this question seems moot, however. In an era when consumers can search and compare prices for hotels, airfare, cars and just about all retail products and services, it seems inevitable that consumers will also shop healthcare rates and prices once they become aware that they can do so

A study conducted by Panacea Healthcare Solutions in 2022 sought to assess consumer use of hospital price estimation systems The study’s sample comprised 50 providers ranging from 25 beds to over 350 beds (including a good representation of teaching and nonteaching hospitals and specialty providers) from more than a dozen states

Looking for the latest compliance insights?

Tune in to 1st Talk Compliance with your host, Grace Walsh, Digital Content Coordinator for Panacea Healthcare Solutions. On this 30minute, informative program, Grace and her guests will discuss the hottest topics, pain points and learning opportunities related to healthcare compliance and revenue integrity

From HIPAA compliance and cybersecurity to keeping up with price transparency regulations and strategic pricing best practices, we’ve got you covered.

Check out our latest episodes

The Importance of Defensible Pricing 2024 E/M Updates: What You Need to Know

Mastering Defensible Pricing in the Era of Price Transparency

TheIncreasingRoleoftheFederalTrade CommissioninthePoachingofPHI Featured

Mitigaterisksproactively

Navigategovernmentdiscoveryrequests

Enhanceyourcomplianceknowledgewithactionablestrategies

Register to Watch Now

NegotiateFavorablePayerRateswith TransparencyData

Understandtheprosandconsofusingpayermachine-readablefiles

Learnhowtoimprovetheusabilityofnegotiatedratesfor‘apples-toapples’comparisons

Pinpointareasofopportunitywherenegotiatedratesarelowerthan yourpeersatthepayer,product/plan,patientclass,andserviceline category

Calculateyournegotiatedratepositioninthemarketandgenerate increasedreimbursementfrompayers

Register to Watch Now

COMINGSOON

WorkplaceCivility:AHarassment-FreeWorkplacevs Employees’RighttoEngageinConcertedActivity

The Fundamentals: Your Comprehensive Compliance Course for

Healthcare Professionals

Unlock the essential principles of compliance with our userfriendly four-module course Developed by a dynamic team of healthcare providers and attorneys, this course provides invaluable insights into HIPAA, OSHA, employment law, and federal healthcare law enforcement

Discover key concepts in just four hours, with modules that can be viewed in any order

Earn up to 48 non-live CCB CEUs approved by the Compliance Certification Board (CCB)® Upon successful completion of the online course and exam, you’ll receive a certificate of course completion based on individual attendance records

Granting of prior approval in no way constitutes endorsement by CCB of this event content or sponsor Don’t forget to grab your companion guidebook, available in both paperback and Kindle versions from Amazon

Enroll in The Fundamentals course today and strengthen your compliance expertise!

The Most Comprehensive Healthcare Compliance Course

The Fundamentals is a user-friendly fourmodule online course designed to help healthcare professionals understand the essential principles and practices of compliance. Buy Course Now

Managing the Chargemaster: The Fuel of the Revenue Engine

Your chargemaster is the fuel that runs your revenue cycle engine, serving as the basis for your reimbursement and financial success Hospital leadership responsible for achieving financial goals that include revenue growth, expense management, and operating margins are facing the growing importance of chargemaster integrity We attribute the challenge of managing these financial goals to the accuracy of charge data and the task of ensuring effective processes are in place for compliance with appropriate cost standards and principles that will require more from leadership than before Hospitals must manage the chargemaster to meet these requirements by identifying performance improvement opportunities through analysis of trends illustrated by data, workgroup teams focused on effectiveness of cost management, and industry best practices

The role of chargemaster management far exceeds the use of software itself The role encompasses everything impacting the revenue stream, from correcting coding and billing errors to managing the inflow of monthly and annual regulatory changes (CMS for example) and forecasting the long-term chargemaster budget

The Chargemaster Environment

The chargemaster environment grows increasingly complex Minimizing the potential for errors means understanding complicated health information system (HIS) data relationships, being able to identify inaccuracies in coding, and comprehending the impact of regulatory changes Organizational changes such as acquisitions, software and system conversions, and change in payment models increase the potential for errors.

In today’s multifaceted healthcare industry, hospitals are recognizing the need to proactively plan for future chargemaster management They are also recognizing the necessity of having a set of best practices to optimize their revenue streams. Hospitals may have limited processes to manage charge data and pricing, limited internal processes to audit their own chargemaster, and suboptimal means to communicate payment, coding, and regulatory changes to departments. Many organizations find they are unequipped for long-term chargemaster management.

Capturing Appropriate Services

A compliant, well-managed chargemaster means that the master file for all services, procedures, drugs, and supplies is routinely updated and the revenue cycle operates seamlessly. Where a chargemaster is fully managed and maintained, accurate charge capture leads to continual revenue optimization a revenue management best practice. A compliant chargemaster ensures appropriate charges and converts them to revenue. Those who manage the chargemaster process should:

1. Ensure coding translates to accurate billed and paid services, and

3.

Confirm that charges are reasonable and defensible,

2. Reduce or eliminate inappropriate charges.

Hospitals should frequently assess components of the chargemaster and identify performance opportunities within systems and within associated processes

Managing Risks to Revenue Cycle

Comprehensive chargemaster management brings other important benefits, including managing risks to the revenue cycle As coding and billing rules become increasingly complex, healthcare organizations today are finding the use of chargemaster software beneficial for:

DISCOVERING REVENUE OPPORTUNITIES

Discovering revenue at risk, reducing errors resulting in denied claims, and realizing opportunities to increase revenue

PROTECTING REVENUE

Protecting revenue earned from audit takebacks by reducing the potential for external audits

UNCOVERING COMPLIANCE ISSUES

Uncovering hidden compliance issues that put revenue at risk

MAINTAINING A COMPETITIVE EDGE

Maintaining a competitive edge through comparative pricing analysis

Summary

The chargemaster is no longer just one file; it has emerged as a complex central revenue engine for the organization. Achieving financial goals of the organization relies heavily on chargemaster management. The complexity of data has grown along with changes in healthcare systems and revenue management. With mergers, acquisitions, and the ever-changing regulatory environment, you need software and ongoing expertise to ensure optimal coding accuracy, compliance, and revenue.

Panacea’s consulting team and customers utilize ChargeAssist®, the industry’s best all-in-one chargemaster management tool. The software allows streamlined and robust chargemaster collaboration, data monitoring, and process improvement, immediately resulting in improved revenue integrity and compliance. ChargeAssist is rapidly replacing competing chargemaster products across the country, and seamlessly accommodates EPIC, Cerner, and other HIS platforms.

To learn more about the features and benefits of ChargeAssist, click here.

2024 E/M Updates: What You Need to Know

On the surface, this year’s changes may appear fairly straightforward, but dig a little deeper and you’ll find that the updates have important implications for correct coding procedures From payers, providers, and coders to those who work in auditing or IT template development, it is essential to keep up a comprehensive grasp on E/M coding guidelines Tune in as Becky breaks down a few of the most significant guideline updates, clarifies some common areas of confusion, and shares her insider tips as an expert in the field of coding compliance auditing and education

In this episode of 1st Talk Compliance, Grace Walsh is joined by Becky Jacobsen, Vice President of CDM, Coding & Audit Services at Panacea Healthcare Solutions, to explore the key updates to Evaluation and Management (E/M) guidelines for 2024

Many of our listeners are likely familiar with the term evaluation and management, or E/M. But for anyone new to this subject, could you give us a little background on what E/M is?

Sure can Evaluation and management services are utilized for problem focused visits performed in all healthcare settings These are cognitive services in which a physician or other qualified healthcare professional, which I’ll refer to as QHP throughout our podcast today, that is where they diagnose and treat illnesses or injuries

Code selection in most of our categories of E/Ms are based on either time or medical decision making It is truly important for providers, coders, auditors, educators and template developers to understand the E/M guidelines to maintain compliance with coding and documentation

We’ll dive deeper into these in a moment, but could you give us an overview of the key changes to E/M guidelines in 2024?

Sure. I picked up just a few of them that are out there. There’s much more, some new codes that are out there as well that will be interesting as we move forward But broadly, the following areas we have are: Shared or split care visits, those have been changed; multiple E/M services on the same date of service; they gave us some instructions on the proper use of hospital, inpatient or observation services, which do include our same day admit discharge codes 99234 through 99236; and there’s a new G-code for CMS out there for evaluation and management visits that are part of an ongoing longitudinal care relationship Those are gaining quite a bit of interest and attention

One of the things to mention is, as we typically encounter, CMS (the Centers for Medicare and Medicaid Services) as well as the American Medical Association (AMA) do not have the same guidelines for some of these changes So, we always need to be looking at our carriers and how we need to code for those services rendered

I see. That must add an additional layer of complexity to these.

It sure does

Let’s focus in on split/shared visits first. First of all, for anyone unfamiliar with this term, could you tell us how split/shared visits are defined?

Yes, a split/shared visit is when services are provided jointly between a physician and a non-physician provider who both work in the same group and same specialty. So nonphysician providers are typically our PAs or our NPs.

You do have to note that AMA guidelines indicate that when [an] advanced practice nurse and physician assistants are working with physicians, they are considered as working in the exact same specialty and subspecialty as the physician.

However, CMS has indicated they will continue to not recognize subspecialties for defining initial versus subsequent services And what that means is they do not allow providers in the same specialty but different subspecialties to report separate initial visits Also, with shared/split care services, the two providers may act as a team in providing care to the patient in the hospital and other institutional settings, working together during a single E/M service The shared/split care guidelines are applied to determine which professional reports the service

If you picked up, I stressed institutional settings are where shared/split care services are rendered; [whereas] in the clinic setting, which is typically place of service 11, incident two is followed versus shared/split care guidelines So now we have to dive into place of service as well