June15,2015|Vol.29,Issue23
INTHISISSUE
Compliance1
Warning:HowEHRscanincreaseyourmedicalmalpracticeliability
Coding1
CCIupdate:Don’toverbillforobesitybehavioralcounseling,E/Mvisits
Accountablecareorganizations2,3
ACOrulefinalizeshigh-endtrack3butofferslittlefortrack1,2models
PioneerACOtestresultsinconclusiveaftertwoyears,GAOreportimplies
HIPAA3
ImproveusabilitybutmindHIPAAifusingpersonalmobiledevicesforwork
PartBNewsbriefs4
Benchmarkoftheweek7
AvoidCCIeditsforgroupcounselingwithcommonpsychcodes
Compliance
Warning:HowEHRscanincreaseyourmedicalmalpracticeliability
Reviewhowyourelectronichealthrecord(EHR)docu-mentspatientcare.Someofthefeaturesprovidersrelyontosavetimeandenhancedocumentationmaycreateerrorsintherecordandcauseorcontributetopatientharm.
EHRsalsomaynotsupportthephysician’stestimony,andinamedicalmalpracticecase,thatcanhurtthedoctor’scred-ibilityandgivetheappearancethatshe’sliable.
About70%ofphysicianshaveadoptedEHRs.However,
EHRsalsoareincreasinglythecauseoforacontributing
(seeEHRs,p.5)
Coding
CCIupdate:Don’toverbillforobesitybehavioralcounseling,E/Mvisits
Payattentiontothetimerequirementandshoreupyourdocumentationwhenyouperformgroupbehavioraltherapyforobesity,whichisnowbundledwithabatchofE/MandpsychcodesinthelatestNationalCorrectCodingInitiative(CCI)edits.
EffectiveJuly1,CCIversion21.2editsstipulatethatyoucanbillcodeG0473(Facetofacebehavioralcounselingforobesity,group[2-10],30minutes) withE/Mservicecodes
(seeCCI,p.7)
AllMedicarefeesarepar,office,nationalunlessotherwisenoted.
PartBNews•9737WashingtonianBlvd,Ste200•Gaithersburg,MD20878-7364•1-855-CALL-DH1
PartBNewsJune15,2015
totrack1tosustainthegrowthwehavebeenseeingandamconcernedthatlargenumbersofcurrentACOsarenotreadytotakeonthehigherrisksoftrack2,3or
CMMI’s[upcoming]NextGenerationACOprogram,”saidNAACOS CEO ClifGausin astatement. —RoyEdroso()
Resource:
`Finalrule,MedicareProgram;MedicareSharedSavingsProgram:AccountableCareOrganizations:cles/2015/06/09/2015-14005/medicare-program-medicare-shared-savings-program-accountable-care-organizations
HIPAA
ImproveusabilitybutmindHIPAAifusingpersonalmobiledevicesforwork
Letphysiciansandotherstaffusetheirownmobiledevicesfortransmissionofprotectedhealthinforma-tion(PHI)—onceyou’veoptimizedthetechnologyforsecurityandusability.
Practicecommunicationsareincreasinglymobilecom-munications.About83%ofhealthcareworkersreportedthattheirphysiciansusemobiletechnologytoprovidepatientcare;71%saidtheirnursesdidaswell,according tothemostrecentMobileTechnologySurveyfromtheHealthcareInformationandManagementSystemsSociety(HIMSS).ButthedeviceshavetobemanagedtokeepfromcreatinganundueHIPAAsecurityrisk.
Somepractices,likecorporationsinotherfields,givetheiremployeesworkdevicesthatremainunderthecontrolofthecompanysotheycaninstitutetheirownsecuritymodifications,includingtheabilitytoremotelywipetheunit.Butbecausemobiledevicesareubiqui-tous,somepracticeadministratorsareadoptinga“bringyourowndevice” or BYODpolicy,whereby healthcareprovidersusetheirownphonesandtabletstohandlework,includingpatients’PHI(PBN2/9/15). Butthat’sonlyafterlettingthepractice’sITpeopleoutfitthephonewithHIPAA-compliantsoftware,suchasvirtualprivatenetwork(VPN)capability,thatallowsmoresecurecom-municationwith PHI.
Expertscautionthatusersmustbeonboardwiththesecurityfeaturesortheysimplywon’tusethem—andmayjustgorogueand start handlingPHIoutsideyoursecurityparameters.Toencourageeffectiveuse,over-come“historicbarriersofpoorusability,arduoussecu-rityand alackofmobileintegration,”saysDavidParpart,executiveconsultantat NavisHealth inSantaClara, Calif.
‘Containerize’files
Oneissuethatmay makeusersbalkatBYOD isthe“nuclear”option—thatis,thechancethephonewillhave to beremotelywipedif it’slost.Evenwhen usingwork-issueddevices,“peopleuseitforpersonalandbusi-nesspurposes,soifit’slost,alltheirstuffgetswipedtoo,”saysJenniferSearfoss,CEOofSCGHealth,Ashburn,Va.
Solution:Usetechnologythatseparatesworkfrompersonalfiles.BradRostolskyoflawfirmReedSmithsayshisfirmusesthethird-partyappGood,“afully
©2015DecisionHealth® • •1-855-CALL-DH13
June15,2015PartBNews
encrypteduber-secureemailappthatsitswithinitsownpartitionofthe phone.” Thebusinessfilesare“container-ized”fromtheuser’spersonalfilesand when thecom-pany isforced to wipe it, only theworkpartgets wiped.
Whateversoftwareyouuse,remember“italsorequiresthe individualwholostorhad theirdevicestolentoreporttheincident,whichcanbeagapintheprocess,”Rostolskysays.Thatwillbeeasierforthemtodo iftheydon’thaveto worryaboutlosing theirvacationphotosaswell.
Hardforthievesbuteasyforusers
Whetherit’saloanerorpersonallyowned,a mobiledeviceshouldbedifficultforoutsiderstoaccessbutsimplefor theuser.Oneway tomakeit harderfor thievesisdoubleauthentication—twowaystoidentifyyourselftothe device— ratherthan simplepassword access. Butitshouldn’tbecumbersome.
Solution:Makeyourtwo-partauthenticationeasy.“Therearethreewaystovalidateauser:bywhoyouare(e.g.,afingerprint),bysomethingyouhavewithyou(thephone’sUDID[uniquedeviceidentifier])or
bysomething youknow(aPINnumber),”saysParpart.Usingtwoofthosethreefeaturesasauthenticatorswouldbe simpleforthe user,hesays.
5moremobilemust-dos
•Turnmobilecommunicationintoapracticeinitiativeandenlistkeypeopleasleaders.Don’tjustputsoftware onphonesandhandthemback, says HarryNelson, a partner with NelsonHardimaninLosAngeles.
“Sincethisisanongoingculturechange,itisvaluableto enlist doctors in leadershippositions anddoctors whoaremoresensitivetolegalcompliancetobetestingandadoptingsolutions,” says Nelson. Managers also shouldfindincentivestoencourageadoption,measure progressandsetgoalsfororganizationalcompliance,headds.
•Enforceyourpolicies.Partofthe“riskmitiga-tion”requiredbyHIPAArules involvespoliciesandproceduresthatshowagood-faitheffortatregulatingemployeebehaviorwithPHI(PBN7/21/14).IthelpstotrackaccessviaITlogsforauthorizeduse,saysMatthew
R.Fisher, an associate with the MirickO’ConnelllawfirminWorcester, Mass.Logscan tellwhat userandwhat kindofdevicehasaccessedyourfiles.
“Haverealpoliciesthatmakesense,trainonthemandmakeclearthatyou’lltakeimmediateactionon
violations — maybeawarningwritteninthefile,maybethe loss of avacationday— somethingthatforcestheemployeetotake notice,”saysRostolsky.“Terminationshouldalsobeonthetabledependingonthefactsandcircumstancesof theissue.Thegovernment responds tothatbecausetheprovider is supposedtobeproactive.”
•Useencryption.Makemobiledevicesmoresecurewithmodificationstoensurethemessagesareencrypted,suchastext-messagingappswithaHIPAAcomplianceangle(PBN6/24/13).E-mailprogramsshouldbeabletoassurethatthemessagecan’tbereaduntilithasbeentransmitted toyourdevice.
•Get thebusinessassociateagreement(BAA).Companies,evensomeemailgiants,willsigntheBAArequiredforyourthird-partyvendorsintheHIPAAmega-rule,saysSearfoss.Microsoft,forexample,willenter
intothatcontractwithhealthcareproviderswhouseitsOffice365software,whichallowsmobilemailaccess.
•Educateusersonsecuritygaps.“Youcouldhave asecure browser,themostsecuresoftwareandthen connectovera coffee-shop Wi-Fithat’snotsecure,”saysSearfoss.Trainusersonhowtousetheirequipmentproperly.—RoyEdroso()
PartBNewsbriefs
•SenateFinanceCommitteeapprovedabilltotackletheappealsbacklogattheadministrativelawjudge(ALJ)level.Nearly900,000MedicareclaimsnowawaitALJhearings.Thelegislation offered byFinanceChairmanOrinHatch,R-Utah,wouldincreasefiscal2016 fundingfortheOfficeof MedicareHearingsandAppeals(OMHA)by$127millionandby$2millionfortheHHSDepartmentalAppealsBoard,thelaststopforadministrativeappeals.
AsvotedoutonJune3,thebillalsowouldauthorizeOMHAto augmentitsALJswithanewcategory ofhear-ingofficer,theMedicare“magistrate.”BeginningJan.1,2017,magistrateswouldberesponsibleforthesmallestclaims,currentlythosebetween$150and$1,460.
Inaddition,thebillwoulddirectHHStoestablish aprocess to allow ALJsandmagistrates to issuedecisions.
•ICD-10update:Newbillseekstwo-year“graceperiod”forproviders.ThebillintroducedJune4byRep.Gary Palmer,R-Ala.,H.R.2652(ProtectingPatientsandPhysiciansAgainstCodingActof2015),hasgained
4Exclusive webcontentandsearchableCMSdocumentsat