Resolutions To Keep in 2010
East Tennessee Medical News – February 2010
By Connie S. Ditto and Diana L. Gustin
It has been said that “A New Year’s Resolution is something that goes in one year and out the other.” Now that it’s February, most gyms are back to their normal number of patrons, cigarette sales have rebounded, and formerly messy closets are half-organized. Healthcare providers may want to plan their own list of resolutions for 2010. Strategies for success could include three priority programs to add to your Compliance Program.
1. Prepare for RAC Audits.
Following the “success” of the RAC Demonstration Project, CMS implemented the RAC Audit Programs nationwide. In 2010, Connolly Healthcare will begin audits for Region C (which includes Tennessee). Reimbursement issues that are approved by CMS for review are posted on the Recovery Audit Contractor website. Any provider billing Medicare should have policies and procedures to (1) monitor the reimbursement issues posted; (2) implement an in-house system to ensure compliance with billing in those areas; and (3) have a plan for responding to a RAC Audit.
To date, there are more than seventy-five issues listed for review on the Connolly Healthcare website. Being aware of the audit issues will help providers develop review procedures for compliance in those areas.
Time is also of the essence. It is essential to respond timely to a RAC audit request for records. After a provider is notified of an overpayment by the RAC, there is a “discussion period” in which the provider has the opportunity to respond to the RAC and submit additional documentation.
When establishing a plan for responding to RAC audits, providers may want to appoint a person or department to oversee the process. Maintaining records of the entire audit process may be critical to a successful appeal. Due dates for submission of documents, filing appeals and responding to inquiries must be monitored.
2. Prepare to update your HIPAA Compliance Programs.
Last year the American Recovery and Reinvestment Act of 2009 (ARRA) was enacted to help ensure that patients’ privacy would remain protected when electronic health records are used. ARRA strengthened HIPAA to further protect the privacy of medical records. Breach notification requirements are included in the new law. If medical records are lost or stolen, the patient must be notified. The notice must meet specific requirements as to content and form: (i.e., in writing; not more than 60 days after the event; description of the records lost or stolen; etc.). Federal regulations also address how these same requirements apply to Providers’ Business Associates.
3. Know the Red Flags Rules to prevent identity theft.
The Fair and Accurate Credit Transaction Act of 2003, Section 114, required guidelines for financial institutions and creditors to identify patterns, practices and activities that would indicate the possible existence of identify theft. During 2009, the Federal Trade Commission (FTC) postponed the implementation of the Red Flags Rules three times. The Agency requirement for any “creditor” who maintained a “covered account” to implement policies and procedures to identify, detect, and mitigate identity theft had the legal and the medical community in an uproar. On October 30, 2009, the United States District Court for the District of Columbia ruled that the requirements did not apply to attorneys. That same day, the FTC issued a news release that it would again delay enforcement until June 1, 2010. While the FTC has yet to formally modify its position that healthcare providers (and attorneys) are subject to the rule, providers may expect further guidance prior to June 1, 2010, and should be prepared to implement policies and procedures required on or before that date. Disclaimer: The information contained herein is strictly informational; it is not to be construed as legal advice. |
