was successfully added to your cart.

Cart

Tag

HITECH Archives - Compliance and Auditing Services

Common Sense PQRS For Chiropractic Offices

By | Insurance Coding | No Comments

Medicare PQRS

The Physician Quality Reporting System (PQRS) is a reporting program that requires doctors enrolled in Medicare, Participating or Non-Participating providers, to submit data on the reporting of specified quality measures.

Beginning in 2007, PQRS was a pay-for-reporting program. Doctors were eligible to receive incentives if they reported quality measures. However, in 2013 the program transitioned from an incentive program to one that assessed penalties to doctors who did not meet the reporting requirements.

Therefore, if doctor’s offices did not successfully report on quality measures for covered services during the 2013 reporting period (Jan.1 –Dec 31,2013), those providers saw a decrease in reimbursement by 1.5% beginning on January 1, 2015.

Additionally, if doctor’s offices did not successfully report on quality measures for covered services during the 2014 reporting period, those providers will see a decrease in reimbursement by 2.0% beginning on January 1, 2016.

Though PQRS is technically not mandatory, the Patient Protection and Affordable Care Act (PPACA) mandated that Medicare is required to adjust payments for providers who do not participate in PQRS. So, from 2016 and beyond, reimbursement will be decreased by 2% and based on the reporting of quality measures from the previous two years.

To comply, doctors of chiropractic must report certain measures on eligible Medicare beneficiaries. Through the proper use of these codes, CMS hopes to establish standards and promote evidence- based best practices to reduce claim fraud and streamline the reimbursement process.

Reporting PQRS:

To report PQRS, all you need to do is place G-codes on your claims. The G-codes correlate to an action that was taken (or not taken) by the provider. As a chiropractor, you only need to report two quality measures. These measures are:

Measure #131: Pain Assessment and Follow-Up

The purpose of this measure is to show when a pain assessment is done using a standardized tool, and a follow-up plan that includes a reassessment of pain is documented.

Pain assessment tools include, but are not limited to, Faces Pain Scale (FPS), McGill Pain Questionnaire (MPQ), Numeric Rating Scale (NRS), Verbal Numeric Rating Scale (VNRS), and Visual Analog Scale (VAS).

Measure #182: Functional Outcome Assessment

The purpose of this measure is to show when functional outcome assessments are conducted, using a standardized tool, along with the creation of a treatment plan based on the functional deficiencies found.

Functional outcome assessments measure a patient’s physical limitations when performing activities of living, such as low back pain which inhibits the patient’s ability to walk or sleep.

Standardized functional outcome assessment tool examples include Oswestry Disability Index (ODI), Roland Morris Disability/Activity Questionnaire (RM), and the Neck Disability Index (NDI).  

G-codes:

Each Measure contains several choices of quality data codes (G-codes) that correspond to the measure to be reported. On each visit, the provider should report one of the G-codes, from each of the two measures, on line 24 D of a paper claim or on service line 24 of an electronic claim.

Measure #131: Pain Assessment and Follow-Up

  • G8730 – Pain assessment documented as positive using a standardized tool and a follow-up plan is documented.
  • G8731 – Pain assessment using a standardized tool is documented as negative, no follow-up plan required.
  • G8442 – Pain assessment NOT documented as being performed, documentation the patient is not eligible for a pain assessment using a standardized tool.

*Note that patients are not eligible only if one or more of the following reason(s) are documented:

  1. Patient is in an emergent situation where time is of the essence and to delay treatment would jeopardize the patient’s health status.
  2. A severe mental and/or physical disorder and patient is unable to express their self in an understandable way by others.
  • G8939 – Pain assessment documented as positive, follow-up plan not documented,   documentation the patient is not eligible.
  • G8732 – No documentation of pain assessment reason not given.
  • G8509 – Pain assessment documented as positive using a standardized tool, follow-up plan not documented, reason not given.

Measure #182: Functional Outcome Assessment

  • G8539 – Functional outcome assessment documented as positive using a standardized tool and a care plan, based on identified deficiencies on the date of the functional outcome assessment, is documented.
  • G8542 – Functional outcome assessment using a standardized tool is documented; no functional deficiencies identified, care plan not required.
  • G8942 – Functional outcome assessment using a standardized tool is documented within the previous 30 days and care plan, based on identified deficiencies on the date of the functional outcome assessment, is documented.
  • G8540 – Functional Outcome Assessment not documented as being performed, documentation the patient is not eligible for a functional outcome assessment using a standardized tool.

Patients are not eligible only if one or more of the following reason(s) are documented:

  1. Patient is in an urgent or emergent medical situation where time is of the essence and to delay treatment would jeopardize the patient’s health status.
  2. The patient is unable to complete the questionnaire.
  3. The patient refuses to participate.
  • G8541 – Functional outcome assessment using a standardized tool not documented, reason not given.
  • G8543 – Documentation of a positive functional outcome assessment using a using a standardized tool; care plan not documented, reason not given.
  • G9227 – Functional outcome assessment documented, care plan not documented, documentation the patient is not eligible for a care plan.

(*See G8540 for non-eligibility reasons).

**Note that the use of a standardized tool assessing pain alone, such as the visual analog scale (VAS), does not meet the criteria of a functional outcome assessment standardized tool.

G-code Rules:

You should report Measures #131 and #182 on every visit, for every Medicare patient who is at least 18 years old and where you have reported a spinal CMT.

You must document the name of the standardized tools used to assess the patients in the medical record. The exception would be when a provider uses a fraction for the Numeric Rating Scale (ie.6/10) when assessing pain for intensity.

Providers should report, for each visit, whether they provided a standardized pain assessment on the patient, if pain was present or absent, and, if pain was present, documented a follow-up plan that includes a reassessment of the pain.

Common Sense PQRS For Chiropractors:

First understand that Medicare pays for medically necessary treatment. Basically, this means that the patient has pain that is interfering with their ability to perform their normal daily activities (Functional Deficits).

Once a patient’s pain and, more importantly, functional deficits have improved or they have reached a plateau in their care, Medicare is no longer responsible to pay for treatment.

Because of this, the reporting of these measures ( #131: Pain Assessment and Follow-Up and Measure #182: Functional Outcome Assessment ) are required to meet the PQRS reporting standards.

With this in mind, chiropractic offices will generally document only a handful of G- codes from each of the two measures, on line 24 D of a paper claim or on service line 24 of an electronic claim.

G-codes Common Sense:  

During active care, the doctor has the patient fill out both pain and functional assessments on the Initial Visit and Re-exams.

  • G8730 – Pain assessment documented as positive using a standardized tool and a follow-up plan is documented.

This means a pain assessment was done using a standardized tool and documents the patients level of pain with a documented treatment plan that includes a planned reassessment of pain, a referral, or that the initial plan is still in effect.

In other words, chiropractors will use this code with every visit during active care and patient visits for initial exams and re-exams.

  • G8539 – Functional outcome assessment documented as positive using a standardized tool and a care plan, based on identified deficiencies on the date of the functional outcome assessment, is documented.

This means a functional outcomes assessment was done using a standardized tool and documents that it was preformed on the same date of service. This is typically coded only with the initial exam and re-exams during active care.

  • G8731 – Pain assessment using a standardized tool is documented as negative, no follow-up plan required.

This means a pain assessment was done using a standardized tool that documents the patient has no pain and no treatment plan is required.

  • G8942 – Functional outcome assessment using a standardized tool is documented within the previous 30 days and care plan, based on identified deficiencies on the date of the functional outcome assessment, is documented.
  • The G8942 code is typically used for office visits during active part of treatment, between the initial exam and re-exams.
  • G8542 – Functional outcome assessment using a standardized tool is documented; no functional deficiencies identified, care plan not required.

The G8542 code is typically used on the date of final re-exam once the patient has reached maximum medical improvement and patient is discharged from care.

The following are examples of how the G- codes are typically used.

Initial Exam And Re-exams:

  • G8730 – Pain assessment done, and a follow-up plan is documented.(CMT / Active / Tx / Exams)
  • G8539 – F0A done, care plan done (During 1st CMT / Active Tx)

Daily office visits for routine treatment:

  •  G8730- Pain assessment done, and a follow-up plan is documented.(CMT / Active / Tx / Exams)
  • G8942 –FOA done and care plan done within 30 days (CMT Visits between          RE/Active Tx)

The final Re-exam once the patient has reached maximum medical improvement and patient is discharged.

  •  G8731 – Pain assessment done, no pain using a standardized, no follow-up plan required. (Final RE/Discharge)
  • G8542 – FOA done, no deficit, no care plan needed (Final RE/Discharge)

  Finally, always remember that your assessments, exams and treatment plans must be documented in your patient files. If your records are audited, you have reported that you have correctly documented these measures.

Dr. John Davenport DCM, MCS-P

Chief Compliance Office, Certified Insurance Consultant

 

It’s Time To Get Ready For ICD-10

By | ICD-10 | No Comments

helpThe Boy Scout motto was to be prepared. Are you? It’s been my experience as a compliance consultant that when it comes to compliance the vast majority of doctors are completely unprepared for the increased regulation and scrutiny.

This may not surprise you, but according to recent surveys 80% of all providers will not be ready by October 2015, and the percentage is probably higher for chiropractors.

What is perhaps more shocking, is how few of the payers are ready or estimated they would have a finished product ready by the end this year. Only 40%.

I can understand the procrastination of most chiropractors in getting ready. They don’t have a lot of extra time and extra staff around to dedicate to the task.

It’s not time to “panic” yet, but to make a smooth transition
to the October, 2015 deadline, there are several things you can begin doing now.

Bear in mind that even though the number of codes will grow from 17,000 to 140,000, you only need to know the codes that relate directly to chiropractic.

You and your staff will need training in multiple formats. Compliance & Auditing Services’ members will get the codes with explanations and how to cross check for the appropriate codes. Members also have webinars and the training newsletter to make it easy, with unlimited email to get answers to any questions.

It will be too late to learn this new language once ICD -10 goes “live,” because you will be behind the curve.

First, identify how ICD -10 will effect your practice.

1. How will ICD-10 effect your people and processes? To find out, review how and where staff and doctors use ICD-9.

2. Ask your payers and vendors (software systems, clearinghouses, billing services) about ICD-10 readiness. Ask when they will start testing, how long they will need, and how you and other clients will be involved.

3. Develop a plan for communicating with staff and business partners about ICD-10.

4. Estimate and secure budget (potential costs include updates to practice management systems and government payment delays.

5. Ideally, have a cash reserve of at least 3 months operating expenses so your office will be able to continue to function normally.

6. Work on your documentation. ICD-10 codes are much more specific and your documentation will need to improve to match them.

➢ This is important because if the insurance carriers ask for documentation to justify the codes, poor documentation will slow the process down or result in all out denials.

So for now, focus on these first steps in preparing your office for the ICD-10 transition and don’t sweat it.

Together we will make it easy to stay on track. After all, you have better things to do with your time than worry about the constant changes.

Dr. John Davenport
Chief Compliance Officer

The Protected Health Information Cyber Attack Threat

By | Compliance | No Comments

3d rendering of a monit with a chain around it.

Reports of cyber attacks on large corporations such as  Nationwide, JPMorgan Chase and even the Pentagon have been make big news. Yet, every day there are attacks aimed at small to mid-size organizations.

With the increasing use of EHRs, practices are facing increased liability with regard to breaches of protected Health information (ePHI). Hackers know that healthcare providers are less likely to fully protect themselves.

At the same time, increased HIPAA and HITECH security regulations and penalties, for violations, also increase the healthcare providers liability for breaches of ePHI,

Many Doctors simply lack the knowledge and training needed to protect their offices against a cyber attack or meet HIPAA Security Rule requirements.

In this three part series we will discuss simple steps to reduce most major threats to the safety of ePHI. This should be considered basic computer security 101 and not a course on the HIPAA/HITECH rules.

Firewall Protection:

First, unless your practice is totally disconnected from the Internet, it should have a Firewall to protect against threats from outside sources.

Basically, a Firewall is a system that prevents unauthorized access to a private network and works like a filter between your computer network and the Internet. Anything that goes into or out of the network must pass through the firewall.

The firewall examines each message and can be configured to prevent employees from sending certain types of emails or transmitting sensitive data outside of the network.

Additionally, firewalls can be programmed to prevent access to certain websites (like social networking sites) and can prevent outside computers from accessing computers inside your network.

Most computer operating systems come with a firewall installed and firewall software is also available at stores that sell computer products. Both types of firewall software normally provide technical support and guidance for users without the technical savvy.

Anti-virus Protection:

In small offices, attackers compromise computers primarily through viruses, spyware and malware. Computers can become infected by outside sources such as CD- ROMs, e-mail, flash drives, and web downloads. Even a computer that has all  the latest security updates to its operating system and applications can be at risk because of system flaws.

Anti-virus software is used to scan files to identify and eliminate computer viruses andmalicious software. It can also let you know when there has been an attempted threat to your system.

Anti-virus software analysis’s system files to look for known viruses, by means of a virus dictionary, and identifies suspicious behavior that might indicate an infection. Therefore, providing protection against brand-new viruses that do not yet exist in any virus dictionaries.

Without anti-virus software to identify infections, data may be stolen or destroyed. Reliable Anti-virus software is available at most stores that sell computer products, and are relatively inexpensive to buy.

Once you’ve down loaded anti-virus software to your computer, this includes hand held devices, make sure to keep it updated. Anti-virus products require regular updates in order to protect from new computer viruses.

Chained laptop from the frontPasswords:

Passwords are a first line defense in preventing unauthorized access to any computer and should be required to log into your system.  In addition, passwords can be reviewed, using an audit trail log, to see who is accessing specific information and what changes where made to that information.

Passwords can also limit what information individual people have to certain information. This can include certain staff members, your IT contractor, your billing company or anyone who has remote access to your computer system.

Because criminals use special software to try to guess a password, it is important to use strong passwords. A Strong password should:

  • Be at least 8 characters in length
  • Include a combination of upper case and lower case letters, at least one number and at least one special character, such as a punctuation mark
  • Be changed periodically.

You should also have policies in place to remove passwords on staff that leave or are terminated.

An administrator password is used only when you need to make changes or updates to your operating system. This means that anyone with this code can go anywhere and change anything in your system.

To decrease the chance that the administrator password gets stolen, the person in your office authorized to make changes to your system should have a separate user code that is used for daily system access.

WINDOWS XP and HIPAA COMPLIANCE

By | Uncategorized | No Comments

Tired-Man-computeriStock_000024086772LargeAre you using computers that run on Windows XP in your office? If you are you may be violating HIPAA laws by doing so.

If you haven’t heard, on April 8th, 2014 Microsoft ended support for windows XP; putting an end to the operating system.

Microsoft announced that they are no longer providing security updates and stated that:

“If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses. What this means is that when using computers with Windows XP, you potentially expose your computers to a security risk. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP.”

The OCR has been very clear that unsupported systems are NOT compliant. They cited this routinely during the audits last year whenever identified.

Unsupported systems by definition are unsecure and pose a risk, not only to the data they hold, but the network they reside on, as well.

Additionally, any known vulnerabilities of an operating system should be considered in the covered entity’s risk analysis.

For example, as a compliance and auditing specialist, I tell my doctors that an operating system which includes a known vulnerability, which XP does, has to be considered an issue with regard to your “risk analysis.”

Addressing the risks means that as a doctor, you know what can happen by running XP and that you have a written plan for minimizing the risk.

This plan must be described in detail in your risk analysis and should include a timeline for your transition away from Windows XP.

To stay protected after support ends, you have two options:

  1. Update any current devices that are running Windows XP

This is definitely, the simplest route, and for most doctors offices, it’s the most cost effective.

Unfortunately few older computers will be able to run Windows 8.1, which is the latest version of Windows.

Compliance & Auditing services recommends that you download and run the Windows Upgrade Assistant to check if your PC meets the system requirements.

The Windows 8.1 system requirements are nearly the same as Windows 8, so if your PC can run Windows 8, in most cases, you can get the free update to Windows 8.1.

Upgrade Assistant will also check program and device compatibility, and provide a free compatibility report.

Here is a summary of the system requirements:

Processor: 1 gigahertz (GHz) or faster

RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)

Free hard drive space: 16 GB (32-bit) or 20 GB (64-bit)

Graphics card: Microsoft DirectX 9 graphics device with WDDM driver

You will need to perform a “clean installation.” This means you won’t be able to keep any files, settings, or programs when you upgrade.

We recommend you back up all files and locate any program installation discs prior to updating.

  1. If your current PC can’t run Windows 8.1, it’s time to consider a new one. Given the fact that the fines for a HIPAA Security Violation would be significantly in excess of purchasing a few new computers.

For most doctors, dealing with the technical stuff is a little bit challenging. After all, you’re an expert at treating patients not computers.

If this is you, then talk with your IT person. They have the expertise in this area and should know exactly what to do.

Regards,

Dr. John Davenport
Chief Compliance Officer
Compliance & Auditing Services