was successfully added to your cart.




E/M Coding

By | Uncategorized | No Comments

iStock_Guy-sleeping-on-computerOne of the most common areas for increased scrutiny by Medicare and private insurance are the E/M codes. Most doctors don’t understand them, causing mistakes.

DCs believe they are doing things right only to find out that their claims are suddenly rejected, additional paperwork is requested, or a post-payment audit is requesting money back.

E/M simply stands for Evaluation & Management. To doctors, this means “exam” codes. The specific codes that are used daily in chiropractic offices are CPT codes 99201 through 99205 (for New Patients) and 99211 through 99215 (for Established Patients).

The New Patient Confusion:

I’m often asked, when is a new patient a new patient? According to the CPT, a new patient is defined as:

“A patient that has not received any professional services by the physician or in a physician group practice within the last three years, is considered a New Patient.” In multi disciplinary practices the rule applies to physicians of the same physician specialty.

Understanding this rule is critical to coding your patient encounters correctly and avoiding pre or post-payment audits.

I commonly see this when an existing patient comes in after an auto accident and though the patient was in the office during the three-year period, the doctor bills for a new patient exam.

It doesn’t matter if they have a new injury or you get paid more for a new patient code, they are considered an established patient. (Codes 99211-99215). In this case, billing the new patient code is not only illegal, it’s fraud. Fraud means that if you get caught you could go to jail.

The rule of thumb here is don’t go to jail; the food sucks and you always have a bad view!

Another concern with new patient E/M codes is billing the highest code, the 99205. As a chiropractic physician, you can never meet the requirements for this code and billing it will only get you in trouble. This code will guarantee that your records will get looked at closely and increases the likelihood of an audit.

It could also be seen as fraud, so the same rule of thumb applies here, “Don’t go to jail.”

The level of the code billed is dependant on three key factors. The level of Exam, the level of History and the level of Medial Decision Making. Each level is determined by certain factors such as the number of complaints and how extensive a history you take that is relevant to the patient’s complaints.

There isn’t enough room in this article to cover all the requirements, but maybe I can cover each one individually in future post. Until then, remember it’s your responsibility to know how to bill the correct E/M code.

The “Chiropractic Compliance Made Easy” program is the most complete course on office compliance and includes how to document the correct E/M code.

All The Best,
Dr. John Davenport
Chief Compliance Officer

HIPAA Security Risk Analysis

By | Uncategorized | No Comments

Badge-iStock_000012585384XSmallAs a healthcare provider, much of the Electronic Protected Health Information (ePHI) you maintain and share with other entities is crucial to your business and important in the care you provide to your patients.

Lost or stolen laptops, identity theft, malfunctioning computers and hackers are just a few of the risks you face when you receive, store, and transmit electronic health information.

Providers face major troubles if their patient’s ePHI is stolen, lost, misused, incorrect or if it is unavailable.

The US Department of Health and Human Services (HHS) developed and signed into law the HIPAA (Title II) Administrative Simplifications.

The Administrative Simplifications included the security rule to insure that covered entities, including small and medium-size providers like you, guard against security incidents.

Furthermore, to make sure that organizations take steps to protect ePHI, the law included increased requirements, penalties and investigative authority.

Although there are many core elements that make up the security rule, a documented risk analysis is seen as one of the most important by HHS.

The purpose of making you perform a risk analysis is to help you identify when and where there’s a risk where someone could compromise the confidentiality of your ePHI, inappropriately alter or delete the ePHI, affecting it’s integrity or if ePHI might not be available when needed.

Another key requirement is that you establish security measures to decrease risks to a reasonable and appropriate level. While complete protection from risk is impossible, HHS feels that by having good policies and procedures in place you can help protect your ePHI against risks that can be reasonably anticipated.

The point is, that by law and under the threat of huge penalty, your office
must have on record, documentation of the following:

  1. Detailed, Policies and procedures regarding ePHI
  2. A documented risk analysis including a review of:

Sometimes I think politicians with better things to do, spend their time thinking of things for us to do as though we had nothing better to do.


By | Uncategorized | No Comments

Tired-Man-computeriStock_000024086772LargeAre you using computers that run on Windows XP in your office? If you are you may be violating HIPAA laws by doing so.

If you haven’t heard, on April 8th, 2014 Microsoft ended support for windows XP; putting an end to the operating system.

Microsoft announced that they are no longer providing security updates and stated that:

“If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses. What this means is that when using computers with Windows XP, you potentially expose your computers to a security risk. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP.”

The OCR has been very clear that unsupported systems are NOT compliant. They cited this routinely during the audits last year whenever identified.

Unsupported systems by definition are unsecure and pose a risk, not only to the data they hold, but the network they reside on, as well.

Additionally, any known vulnerabilities of an operating system should be considered in the covered entity’s risk analysis.

For example, as a compliance and auditing specialist, I tell my doctors that an operating system which includes a known vulnerability, which XP does, has to be considered an issue with regard to your “risk analysis.”

Addressing the risks means that as a doctor, you know what can happen by running XP and that you have a written plan for minimizing the risk.

This plan must be described in detail in your risk analysis and should include a timeline for your transition away from Windows XP.

To stay protected after support ends, you have two options:

  1. Update any current devices that are running Windows XP

This is definitely, the simplest route, and for most doctors offices, it’s the most cost effective.

Unfortunately few older computers will be able to run Windows 8.1, which is the latest version of Windows.

Compliance & Auditing services recommends that you download and run the Windows Upgrade Assistant to check if your PC meets the system requirements.

The Windows 8.1 system requirements are nearly the same as Windows 8, so if your PC can run Windows 8, in most cases, you can get the free update to Windows 8.1.

Upgrade Assistant will also check program and device compatibility, and provide a free compatibility report.

Here is a summary of the system requirements:

Processor: 1 gigahertz (GHz) or faster

RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)

Free hard drive space: 16 GB (32-bit) or 20 GB (64-bit)

Graphics card: Microsoft DirectX 9 graphics device with WDDM driver

You will need to perform a “clean installation.” This means you won’t be able to keep any files, settings, or programs when you upgrade.

We recommend you back up all files and locate any program installation discs prior to updating.

  1. If your current PC can’t run Windows 8.1, it’s time to consider a new one. Given the fact that the fines for a HIPAA Security Violation would be significantly in excess of purchasing a few new computers.

For most doctors, dealing with the technical stuff is a little bit challenging. After all, you’re an expert at treating patients not computers.

If this is you, then talk with your IT person. They have the expertise in this area and should know exactly what to do.


Dr. John Davenport
Chief Compliance Officer
Compliance & Auditing Services

Compliance Auditing: Should I “Lawyer Up?”

By | Uncategorized | No Comments

Judge-iStock_000013730450XSmallIn my last post, I talked about the steps you should take if the Office of Inspector General for the U.S.Department of Health and Human Services selects your practice for a Medicare reimbursement audit.

The key piece of advice I offered was for targeted chiropractors to seek professional help and not go it alone when the auditor comes calling. I detailed the benefits of hiring an experienced, licensed compliance consultant to assist you in the audit process, and I also briefly mentioned the possibility of hiring an attorney to augment your audit management team. In this installment, let’s talk a little bit more about the pros and cons of hiring an attorney.

When chiropractors facing an audit or post-payment demands ask me if they should hire an attorney, my short reply is always this: “Maybe.” I know, that’s not hugely helpful, but there’s more to it.

Unfortunately, you won’t immediately know if a lawyer will be necessary or useful during your audit. Some ethical attorneys will be up front with you about what they can or can’t accomplish for you, while others will be happy to let you pay them a retainer of a few thousand dollars just in case.

Given the range of attorneys’ fees, the decision to seek their help really becomes a numbers game. For example, if an auditor requests records and their investigation unearths a $437 fine because you billed, coded or documented a few services incorrectly, a $3,500 attorney fee will be overkill.

However, if a payer is accusing you of fraudulent billing and demanding $746,000 in reimbursements, then you should run—not walk—to an attorney’s office.

The choice of whether or not to hire an attorney is up to you, but if you choose to retain legal counsel, you should make sure the attorney is experienced in dealing with post-payment audits. This isn’t a job for your personal attorney or a family friend that has a law degree, even if these lawyers are accomplished litigators in the criminal realm. You want to find a healthcare attorney that has handled multiple cases (more than a dozen at minimum), and can clearly answer your questions, guide you through the process and promote a strategy that inspires confidence.

The price tag for these qualified attorneys can be steep—upwards of $250,000 for the most serious cases. These legal minds also can be tough to find. Many of the best attorneys are scooped up by hospitals and large physician groups that face post-payment demands of $100 million or more, so chiropractors with their more modest practices can sometimes seem like the little fish in the big pond.

However, if you are having trouble finding a qualified attorney, fear not—a consultant can be of assistance. Chiropractors facing post-payment demands and uncertain of how to proceed should consider scheduling a confidential Chiropractic Compliance and Audit Consult with me. Because I’m a licensed compliance specialist, I can review the problem and give you options.

Many times after going over the documentation related to the audit, appealing the demand can be handle without an attorney. If the amount is substantial or the HHS wants to play hard ball, then it may be time to “lawyer up.”

When the OIG auditor calls, it’s time to find an Ally

By | Uncategorized | No Comments

Frightened Girl iStock_000003688476SmallDuring my 24 years in the health care industry focusing on compliance, I often get asked the same question by my fellow chiropractors: “Why would I need a consultant?”

The long answer is that a compliance consultant who is a certified compliance specialist can help you navigate the tricky world of HIPAA Omnibus Privacy Rules, regulatory compliance, ICD-10 coding, PQRS, compliance training, and a host of other compliance services you and your staff must manage on a daily basis.

But the short answer usually makes my case. You should get a compliance consultant before the Office of the Inspector General for the Department of Health and Human Services comes knocking. This applies to CASH practices as well…if you don’t think so checkout “The OIG Compliance Program Blue Print, As Mandated By Law, For ALL Doctors Of Chiropractic “.

The Office of the Inspector General, or OIG, has oversight authority for everything related to Medicare, and it recently released its Fiscal Year 2013 Work Plan that details how it will review and handle Medicare Part B payments. The plan states Medicare-covered chiropractic services should include only treatment by means of manual manipulation of the spine to correct subluxations, and that chiropractic maintenance therapy is not considered to be medically reasonable or necessary and is therefore not payable. It emphasizes in no uncertain terms that Medicare will not pay for items or services that are “not reasonable and necessary.”

When you accept Medicare payments, or even bill Medicare as a non-participating provider (which you are required to do for your Medicare patients), you agree to oversight by the OIG, which can include an audit. That means they have the right to enter your office and review any records they see fit without the need for a warrant or patient permission per HIPAA guidelines. The OIG also can search historical data, going as far back as the day you opened your doors if it has a reasonable suspicion of fraud.

Refusal to cooperate can mean a more detailed audit and large headaches. So it’s important to arm yourself with the right information. The following details what an OIG audit typically entails and how you can survive it.

 The Anatomy of an Audit

When the OIG auditor arrives, he or she will request to see your compliance program manual and use a computer program to randomly select dates of service. He or she then will scan selected medical records to examine your paid Medicare claims later at their offices.

You might find yourself thinking, “That doesn’t sound so bad.” Trust me, it is that bad.

If the OIG discovers instances of overpayment, it will attempt to recover those funds and initiate further reviews. The slightest hint of fraud will trigger more examinations and possibly even a full onsite audit of your office, which involves an army of auditors that comb through all of your Medicare records. Worst of all, this process can take days and massively disrupt your practice.

Additionally, the audit process itself is flawed. The random sampling methodology often does not take into account the full picture of a patient’s treatment and its benefits.

For example, the selected dates might not cover initial visits or re-exams and instead focus on subsequent appointments in which you were carrying out the treatment plan. That’s like looking at treatment notes developed after taking the seventh pill in a 40-pill course of antibiotics. These snapshots are incomplete at best and misleading at worst.

Take Action

If you win the Inspector General lottery, first of all, don’t panic. Your most important moves at this stage are to develop a plan and seek help.

First, you should learn this phrase: “Silence is golden.” Our first impulse is always to explain ourselves, but you should remain quiet. Don’t offer any unsolicited information to the investigators. Too many simple reviews have turned into full-blown audits because a doctor tried to explain the situation.

Second, you should find professionals to walk you through this process. A compliance consultant who understands the Medicare system and has worked with the OIG is a good advocate. The consultant may refer you to an attorney licensed in your state that specializes in Medicare regulatory issues*. When you hire the attorney, he or she will place your consultant under privilege, which prevents the OIG from compelling testimony from the person you hired to protect you. This step is important because it allows you to be completely open with your consultant.

* (We will further discuss the issues surrounding hiring an attorney in a future blog post.)

One day before the OIG’s scheduled visit, your compliance consultant should visit your office. They will meet with you and your staff to review and explain the situation. This audit is not a secret to be kept from your staff, and you will need their help in calling patients to cancel appointments scheduled for the audit days. You will want your office to be patient-free when the auditors are there.

Next, you should select a single staff member to work with your compliance consultant when the OIG is in the office. Everyone else should be given the day off. During this pre-planning, your compliance consultant will be communicating directly with the OIG and determining when and how long they will speak to you during a face-to-face interview.

During this initial review, the compliance consultant should get the names and dates of the requested files. Your designated staff member should then retrieve those records and have them ready for the auditor. This limits the OIG from having direct access to your files. Your staffer also should copy each record requested by the OIG for use by the consultant and your attorney later.

It also may be smart to have your compliance consultant do a “shadow review” of all the requested records. In this assessment, your consultant will evaluate all of the records OIG copied under the harshest criteria possible to determine a worst-case scenario. This “shadow review” can provide valuable information for future negotiations with the OIG should it demand a refund.

Limit your Exposure

When you finally speak with the OIG’s auditor, make sure your compliance consultant is present to monitor the proceedings. If the discussion veers into a direction that could be harmful to you, the compliance consultant should suggest a postponement until your attorney can be present or that any additional questions be first submitted in writing.

You want to maintain control of the situation, and limit the exposure you, your staff and your records have to OIG auditors. For example, these investigators have been known to visit the homes of staff members to interview them. You cannot instruct your staff to refuse their questioning—that’s obstruction, and it can get you in trouble. However, you can inform your staff they have the right to decline a conversation with OIG personnel. Additionally, your staff also has the right to set the time and place of any interview, as well as have their personal lawyers present for questioning.

An Insurance Policy

Medical Compliance Specialists and lawyers may sound expensive, but their fees pale in comparison to the financial punishment the OIG could levy against you.

The Inspector General can issue fines of up to $10,000 per occurrence of fraud and abuse, so utilizing a third party to help insulate your practice may be a smart investment. Think of it as a low-cost insurance plan, and some malpractice carriers will even cover some of those costs under certain circumstances.

It’s Your Choice

Prevention is the key word here. Why put yourself thought the fear and stress of losing everything you’ve worked hard for when it doesn’t have to be that way.

Just sitting back, living with the worry hanging over your head and then kicking your ass later for being so foolish is not acceptable! For those of you who tend to put things off and you know who you are, I have easy solutions for you.

You can do it yourself with “Chiropractic Compliance Made Easy,” the complete office compliance system, or become a Chiropractic Auditing Services member by calling our office and we’ll do it for you. So there’s no excuse.

As a member you get to become one of the growing number of doctors who have stepped up and done the right thing for themselves and as a result are fully confident about compliance and experiencing the joy of healing people without fear.