Presentation is loading. Please wait.

Presentation is loading. Please wait.

RAC, MIC, ZPIC, MAC, HITECH – What is this Alphabet Soup and What are the Compliance Concerns for HIM Professionals? MHIMA 2011 Spring Meeting 1.

Similar presentations


Presentation on theme: "RAC, MIC, ZPIC, MAC, HITECH – What is this Alphabet Soup and What are the Compliance Concerns for HIM Professionals? MHIMA 2011 Spring Meeting 1."— Presentation transcript:

1 RAC, MIC, ZPIC, MAC, HITECH – What is this Alphabet Soup and What are the Compliance Concerns for HIM Professionals? MHIMA 2011 Spring Meeting 1

2 Department of Justice Health Care F/A Control Program FY 2010  President Obama increased fraud audit funding by more than $300 million for  Approximately $1.8 Billion overall being allocated for FY  The Federal Government is sending a clear message that Healthcare Fraud and Abuse Audit and Recovery of Improper Payments are top priorities.

3 Improper Payments Overall goal of claim review programs “reduce payment error by identifying and addressing billing errors concerning coverage and coding made by providers” 7.8% Medicare dollars paid did not comply with one or more Medicare payment rules = $24.1 billion cms.gov/apps/er_report/edit_report_1.asp

4 Congress To The Rescue CERT MIC MAC RAC ZPIC MIP CMIP MIG CMSO LMAO

5 Fraud and Abuse and CMS The Center for Medicare and Medicaid Services (CMS) are committed to combating provider fraud, waste, and abuse through nationally coordinated strategies. The Center for Medicare and Medicaid Services (CMS) are committed to combating provider fraud, waste, and abuse through nationally coordinated strategies.

6 MAC On the Medicare side, the new enforcement initiatives include contractor reform, such as the consolidation of the Fiscal Intermediaries and Carriers into the Medicare Administrative Contractors (MAC) that are processing both Part A and B claims. On the Medicare side, the new enforcement initiatives include contractor reform, such as the consolidation of the Fiscal Intermediaries and Carriers into the Medicare Administrative Contractors (MAC) that are processing both Part A and B claims. Jurisdiction 3 – Noridian: Jurisdiction 3 – Noridian:

7 MAC Jurisdiction 3 – Arizona, Montana, North Dakota, South Dakota, Utah and Wyoming Jurisdiction 3 – Arizona, Montana, North Dakota, South Dakota, Utah and Wyoming Total Number of Fee-For-Service Beneficiaries: 1,184,154 Total Number of Fee-For-Service Beneficiaries: 1,184,154 Total Number of Beneficiaries (including managed care plans): 1,639,099 Total Number of Beneficiaries (including managed care plans): 1,639,099 Total Number of Practitioners: 27,117 Total Number of Practitioners: 27,117 Total Number of Medicare Hospitals: 361 Total Number of Medicare Hospitals: 361

8 CERT 8 Comprehensive Error Rate Testing Program Established in November 2003 Determines a National Error Rate Main objective is “to measure how accurately the contractors have processed the claims that Medicare providers have submitted” Measure and improve the quality and accuracy of claim submissions Detect Local, Regional and National Error Rate patterns

9 CERT 9 Important Reference Publication# Publication # Medicare Program Integrity Manual Chapter 12 –The Comprehensive Error Rate Testing Program CERT Website https://www.certprovider.com/certproviderportal/pages/default.aspx

10 CERT Process CERT Documentation Contractor (CDC) requests and receives records CERT Documentation Contractor (CDC) requests and receives records CERT Review Contractor (CRC) audits claims to determine if payment was correct CERT Review Contractor (CRC) audits claims to determine if payment was correct Sampled claims data and decision of CRC is entered into a tracking and reporting database Sampled claims data and decision of CRC is entered into a tracking and reporting database 10

11 Common Errors/Trends Insufficient documentation – Error Code 21 Insufficient documentation – Error Code 21 Medically unnecessary services or treatment – Error Code 25 Medically unnecessary services or treatment – Error Code 25 Service incorrectly coded – Error Code 31 Service incorrectly coded – Error Code 31 11

12 Signature Guidelines for Medical Review Purposes All signature requirements in this Change Request are effective for CERT reviews retroactively for the November 2010 report period All signature requirements in this Change Request are effective for CERT reviews retroactively for the November 2010 report period For medical review purposes, Medicare requires that services provided/ordered be authenticated by the author For medical review purposes, Medicare requires that services provided/ordered be authenticated by the author Shall be a hand written or an electronic signature Shall be a hand written or an electronic signature Stamp signatures are not acceptable Stamp signatures are not acceptable Exceptions Exceptions Facsimile of original written or electronic signatures are acceptable for the certifications of terminal illness for hospice Facsimile of original written or electronic signatures are acceptable for the certifications of terminal illness for hospice Orders for clinical diagnostic tests are not required to be signed. Per Pub , chapter 15, section , it states that if the order for the clinical diagnostic test is unsigned, there must be medical documentation by the treating physician (e.g. a progress note) that he/she intended the clinical diagnostic test be performed. This documentation showing the intent that the test be performed must be authenticated by the author via a handwritten or electronic signature. Orders for clinical diagnostic tests are not required to be signed. Per Pub , chapter 15, section , it states that if the order for the clinical diagnostic test is unsigned, there must be medical documentation by the treating physician (e.g. a progress note) that he/she intended the clinical diagnostic test be performed. This documentation showing the intent that the test be performed must be authenticated by the author via a handwritten or electronic signature. Change Request 6698 Change Request

13 Signature Guidelines for Medical Review Purposes Exceptions-Continued If the relevant regulation, NCD, LCD and CMS manuals are silent on whether the signature be legible or present and the signature is illegible/missing, the reviewer shall follow the guidelines listed in this Change Request. In cases where the relevant regulation, NCD, LCD and CMS manuals have specific signature requirements, those signature requirements take precedence. If the relevant regulation, NCD, LCD and CMS manuals are silent on whether the signature be legible or present and the signature is illegible/missing, the reviewer shall follow the guidelines listed in this Change Request. In cases where the relevant regulation, NCD, LCD and CMS manuals have specific signature requirements, those signature requirements take precedence. CERT reviewers shall apply the following signature requirements: CERT reviewers shall apply the following signature requirements: If there are reasons for denial unrelated to signature requirements the reviewer need not proceed to signature authentication. If the criteria in the relevant Medicare policy cannot be met but for a key piece of medical documentation which contains a missing or illegible signature, the reviewer shall proceed to the signature assessment. If there are reasons for denial unrelated to signature requirements the reviewer need not proceed to signature authentication. If the criteria in the relevant Medicare policy cannot be met but for a key piece of medical documentation which contains a missing or illegible signature, the reviewer shall proceed to the signature assessment. Providers should not add late signatures to the medical record, (beyond the short delay that occurs during the transcription process) but instead may make use of the signature authentication process. Providers should not add late signatures to the medical record, (beyond the short delay that occurs during the transcription process) but instead may make use of the signature authentication process. 13

14 Signature Guidelines for Medical Review Purposes A handwritten signature is a mark or sign by an individual on a document to signify knowledge, approval, acceptance or obligation. A handwritten signature is a mark or sign by an individual on a document to signify knowledge, approval, acceptance or obligation. If the signature is illegible, CERT shall consider evidence in a signature log or attestation statement to determine the identity of the author of a medical record entry. If the signature is illegible, CERT shall consider evidence in a signature log or attestation statement to determine the identity of the author of a medical record entry. If the signature is missing from an order, CERT shall disregard the order during the review of the claim. If the signature is missing from an order, CERT shall disregard the order during the review of the claim. If the signature is missing from any other medical documentation, CERT shall accept a signature attestation from the author of the medical record entry. If the signature is missing from any other medical documentation, CERT shall accept a signature attestation from the author of the medical record entry. 14

15 Signature Guidelines for Medical Review Purposes Signature Log Providers will sometimes include in the documentation they submit a signature log that lists the typed or printed name of the author associated with initials or an illegible signature. The signature log might be included on the actual page where the initials or illegible signature are used or might be a separate document. Reviewers may encourage providers to list their credentials in the log. However, reviewers shall not deny a claim for a signature log that is missing credentials. Reviewers shall consider all submitted signature logs regardless of the date they were created. Reviewers are encouraged to file signature logs in an easily accessible manner to minimize the cost of future reviews where the signature log may be needed again. Providers will sometimes include in the documentation they submit a signature log that lists the typed or printed name of the author associated with initials or an illegible signature. The signature log might be included on the actual page where the initials or illegible signature are used or might be a separate document. Reviewers may encourage providers to list their credentials in the log. However, reviewers shall not deny a claim for a signature log that is missing credentials. Reviewers shall consider all submitted signature logs regardless of the date they were created. Reviewers are encouraged to file signature logs in an easily accessible manner to minimize the cost of future reviews where the signature log may be needed again. Signature Attestation Statement Providers will sometimes include in the documentation they submit an attestation statement. In order to be considered valid for Medicare medical review purposes, an attestation statement must be signed and dated by the author of the medical record entry and must contain sufficient information to identify the beneficiary. Providers will sometimes include in the documentation they submit an attestation statement. In order to be considered valid for Medicare medical review purposes, an attestation statement must be signed and dated by the author of the medical record entry and must contain sufficient information to identify the beneficiary. 15

16 Important to Remember Documentation submitted must be legible along with a legible physician signature or service will be denied Documentation submitted must be legible along with a legible physician signature or service will be denied Review records before sending to CERT Review records before sending to CERT Make sure your copies are clear Make sure your copies are clear Check for double sided records so all notes are included Check for double sided records so all notes are included Submit records for all dates of service on the claim Submit records for all dates of service on the claim Ensure that the medical records submitted provide proof that the service was rendered and justification to support the medical necessity Ensure that the medical records submitted provide proof that the service was rendered and justification to support the medical necessity 16

17 RAC Four audit RAC contractors have been assigned to carry out the new permanent RAC program and are now fully operational in all states. The RAC process is generally understood by providers. Four audit RAC contractors have been assigned to carry out the new permanent RAC program and are now fully operational in all states. The RAC process is generally understood by providers. Region D – Health Data Insights: Region D – Health Data Insights:

18 How Are RACs Choosing Cases for Review? Data mining techniques Data mining techniques Findings of OIG and GAO reports Findings of OIG and GAO reports Comprehensive Error Rate Testing (CERT) reports Comprehensive Error Rate Testing (CERT) reports Experience and knowledge of RAC staff Experience and knowledge of RAC staff

19 ZPIC Contractor reform also includes the streamlining of program safeguard work through the creation of seven new Zone Program Integrity Contractors (ZPICs) who take over the role of the Program Safeguard Contractors (PCS) and will focus on fraud. Contractor reform also includes the streamlining of program safeguard work through the creation of seven new Zone Program Integrity Contractors (ZPICs) who take over the role of the Program Safeguard Contractors (PCS) and will focus on fraud. Zone 2 ZPIC – AdvanceMed: Zone 2 ZPIC – AdvanceMed:

20 ZPIC Zone Alignment Puerto Rico U.S. Virgin Islands *Other territories of Zone 1 include American Samoa, Northern Marianas Islands and Guam 7 – SafeGuard Services LLC 4 – Health Integrity, LLC 5 - AdvanceMed AdvanceMed 6 1 2

21 AdvanceMed Aquisition April 4, 2011 April 4, 2011 Aquired by NCI, Inc. Aquired by NCI, Inc. “Powerhouse” in information technology “Powerhouse” in information technology Improve its ability to conduct “Predictive Modeling” Improve its ability to conduct “Predictive Modeling”

22 AdvanceMed Aquisition “The Obama Administration has emphasized reducing fraud, waste, and abuse in Federal entitlements. AdvanceMed is ideally positioned to support the program integrity initiatives of CMS and other Federal Government agencies... We are extremely pleased to have AdvanceMed join NCI and believe that this acquisition will provide NCI an outstanding platform to address this rapidly growing market opportunity.”

23 OMG! SOS! Can you avoid being a Medicare audit target? Can you avoid being a Medicare audit target? Track, trend and learn from past mistakes. Track, trend and learn from past mistakes. … and get ready for the Medicaid Integrity Contractors (MICs) national contractors who are now populating the Medicaid landscape. national contractors who are now populating the Medicaid landscape.

24 Prepayment and Postpayment Claim Review Programs Prepayment Claim Review ProgramsPost Payment Claim Review Programs National Correct Coding Initiatives (NCCI) Edits Comprehensive Error Rate Testing (CERT) Program Medically Unlikely Edits (MUEs)Recovery Audit Contractor (RAC) MAC Medical Review (MR)

25 MIP and MICs Medicaid Integrity Program and MICs The Deficit Reduction Act (DRA) of 2005 was signed into law in February 2006 and created the Medicaid Integrity Program (MIP) as the first comprehensive federal strategy to prevent and reduce provider fraud, waste, and abuse in the $300 billion per year Medicaid program. Medicaid Integrity Program and MICs The Deficit Reduction Act (DRA) of 2005 was signed into law in February 2006 and created the Medicaid Integrity Program (MIP) as the first comprehensive federal strategy to prevent and reduce provider fraud, waste, and abuse in the $300 billion per year Medicaid program.

26 CMIP, MIG and CMSO It is explained in the Comprehensive Medicaid Integrity Plan (CMIP) and managed centrally by the Medicaid Integrity Group (MIG) within the Center for Medicaid and State Operations (CMSO) at CMS. In FY 2008, MIG began the development of the MIG Data Engine, the first national database of Medicaid claims. It is explained in the Comprehensive Medicaid Integrity Plan (CMIP) and managed centrally by the Medicaid Integrity Group (MIG) within the Center for Medicaid and State Operations (CMSO) at CMS. In FY 2008, MIG began the development of the MIG Data Engine, the first national database of Medicaid claims.

27 MIGs Data Engine The data engine allows the storage of large amounts of Medicaid claims and related data. In addition, data models to predict suspect provider behavior will be built to assess specific provider types (e.g., physician, pharmacy, and dental). The data engine allows the storage of large amounts of Medicaid claims and related data. In addition, data models to predict suspect provider behavior will be built to assess specific provider types (e.g., physician, pharmacy, and dental).

28 MIC Contractors MICs are outsourced contractors to perform four key program integrity activities: MICs are outsourced contractors to perform four key program integrity activities: Review provider actions; Review provider actions; Audit claims; Audit claims; Identify overpayments; and Identify overpayments; and Educate providers, managed care entities, beneficiaries, and others with respect to payment integrity and quality of care. Educate providers, managed care entities, beneficiaries, and others with respect to payment integrity and quality of care.

29 End Game Audit MICs are expected to make referrals to the HHS Office of Inspector General (OIG) if fraudulent behavior is suspected. OIG will pass this information on to the state’s Medicaid Fraud Control Unit (MFCU), if deemed appropriate. Medicaid fraud investigations will likely increase because of such referrals. Audit MICs are expected to make referrals to the HHS Office of Inspector General (OIG) if fraudulent behavior is suspected. OIG will pass this information on to the state’s Medicaid Fraud Control Unit (MFCU), if deemed appropriate. Medicaid fraud investigations will likely increase because of such referrals.

30 What They Have In Common The areas that will be targeted by RACs, MICs and ZPICs are determined by the Review MICs, which run MIG-approved algorithms on claims data from the Medicaid Statistical Information System (MSIS). The areas that will be targeted by RACs, MICs and ZPICs are determined by the Review MICs, which run MIG-approved algorithms on claims data from the Medicaid Statistical Information System (MSIS). The MIG’s Division of Fraud Research & Detection reviews and approves those results before they are provided to the Audit MICs for audit. The MIG’s Division of Fraud Research & Detection reviews and approves those results before they are provided to the Audit MICs for audit.

31 The Same But Different RACs are paid on a contingency fee. RACs are paid on a contingency fee. MICs and ZPICs are not paid on a contingency fee. MICs and ZPICs are not paid on a contingency fee. RACs have a three-year lookback period. RACs have a three-year lookback period. ZPIC & MIC audit periods are determined by state lookback guidelines – Normally three years. ZPIC & MIC audit periods are determined by state lookback guidelines – Normally three years.

32 RACs have set limits of medical records requests (maximum of 200) and providers have 45 days to respond. RACs have set limits of medical records requests (maximum of 200) and providers have 45 days to respond. MICs and ZPICs on the other hand, have no single standard and no set medical record request limits. Allowed response periods in MIC audits may be a lot less, but no less than 15 days. In other words, don’t let this sit on your desk for three months before you respond. MICs and ZPICs on the other hand, have no single standard and no set medical record request limits. Allowed response periods in MIC audits may be a lot less, but no less than 15 days. In other words, don’t let this sit on your desk for three months before you respond. The Same But Different

33 Although the RAC and ZPIC appeal process is consistent across all regions and follows the Medicare appeal process. Although the RAC and ZPIC appeal process is consistent across all regions and follows the Medicare appeal process. There are up to five levels of appeals so make sure you are doing it right the first time. There are up to five levels of appeals so make sure you are doing it right the first time. MIC appeal process follows state Medicaid appeal process guidelines. MIC appeal process follows state Medicaid appeal process guidelines. The Same But Different

34 What Do I Do? Find out what you are doing good and bad Find out what you are doing good and bad Get the staff ready for requests and develop ways to track requests, appeals, etc. Get the staff ready for requests and develop ways to track requests, appeals, etc. See what improper payments were found by the RACs: See what improper payments were found by the RACs: – RAC findings: – RAC findings: Look to see what improper payments have been found in OIG and CERT reports Look to see what improper payments have been found in OIG and CERT reports – OIG reports: – OIG reports: – CERT reports: – CERT reports: Pray, Seriously Pray, Seriously

35 One More Word in the Soup HITECH HITECH Important for HIM professionals Important for HIM professionals

36 American Recovery and Reinvestment Act of 2009 (ARRA) “The Stimulus Bill” Signed into law February 17, 2009 (Act is effective February 17, 2010 … with the exception of breach notification provisions) Signed into law February 17, 2009 (Act is effective February 17, 2010 … with the exception of breach notification provisions) Title 13: Health Information Technology for Economic and Clinical Health Act (HITECH Act) Title 13: Health Information Technology for Economic and Clinical Health Act (HITECH Act) Subtitle A: Promotion of HIT through the Office of the National Coordinator for HIT (ONC) Subtitle A: Promotion of HIT through the Office of the National Coordinator for HIT (ONC) Subtitle B: Testing of HIT through the National Institute of Standards and Technology (NIST) Subtitle B: Testing of HIT through the National Institute of Standards and Technology (NIST) Subtitle C: Grants and Loan Funding for Incentives for the Use of HIT Subtitle C: Grants and Loan Funding for Incentives for the Use of HIT Subtitle D: Privacy (Privacy and Security Rule) Subtitle D: Privacy (Privacy and Security Rule)

37 Notification of “Breach” HITECH requires every covered entity to notify a person when there has been a “breach” of that person’s PHI and to notify HHS. HITECH requires every covered entity to notify a person when there has been a “breach” of that person’s PHI and to notify HHS.

38 Definition of Breach “Breach” means “the acquisition, access, use, or disclosure of [PHI] in a manner not authorized under [HIPAA] which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.” 45 C.F.R. § “Breach” means “the acquisition, access, use, or disclosure of [PHI] in a manner not authorized under [HIPAA] which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.” 45 C.F.R. §

39 Compromises the Security of PHI For purposes of the definition of a breach, access that “compromises the security or privacy of the protected health information means “[access that] poses a significant risk of financial, reputational, or other harm to the individual.” 45 C.F.R. § For purposes of the definition of a breach, access that “compromises the security or privacy of the protected health information means “[access that] poses a significant risk of financial, reputational, or other harm to the individual.” 45 C.F.R. §

40 What Constitutes A Breach? “Unsecured protected health information” means protected health information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by HHS. 45 C.F.R. § “Unsecured protected health information” means protected health information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by HHS. 45 C.F.R. §

41 Breach: Operational Definition A covered entity is not required to provide notice of an unauthorized disclosure of secured protected health information, i.e., adequately encrypted PHI. A covered entity is not required to provide notice of an unauthorized disclosure of secured protected health information, i.e., adequately encrypted PHI.

42 Breach: Exclusions Excluded from “breach” are: Excluded from “breach” are: (1)Any unintentional breach by employee, agent, or business associate, if the acquisition was made in good faith and the PHI is not further used or disclosed; (1)Any unintentional breach by employee, agent, or business associate, if the acquisition was made in good faith and the PHI is not further used or disclosed;

43 Breach: Exclusions [Con’d] “ Breach” excludes “(2) any inadvertent disclosure by a covered entity or BA to another individual at the same entity if the PHI is not further used or disclosed. “ Breach” excludes “(2) any inadvertent disclosure by a covered entity or BA to another individual at the same entity if the PHI is not further used or disclosed.

44 Notice Required to Individuals Within 60 days of the discovery of a breach, a covered entity must provide notice via first class mail to the affected person’s last known address. Within 60 days of the discovery of a breach, a covered entity must provide notice via first class mail to the affected person’s last known address. 45 C.F.R. § (b).

45 Notice: Required Information Notice: Required Information The notice must include: a description of what happened, date, and the information involved in the breach, steps the person should take to protect herself, and description of covered entity's investigation & mitigation efforts The notice must include: a description of what happened, date, and the information involved in the breach, steps the person should take to protect herself, and description of covered entity's investigation & mitigation efforts

46 Breach: Notice to Local Media In any case in which 500 or more persons are affected by a breach, the covered entity must provide notice to major local media outlets In any case in which 500 or more persons are affected by a breach, the covered entity must provide notice to major local media outlets

47 Breach: Notice to HHS Covered entities are required to disclose all breaches to HHS. Notice of breaches affecting 500 or more individuals must be made immediately; breaches affecting fewer than 500 individuals must be reported annually to HHS Covered entities are required to disclose all breaches to HHS. Notice of breaches affecting 500 or more individuals must be made immediately; breaches affecting fewer than 500 individuals must be reported annually to HHS

48 HIPAA Rules Apply to Business Associates HITECH makes business associates directly subject to the HIPAA security rule, including physical and technical safeguards, and documentation HITECH makes business associates directly subject to the HIPAA security rule, including physical and technical safeguards, and documentation

49 Business Associates: Examples Law firms, accountants, information technology companies – billing services – are “BAs” Law firms, accountants, information technology companies – billing services – are “BAs” A cleaning service is not a business associate because its employees A cleaning service is not a business associate because its employees should not have access to PHI

50 Business Associates: Notice of Breach; Penalties Under HITECH, a business associate is required to notify the covered entity of any breach of confidentiality of PHI acquired from the covered entity Under HITECH, a business associate is required to notify the covered entity of any breach of confidentiality of PHI acquired from the covered entity A business associate is subject to the same enhanced civil penalties that apply to a covered entity that violates the HIPAA security regulations A business associate is subject to the same enhanced civil penalties that apply to a covered entity that violates the HIPAA security regulations

51 Update Business Associate Agreements Covered entities must incorporate the new privacy and security rules into all new and existing business associate agreements.[effective Feb. 17, 2010] Covered entities must incorporate the new privacy and security rules into all new and existing business associate agreements.[effective Feb. 17, 2010] HHS is expected to issue a new model BA agreement by August 17, HHS is expected to issue a new model BA agreement by August 17, 2010.

52 Restrictions on Use of PHI: New Requirements A covered entity is now required to comply with a request to restrict the disclosure of PHI if the person requests a restriction on the disclosure of PHI to a health plan for payment (or health care operations) and the PHI pertains solely to services for which the person was completely “self-pay.”

53 Electronic Medical Records: Access If a covered entity [CE] maintains an electronic medical record, the CE must provide the individual with a copy of the record in an electronic format if the individual requests the record in that format. [Effective Feb. 17, 2010] If a covered entity [CE] maintains an electronic medical record, the CE must provide the individual with a copy of the record in an electronic format if the individual requests the record in that format. [Effective Feb. 17, 2010]

54 HIPAA Privacy: Accounting for Disclosure Under HITECH, a covered entity is required to track “disclosures through an electronic health record.” Thus, a covered entity will have to track disclosures of electronic records made for treatment, payment, and health care operations and provide an accounting to patients of any such disclosures. Under HITECH, a covered entity is required to track “disclosures through an electronic health record.” Thus, a covered entity will have to track disclosures of electronic records made for treatment, payment, and health care operations and provide an accounting to patients of any such disclosures.

55 Accounting For Disclosures: Impact The requirement to provide an accounting of “disclosures through an electronic health record” –will have an enormous impact. It will require all covered entities to establish an electronic audit system that is capable of providing a patient with a record of all electronic disclosures of the patient’s protected health information. The requirement to provide an accounting of “disclosures through an electronic health record” –will have an enormous impact. It will require all covered entities to establish an electronic audit system that is capable of providing a patient with a record of all electronic disclosures of the patient’s protected health information.

56 Accounting for Disclosures: Effective Dates Jan. 1, 2011, for electronic medical records [EMR] created after Jan. 1, 2009 Jan. 1, 2011, for electronic medical records [EMR] created after Jan. 1, 2009 Jan. 1, 2014 for EMR created before Jan. 1, 2009 Jan. 1, 2014 for EMR created before Jan. 1, 2009

57 Policies Impacted by HITECH Breach Notification Breach Notification Requests for Restrictions Requests for Restrictions BA Agreements BA Agreements Notice of Privacy Practices Notice of Privacy Practices Meaningful Use Meaningful Use Marketing Marketing Fundraising Fundraising Accounting for Disclosures Accounting for Disclosures Minimum Necessary Minimum Necessary 57

58 Contact Information Virginia Gleason, JD/MPA Senior Consultant Quorum Health Resources 58


Download ppt "RAC, MIC, ZPIC, MAC, HITECH – What is this Alphabet Soup and What are the Compliance Concerns for HIM Professionals? MHIMA 2011 Spring Meeting 1."

Similar presentations


Ads by Google