was successfully added to your cart.

Cart

Tag

records audits Archives - Compliance and Auditing Services

Post Payment Audits

By | Audits | No Comments

Screen-Shot-2013-12-03-at-1.13.23-PMAudits are big business for insurance carriers. For every 2 dollars that insurance companies spend on investigations, they profit $17 dollars in recoveries. In fact, audit and investigation divisions are one of the most profitable divisions for insurance companies.

Even though this doesn’t mean insurance carriers are out to get you, studies show that chiropractors have one of, if not the highest error rate when it comes to documentation.

In other words, insurance companies know chiropractors are bad at documentation and it’s easier to get money from them.

In general, chiropractors assume that as long as insurance carriers and Medicare are paying, they must be billing correctly. This is a very dangerous assumption to make.

Both insurance companies and Medicare collect information on all providers to identify those who fall outside the accepted parameters.

If your claims are coded improperly, you will be held responsible and required to pay back all the payments you received and possibly an additional fine.

The average payout by a practice seeing an average of 70 patient visits per week is $40,000.00 and $800,000.00 in an office seeing an average of 350 patients visits per week.

Because audits can be conducted on any provider that receives payments, and that includes cash practices as well, you can be audited. It’s not a question of if you’ll get audited; it’s a question of when you’ll get audited.

What Triggers an Audit?

Audits can be triggered in several ways, but the two most common are complaints and profiling.

As an example, a doctor contacted me recently for consulting services because a patient submitted a complaint to the board of chiropractic. The board requested the patient’s record for review. Because his documentation was so poor, the board requested five more files to be reviewed by the Department of Healthcare Quality Assurance.

Concerned, he called my office to review the files before submitting them to the board. Unfortunately, his documentation did not support his billing and without going into detail because I’m now working with his attorney, he is facing fines up to $10,000 dollars, the loss of his license, and possible referral for criminal prosecution.

With profiling, insurance companies gather information from claims submissions and then use the information to profile your billing patterns. If your office falls outside accepted parameters, then you get picked out for an audit.

Usually it starts with a request to review a certain number of patient files. Then the auditor reviews the files to determine if your records support the services that you received payment for.

If the records can’t prove the medical necessity of your treatment or support the billing codes, then the auditor will calculate a “percent deficiency,” and then extrapolate that over all the claims paid to you for the past five years.

That will then determine your payback amount and the insurance company sends you a letter demanding you pay them back.

As an example, a doctor called Compliance & Auditing Services for help when he received a request for $400,000 dollars.

Medicare audits can be triggered by a complaint, profiling or even randomly.     Medicare has a policy requiring them to randomly audit doctors’ offices.

The worst-case scenario is to have criminal charges filed against you.

Specific triggers include:

  1. Billing for maintenance care
  2. Overusing CMT code 98941(3-4 regions) or 98942 (5 regions).

   *Payers consider the correct percentage of utilization by chiropractors for CMT codes is:

                                   98940–25%, 98941–60%, 98942–15%*

  1. Excessive use of the E/M codes 99204 and 99205.
  1. Billing massage therapy (97124) with a CMT 98941 or 98942.
  1. Billing manual therapy (97140) with a CMT 98941 or 98942.
  1. Repeatedly billing neuromuscular re-education (97112).
  1. Billing passive therapies beyond the first 12 visits of care.

Being audited doesn’t mean you are guilty, it means you have to prove that you are innocent. So be able to justify your treatment with accurate documentation and evidence-based research.

Take the first steps now, before you get audited, by taking the time to improve your documentation and billing polices.

Start implementing active rehabilitation directed at the improvement of function rather than symptom relief. Most importantly, take compliance seriously.

Though there’s no way to completely avoid an audit, performing internal audits and having a comprehensive compliance program in your office can flag potential problems in billing or coding and avoid costly mistakes.

In fact, federal regulation requires you to do regular audits and to have a documented compliance program in your office.

Signed into law by the Health Care and Education Reconciliation Act of 2010, having an active office compliance program is mandatory. So you don’t have a choice, it’s the law.

Compliance programs must be updated regularly and followed to the letter.

If you haven’t completed an internal audit or developed a comprehensive compliance program, now is the time. Both can be done by outside consultants, or done in-house.

For example, all Compliance & Auditing Services consultants are certified as medical compliance specialists, insurance consultants and certified peer reviewers. Our company can design a compliance program that meets all federal and state regulations for you from scratch and conduct the required internal audits.

So why struggle to be compliant alone when there’s a team of qualified experts ready to give you the personal support you need to protect your office from losing 1000s of dollars to audits.

These are trying times for all doctors and ignoring the new regulations is no longer an option.

 

Dr. John Davenport DCM, CCSP, FIAMA, MCSP, ICI

Chief Compliance Officer Compliance & Auditing Services

CMS Targeting Against Payments for Chiropractic Services?

By | OIG | No Comments

The Office of Inspector General (OIG) released a new report titled, “CMS Should Use Targeted Tactics to Curb Questionable and Inappropriate Payments for Chiropractic Services.”

OIG Report  According to the Centers for Medicare & Medicaid Services (CMS) Comprehensive Error Rate Testing program, Chiropractic services have the highest rate of improper payments among Part B services.

Past OIG investigations found that between 40 and 47 percent of all paid chiropractic claims were for maintenance therapy and stated that, “Medicare paid out over $76 million for chiropractic services that were questionable.”

In addition, Medicare fraud cases suggested that vulnerabilities existed with other chiropractic services, such as physical therapy.

The OIG analyzed paid claims for chiropractic services to identify any chiropractors who exhibited questionable billing. Using the data, the OIG uncovered 809,945 claims resulting in overpayments. In addition, The OIG identified over twenty-five thousand chiropractors who received high amounts of questionable payments and then determined their locations, past questionable payments and whether their patients received same-day physical and occupational therapy.

Important to doctors of chiropractic is that the report outlined plans on how to determine questionable chiropractic claims and recoup payments using different measures.

The first area to be targeted is treatment that is suggestive of maintenance therapy. Using 20 services per beneficiary per year as a threshold, the OIG looks at all claims in excess of the threshold to be questionable and suggestive of maintenance therapy.

Even though there are legitimate reasons for a Medicare patient to need treatment more than 20 times per year, you need to be able to justify your reasoning and have good documentation that supports it.

Additionally, a common issue for chiropractors is that they forget to change the date in box 14 when a Medicare patient comes back to the office for a new injury or exacerbation of a chronic condition. Forgetting to change the date in box 14 makes Medicare think that you are continuing to treat the patient from the date of the original condition and not for a new condition.

Just know that if you regularly see Medicare patients more than 20 times in a year, you risk being reviewed by the Department of Health and Human Services.

The second target is to identify chiropractors with high, questionable payments for upcoding claims.

Statistically only 10-15 percent of all paid chiropractic services are for the five-area adjustment code, 98942. As a result, the OIG set a threshold to identify doctors who billed out higher percentages of their claims using the 98942 code.

In the third measure, the OIG developed three ways to identify paid claims that did not meet Medicare requirements for payment:

  1. Submitted claims that, “Lack a Medicare Covered Primary Diagnosis. These claims lacked a primary diagnosis code that was covered by Medicare based on CMS guidance and the local coverage determination where the chiropractic service was provided.” In the report, almost 39 percent of chiropractors were identified as having filed at least one claim without a correct primary diagnosis. This amounted to a total of $20,709,516.00 in paid claims without the correct primary diagnosis. This means that Medicare requires an M99 subluxation or segmental dysfunction diagnosis as primary or the first coded diagnosis, except in Florida, the Virgin Islands and Puerto Rico. The local coverage determination for your state determines the M99 ICD-10 code you need to use as your primary diagnosis (ie subluxation or segmental dysfunction).
  2. Claims for Duplicate Services, meaning services provided on the same day for a patient with the same diagnosis and procedure codes by the same chiropractor.
  3. Claims Lacking the AT Modifier. “The AT modifier indicates active treatment is being provided and is a requirement for payment.”

Medicare only pays for chiropractic services to improve function (active treatment) but does not cover “maintenance therapy,” which is when further clinical improvement cannot be expected from ongoing treatment.

The next measure is an unlikely number of services per day on which paid chiropractic services totaled 16 hours or more. The threshold here is billing an average of 65 chiropractic services per day.

The OIG stated that, “This raises questions regarding the quality of patient care and, perhaps, whether these services were even rendered by the chiropractor.”

Lastly, according to experts in chiropractic practice and fraud detection, is the potential sharing of Medicare beneficiaries with claims from multiple chiropractors, which indicates potential kickback arrangements or medical identity theft.

The OIG stated, “We considered all of their payments for the beneficiaries seen by other chiropractors to be questionable.”

OIG Recommendations:

As a result of the study, the OIG made the following recommendations to the Centers for Medicare and Medicaid Services:

  1. Establish a more reliable control for identifying Active Treatment
  2. Develop and use measures to identify questionable payments for chiropractic services.
  3. Collect overpayments based on inappropriately paid claims.
  4. Ensure that claims are paid only for Medicare-covered diagnoses.
  5. Take appropriate action on chiropractors with questionable payments.

In a separate memorandum the OIG said, “we will provide CMS with information on chiropractors with high questionable payments, so that it may take action. CMS and/or its contractors should review their claims and take appropriate action.

Such actions could include:

  1. Recouping inappropriate payments.
  2. Educating providers on proper billing.
  3. Making referrals to law enforcement.
  4. Imposing payment suspensions.
  5. Revoking billing privileges.
  6. Taking no action, if the payment is determined to be appropriate.
  7. “Collect overpayments based on inappropriately paid claims. CMS should collect the $20.7 million in payments that resulted from the inappropriate claims we identified.”

So what does this mean to you as a chiropractic physician?

It should tell you that Medicare is stepping up its investigations and is continuing to develop the means to analyze your claims. Because of this increased scrutiny, chiropractic claims are going to be reviewed in more detail.

So don’t just sit back and hope the laws and regulations are going away; they’re not. It’s more important than ever for you to take advantage of everything Compliance & Auditing Services provides to its members.

If you’re not a member, the best advice I can give you is to take your head out of the sand. Thinking that it won’t effect you is no longer an option.

Review all of your documentation, coding and billing procedures to ensure you’re in compliance with all laws and regulations. Make sure you have a documented compliance program in place. If you’re too busy with running your office or feeling overwhelmed by all the laws and regulations, consider a compliance consultant that will develop, implement and help you maintain an office compliance program that will meet and exceed all government regulations.

Common Sense PQRS For Chiropractic Offices

By | Insurance Coding | No Comments

Medicare PQRS

The Physician Quality Reporting System (PQRS) is a reporting program that requires doctors enrolled in Medicare, Participating or Non-Participating providers, to submit data on the reporting of specified quality measures.

Beginning in 2007, PQRS was a pay-for-reporting program. Doctors were eligible to receive incentives if they reported quality measures. However, in 2013 the program transitioned from an incentive program to one that assessed penalties to doctors who did not meet the reporting requirements.

Therefore, if doctor’s offices did not successfully report on quality measures for covered services during the 2013 reporting period (Jan.1 –Dec 31,2013), those providers saw a decrease in reimbursement by 1.5% beginning on January 1, 2015.

Additionally, if doctor’s offices did not successfully report on quality measures for covered services during the 2014 reporting period, those providers will see a decrease in reimbursement by 2.0% beginning on January 1, 2016.

Though PQRS is technically not mandatory, the Patient Protection and Affordable Care Act (PPACA) mandated that Medicare is required to adjust payments for providers who do not participate in PQRS. So, from 2016 and beyond, reimbursement will be decreased by 2% and based on the reporting of quality measures from the previous two years.

To comply, doctors of chiropractic must report certain measures on eligible Medicare beneficiaries. Through the proper use of these codes, CMS hopes to establish standards and promote evidence- based best practices to reduce claim fraud and streamline the reimbursement process.

Reporting PQRS:

To report PQRS, all you need to do is place G-codes on your claims. The G-codes correlate to an action that was taken (or not taken) by the provider. As a chiropractor, you only need to report two quality measures. These measures are:

Measure #131: Pain Assessment and Follow-Up

The purpose of this measure is to show when a pain assessment is done using a standardized tool, and a follow-up plan that includes a reassessment of pain is documented.

Pain assessment tools include, but are not limited to, Faces Pain Scale (FPS), McGill Pain Questionnaire (MPQ), Numeric Rating Scale (NRS), Verbal Numeric Rating Scale (VNRS), and Visual Analog Scale (VAS).

Measure #182: Functional Outcome Assessment

The purpose of this measure is to show when functional outcome assessments are conducted, using a standardized tool, along with the creation of a treatment plan based on the functional deficiencies found.

Functional outcome assessments measure a patient’s physical limitations when performing activities of living, such as low back pain which inhibits the patient’s ability to walk or sleep.

Standardized functional outcome assessment tool examples include Oswestry Disability Index (ODI), Roland Morris Disability/Activity Questionnaire (RM), and the Neck Disability Index (NDI).  

G-codes:

Each Measure contains several choices of quality data codes (G-codes) that correspond to the measure to be reported. On each visit, the provider should report one of the G-codes, from each of the two measures, on line 24 D of a paper claim or on service line 24 of an electronic claim.

Measure #131: Pain Assessment and Follow-Up

  • G8730 – Pain assessment documented as positive using a standardized tool and a follow-up plan is documented.
  • G8731 – Pain assessment using a standardized tool is documented as negative, no follow-up plan required.
  • G8442 – Pain assessment NOT documented as being performed, documentation the patient is not eligible for a pain assessment using a standardized tool.

*Note that patients are not eligible only if one or more of the following reason(s) are documented:

  1. Patient is in an emergent situation where time is of the essence and to delay treatment would jeopardize the patient’s health status.
  2. A severe mental and/or physical disorder and patient is unable to express their self in an understandable way by others.
  • G8939 – Pain assessment documented as positive, follow-up plan not documented,   documentation the patient is not eligible.
  • G8732 – No documentation of pain assessment reason not given.
  • G8509 – Pain assessment documented as positive using a standardized tool, follow-up plan not documented, reason not given.

Measure #182: Functional Outcome Assessment

  • G8539 – Functional outcome assessment documented as positive using a standardized tool and a care plan, based on identified deficiencies on the date of the functional outcome assessment, is documented.
  • G8542 – Functional outcome assessment using a standardized tool is documented; no functional deficiencies identified, care plan not required.
  • G8942 – Functional outcome assessment using a standardized tool is documented within the previous 30 days and care plan, based on identified deficiencies on the date of the functional outcome assessment, is documented.
  • G8540 – Functional Outcome Assessment not documented as being performed, documentation the patient is not eligible for a functional outcome assessment using a standardized tool.

Patients are not eligible only if one or more of the following reason(s) are documented:

  1. Patient is in an urgent or emergent medical situation where time is of the essence and to delay treatment would jeopardize the patient’s health status.
  2. The patient is unable to complete the questionnaire.
  3. The patient refuses to participate.
  • G8541 – Functional outcome assessment using a standardized tool not documented, reason not given.
  • G8543 – Documentation of a positive functional outcome assessment using a using a standardized tool; care plan not documented, reason not given.
  • G9227 – Functional outcome assessment documented, care plan not documented, documentation the patient is not eligible for a care plan.

(*See G8540 for non-eligibility reasons).

**Note that the use of a standardized tool assessing pain alone, such as the visual analog scale (VAS), does not meet the criteria of a functional outcome assessment standardized tool.

G-code Rules:

You should report Measures #131 and #182 on every visit, for every Medicare patient who is at least 18 years old and where you have reported a spinal CMT.

You must document the name of the standardized tools used to assess the patients in the medical record. The exception would be when a provider uses a fraction for the Numeric Rating Scale (ie.6/10) when assessing pain for intensity.

Providers should report, for each visit, whether they provided a standardized pain assessment on the patient, if pain was present or absent, and, if pain was present, documented a follow-up plan that includes a reassessment of the pain.

Common Sense PQRS For Chiropractors:

First understand that Medicare pays for medically necessary treatment. Basically, this means that the patient has pain that is interfering with their ability to perform their normal daily activities (Functional Deficits).

Once a patient’s pain and, more importantly, functional deficits have improved or they have reached a plateau in their care, Medicare is no longer responsible to pay for treatment.

Because of this, the reporting of these measures ( #131: Pain Assessment and Follow-Up and Measure #182: Functional Outcome Assessment ) are required to meet the PQRS reporting standards.

With this in mind, chiropractic offices will generally document only a handful of G- codes from each of the two measures, on line 24 D of a paper claim or on service line 24 of an electronic claim.

G-codes Common Sense:  

During active care, the doctor has the patient fill out both pain and functional assessments on the Initial Visit and Re-exams.

  • G8730 – Pain assessment documented as positive using a standardized tool and a follow-up plan is documented.

This means a pain assessment was done using a standardized tool and documents the patients level of pain with a documented treatment plan that includes a planned reassessment of pain, a referral, or that the initial plan is still in effect.

In other words, chiropractors will use this code with every visit during active care and patient visits for initial exams and re-exams.

  • G8539 – Functional outcome assessment documented as positive using a standardized tool and a care plan, based on identified deficiencies on the date of the functional outcome assessment, is documented.

This means a functional outcomes assessment was done using a standardized tool and documents that it was preformed on the same date of service. This is typically coded only with the initial exam and re-exams during active care.

  • G8731 – Pain assessment using a standardized tool is documented as negative, no follow-up plan required.

This means a pain assessment was done using a standardized tool that documents the patient has no pain and no treatment plan is required.

  • G8942 – Functional outcome assessment using a standardized tool is documented within the previous 30 days and care plan, based on identified deficiencies on the date of the functional outcome assessment, is documented.
  • The G8942 code is typically used for office visits during active part of treatment, between the initial exam and re-exams.
  • G8542 – Functional outcome assessment using a standardized tool is documented; no functional deficiencies identified, care plan not required.

The G8542 code is typically used on the date of final re-exam once the patient has reached maximum medical improvement and patient is discharged from care.

The following are examples of how the G- codes are typically used.

Initial Exam And Re-exams:

  • G8730 – Pain assessment done, and a follow-up plan is documented.(CMT / Active / Tx / Exams)
  • G8539 – F0A done, care plan done (During 1st CMT / Active Tx)

Daily office visits for routine treatment:

  •  G8730- Pain assessment done, and a follow-up plan is documented.(CMT / Active / Tx / Exams)
  • G8942 –FOA done and care plan done within 30 days (CMT Visits between          RE/Active Tx)

The final Re-exam once the patient has reached maximum medical improvement and patient is discharged.

  •  G8731 – Pain assessment done, no pain using a standardized, no follow-up plan required. (Final RE/Discharge)
  • G8542 – FOA done, no deficit, no care plan needed (Final RE/Discharge)

  Finally, always remember that your assessments, exams and treatment plans must be documented in your patient files. If your records are audited, you have reported that you have correctly documented these measures.

Dr. John Davenport DCM, MCS-P

Chief Compliance Office, Certified Insurance Consultant

 

The Use And Understanding Of X{EPSU} Modifiers

By | Insurance Coding | No Comments

X Modifier PictureI’ve been getting a lot of questions about the -59 modifier and the new X modifiers, so I thought I would take some time here to explain the use of these modifiers and to let you know why most insurers, including Medicare, still continue to use the -59 modifier.

Currently, providers can use the -59 modifier to indicate that a code represents a service that is separate and distinct from another service with which it would usually be considered to be bundled.

The -59 modifier is the most commonly used and commonly abused modifier. According to 2013 CERT Report data, incorrect -59 modifier usage amounts to a $77 million per year overpayment.

Because of this, CMS believes that more precise coding options are needed to reduce the errors associated with this overpayment.

As a result, CMS established the following four new HCPCS modifiers, referred to collectively as -X{EPSU} modifiers, to define specific subsets of the -59 modifier:

  • XE – “Separate encounter.” A service that is distinct because it occurred during a “separate encounter.” This modifier should only be used to describe separate encounters on the same date of service.
  • XP – “Separate Practitioner.” A service that is distinct because it was performed by a different practitioner.
  • XS – “Separate Structure.” A service that is distinct because it was performed on a separate anatomical area.
  • XU – “Unusual Non-Overlapping Service.” The use of a service that is distinct because it does not overlap usual components of the main service.

These -X modifiers are intended to provide greater reporting specificity.

Though CMS will continue to recognize the -59 modifier, the Current Procedural Terminology (CPT) instructions state that the -59 modifier should not be used when a more descriptive modifier is available.

In some instances CMS may selectively require a more specific – X modifier for billing at high risk for incorrect billing.

Because the X modifiers are different versions of the -59 modifier, it would be incorrect to include both modifiers on the same line.

Though the use of the new modifiers was scheduled to start January 1, 2015, don’t hold your breath. Here’s why:

  • Chiropractors are only paid for 98940, 98941 and 98942. None of your adjustment codes would require modifier -59.
  • For now, secondary billing for Medicare is uncertain. Secondary (private) payers haven’t yet stated that they are willing to accept the XE, XS, XP or XU modifiers. It’s likely they will adopt the same rule sooner or later, so keep an eye out for changes.
  • To date, private payers are not requiring the new modifiers. Providers such as BCBS, Aetna, and Cigna haven’t yet stated that they are willing to accept the XE, XS, XP or XU modifiers. It is likely that they will in the future so watch for updates from private payers.

Though it is likely that the -59 Modifier days are numbered, until then continue to code as usual, with modifier -59.

If you have any questions or concerns don’t hesitate to call or email Compliance & Auditing Services (complianceandauditingservices.com) . We’re here to help you.

All The Best,

Dr. John Davenport
Chief Compliance Officer
Compliance & Auditing Services

The Protected Health Information Cyber Attack Threat

By | Compliance | No Comments

3d rendering of a monit with a chain around it.

Reports of cyber attacks on large corporations such as  Nationwide, JPMorgan Chase and even the Pentagon have been make big news. Yet, every day there are attacks aimed at small to mid-size organizations.

With the increasing use of EHRs, practices are facing increased liability with regard to breaches of protected Health information (ePHI). Hackers know that healthcare providers are less likely to fully protect themselves.

At the same time, increased HIPAA and HITECH security regulations and penalties, for violations, also increase the healthcare providers liability for breaches of ePHI,

Many Doctors simply lack the knowledge and training needed to protect their offices against a cyber attack or meet HIPAA Security Rule requirements.

In this three part series we will discuss simple steps to reduce most major threats to the safety of ePHI. This should be considered basic computer security 101 and not a course on the HIPAA/HITECH rules.

Firewall Protection:

First, unless your practice is totally disconnected from the Internet, it should have a Firewall to protect against threats from outside sources.

Basically, a Firewall is a system that prevents unauthorized access to a private network and works like a filter between your computer network and the Internet. Anything that goes into or out of the network must pass through the firewall.

The firewall examines each message and can be configured to prevent employees from sending certain types of emails or transmitting sensitive data outside of the network.

Additionally, firewalls can be programmed to prevent access to certain websites (like social networking sites) and can prevent outside computers from accessing computers inside your network.

Most computer operating systems come with a firewall installed and firewall software is also available at stores that sell computer products. Both types of firewall software normally provide technical support and guidance for users without the technical savvy.

Anti-virus Protection:

In small offices, attackers compromise computers primarily through viruses, spyware and malware. Computers can become infected by outside sources such as CD- ROMs, e-mail, flash drives, and web downloads. Even a computer that has all  the latest security updates to its operating system and applications can be at risk because of system flaws.

Anti-virus software is used to scan files to identify and eliminate computer viruses andmalicious software. It can also let you know when there has been an attempted threat to your system.

Anti-virus software analysis’s system files to look for known viruses, by means of a virus dictionary, and identifies suspicious behavior that might indicate an infection. Therefore, providing protection against brand-new viruses that do not yet exist in any virus dictionaries.

Without anti-virus software to identify infections, data may be stolen or destroyed. Reliable Anti-virus software is available at most stores that sell computer products, and are relatively inexpensive to buy.

Once you’ve down loaded anti-virus software to your computer, this includes hand held devices, make sure to keep it updated. Anti-virus products require regular updates in order to protect from new computer viruses.

Chained laptop from the frontPasswords:

Passwords are a first line defense in preventing unauthorized access to any computer and should be required to log into your system.  In addition, passwords can be reviewed, using an audit trail log, to see who is accessing specific information and what changes where made to that information.

Passwords can also limit what information individual people have to certain information. This can include certain staff members, your IT contractor, your billing company or anyone who has remote access to your computer system.

Because criminals use special software to try to guess a password, it is important to use strong passwords. A Strong password should:

  • Be at least 8 characters in length
  • Include a combination of upper case and lower case letters, at least one number and at least one special character, such as a punctuation mark
  • Be changed periodically.

You should also have policies in place to remove passwords on staff that leave or are terminated.

An administrator password is used only when you need to make changes or updates to your operating system. This means that anyone with this code can go anywhere and change anything in your system.

To decrease the chance that the administrator password gets stolen, the person in your office authorized to make changes to your system should have a separate user code that is used for daily system access.