REGULATORY COMPLIANCE TRAINING - PowerPoint Presentation

REGULATORY COMPLIANCE TRAINING Fraud and Abuse HIPAA May 2017

Compliance Training Objectives Define what constitutes Medicare and Medicaid Fraud and AbusePrevention of Fraud and AbuseOverview of the Federal Fraud and Abuse laws and penaltiesNew York State False Claims ActMethods of reporting suspected fraud and abuseConflict of InterestBilling, Coding and DocumentationTeaching Physician Supervision RulesJoint CommissionHIPAA and HITECH 2

HealthCare Compliance Required by law Regulates billing and coding Prevents improper treatment and billingProtects the organization by following laws and regulations

Medicare and Medicaid Fraud Obtaining a federal or state health care payment through misrepresentation or concealment of facts…..

Examples of Fraud Billing for services that were not provided Altering medical records or claims to receive a higher payment5

Medicare and Medicaid Abuse Abuse results in unnecessary costs to governmental programs and is inconsistent with the goals of providing patients with services that are medically necessary.

Examples of Abuse Billing for unnecessary services Billing inaccurate diagnosis and procedure codes on claims to ensure payment

Fraud and Abuse Laws False Claims Act Anti-Kickback Statute Physician Self-Referral Law (Stark Law)New York State Laws

False Claims Act Knowingly submitting a false or fraudulent claim to the government : Acting in deliberate ignorance of the truth Reckless disregard of the truthhttp://downloads.cms.gov/cmsgov/archived-downloads/SMDL/downloads/smd032207att2.pdf

False Claims Act Examples Improperly admitting patients to the hospital for services that should have been provided in an outpatient setting Billing for tests that were not medically necessary

Anti-Kickback Statute Prohibits knowingly and willfully offering, paying, soliciting or receiving any remuneration to induce referrals of service reimbursable by a federal health care program. Anti-Kickback Statute examples:Cash for referralsFree staff in exchange for referralsFree rent or below market value rent for referrals

Stark Law Prohibits physicians from referring Medicare beneficiaries for certain designated health services to an entity in which the physician or their immediate family member has an ownership/investment interest. Stark Law Example:A physician refers a patient to a laboratory that he owns. http://oig.hhs.gov/compliance/provider-compliance-training/files/starkandakscharthandout508.pdf

New York False Claims Act The New York False Claims Act closely tracts the Federal False Claims Act.Penalties and fines imposed for obtaining payment from any government program such as Medicaid for filing false claims.

Whistleblower Protection Whistleblowers may not be discharged, demoted, suspended, threatened, harassed or in any manner discriminated against as a result of reporting fraud or abuse. http://www.ag.ny.gov/sites/default/files/pdfs/bureaus/whistleblowers/NYS_FALSE_CLAIMS_ACT.pdf

Penalties Federal health care fraud and enforcement efforts recovers >$4 billion annually in penalties & fines. Civil Monetary PenaltiesCivil and Criminal ProsecutionExclusion from Medicare and Medicaid programsSuspension of payments

Fraud and Abuse Prevention Follow the Compliance Program Code of Conduct Teaching physicians should be physically present for the service in order to submit a billMaintain accurate and complete medical records and documentationAvoid submitting claims for unnecessary servicesSubmit accurate coding and billingAvoid illegal conductIf you are not sure of the appropriateness of an action, call the Compliance Officer

Conflict of Interest  The Ethics law and SBUH policy prohibit situations that can create a Conflict of Interest .Conflicts of Interest arise when a person’s judgment and discretion is or may be influenced by personal considerations, or the interests of SBUH.Examples: 1. Accepting gifts from vendors 2. Misuse of hospital assets 3. Activities that violate principles governing researchhttp://www.jcope.ny.gov/

Conflict of Interest According to the New York State Ethics Commission, a gift may be in the form of:MoneyLoansTravelMealsRefreshmentsEntertainmentAny services or goods

Conflict of Interest Violations of Ethics Law regarding gifts : New York State employees are not allowed to accept gifts valued above nominal Value.Examples of nominal value gifts:Coffee mugsPadsPensKey tags Penalties imposed by the Ethics Commission are up to $10,000 per incident.

EMTALA It requires hospital Emergency Departments that accept payments from Medicare to provide an appropriate medical screening examination to individuals seeking treatment for a medical condition, regardless of citizenship, legal status or ability to pay . Participating hospitals may not transfer or discharge patients needing emergency treatment except:With the patient’s informed consent, or Stabilization of the patient, or When their condition requires transfer to a hospital better equipped to administer the treatment.https://www.cms.gov/Regulations-and-Guidance/Legislation/EMTALA/index.html?redirect=/EMTALA/

Billing, Coding and Documentation Billing is based on: A Procedure code (CPT),A Diagnosis code (ICD-10), andA Modifier (if applicable, helps further describe a procedure code without changing the definition)Billing is based on services actually renderedCPT and ICD-10 Code Selection:Code and modifier selection is based on the service rendered and documented in the medical recordCode and modifier selection should never be based on whether they guarantee payment

Billing, Coding and Documentation Documentation: Medicare’s rules for billing: “If its not documented, it didn’t happen”. Medical record documentation is required to record pertinent facts, findings, and observations about an individual’s health history including past and present illnesses, examinations, tests, treatments, and outcomes. The medical record should be complete and legible. All tests should have an order and support the medical necessity for performing the test.

The documentation of each patient encounter should include: The reason for encounter and relevant history, physical examination findings, and prior diagnostic test resultsAn assessment, clinical impression, or diagnosisPlan for careIf not documented, the rationale for ordering diagnostic and other ancillary services should be easily inferred Past and present diagnoses should be accessible to the treating and/or consulting physician Appropriate health risk factors should be identifiedBilling, Coding and Documentation

Medical Record Documentation Cloned Documentation Could Result in Medicare Denials for Payment   With the advent of Certified Electronic Health Record Technology, the government is closely watching electronic health record documentation practices. Medicare has noted an increase in frequency of medical records that contain identical documentation across services. Cloning has been defined by Medicare as:Each entry in the medical record for a beneficiary is worded exactly like or similar to the previous entries, or When medical documentation is exactly the same from beneficiary to beneficiary. It can also occur when the documentation is exactly the same from patient to patient. Cloned documentation will be considered misrepresentation of the medical necessity requirement for coverage of services due to the lack of specific individual information for each unique patient. http://oig.hhs.gov/oei/reports/oei-01-11-00571.pdf

Evaluation and Management Services(E/M) Evaluation and Management Services are categorized by: Place of service- e.g. Inpatient or Office Type of Service- New Patient Visit, Initial Hospital Visit

Evaluation and Management Services (E/M) The descriptors for the levels of E/M services recognize three key components which are used in defining the levels of E/M services. These components are: History Physical Examination Medical decision making Medical necessity of a service is the overarching criterion for payment in addition to the individual requirements of a CPT code. The volume of documentation should not be the primary influence upon which a specific level of evaluation and management service is billed.

Evaluation and Management Services(E/M) The level of service is determined by the elements documented in the medical record. Because the level of E/M service is dependent on two or three key components, performance and documentation of one component (e.g.,. examination) at the highest level does not necessarily mean that the encounter in its entirety qualifies for the highest level of E/M service. In the case of visits which consist predominantly of counseling or coordination of care, time is the key or controlling factor to qualify for a particular level of E/M service. Time spent counseling must be greater than 50% of the encounter.1995 Guidelines:https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNEdWebGuide/Downloads/95Docguidelines.pdf1997 Guidelineshttps://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNEdWebGuide/Downloads/97Docguidelines.pdf

Physicians at Teaching Hospitals (“PATH”) Payment for Physicians at Teaching Settings:The attending physician must be present during every billable service when rendered by an intern, resident or fellow.Physical Presence Requirements:Evaluation and Management ServicesThe Teaching Physician must personally attest to their physical presence.The Teaching Physician must specifically document that they reviewed the resident’s progress note.The Teaching Physician must document that they agree with the management and plan as documented by the resident.The Teaching Physician must revise the progress note if needed.

Physicians at Teaching Hospitals(“PATH”) Single Surgery The Teaching Physician’s presence may be documented by an “attestation statement” by the resident or teaching physician. Two Overlapping SurgeriesThe Teaching Physician must be present during the key portions of both surgeries. The Teaching Physician must make a personal entry into the medical record documenting his/her presence during the key portion of each procedureThe key portions may not overlapThe Teaching Physician must be immediately available During non-critical or non-key portions of the surgery, if the teaching physician is not physically present, he/she must be immediately available to return to the procedure. If circumstances prevent a teaching physician from being immediately available, then he/she must arrange for another qualified surgeon to be immediately available to assist with the procedure, if needed.

Physicians at Teaching Hospitals (“PATH”) Procedures The Teaching Physician must be physically present during all high risk or other complex procedures.The Teaching Physician’s presence may be documented by an “attestation statement” by the resident or teaching physician if they are present during the entire procedure.Minor Procedures (5 minutes or less)The Teaching Physician must be present for the entire procedure.The Teaching Physician’s presence may be documented by an “attestation statement” by the resident or teaching physician.

Physicians at Teaching Hospitals(“PATH”) Diagnostic Test Interpretation The Teaching must personally review the data, image, tracing or specimen. The Teaching Physician must personally document that they reviewed the data, image, tracing or specimenThe Teaching Physician must review the resident’s interpretation and agree or modify the findings.EndoscopyThe Teaching Physician must be present for the entire viewing, including scope insertion and removal.The Teaching Physician’s presence may be documented by an “attestation statement” by the resident or teaching physician.

Physicians at Teaching Hospitals (“PATH”) Anesthesia The Teaching Physician must be present during all key elements including induction and emergence.The Teaching Physician must personally document their physical presence.The Teaching Physician must sign the anesthesia record.Maternity Services The Teaching Physician must be present for the delivery.The Teaching Physician must be present for the minimum number of antenatal visits listed in CPT when billing globally.

The Joint Commission The Joint Commission accredits and certifies health care organizations. A private agency entrusted by Medicare to certify that healthcare organizations meet a set of established standards. These criteria are incorporated in Medicare's Conditions of Participation.Purpose:Maintain a high standard of institutional care, by both establishing guidelines for the operation of health care organizations through surveys and periodic inspections. The Joint Commission

The Joint Commission Standards The standards focus on important patient, individual, or resident care and organization functions that are essential to providing safe and high quality care. In addition, the Joint Commission: Helps organize and strengthen patient safety efforts Strengthens community confidence in the quality and safety of care, treatment and services Provides a competitive edge in the marketplace Improves risk management and risk reduction Provides education to improve business operations Provides professional advice and counsel, enhancing staff education Provides a framework for organizational structure and management Provides practical tools to strengthen or maintain performance excellence

The Joint Commission Standards Joint Commission standards are the basis of an objective evaluation process that can help health care organizations : MeasureAssess Improve performanceThe Joint Commission’s standards set expectations for organization performance that are:Reasonable andAchievable

Health Insurance Portability and Accountability Act HIPAA The rule establishes national standards to protect an individual’s medical records and health information. Applies to Covered Entities:Health plansHealth care clearinghousesHealth care providersThe rule sets limits and conditions on the uses and disclosures that may be made of “Protected Health Information” without patient authorization.The rule gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf

HIPAA Privacy The Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being. The Privacy Rule sets the standards for who may have access to protected health information.A covered entity may use and disclose protected health information for: Treatment,Payment, and Health care operations

Protected Health Information (PHI) Any form of information that can identify, relate or be associated with an individual obtaining healthcare services. The Privacy Rule protects all protected health information transmitted by a covered entity or its business associate, in any form or media. It may be:ElectronicPaperVerbalPHI is composed of:Personal InformationMedical InformationTechnical Information

PHI Examples of Personal Information :NameAddressTelephone NumberFax NumberE-mail addressBirth DateSocial Security NumberCertificate/license numberVehicle identification numbers

PHI Examples Medical Information: Medical record numberHealth plan informationTest resultsClinical notesCare plansDiagnoses

PHI Examples Technical Information :Biometric identifiersPhotographic imagesWeb URLsIP addressesAccount numbers

Patient Rights Under HIPAA Receive Notice of Privacy Practices Request an amendment to medical record Access and request a copy of medical recordRequest special privacy protection for PHIRequest an accounting of disclosuresFile a complaint if their rights are violated

Maintain Confidentiality Do not discuss patient information in public places Limit unnecessary or inappropriate access to and disclosure of protected health information Discard PHI in the confidential HIPAA binsLog off computers when leaving it unattended Do not share passwordsDo not snoopDo not leave PHI open to public viewingDo not send PHI over the internet or unsecured E-mailhttp://it.cc.stonybrook.edu/site_documents/google/hipaa_hitech_fact_sheet.pdf

Health Information Technology for Economic and Clinical Health Act (HITECH) New rule protects patient privacy, secures health information which include:Patients may request a copy of their medical record in an electronic formatPatients may restrict disclosures if they pay out-of-pocket for the serviceRestrictions on Marketing, Fundraising and the sale of PHIClarification regarding “Minimum Necessary”Increased penaltiesIncreased enforcement and oversight activitiesEnhanced breach notification rules

HIPAA Security The Security Rule sets the standards for ensuring that only those who should have access to electronic PHI will have access. The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic PH(e-PHI).Specifically, covered entities must:Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit.Identify and protect against reasonably anticipated threats to the security or integrity of the information.Protect against reasonably anticipated, impermissible uses or disclosures; andEnsure compliance by their workforce.http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html

HIPAA Security The Security Rule requires covered entities to Protect electronic PHI by maintaining reasonable and appropriate safeguards: Administrative -policies and procedures, training, general oversightTechnical-security measures such as firewalls, virus and malware protection, encryptionPhysical-physical measures to protect against:Natural disasters (hurricanes, storms) emergency back-up, redundant serversEnvironmental hazards (fires) data center with halon sprinklersUnauthorized intrusion (unauthorized access) secure areas with ID badge card entry

The Effects of a Compromise Business Impact Loss of revenue Legal liabilityBad pressFinancial Penalties

Contacts Stony Brook University Hospital Chief Compliance Officer: Lori Strauss Telephone: 631-444-5864Stony Brook Medicine Information TechnologyChief Information Privacy and Security Officer: Stephanie Musso-MantioneTelephone: 631-444-5796SB Clinical Practice Management Plan, Inc.Chief Compliance Officer: Lori StraussTelephone: 631-444-5864

Quiz 1. Medicare abuse describes practices that either directly or indirectly, result in unnecessary costs to the Medicare Program. TrueFalse 2. The Federal laws used to address fraud and abuse are the False Claims Act, the Anti-kickback Statute and the Stark law.TrueFalse3. Penalties for Medicare and Medicaid fraud and abuse include exclusion from participating in all federal and state health care programs.TrueFalse4. When leaving your desk, you should log off your computer.TrueFalse5. The attending physician must be present during every billable service when rendered by an intern, resident or fellow. True False

Certification of Completion Certificate of Completion Please print, complete and return to Lori Strauss, Chief Compliance Officer, at Lori.Strauss@stonybrookmedicine.edu or fax to (631) 444-9284.This Certificate is presented _________________________________ Print Name For successfully completing : Regulatory Compliance Training Fraud and Abuse HIPAA ____________________ _________________ Signature Date of Completion