Laureen shows you her proprietary “Bubbling and Highlighting Technique”
Download your Free copy of my "Medical Coding From Home Ebook" at the top right corner of this page
Take 5 to read up on recent coding and billing news. There are plenty of coding updates in November, including those made to certain Medicare policies. Payment thresholds for physical, occupational, and speech-language pathology are also posted for the 2022 calendar year, as are Medicare cost sharing amounts. And HCPCS Level II code set updates […]
The post Medical Coding News in November appeared first on AAPC Knowledge Center.
AAPC’s senior VP of products answers more of your questions about coding for office and other outpatient services. Ever since the release of the new 2021 evaluation and management (E/M) guidelines for office and other outpatient services, AAPC has been conducting numerous trainings through webinars, virtual workshops, conference sessions, online courses, and multiple articles in […]
The post 2021 E/M Guidelines FAQ – November appeared first on AAPC Knowledge Center.
HIPAA enforcement
Small breaches could become a big problem
In a year of high-profile, multimillion dollar settlements for large HIPAA breaches, OCR raised the stakes in a big way?by taking a harder line on small breaches. OCR announced plans to crack down on smaller breaches?those affecting fewer than 500 individuals?in August. Although all breaches must be reported to OCR, generally only breaches affecting 500 or more individuals are regularly investigated, while small breaches are investigated only as resources permit. OCR instructed its regional offices to increase investigations of small breaches to discover the root causes. Identifying common root causes will help the agency better measure HIPAA compliance throughout the industry and address industrywide compliance gaps, OCR said. Regional offices may obtain corrective action if an investigation of a smaller breach reveals noncompliance.
Regional offices were instructed to take several factors into consideration when investigating smaller breaches and determining potential corrective action. These are:
A closer look
OCR has come under fire for its handling of small breaches. In late 2015, a joint Pro Publica/NPR investigation analyzed federal data on HIPAA complaints and requested documents from OCR, including letters sent to entities that were the subject of HIPAA complaints (www.propublica.org/article/few-consequences-for-health-privacy-law-repeat-offenders). The investigation identified the top serial HIPAA violators, including the Department of Veterans Affairs and CVS. OCR generally responded to these complaints by sending letters reminding the entity of its obligation to protect patient privacy and follow HIPAA, and warned that if OCR received another complaint it may take more serious action. However, OCR rarely took any further or more serious action.
One reason could be that many of these breaches affect fewer than 500 individuals. Both large and small breaches must be reported through OCR’s web portal (www.hhs.gov/hipaa/for-professionals/breach-notification/breach-reporting/index.html) but there are different deadlines for reporting each and, previously, they were not equally prioritized by OCR.
But that asymmetric enforcement policy left many frustrated and means that OCR may be missing data vital to creating an overall picture of HIPAA compliance and effectiveness. An NPR report released in conjunction with Pro Publica’s investigation revealed the lasting and personal harm done by small breaches (www.npr.org/sections/health-shots/2015/12/10/459091273/small-violations-of-medical-privacy-can-hurt-patients-and-corrode-trust).
Massive breaches caused by hackers will put patients at risk for medical and financial identity theft, but, considering the amount of personal data stored by entities across all industries and the sheer number of data breaches, it’s difficult to tie a specific breach to identity theft (see the July and August issues of BOH for more information on breaches and medical identity theft). Small breaches, however, often expose PHI to people in the community the patient lives and works in, leaving the patient at risk for far more personal harm.
But OCR hasn’t ignored all small breaches. In July, the agency reached a $ 650,000 HIPAA settlement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a business associate (BA), for a 2014 breach affecting 412 individuals after an unencrypted mobile device was stolen (www.medicarecompliancewatch.com/news-analysis/business-associate-agrees-650000-hipaa-fine).
The agency’s strong action may have been spurred by CHCS’ long-standing organizationwide HIPAA noncompliance. CHCS hadn’t conducted a risk analysis since September 23, 2013, the compliance date of the Security Rule for BAs, and therefore had no risk management plan. CHCS also lacked any policies regarding the removal of mobile devices from its facility. OCR suggested that, due to CHCS’ widespread neglect of basic security measures, the fine could have been even higher and only a consideration of the role CHCS plays in delivering care to at-risk populations, including the elderly, disabled individuals, and individuals living with HIV/AIDS, tempered its decision.
Getting perspective
Implementing OCR’s directive may be a tall order for resource-strapped regional offices and it’s difficult to predict what the outcome will be, Kate Borten, CISSP, CISM, HCISSP, founder of The Marblehead Group in Marblehead, Massachusetts, says.
"I’m not sure it’s actually going to make a huge difference, but I think, from the beginning, those of us who were watching HIPAA enforcement were concerned that, while HHS had good intentions, they just didn’t have the resources," she says.
That’s not surprising: HHS is a huge department with many major priorities, including CMS. But, given that HHS and OCR work with limited resources, the new focus on small breaches could be a significant sign of things to come, Borten says. The agency likely recognizes that small breaches are a huge unknown: There’s no "Wall of Shame" for small breaches and little in the way of accountable reporting.
"I just have the sense that there’s an enormous volume of under 500 breaches that get reported that we don’t hear much about," she says. "So I think it’s very important that they take this step."
Some organizations may have been inclined to brush off small breaches: 499 patients is still shy of the 500 mark, she points out, and an organization could easily add it to the end of the year small breach report and forget about it. Those organizations are the ones that will be in for the biggest wake-up call. "Hopefully they’ll hear this and they’ll think again," she says.
Large breaches often grab the headlines, and with good reason. But massive incidents like the Anthem breach may not provide the most useful data for either OCR or other covered entities (CE) and BAs. Massive breaches are statistically unlikely, according to a June 2015 report by researchers at the University of New Mexico and the Lawrence Berkeley National Laboratory (www.econinfosec.org/archive/weis2015/papers/WEIS_2015_edwards.pdf).
"Certainly, you could get hit by one of those big ones," Borten says. "But it’s much more likely, far more likely, you’re going to suffer smaller breaches."
Big breaches come with the risk of big settlements. OCR makes a point of publicizing HIPAA breach settlements and putting the dollar signs front and center. This year alone the agency has levied millions of dollars in HIPAA settlements fines for large breaches. But even as HIPAA breach settlement fines are getting bigger, the numbers don’t stack up against the amount of breaches that are reported each year. Many more organizations get away with little more than a strongly worded letter from OCR. A multimillion dollar fine may be significant for most organizations, but the odds are currently in their favor, Rick Kam, CIPP/US, president and co-founder of ID Experts, says.
"The likelihood that an organization will get fined is so low," he says. "They only catch the big ones, but there are millions of others that are losing data everywhere because nobody’s looking at them."
Too often, organizations assume that if the volume of patients affected by a breach is low, the impact is also low, Borten says, and that’s simply not true. Even a breach involving a single individual’s record can have serious consequences.
As physician practices and local hospitals are absorbed into large corporate health systems, executive perspective on small breaches can become even more skewed, Borten cautions. Executive officers overseeing multiple hospitals, clinics, and physician practices may be more interested in overall numbers and the big picture. A clinical summary handed to the wrong patient at a physician office across the state may simply not register and the impact on the patient will be invisible.
But it’s the duty of privacy and security officers to avoid making that same mistake, she says. "They should be wiser than to fall into that thinking. It falls to them to take a case to the senior leadership or the board of directors and make them recognize that it isn’t just the big breaches," she says. "We worry about the little ones, too."
Privacy and security officers should help provide C-suite the perspective to recognize small breaches and give them the proper weight. A small breach can be just as serious as a large one, Borten says. If an employee posts a patient’s PHI on a social media site, for example, the organization could find itself fighting a lawsuit; even if the case is dismissed, direct legal expenses and time and resources spent preparing documents add up fast. And, as the NPR report showed, it’s not only the patient’s reputation in the community that may suffer; an organization can easily earn a reputation as careless and unconcerned with its patients’ well-being after a small breach.
Small breaches, little data
Because small breaches aren’t investigated to the same standards as large breaches, it’s difficult to measure just how HIPAA-compliant most organizations are and what the real HIPAA pain points are. Another problem is the underreporting of small breaches, Borten says. In 2013 when the HIPAA omnibus rule was released, HHS strengthened the language describing what constitutes a reportable breach. However, HHS also commented at the time that it was concerned there was a significant amount of underreporting. Borten says her experience working with CEs and BAs proves HHS was right to be concerned.
"I think there’s a tendency for underreporting to be more common when there are just one or two patients involved," she says.
In the early days of HIPAA breach notification, some may have been under the impression that CEs and BAs were not required to report breaches affecting fewer than 500 individuals at all, she adds. But that’s never been the case. Although large and small breaches are reported to OCR according to different systems and time frames, organizations are required to treat any breach the same regarding notification to patients.
Adding up
Small breaches are likely more typical than large ones, Kam says. Since 2009, roughly 230,000 breaches have been reported to OCR. But only approximately 1,000 have been breaches affecting over 500 individuals and subject to the more stringent investigation procedure. Investigating all HIPAA breaches would be a daunting task for any agency, but by almost exclusively looking at large breaches, OCR left the door open for repeat HIPAA offenders. Small breaches are reported to the agency at the end of the year, but each breach is counted separately, meaning an organization could experience multiple small breaches that add up to well over 500 individuals affected?yet still not be investigated because no single breach hit the 500 mark.
"It turns out that for breaches in healthcare, most of the time, the record count is under 500 records," Kam says. "So you have these organizations that are breaching multiple times and not really correcting the situation because it doesn’t get highlighted or investigated."
OCR’s instructions to its regional offices appear aimed to close that loophole. Along with phase two of the HIPAA audit program, this could be a sign that OCR is getting serious about collecting facts on HIPAA compliance in the real world and improving education and enforcement. The agency might be realizing that it’s time to change if it expects organizations to take HIPAA compliance seriously.
"If you’re seeing the same problem over and over, you’ve got to do something to change," Kam says. "So far, nobody’s listening."
Data breaches
The cost of a data breach
Complicated Medicare, Medicaid, and private insurer reimbursement rules can easily throw a hospital for a loop and leave it running dangerously low on revenue. An organization’s leaders know they must work better and smarter and make strategic investments that will pay off in savings, while privacy and security officers may sometimes struggle to make the connection between their concerns and those of leadership.
But sound information security programs act as a kind of insurance: money spent up front to protect against an even greater financial loss down the road. Getting that message across can be challenging, but may transform the way an organization approaches information security.
Getting the numbers
Prevention is better than a cure, but privacy and security officers will be expected to back up conventional wisdom with hard numbers. So just how much does a data breach cost on average? The answer depends on the industry, according to the Ponemon Institute’s 2016 Cost of Data Breach Study: Global Analysis (www-03.ibm.com/security/data-breach). The study, sponsored by IBM Security, tracks and analyzes data breach costs and mitigation factors in industries around the world. The average per record cost of a data breach is $ 158 in the U.S., but in the healthcare industry that cost is more than double that at $ 355 per record. That can add up quickly if an organization experiences multiple breaches a year.
Several factors play into the higher costs seen in the healthcare industry, Diana Kelley, executive security advisor at IBM Security, says. Highly regulated industries such as healthcare typically see higher costs for breaches in a combination of fines and administrative costs.
"Whenever there’s a fine coming into play, that could lift up the total cost of recovery post-breach because in addition to all of the work you have to do to eradicate the threat, help your customers, and deal with the cleanup and recovery, you have to pay these fines," she says.
A surprising factor driving breach costs is the cost of breach notification. At more than half a million dollars, the U.S. has higher breach notification costs than any of the other countries in the 2016 Ponemon survey. The U.S. has strong data breach notification laws, Kelley says, and there are both federal and state breach notification laws that organizations must comply with.
What drives that cost? Simply the price of first class postage can quickly add up when breach notification letters must be mailed to hundreds or even thousands of affected patients, Kate Borten, CISSP, CISM, HCISSP, founder of The Marblehead Group in Marblehead, Massachusetts, says. In fact, the rising cost of postage is one way state and federal governments hope to encourage organizations to spend money on prevention rather than remediation.
"The threat of such costs is intended to be a deterrent to lax security and to spur healthcare organizations to do their best to avoid breaches," Borten says. "Some breaches are not avoidable, but many or most are with better, yet still reasonable, security."
Some organizations may only look at fines when calculating how much a breach could cost, but by overlooking the seemingly smaller costs of a breach they may be missing the bigger picture. Breach notification is only one of the smaller individual and indirect costs of a breach that can add up to significant losses. Legal fees, security forensics, and any necessary security replacements or upgrades are only some of the indirect costs. Indirect costs may not be immediately apparent but they hit an organization’s bottom line all the same, Borten says.
"The indirect costs of a breach are probably not well understood by many healthcare organizations, especially smaller organizations that don’t have a good grasp of the Breach Notification Rule and a comprehensive incident response program," she says.
The value of a medical record
Information security may not be a traditionally strong point for some healthcare organizations. Previously, financial and retail organizations were hot targets for hackers after identity and financial information, but healthcare is quickly overtaking those industries. In comparison to the financial industry, healthcare isn’t known for strong security, Borten says.
"One reason is that organizations have been slow to recognize the value of their data. After all, it’s not like money in a bank account or credit card details that can be used for financial identity theft," she says. "Ironically, healthcare data now has a much higher street value than credit card information."
Healthcare organizations are in a unique position because of the amount of data they hold. A retail organization like Target, which experienced a massive data breach in 2013, likely only stores payment card information and mailing addresses, but most healthcare organizations also store insurance information along with sensitive details of an individual’s health. A 2015 survey by the Ponemon Institute and the Medical Identity Fraud Alliance (MIFA), the Fifth Annual Study on Medical Identity Theft, found that more than two million adults were the victim of medical identity theft and fraud in 2014 and according to Ann Patterson, senior vice president and program director of MIFA, that number will only go up.
That prediction may be supported by some of the biggest breaches this year. In July, a hacker offered millions of patient records for sale and posted samples of the records, showing names, contact information, and Social Security numbers, so interested buyers could verify the records. Other incidents this year have seen hackers offering similar teasers. Some of that data is bound to fall into the wrong hands and be used for financial and medical identity theft. Medical identity theft can cost an individual more than $ 13,000 on average, according to the 2015 MIFA/Ponemon survey, but healthcare organizations inevitably wind up absorbing some of the cost in bad debt. (For more on medical identity theft, see the July and August issues of BOH.)
Timing and teamwork saves money
The 2016 Ponemon study drew a link between the cost of a data breach and the time and manner in which an organization responds to the breach. The longer it takes an organization to detect a breach, the more it costs?approximately $ 1 million more per incident, the survey shows. The average overall cost of a breach that took a mean time to identify of less than 100 days was $ 3.2 million, while those that took more than 100 days to be identified cost an average of $ 4.38 million. The time it takes an organization to contain a breach also impacts the overall cost, according to the study.
Having a security incident response team in place lowered the costs. An organized, planned team can act quickly to identify, contain, and remediate breaches, key factors in keeping breach costs down, Kelley says. And that can give a clear picture of the actual return on investment for security in terms that the C-suite will easily understand. "If you’re trying to argue for incident response and building out the incident response plan or growing that team, here’s some real dollar value that you could tie to what the return on investment could be," she says.
Participation in threat sharing also showed a clear win for organizations. Threat sharing can give organizations a heads up on the latest and most common threats and help them make smart security investments and strategic threat reduction measures.
"This is becoming very important in healthcare as it is in all industries," Kelley says. "The attackers are very organized and collaborative: they’re sharing data, they’re sharing their tips and tricks with each other so they can get data more effectively."
If information sharing is winning for the bad guys, it can do the same for the good guys, she adds. Cyber threats shift quickly, making real-time or near-real-time information crucial. Organizations can share information on threats, like suspicious websites and server addresses that launch phishing attacks, and tips on shutting them down. But some may hesitate to engage in information sharing out of concern that it may expose sensitive business and security information.
An IBM study released in February looked at the C-suite’s attitudes and actions on cybersecurity (www-03.ibm.com/press/us/en/pressrelease/49100.wss). More than half (53%) of respondents agreed that information sharing between organizations is important for cybersecurity, yet 68% said they were unwilling to do so. It’s not surprising that chief executive officers would be uncomfortable sharing information with rival organizations but it can be done without disclosing sensitive data, Kelley says.
"Nobody wants to give away the keys to the kingdom, and if you’ve been breached you don’t want to show everybody where you went wrong and how you went wrong," she says. "That’s not the kind of information sharing that we need to do to succeed. What we really need to share is what the bad guys are doing."
An organization doesn’t need to discuss its intellectual property, specific security controls, or other corporate secrets. The information an organization should share could be the general content of a phishing email, the IP address it was sent from, and the type of malware attached. This allows cybersecurity researchers and experts to create protections and update anti-malware and anti-virus software.
And as stakeholders and the Office of the National Coordinator of Health IT continue to push for interoperability, doing your part to ensure other organizations steer clear of hackers and malware could become even more important. "I think the more we tie systems together and we share with our partners, there are a couple things we can do. One of those is sharing information about threats," Kelley says.
Customer cost
No one likes to hear that their personal data has been breached, but how that dissatisfaction plays into the cost of a breach isn’t clear. According to the 2016 Ponemon study, the healthcare industry is the second most vulnerable to what it calls "churn"?a sharp drop in customers following a data breach. This may surprise those who assume healthcare is relatively immune to consumer pressure, but it’s supported by other trends that see healthcare becoming consumer-driven. It might also offer a clue as to how strongly some patients feel about breaches of PHI. It’s relatively simple to change banks, but changing healthcare insurers or providers is a more complicated process that takes more motivation, Kelley says.
"What’s it cost you to go from one bank to another bank if you don’t like their practices or they suffered a major breach?" she says. "Healthcare, it’s a little bit more difficult, but there’s still a level of choice and healthcare is very personal for people."
But privacy and security officers might want to rely on something other than consumer pressure to make the case for better security, Borten says. Often, patients simply have no better alternative and can’t switch providers or insurers if they’re unhappy over a data breach. And those who do switch may find themselves back in the same system after a few years.
"The reality is more complicated," she says. "As seen in some of the big retail breaches, after some initial falloff, customers come back in full force. In healthcare, some patients may not have other options: they may be locked in to a given provider by their health plan, or they may stay with an organization after a breach because they have long-established relationships they do not want to give up."
Cost conscious
Another recent study on the cost of data breaches by RAND raises questions about how the cost of a breach measures up against other financial risks organizations face. The RAND study, published in the Journal of Cybersecurity (http://cybersecurity.oxfordjournals.org/content/early/2016/08/08/cybsec.tyw001), found that the average cost of a data breach is roughly equal to an organization’s average IT budget, which is itself only 0.04% of an organization’s estimated revenue. The study authors suggest that public concerns about data breaches don’t match up with the relatively modest financial impact on organizations. Organizations, like individuals, are often motivated by self-interest and will not spend on risks that don’t have a significant impact on them; expecting them to act otherwise is not realistic, the study argues.
While that may in fact be the attitude of some executives when faced with competing demands and costs, the study leaves some significant questions unanswered. Bad debt is identified by the RAND study as the top financial risk for healthcare organizations, but data breaches can add to that cost. Victims of medical identity theft may be hit with thousands of dollars in medical expenses someone else racked up under their name. These fraudulent bills often wind up adding to an organization’s bad debt. Bad debt may often be a problem an organization can’t control, but by reducing data breaches, an organization can cut its risk of bad debt caused by medical identity theft.
We’ll have our next Q&A session on November 15th, and we invite you all to join us. Come prepared to share your end of year plans. We’ll be talking via GoToWebinar on Friday, November 15th at noon ET. No CEUs are awarded but there is informative information!
The post Local Chapter Q&A Session for November appeared first on AAPC Knowledge Center.
Click to see all our stories for November 2018
Navigating the 2017 pressure ulcer coding changes in newly released guidelines
By Adrienne Commeree, CPC, CPMA, CCS, CEMC, CPIP
As if coders and clinical documentation improvement specialists aren’t under enough pressure as it is, the advent of the 2017 Official Guidelines for Coding and Reporting brings to the table new documentation requirements for pressure ulcer coding. The guidelines can be viewed here: www.cdc.gov/nchs/data/icd/10cmguidelines_2017_final.pdf.
Considering that these conditions impact length of stay, require additional monitoring and nursing care, and ultimately affect reimbursement for facilities, it’s no wonder coding for these conditions is under increased scrutiny. However, with a solid understanding of these types of ulcers, taking the time to read and understand the coding requirements can alleviate the "pressure" of ulcer codes.
New terminology
In April, the National Pressure Ulcer Advisory Panel (NPUAP) revised the pressure injury staging system, which can be found here: www.npuap.org/national-pressure-ulcer-advisory-panel-npuap-announces-a-change-in-terminology-from-pressure-ulcer-to-pressure-injury-and-updates-the-stages-of-pressure-injury. Since then, the NPUAP has received positive feedback regarding the system, and in August, The Joint Commission adopted the new terminology.
The definitions for each type of pressure injury are now:
The new staging system identifies the stages of pressure ulcers as 1 through 4 as well as an unstageable ulcer. These are similar to the codes from the L89 category in ICD-10-CM, however, the system introduces new terms in an attempt to more accurately describe the stages and descriptions of such injuries.
The NPUAP no longer uses the term "pressure ulcer," and has replaced it with "pressure injury," since stage 1 and deep tissue injuries describe intact skin, not open ulcers. The system also introduced the new term DTPI with this update.
Incorporating these changes in ICD-10
CMS has been in discussion with the NPUAP to in-corporate the new terminology, however, these terms are not used in the 2017 ICD-10-CM/PCS code update. The incorporation of the pressure ulcer terminology will be directed by both CMS and The Joint Commission, and NPUAP is currently working to introduce the changes to the code definitions.
According to the NPUAP:
Some documentation requirements for pressure ulcer coding, such as using non-physician documentation for identifying pressure ulcer stages, hasn’t changed from 2016 to 2017. What has changed for 2017 is the requirements for coding the progression of stages.
For ulcers that were present on admission (POA) but healed at the time of discharge, assign the code for the site and stage of the pressure ulcer at the time of admission. Furthermore, if a patient is admitted with a pressure ulcer at one stage and it progresses to a higher stage, two separate codes should be assigned: one code for the site and stage of the ulcer on admission and a second code for the same ulcer site and the highest stage reported during the stay.
These new coding requirements differ greatly from 2016 guidance which required only the highest stage of the pressure ulcer to be reported for pressure ulcers that evolve into a higher stage during the admission.
These new requirements could have an impact on hospital-acquired condition (HAC) reporting, considering stage 3 and stage 4 pressure ulcers with POA indicators of either a N- No or U-Documentation is insufficient are considered to be HACs, and also are classified as major complications or comorbidities.
American Hospital Association Coding Clinic guidance from First Quarter 2009 stated that the National Quality Forum excludes progression of pressure ulcers that were present on admission as a serious reportable event (SRE), also called a "never event." The intent was not to penalize facilities for progression of a pressure ulcer that was POA, as these are difficult conditions and even with the best preventive measures in effect, ulcers may evolve to a higher degree. The revised guidance for 2017, which is necessitating that two codes be used to identify the different stages of a site, feels as if it’s changing the standpoint of whether the pressure ulcer evolution is now an SRE.
The latest Coding Clinic, Third Quarter 2016, has updated guidance for pressure injury terminology. They acknowledge the changes in definition by the NPUAP from pressure ulcer to injury and advise:
For a DTPI, there is an entry in the Alphabetic Index under "injury, deep tissue," with further guidance which states: "meaning pressure ulcer ? see ulcer, pressure, unstageable, by site." Therefore, per Coding Clinic, code a DTPI as an unstageable pressure ulcer by site.
What is in the future for coders?
Can coders expect to see changes in pressure ulcer terminology soon? The most recent Coding Clinic did not give a time frame for updates, thus the potential impact on hospital reimbursement is something we can only speculate on at this point. If a pressure ulcer evolves from a stage 1, 2, 3, or 4 during an inpatient admission, these ulcers could be identified as an HAC and therefore impact the diagnosis-related group.
Editor’s Note:
Commeree is a coding regulatory specialist at HCPro, a division of BLR, in Middleton, Massachusetts. She has many years of experience in the healthcare industry involving coding, auditing, training, and compliance expertise. This article originally appeared on JustCoding, and opinions expressed are that of the author and do not represent HCPro or ACDIS. For questions, contact editor Amanda Tyler at [email protected].
A new sepsis definition: Finding coding compliance at a crossroads
This article is part two of a two-part series on the definition changes for sepsis. Reread part one in the October issue of BCCS.
In my October Clinically Speaking column, we discussed the evolution of the definition of sepsis and its implications in clinical care (Sepsis-1, Sepsis-2, and Sepsis-3), quality measurement (CMS’ SEP-1 core measure), and ICD-10-CM coding compliance.
We emphasized that the February 2016 definition of sepsis (Sepsis-3) as a "life-threatening organ dysfunction caused by a dysregulated host response to infection," differed from the terminology of sepsis and severe sepsis that has been embraced by many clinicians, CMS, and ICD-10-CM. We also discussed how provider documentation using the Sepsis-3 terminology eliminates the term "severe sepsis," and discussed that the definition change impacted ICD-10-CM code assignment and compliance.
Definitions and clinical indicators in Sepsis-2 are available at http://tinyurl.com/SepsisTwo, and definitions for Sepsis-3 are available at www.jamasepsis.com. CMS’ definition of sepsis and severe sepsis for the SEP-1 core measure is available at http://tinyurl.com/2017SEP1.
Coding Clinic update
Effective September 23, the American Hospital Association (AHA) Coding Clinic for ICD-10-CM/PCS published advice concerning the documentation and coding of sepsis in light of Sepsis-3. In Coding Clinic, Third Quarter 2016, p. 8, they stated "coders should never assign a code for sepsis based on clinical definition or criteria or clinical signs alone. Code assignment should be based strictly on physician documentation (regardless of the clinical criteria the physician used to arrive at that diagnosis)."
Coding Clinic went on to write (emphasis mine):
In my opinion, this means that Coding Clinic is saying ICD-10-CM still embraces the coding of infections without sepsis, with sepsis but without organ dysfunction, and with sepsis resulting in organ dysfunctions (otherwise known as severe sepsis), if the diagnosis is incorporated by the documenting physician. The AHA further stated that if a physician arrives at a diagnosis of sepsis or severe sepsis using whatever criteria he or she wishes, and then documents these terms in the medical record, the coder is to code it, period, end of story.
Alternatively, while Sepsis-3 states that the word "sepsis" requires the presence of acute organ dysfunction, Coding Clinic states that ICD-10-CM does not recognize this clinical concept. Unless the provider documents "severe sepsis" or associates an acute organ dysfunction to sepsis, a code reflecting this concept, R65.20 (severe sepsis), cannot be assigned. Furthermore, if a provider wishes to diagnose and document the term "sepsis" (without organ dysfunction) using Sepsis-2 or other reasonable criteria, the coder is obligated to code it as such in ICD-10-CM.
Coding Clinic, Fourth Quarter 2016
As we discussed last month, the fiscal year 2017 ICD-10-CM Official Guidelines were amended to state (emphasis mine):
In explaining this new guideline, Coding Clinic, Fourth Quarter 2016, pp. 147?149 stated (emphasis mine):
Coding Clinic went on to highlight that this concept applies only to coding, not the clinical validation that occurs prior to coding. Coding Clinic emphasized that clinical validation is a separate function from the coding process and the clinical skill embraced by CMS and cited in the AHIMA practice brief Clinical Validation: The Next Level of CDI. Access these at http://tinyurl.com/2016AHIMAclinicalvalidation and www.hcpro.com/content/327466.pdf.
Coding Clinic then went on to say that (emphasis mine) "a facility or a payer may require that a physician use a particular clinical definition or set of criteria when establishing a diagnosis, but that is a clinical issue outside the coding system."
While I agree that facilities should standardize clinical definitions for clinical and coding validation purposes, note how Coding Clinic gave tremendous power to a payer to define any clinical term any way they want to. This may differ from that of a duly-licensed physician charged with direct face-to-face patient care responsibilities using the definitions of clinical terms he or she learned in medical school or read in the literature.
As such, while our facilities may implement clinical validation prior to ICD-10-CM code assignment, a payer that is not licensed to practice medicine and has no responsibilities for direct patient care can require a provider or facility to use a completely different clinical definition that serves only one purpose in my mind, and that is to reduce or eliminate payment for care that was properly rendered, diagnosed, documented, and coded. I’m sure that legal battles will ensue, given this caveat written by Coding Clinic.
Solving the problem
In developing a sepsis strategy in light of these Coding Clinics, allow me to remind all of you that there are three environments by which we must consider disease terminology and supporting criteria. One cannot talk about sepsis, severe sepsis, or septic shock unless he or she states what environment they are in. These are:
Therefore, allow me to suggest the following strategy to ensure a balance of compliance with all three of these environments:
1.Standardize the definition and documentation of severe sepsis first. I believe that the Recovery Auditors (RA) are looking for records with sepsis codes that do not have R65.20 or R65.21 (septic shock) as a secondary diagnosis as to deny these codes and their resultant DRGs. In so doing, I believe that the definition of severe sepsis should be negotiated with and standardized by the medical staff, which could incorporate any or all of the following three criteria:
No matter what criteria is used, be sure to coordinate its development and deployment with your quality, clinical documentation integrity, and coding staff so that if a physician documents severe sepsis or septic shock, the SEP-1 algorithm can be implemented.
Also, be sure that physicians explicitly link organ dysfunctions to sepsis, or preferably, use the term "severe sepsis" so that R65.20 is not inadvertently missed by the coders. If a clinical documentation specialist or coder obtains a record supporting R65.20, be sure to notify the SEP-1 manager to determine if it qualifies for the SEP-1 core measure.
2.Develop a facilitywide definition for sepsis without organ dysfunction. As noted last month, many physicians do not believe that organ dysfunction is required to diagnose sepsis. Given that RAs are likely to use Sepsis-3 as a foundation for denying claims, we must have the statements of your internal medicine, critical care, and other physician committees as to what the definition of sepsis is for clinical and coding validation purposes. When it is documented by a provider without evidence of acute organ dysfunction, this statement can be used to rebut the RA’s denials. These will be handy if we are appealing beyond the first level.
3.Remind the RA that the ICD-10-CM guidelines are part of HIPAA and that coding is based on provider documentation. I’m sure that all of our contracts with private payers state that we will comply with federal laws, such as HIPAA. Given that the 2017 ICD-10-CM Official Guidelines state that we are to assign codes based on provider documentation, and not so much on what the RA thinks, and that Coding Clinic, First Quarter 2014, pp. 16?17, states that "the official guidelines are part of the HIPAA code set standards," we don’t want the RAs to violate HIPAA or our contracts with payers. This may require that our hospital attorneys or compliance officers weigh in, given that RAs have been known to deny codes based on provider documentation and want us to do the same.
Summary
Please recognize that this topic is very controversial and that the opinions expressed here are solely my own. I encourage all of us to discuss Sepsis-2, Sepsis-3, SEP-1, the 2017 Official ICD-10-CM Guidelines, and these Coding Clinics with our compliance officers and/or attorneys so that we can best support policies and procedures ensuring complete, precise, and compliant coding of sepsis in light of Sepsis-3. If you have success stories, please share them with me and the editor here at BCCS.
Editor’s note:
This article was part two of a two-part series. You can read part one in BCCS’ October issue. Dr. Kennedy is a general internist and certified coder, specializing in clinical effectiveness, medical informatics, and clinical documentation and coding improvement strategies. Contact him at 615-479-7021 or at [email protected]. Advice given is general. Readers should consult professional counsel for specific legal, ethical, clinical, or coding questions. For any other questions, contact editor Amanda Tyler at [email protected]. Opinions expressed are that of the author and do not necessarily represent HCPro, ACDIS, or any of its subsidiaries.
Has your CDI program shifted its focus for optimal PSI 15 performance?
by Shannon Newell, RHIA, CCS, and AHIMA-approved ICD-10-CM/PCS trainer
The recent adoption of a refined version of the Patient Safety Indicator (PSI) 90 composite by the Agency forHealthcare Research and Quality (AHRQ) has a significant impact on what discharges are included in PSI 15 (Unrecognized Abdominopelvic Accidental Puncture Laceration Rate).
Your clinical documentation improvement (CDI) program has likely focused on this measure due to the well-established challenges associated with accurate reporting of procedure-related accidental puncture/lacerations. Given the changes to PSI 15, should your CDI team shift its focus to promote and support accurate data integrity for this measure? Let’s take a look.
A fundamental understanding of patient safety indicator measures
Optimal data integrity for PSIs requires that we have the appropriate clinical documentation and reported ICD-10 codes to accurately reflect the following:
The inputs above?numerator, denominator, risk adjustment?are used to calculate our observed over expected performance. CMS compares our performance to that reported by other hospitals, and our reimbursement may be then impacted if we do not appear to manage patients well.
For example, in the Hospital Acquired Condition Reduction program, if our performance for PSI 90 does not meet established thresholds, then our Medicare fee-for-service reimbursement is reduced by 1% the next CMS fiscal year (October 1?September 30) for every claim we submit.
The new PSI 15?what counts?
The revised measure specifications for PSI 15 have altered the numerator (outcome of interest). The denominator, or cohort?which represents the population at risk?has also undergone a noteworthy change).
The revised numerator and denominator greatly narrow the pool of discharges screened for accidental punctures or lacerations as well as those flagged with outcomes of interest.
From a CDI perspective, the likelihood of incorrectly reporting accidental puncture or laceration for the discharges included in the newly defined measure is greatly diminished.
PSI 15: Are you focused on risk adjustment?
Given that our performance for PSI 15 is assessed using our observed over expected rate of procedure related accidental puncture or lacerations, the CDI team’s focus may be better spent on strengthening the capture of comorbidities relevant to risk adjustment.
The AHRQ risk adjustment methodology looks for multiple comorbidities to calculate the predicted likelihood of accidental punctures/lacerations for each discharge.
The revision to the discharges included in the narrowed cohort has also impacted which comorbidities affect risk adjustment. This makes sense given that these comorbidities must be clinically relevant to the numerator and denominator. The number of comorbid categories has been reduced from 13 to 11. Some of the categories remain the same, some have been deleted, and new ones have been added.
Summary
Keeping abreast of revisions to claims-based measures is an expanded responsibility for today’s CDI program. These measures impact both reimbursement and quality profiles. Positioned with this information, the CDI program can then shift efforts to promote and support clinical documentation capture and accurate reporting of codes associated with areas of the greatest vulnerability and impact.
Editor’s note:
Newell is the director of CDI quality initiatives for Enjoin. She has extensive operational and consulting expertise in coding and clinical documentation improvement, performance improvement, case management, and health information management. You can reach Newell at (704) 931-8537 or [email protected]. Opinions expressed are that of the author and do not represent HCPro or ACDIS.
New clinical criteria definitions in 2017 Official Guidelines up the ante for coders
by Laura Legg, RHIT, CCS, CDIP, and AHIMA-approved ICD-10-CM/PCS trainer
The new guideline for code assignment and clinical criteria in the 2017 ICD-10-CM Official Guidelines for Coding and Reporting does not mean clinical documentation improvement is going away; instead it just upped the ante for continued improvement.
Up the ante means to increase the costs, risks, or considerations involved in taking an action or reaching a conclusion. With the new coding guideline for clinical validation that went into effect October 1, the stakes remain high for the diagnoses documented by the physician to be clearly and consistently demonstrated in the clinical documentation.
It is not that the information was not there before, but now the issue is finally getting attention. When clinical documentation is absent, coders are instructed to query the provider for clarification that the condition was present. But what are we to do if the clinical indicators are not clearly documented? For HIM professionals who deal with payer denials, this has been a haunting issue for a very long time.
The ICD-10-CM Official Guidelines for Coding and Reporting are the foundation from which coders assign codes. Coders need to review the new guidelines in detail to understand the changes and implications for their facilities.
The Centers for Disease Control and Prevention published these new guidelines which can be read in their entirety here: www.cdc.gov/nchs/data/icd/10cmguidelines_2017_final.pdf.
Taking a closer look
The coding guideline for section A.19 (code assignment and clinical criteria) has been labeled as controversial and, at this point, we have more questions than answers. Denials issued by payers due to the absence, or perceived absence, of clinical indicators by which the payer lowers the DRG is now being called DRG downgrading and it’s getting attention.
The code assignment and clinical criteria states:
Physicians and other providers document a patient’s condition based on past experience and what the clinician learned in medical school, which often differs from clinician to clinician. When you put a patient in front of a group of clinicians you will most likely get differing documentation. So how do we fix that?
The diagnosis of sepsis is a good example. There does not appear to be a universally accepted and consistently applied definition for the condition of sepsis.
In a patient record with the principal diagnosis code of sepsis, followed by the code for the localized infection, pneumonia, a payer denial could occur.
Payer denials often deny the sepsis diagnosis code stating that "the diagnosis of sepsis was not supported by the clinical evidence. Therefore, as a result of this review, the diagnosis code A41.9 [sepsis, unspecified organism] has been removed and the principal diagnosis re-sequenced to code J18.9 [pneumonia, unspecified organism] for pneumonia and to the lower paying DRG 193." This is now being referred to as a DRG downgrade. DRG downgrades can occur for different reasons including both DRG coding changes and clinical validation downgrades.
What is a coder to do?
What is a coder to do when a physician documents a diagnosis that may not be supported by the clinical circumstances reflected in the patient’s chart? Facilities and coding teams should develop guidance and be sure they fully understand the content and the impact of this coding guideline to coding practices.
Remember the section that reads: "the assignment of a diagnosis code is based on the provider’s diagnostic statement that the condition exists. The provider’s statement that the patient has a particular condition is sufficient."
This represents a catch-22. If the diagnosis is not clinically validated, both recovery auditors (RA), as well as commercial insurance auditors, are going to deny the claim. On the other hand, if coders or the facility decide not to report the diagnosis, they are in violation of the coding guidelines, which is also a major problem.
AHIMA’s 2016 Clinical Documentation Toolkit offers this advice:
The toolkit is available here: http://bok.ahima.org/PdfView?oid=301829.
Increasing clinical documentation
As the healthcare industry experiences an increased number of external audits, both federal and private, the need to up the ante on clinical documentation has become essential. The answer is not to let this guidance prompt lazy documentation, which has far reaching consequences, but to use it as a catalyst for improvement.
The goal of any clinical documentation improvement (CDI) program is to ensure a complete and accurate patient record, and this cannot be done without the presence of documentation supporting the clinical indicators and clear and consistent documentation regarding the condition. The provider’s documentation of their full thought process will accomplish this. If medical staff can come together and agree upon a definition for a certain condition, they can begin the process of being consistent with how the description is presented in the patient record.
CDI specialists and coders should not use the new guideline as an excuse not to query. Coders are not clinicians and, therefore, should not be expected to evaluate clinical criteria. Coding and CDI were separate functions, but, as audits from outside organizations expand, there is more emphasis on correct coding, DRG assignment, and the use of clinical criteria to support the reported codes, which means these entities need to work together.
The American Hospital Association’s Coding Clinic for ICD-10 instructs coders not to use background clinical information contained in their responses for code assignment. This information is only provided so the coders can make a judgment to query where there is incomplete documentation. Coders and CDI staff should review all chart documentation and data, and query when necessary to clarify inconsistencies in physician documentation.
Query the provi
MOON requirement delayed in IPPS final rule: What next?
Hospitals got a last-minute reprieve from the Medicare Outpatient Observation Notice (MOON) notification requirement, which was set to go into effect August 6. Citing the need for additional time to revise the standardized notification form that hospitals will need to use to notify patients about the financial implications of being assigned to observation services, CMS moved back the start date for the requirement in the 2017 IPPS final rule to ‘no later than 90 days,’ after the final version of the form is approved (www.cms.gov/Medicare/Medicare-Fee-for-Service-Payment/AcuteInpatientPPS/FY2017-IPPS-Final-Rule-Home-Page.html).
CMS released the new draft of the form (www.cms.gov/Regulations-and-Guidance/Legislation/PaperworkReductionActof1995/PRA-Listing-Items/CMS-10611.html?DLPage=1&DLEntries=10&DLFilter=10611&DLSort=1&DLSortDir=descending) August 1 and accepted public comments for 30 days. The MOON notification form is intended to be used to help hospitals comply with the Notice of Observation Treatment and Implication for Care Eligibility (NOTICE) Act. The Act requires hospitals to provide a verbal and written notice of outpatient status to any patient in observation who has been in the hospital for more than 24 hours, stipulating that hospitals must inform patients within 36 hours from the start of the service about their status. However, without a final version of the form ready for use, it would appear that hospitals cannot comply with the NOTICE Act at this time.
‘Hospitals should review the IPPS final rule that contains significant clarification on things like when and how the notice is delivered and finalize their own policies for delivering the notice pending the final version of the MOON being available,’ says Kimberly Anderwood Hoy Baker, JD, CPC, director of Medicare and compliance for HCPro in Middleton, Massachusetts.
CMS stated in the 2017 IPPS final rule:
We expect the final [Paperwork Reduction Act] PRA approval of the MOON around the time the implementing regulations are effective. Therefore, the implementation period for hospitals and CAHs will begin sometime after the effective date of this final rule and will be announced on the CMS Beneficiary Notices Initiative Website at: www.cms.gov/Medicare/Medicare-General-information/Bni/index.html and in an HPMS memorandum to MA plans. During this implementation period, hospitals and CAHs will have time to prepare for implementation, consistent with past implementation practices for beneficiary notices. Hospitals and CAHs will be required to deliver the MOON to applicable patients who begin receiving observation services as outpatients on or after the notice implementation date.
‘Hospitals should watch the Beneficiary Notice Initiative page, where CMS said they would announce implementation information, for more information on the finalization of the MOON and implementation time frames,’ says Baker.
Hospitals will likely not be required to provide the MOON notification form to patients until 90 days after PRA approval, which could mean compliance with the MOON and NOTICE Act is at least 120 days out from the final rule release date given that there is also a 30-day comment period on the revised form, according to Baker.
‘When the final version of the notice form is ready for use, hospitals should use the 90-day implementation period to develop a mechanism for the form to be in their EHR with a trigger to print the notice when the patient is registered as or has a status change to observation. This will allow for the form to be delivered by the designated individual to the patient immediately rather than attempting to do it at discharge,’ says Rose T. Dunn, MBA, RHIA, CPA, FACHE, chief operating officer for First Class Solutions, Inc.
The message should be delivered by hospital staff who are well versed in the purpose of the notice and how patient status may financially impact the patient. Dunn recommends that hospitals choose patient access staff, financial counselors, or utilization review/case management staff to deliver the MOON rather than patient care staff.
The role of HIM in MOON compliance
While many facilities plan to task departments outside of HIM with delivering the verbal and written notice to observation patients, that does not mean there isn’t a seat at the table for HIM when it comes to operationalizing this regulation.
At Via Christi Health in Wichita, Kansas, Sam Antonios, MD, FACP, FHM, CCDS, medical director of medical information and ICD-10 physician advisor, and his colleagues are working to ensure they understand the nuances of the MOON.
Antonios’ facility is currently building a daily report to help track patients who have been in observation 24 hours.
The report will help the facility ensure compliance with the NOTICE Act and MOON, but this may be a challenge for facilities that do not have the capability to create such a document in their electronic systems. But even with the right systems and alerts in place, relying on just one report may present challenges. ‘For example, you may have patients who don’t have the right trigger from the initiation of observation services,’ Antonios says. Remember, the MOON must be delivered 24?36 hours after the initiation of observation services, which is not always the time when the patient entered the hospital, especially for those in the emergency department, he says.
In general, HIM should aid in the creation of reports listing any admission for Medicare beneficiaries in observation. Records for patients who have been in observation for more than 24 hours should be flagged when the report is run, which should ideally be done twice daily and be sent to the team tasked with delivering the MOON, Antonios says.
HIM must play a role in deciding what to do with the MOON when it is completed and how to track verbal notification of observation status, Antonios says. Should HIM scan the MOON forms immediately for inclusion in the patient’s medical record, or should scanning be completed at the end of the patient’s hospital stay? Deciding which option is best may depend on the needs of your facility and staffing patterns.
‘HIM professionals should ensure that the form is properly signed and scanned into the appropriate section of the medical record where it can be consistently found during an audit,’ says Edward Hu, MD, CHCQM-PHYADV, system executive director of physician advisor services at UNC Health Care system in Chapel Hill, North Carolina, and president of the American College of Physician Advisors. In addition, HIM will also play a role in ensuring the CMS-approved MOON is given to observation patients, Hu says.
In an era when hospitals are increasingly using electronic methods of documentation and communication, it may be tempting to create an electronic version of the MOON for patients to read and sign. However, Hu notes that if this practice is implemented the patient must still receive a paper copy of the form. ‘Hospitals must provide a signed paper copy of the MOON to the beneficiary, even if he or she reviews and signs on an electronic pad,’ he says. ‘The hospital must provide the MOON on paper for the beneficiary’s review if the beneficiary asks to review a paper version.’
Tracking and delivering the MOON is one hurdle to overcome, but so too is ensuring that patients understand the information presented to them. Language barriers can present a challenge when delivering the MOON. While it may be relatively easy to obtain a copy of the notice for patients who speak more common languages like Spanish, it is a bit more difficult at Antonios’ facility where patients speak a variety of languages that the form is not available in. In turn, staff may have a difficult time verbally notifying patients of observation status during off hours when a translator is unavailable, he says.
Hu notes that HIM can play a role in ensuring the Spanish-language version of the MOON is made available to patients and staff when it is approved by CMS. ‘Hospitals also have an obligation to provide the information on the MOON in a language and manner that the patient understands. Although this does not mean the MOON must be translated into every language, it does mean that the hospital has an obligation to ensure understanding by beneficiaries with limited English proficiency,’ he says.
The ups and downs of MOON
Complying with the NOTICE Act and operationalizing MOON has presented a significant challenge for healthcare organizations. Some are unsure of how to deliver the form and little is known about the impact it will have on patient relations and hospital staffing.
The verbal and written notice to observation patients should be given between 24 and 36 hours of the patient being placed in this status, which has many wondering whether they should actually wait 24 hours to deliver the notice since it can be challenging to ensure the notice is given before the 36-hour mark, says Antonios. ‘It leaves you with an open window of only 12 hours of actually being able to deliver before missing the deadline,’ Antonios says. Failure to deliver the notice within the given time frame can result in noncompliance.
While Antonios points out that CMS stated in the 2017 IPPS final rule that facilities can deliver the MOON prior to 24 hours of observation care, this may not always be the best option?especially since CMS noted that it discourages this practice. Delivering it before the 24-hour ma=rk as a proactive measure to ensure observation patients in need of the notice are not overlooked?or even delivering it on time?can present challenges since an observation stay can often become an inpatient stay based on a physician’s finding during the early hours of patient care, Antonios says.
Whether you decide to wait 24 hours or deliver the MOON as soon as observation status is initiated, there will be pros and cons.
Not waiting for the 24-hour mark may mean the verbal and written notice were given but not needed and could result in patients who are confused about their status and the financial implications of it. ‘It’s so early in the process that you may have people switched to inpatient before 24 hours and then you would have wasted the little bit of energy and resources to do a task that you didn’t need to do, because if you switch someone before 24 hours you don’t have to give them anything,’ Antonios says.
Delivering the MOON to all patients when they are first assigned to observation makes it easier to capture these Medicare beneficiaries before the 24?36-hour window passes, he says. It lends a fair amount of standardization and automation to the process of complying with the NOTICE Act and MOON, Antonios says.
However, ensuring that staff who are educated on completing the written notice and verbally explaining observation to patients are available at all times is not an easy task. While emergency departments (ED) are often well staffed during nights and weekends, other areas of hospitals may not have the same coverage, which could result in noncompliance if the MOON delivery window is missed. The ED?be it registration or other staff?may be the ideal setting for delivering the MOON if it is done routinely prior to the 24-hour mark. ‘Staffing on the floor goes down significantly after hours. It goes down significantly during the weekend, but the ED typically still has staff,’ Antonios says. ‘People receive paperwork in the ED anyway. It’s part of the process.’
Ready CDI teams for CMS’ proposed expansion of mandatory ortho episode payment models
by Shannon Newell, RHIA, CCS, an AHIMA-approved ICD-10-CM/PCS trainer
If your hospital resides in one of the 67 metropolitan statistical areas (MSA) required to participate in the Comprehensive Joint Replacement Model (CJR), you will also be required to participate in a new orthopedic payment model called ‘SHFFT’ (surgical hip and femur fracture treatment) if an August 2 proposed rule is finalized. The impact? The following assigned MS-DRGs will no longer define hospital reimbursement:
MS-DRGs 469 and 470 are included in the CJR, which we have discussed in prior articles. Let’s take a look at the proposed SHFFT episode payment model (EPM), which involves the other three MS-DRGs, and see what role the CDI program can play as reimbursement shifts to episode-based payments.
Model overview
The episode of care defined for the SHFFT EPM begins with an admission to a participating hospital of a fee-for-service Medicare patient assigned MS-DRGs 480?482. This admission is referred to as the anchor hospitalization. The episode continues 90 days post-discharge from the hospital, and payments for all related Part A and Part B services are included in the episode payment bundle. CMS holds the hospital accountable for defined cost and quality outcomes during the episode and links reimbursement?which may consist of payment penalties and/or financial incentives?to outcome performance.
This is a mandatory EPM for hospitals already impacted by the CJR; the SHFFT model will apply to the same 67 geographic MSAs. The EPM is proposed to begin July 1, 2017, and will last for five years, ending in December 2021.
Cost outcomes
CMS will initially pay the hospital and all providers who bill for services during the episode using the usual fee-for-service models. Thus, the SHFFT EPM will not impact the revenue cycle at first. However, at the end of each performance period, which typically represents 12 months (January through December), CMS will compare or reconcile the actual costs with a preestablished ‘target price.’
CMS will set target prices using an approach that will phase in a blended rate of hospital to regional costs. In recognition of the higher costs associated with discharges in MS-DRGs with an MCC or CC, CMS has developed an algorithm to adjust the target price for this subset of the patient population.
If the reconciliation process indicates that the costs to deliver services for the episode were higher than the target price, CMS will require repayment from the hospital. If, however, the costs to deliver care for the episode were lower than the target price, CMS will provide additional payments to the hospital for the provided services. To receive additional payments, however, performance for defined quality outcomes must meet or exceed established standards.
Quality-adjusted target price
To receive any earned financial incentives, the hospital must meet or exceed performance standards for established quality outcomes. CMS therefore adjusts the target price based on quality performance, referred to as the quality-adjusted target price.
The SHFFT EPM uses the exact same quality outcomes as those defined for the CJR:
Hospital (accountable party), collaborators, and Advanced Payment Models
The hospital is held accountable for episode cost and quality outcomes and all associated financial risks/rewards, even though a variety of providers deliver services and impact performance. As with the CJR, the hospital has been designated as the accountable party because CMS believes the hospital is best positioned to influence coordinated, efficient delivery of services from the patient’s initial hospitalization through recovery.
CMS permits the hospital to enter into collaborative arrangements with physicians and other providers to support and redesign care delivery across the episode and to share financial gains and/or losses. The proposed rule expands the list of collaborators defined in the previous CJR final rule to include other hospitals and Medicare Shared Savings Program accountable care organizations.
The proposed rule also provides an Advanced Payment Model (APM) track for the EPMs, an important step that will further incentivize collaborator participation.
CDI program opportunities
There are five key ways that clinical documentation and reported codes across the continuum impact SHFFT performance:
The costs associated with Part B claims are included in episode costs if the services are related. The primary diagnosis for each visit determines whether the visit is related.
The capture of at least one condition for each of the 28 comorbid categories over the 12-month period will strengthen risk adjustment and RSCR performance. RSCR performance contributes to 50% of the quality composite score, which, in turn, impacts the quality-adjusted target price.
Summary
Together the CJR and SHFFT models cover all surgical treatment options (hip arthroplasty and fixation) for Medicare beneficiaries with hip fractures. These MS-DRGs typically represent one of the largest inpatient surgical volumes for most short-term acute care hospitals.
As hospitals and collaborators assess and refine the management of patients to achieve or exceed the quality-adjusted target price, the data we submit on claims will be used to assess our performance. The CDI program in the inpatient and ambulatory setting must be positioned to promote and support the capture and reporting of impactful documentation.
Additional information on the proposed rule can be located at https://innovation.cms.gov/initiatives/epm.
Editor’s note
Newell is the director of CDI quality initiatives for Enjoin. Her team provides CDI programs with education, infrastructure design, and audits to successfully and sustainably address the transition to value-based payments. She has extensive operational and consulting expertise in coding and clinical documentation improvement, case management, and health information management. You can reach Newell at 704-931-8537 or [email protected].
How coders can build a successful relationship with their physicians
by Sue Egan, CPC, CCD
All coders know that working with physicians is not always a positive experience.
It can be tough providing them education or getting responses from queries. Conversely, providers are busy and typically do not like anything to do with coding. When they hear coding they often take that to mean more work on their part.I have been working with providers for many years and the one thing coders always ask me is, ‘What is your secret for getting along so well with doctors and engaging them to change behavior?’
Building a relationship with your providers can make both of your lives easier. Outlined are a number of ideas that can facilitate building a strong relationship with your physicians.
Recognizing that one of our major responsibilities as coders and documentation specialists is to make the physician’s job easier and their data as accurate as it can be is essential.
Avoid approaches that make them feel like they have done something wrong. Let providers know your job is ‘to make you look as good as you are.’
Editor’s note
Egan is an associate director with Navigant Consulting and has been working with providers, of all specialties, for more than 25 years. She works with providers to improve documentation as well as provide education and training related to CPT coding. Sue has lived in Charlotte, North Carolina, for the last 23 years, enjoys traveling with friends, and relaxing at home with a good book and her cats. Opinions expressed are that of the author and do not represent HCPro or ACDIS.
Review your electronic order templates to protect against audits and ensure compliance
by Valerie A. Rinkle, MPA
Orders for services are a vital component of ensuring Medicare coverage. With the advent of computerized provider order entry (CPOE), it is important to review order templates in the electronic medical record (EMR) and the resulting order produced or printed in the formal legal medical record to ensure the templates meet requirements.
Due to increased audit scrutiny, including resumption of inpatient status reviews by Quality Improvement Organizations (QIO) as of late September, it is vital to "audit proof" your organization’s EMR and legal medical record so that the orders substantiate coverage of services. The QIOs are auditing to ensure validity of inpatient orders as well as to ensure cases meet the benchmark for at least two nights of hospital-level care. These determinations are dependent on valid orders.
CMS has published numerous resources on orders for both outpatient services and inpatient admission. Requirements for orders vary based on the type of service, such as inpatient admission, outpatient admission, observation services, diagnostic laboratory services, and other diagnostic tests. A good resource is the CMS article, "Complying With Medical Record Documentation Requirements."
Orders must be signed or otherwise legitimately authenticated. Transmittal 327 contains detailed information concerning physician signature/authentication.
Elements of a valid order
To be considered a valid order, several elements must be present. Elements required in statute or regulations by Medicare are bolded:
Format of orders
There is no requirement regarding the format of orders. For providers not linked to a hospital’s EMR, orders may continue to be delivered in writing or via facsimile. Often, the beginning of the workflow for the hospital EMR is to transcribe the order into the EMR for the patient. If this step occurs, it is vitally important that the original order be scanned and linked to the EMR to substantiate the information transcribed.
What if the staff transcribing the order incorrectly enters the information? What if the test is not logical or valid for the indication? The clinical staff providing the service should be able to view the original order and make any corrections, or obtain an updated order, as appropriate. Auditors expect to see the original order. If the order is not entered via CPOE, there will be no documentation in the EMR regarding the origination of the order, which is why scanning and not just transcribing the order is so crucial.
Orders missing elements
What does your hospital do if one of the elements is missing from the order? Ideally, if there were elements missing, no test or service would be performed. However, the current emphasis on improving patient experience may lead hospitals to move ahead and perform the service anyway. Recall that the EMR will clearly document the time of the test and the time that the diagnosis or other information is obtained, making it very clear to auditors whether the indications for the test were missing prior to its performance.
Further, because of prior authorization requirements as well as national coverage determinations (NCD) and local coverage determinations (LCD) that establish the medical necessity for outpatient tests, diagnostic indications obtained after test performance will be questioned: Did they actually exist prior to the test being performed?
If the hospital proceeds with testing prior to obtaining all the required elements of the order, it is recommended that the original chart note of the provider ordering the test be obtained, scanned, and linked to the EMR. The original chart note should clearly document that the test is needed along with the indication for the test. Documenting this information will prevent the appearance that the indication has been added after the test solely to justify meeting prior authorization or NCD/LCD requirements. Merely updating the EMR order with a diagnosis, or calling the provider and annotating the addition of a diagnosis on a written or faxed order, will open up the account to scrutiny and allegations of invalid documentation to support services.
ED protocols
What about testing initiated via protocol in the ED prior to the patient being seen by the treating provider? Protocols need to be vetted very carefully with the medical staff and with the MAC in your region.
Typically, an order is initiated as a verbal order in the EMR based on the presenting signs and symptoms of the patient. Once the provider sees the patient and uses the test results to treat the patient, the verbal order is authenticated by the treating ED provider in the EMR.
With this workflow, the requirements for orders are met. The concern with this workflow is whether the hospital has controls in place for patients who leave without being seen (LWBS) by the provider and for tests the provider does not agree were needed.
Providers do, at times, disagree with the protocol initiated by the nursing staff. There must be a clear workflow for the provider to do one of the following:
Also, if tests are ordered via protocol and the patient is LWBS by a provider, the tests are not usually authenticated by the provider, and they are billed and written off as noncovered.
Billing for tests and services
ICD-10-CM codes included on outpatient claims for services typically come from the provider order. For certain imaging, cardiology, and other tests (i.e., nonclinical laboratory tests) where a physician makes a separate report of interpretation, the final impression on the report may be a different diagnosis from that on the order. In this case, the coder should code the final diagnosis from the report of interpretation. This diagnosis should be the diagnosis code billed on the claim. However, a large volume of accounts are billed from the order, and there may not be a process to ensure the diagnosis from the report of interpretation is included on the claim. In the past, some billing and coding departments coded solely from the indication that patient access staff transcribed from the order onto the patient account, meaning the departments did not review the reports of interpretation.
It is critical for compliance that outpatient accounts be coded from the original order if the report of interpretation does not have a more specific diagnosis (i.e., the report states "routine" or "no finding"). Proper coding requires that the staff applying the codes either view the original order in CPOE or via the scanned image.
With today’s gains in automation and productivity, more workflows now pull a code directly from the transcribed information or the data entered into CPOE to the outpatient account for billing. If this is the preferred workflow of the hospital, a sample of accounts should be audited quarterly to ensure that the codes billed match the original order and that the automated workflow is viable for compliance coding and billing and does not bypass reports of interpretation that include more specific diagnoses.
One of the best program memoranda (albeit an older one) that explains CMS policies concerning coding for diagnostic tests is contained in Transmittal PM AB 01-144.
Including ICD-10-CM codes
There is a lot of debate regarding whether the codes themselves (versus terminology) should be included in the order. Coders typically emphasize that they can arrive at the most appropriate code if medical terminology, rather than a less specific ICD-10-CM code, is included on the order. Meanwhile, patient access staff and other employees who must apply NCDs and LCDs and check for prior authorization prefer the actual ICD-10 code to be on the order because it facilitates checking for coverage and authorization in electronic tools designed for that purpose.
CPOE can improve the specificity of orders if the drop-down menus used by providers are customized to be as specific as possible and avoid more nonspecific codes. Consider also the greater specificity present in ICD-10-CM. If certain order sets for high-volume patients include indications for drugs and other tests at their greatest specificity, documentation can be better captured in more routine workflows to support ICD-10-CM coding, thereby avoiding time-consuming provider queries.
Conclusion
EMRs enable workflows that should be scrutinized completely, from the initiation of the order with the treating provider to the order’s appearance in the retained legal medical record.
Other related processes should also be scrutinized, including the workflow used to check orders for medical necessity and prior authorization, as well as the workflow used by staff and/or coders to apply the codes from the orders to the account and the resulting claim. Detailing these workflows and enhancing the processes that go along with them will ensure compliant orders.
Editor’s note
Rinkle is a lead regulatory specialist and instructor for HCPro’s Medicare Boot Camp®?Hospital Version, Medicare Boot Camp?Utilization Review Version, and Medicare Boot Camp?Critical Access Hospital Version. She is a former hospital revenue cycle director and has over 30 years in the healthcare industry, including over 12 years of consulting experience in which she has spoken and advised on effective operational solutions for compliance with Medicare coverage, payment, and coding regulations.
Updated 2017 ICD-10-CM guidelines come ‘with’ controversial changes
by Shannon E. McCall, RHIA, CCS, CCS-P, CPC, CPC-I, CEMC, CRC, CCDS
Just like the lyrics to the popular Gap Band song say, "You dropped a bomb on me… I won’t forget it," there are definitely some changes in the 2017 ICD-10-CM Official Guidelines for Coding and Reporting that some of us may wish the Cooperating Parties will forget were ever mentioned.
Generally, changes to the guidelines are minor and rarely cause the chaos and confusion that will certainly ensue with the most recent release, effective October 1. This release includes some contradictory guidance and downright concerning statements that appear as if no one really thought through the repercussions. These revisions will certainly have an impact not only on code assignment, but also specifically on reimbursement.
With
The guidelines state:
The classification presumes a causal relationship between the two conditions linked by these terms in the Alphabetic Index or Tabular List. These conditions should be coded as related even in the absence of provider documentation explicitly linking them, unless the documentation clearly states the conditions are unrelated. For conditions not specifically linked by these relational terms in the classification, provider documentation must link the conditions in order to code them as related.
I consider this paragraph the most controversial addition to the guidelines. We’ll look at the impact the guideline has on previous examples relating to conditions such as diabetes mellitus, hypertensive heart disease, and some other conditions.
The guidance most commonly discussed is that for "diabetes with," which was stated in the AHA’s Coding Clinic for ICD-10-CM/PCS, First Quarter 2016, and reconfirmed in the following quarter. To summarize, the AHA guidance stated:
The classification assumes a cause-and-effect relationship between diabetes and certain diseases of the kidneys, nerves, and circulatory system and ANY condition listed under the term "with" in the Alphabetic Index is intended to be interpreted as a related condition/manifestation.
It appears that someone has never looked in the actual ICD-10-CM index file, because all conditions related to diabetes mellitus are indented under the word "with," not just isolated ones as in the ICD-9-CM manual.
Here is the comparison (from the ICD-9-CM index):
Diabetes, diabetic (brittle) (congenital) (familial) (mellitus) (severe) (slight) (without complication) 250.0
Compare to this excerpt from the ICD-10-CM Alphabetic Index:
The most surprising aspect to me in the repeated guidance is the contradiction to not assume a relationship between osteomyelitis and diabetes mellitus, which Coding Clinic originally stated in Fourth Quarter 2013 and reiterated in First Quarter 2016, writing:
ICD-10-CM does not presume a linkage between diabetes and osteomyelitis. The provider will need to document a linkage or relationship between the two conditions before it can be coded as such.
Coders understood back in 2013 to not assume relationships between diabetes and other conditions that coexist in a diabetic patient. But this recent guidance creates more questions than answers. This very specific guidance about osteomyelitis leads me to imagine the scenario of a patient who has a relationship created between osteomyelitis and diabetes mellitus by a provider documenting "osteomyelitis due to diabetes mellitus." What codes would be reported?
The correct answer would be to assign the code for other specified complication (e.g., E11.69) since there is no entry specifically for osteomyelitis under diabetes mellitus. It would be classified to the "other" category per the ICD-10-CM conventions. If we examine this a bit closer, E11.69 is listed under the word "with" in the Alphabetic Index.
So, is it assumed or not? The guidance and guidelines directly contradict each other.
Some have argued that the ICD-9-CM index included a specific entry for diabetes with osteomyelitis, and I agree that the word "osteomyelitis" is there in black and white, but take a look at the code title: 250.8 (other specified manifestation of diabetes mellitus). There wasn’t a specific code in ICD-9-CM that said "diabetes with osteomyelitis," just like there isn’t in ICD-10-CM.
Diabetes, diabetic (brittle) (congenital) (familial) (mellitus) (severe) (slight) (without complication) 250.0
I suggest if the Cooperating Parties truly plan on keeping osteomyelitis separate, there should be a separate entry in the Alphabetic Index where it is not at the second indentation level under the word "with," but is under diabetes as a main term with a singular indentation.
The "with" guidance extends much further than I think the Cooperating Parties have considered. For risk-adjusted plans, the assumption of linking diabetes and other related conditions (acute and/or chronic) without necessitating providers document it will have a direct impact on a patient’s overall risk score.
The risk score uses many factors, but chronic conditions like diabetes mellitus are a key component in determining how much CMS should pay an insurance plan for care for Medicare beneficiaries covered under plans like Medicare Advantage (i.e., Part C). Being able to assume a relationship is a major change and will ultimately have a big impact on spending for any risk-adjusted plan, considering diabetes is such a common condition.
The reason this hasn’t really been considered an issue yet is that Medicare Advantage data is compiled based on the previous year’s diagnosis codes to prospectively estimate spending in the upcoming year.
Therefore, CMS is currently using ICD-9-CM data for encounters through September 30, 2015. Hopefully, this new guidance valid for encounters as of January 1, 2016, will be considered a factor, because patients with diabetic complications are certain to increase.
If the word "with" couldn’t get any more controversial, it ventured out of the endocrine system to the very "heart" of every coder’s cardinal rule. We learned, as fledgling coders, to never assume heart disease (like heart failure) is directly related to hypertension unless the provider documents the two conditions as related, like hypertensive heart failure or heart failure due to hypertension.
Well, no more, my friends?this is the dawn of a new age of coding. We can assume away, not only for hypertension and (chronic) kidney involvement, but also for hypertension and heart involvement because they are both indented under the word "with" in the Alphabetic Index.
The revised guideline states (bolding is mine)’:
The classification presumes a causal relationship between hypertension and heart involvement and between hypertension and kidney involvement, as the two conditions are linked by the term "with" in the Alphabetic Index. These conditions should be coded as related even in the absence of provider documentation explicitly linking them, unless the documentation clearly states the conditions are unrelated.
Please notice that the past statement does identify that if the provider specifically states another cause, the conditions should be coded as unrelated.
The larger issue I have with assuming anything under "with" is seen in the ICD-10-CM Alphabetic Index and is yet another direct contradiction to the guidelines. If the guidance regarding "with" is truly universal within the Alphabetic Index, then it implies a relationship for diseases extending beyond just diabetes mellitus and hypertensive heart disease. For example, it seems that coders could begin to assume, based on the guidelines, that patients who have sepsis with a coexistence of organ dysfunction have severe sepsis, even though the guidelines specifically state "an acute organ dysfunction must be associated with the sepsis in order to assign the severe sepsis code."
Who knew that a little word like "with" could cause so many issues?
Excludes1 notes
The guidelines also include an update on reporting Excludes1 conditions. The updated guidelines state:
An exception to the Excludes1 definition is the circumstance when the two conditions are unrelated to each other. If it is not clear whether the two conditions involving an Excludes1 note are related or not, query the provider.
The Excludes1 conventions clarify what was addressed in the interim guidance provided in October 2015 and in the AHA Coding Clinic for ICD-10-CM/PCS, Fourth Quarter 2015, to address situations where Excludes1 notes should be considered Excludes2 or had other exceptions. Category I63 (cerebral infarction) excludes subcategory I69.3- (sequela of cerebral infarction). This guidance directly contradicted the guidelines for Chapter 9, which state: "Codes from category I69 may be assigned on a health care record with codes from I60-I67, if the patient has a current cerebrovascular disease and deficits from an old cerebrovascular disease."
For 2017, subcategory I69.3- has been revised to be included in an Excludes2 note. Exceptions have been added to the guidelines when the exclusion was for a category that may include a number of different conditions, like the "other" category. Some of those inclusive conditions should never be coded with the diagnosis the Excludes1 note appears under, others may be completely unrelated.
This opens the door for a third-party auditor to debate the application of the Excludes1 note if coding the two conditions separately creates a financial impact.
Edito’?s note
McCall is the director of HIM and coding for HCPro, a division of BLR, in Middleton, Massachusetts. She oversees all of the Certified Coder Boot Camp programs. McCall works with hospitals, medical practices, and other healthcare providers on a wide range of coding-related custom education sessions. For more information, see www.hcprobootcamps.com.a
Making a checklist to prepare for the OPPS final rule
Editor’s note: Jugna Shah, MPH, president and founder of Nimitt Consulting, writes a bimonthly column for Briefings on APCs, commenting on the latest policies and regulations and analyzing their impact on providers.
The 2017 OPPS final rule will not be out for a couple of weeks, but that doesn’t mean providers can’t be thinking about what their action plan will be once the rule is released.
With only 60 days between the final rule’s release and the January 1 implementation date, providers will be ahead of the curve by spending time now and thinking about the processes they may need to review, change, or implement based on what CMS finalizes and the sort of financial impact the final rule is likely to have.
While I don’t know with 100% certainty what CMS will finalize, revise, delay, or back away from, I offer providers this list of what they should look at immediately upon the rule’s release.
Section 603
With Congress mandating payment changes for all non-grandfathered (those not billing under OPPS prior to November 2, 2015) off-campus, provider-based departments (PBD) starting January 2017, it was no surprise that CMS discussed this issue in the proposed rule. But it was a huge surprise to read CMS’ proposals, which, if finalized, would greatly impact otherwise protected grandfathered locations under Congress’ Section 603.
For example, CMS proposed that if an off-campus PBD moves, changes ownership, or expands its services beyond what it was providing as of November 2, 2015, as defined by APC-based clinical families, then its grandfathered status would be impacted. While this may sound relatively simple, the payment and operational impact would be a nightmare.
There is another aspect of Section 603 and CMS’ proposal to use the Medicare Physician Fee Schedule (MPFS) as the "applicable payment system" for Medicare Part B services provided at non-grandfathered locations or deemed "non-excepted." Specifically, there are many services for which the MPFS has no facility component for the facility costs associated with performing the procedure because they are only provided in hospital outpatient departments or ambulatory surgery centers. For these services, the industry has to wonder what CMS was thinking, as the agency cannot possibly expect to pay nothing for services that would continue to be rendered in off-campus PBDs.
CMS’ unexpected and hastily configured proposals create such large operational and financial problems that the industry is hoping the agency will simply retreat and delays the implementation of Section 603, or at a minimum revert to paying grandfathered facilities under the OPPS for all of their services, regardless of clinical service expansion, site relocation, or ownership changes. There is precedent for CMS to postpone implementation beyond statutory deadlines. If there were ever a situation where delay is advised, this is one.
Hopefully, providers sent in a surfeit of comments regarding these and other issues and outstanding questions related to the agency’s Section 603 implementation proposals. I hope CMS will acknowledge its proposals have administrative, operational, and financial gaps that are so large, it will be impossible to move forward by January. But even if CMS does choose to put off its proposals until proper payment mechanisms are developed, Congress was clear in its language requiring changes by January 1, 2017, so something is likely going to have to occur.
CMS’ proposals, if finalized, would have drastic long-term implications for all providers, including those who believe that their grandfathered status would protect them; the sad reality is that under CMS’ proposals, there will be massive operational and financial impact, so this is the first topic in the final rule that everyone should review.
Packaging proposals
Providers have gotten used to CMS expanding packaging in each OPPS rule, as the agency calls packaging an essential part of a prospective payment system. With CMS’ expansion of lab packaging from date of service to claim level this year, we should not be surprised if the agency finalizes its proposal of expanding the conditional packaging logic of CPT codes assigned to status indicators Q1 and Q2 to the claim level.
Claim-level packaging of these types of ancillary services will have a huge financial impact on providers submitting multiday claims, such as those for chemotherapy and radiation therapy services, despite the fact that multiday claims for these types of services are not required.
Currently, status indicators Q1 and Q2 are packaged into other OPPS services when provided on the same date of service, even when submitted on a claim that spans more than one day. If CMS finalizes its proposal, providers that continue submitting multiday claims when monthly or series claims are not required should not be surprised when they find themselves no longer receiving separate payment for many services.
This is the time for providers to assess whether they submit multiday claims for any services beyond the required repetitive services listed in the Medicare Claims Processing Manual, Chapter 1, section 50.2.2. While it is true the manual states that is is an option to bill nonrepetitive services on multiday claims, it did not have financial implications. At least, until this year, with the claim-based packaging of labs and proposal for claim-based packaging of Q1 and Q2 services. Providers should determine why they are billing multiday claims and what it would take to change their billing processes. If they elect not to move away from multiday claims, then assessing the financial impact that will occur is an important exercise to go through prior to January 1.
The other packaging proposal providers should look for in the final rule involves the use of modifier -L1 for reporting unrelated laboratory tests when they occur on a claim with other OPPS services. CMS proposes to delete the modifier for CY 2017 as it believes that the vast majority of labs should be packaged regardless of whether they are unrelated to other OPPS payable services.
This would have a big impact on providers who provide reference laboratory or nonpatient services, which the agency requires to be reported on the same claim as other OPPS services performed on the same date. Today, the use of the -L1 modifier allows providers to identify these services as separate and unrelated to the other OPPS services so that payment is received from the Clinical Laboratory Fee Schedule.
If CMS finalizes its proposal to eliminate modifier -L1, we can hope the agency will also update its instructions for reporting reference laboratory services so they can be separately paid even when provided on the same date of service or claim as other OPPS services. If CMS does not make a change, then providers can again expect to see a large financial impact. Both of these packaging proposals should be looked at immediately in the final rule.
Device-intensive procedures
The final set of proposals providers will want to review relates to the changes proposed for device-intensive procedures. This is a place where we hope to see CMS finalizing changes as proposed.
For example, CMS proposes to use the implantable device cost-to-charge ratio (CCR) to calculate pass-through device payments for hospitals that file cost reports designating that cost center, as this is a more accurate CCR for determining separate pass-through payment. Currently, only about two-thirds of hospitals use the implantable device CCR, which means the remaining one-third need to examine their cost reporting process.
Providers should determine whether they are in the group that reports the implantable cost center; if a provider is not reporting, it should find out why and begin making changes. This will have an impact on facilities’ ability to generate much better pass-through payment going forward, when applicable. It will also ensure future payment rates for device-intensive procedures reflect more accurate payment of the device.
Finally, it will be interesting to see whether CMS finalizes the addition of another 25 comprehensive APCs (C-APC) encompassing 1,844 additional status indicator T services; if it does, a financial impact analysis of these services will also be important, as this will be a large increase in C-APCs for a one-year span.
I plan to discuss these and other final rule changes in my next column, as well as in HCPro’s annual OPPS final rule webcast December 1 (see www.hcmarketplace.com for details), but in the meantime I hope the above checklist will be useful to providers now and in the first weeks of the rule’s release.
Chronic obstructive pulmonary disease (COPD) is a blanket term for progressive diseases of the lower respiratory tract — most commonly, chronic bronchitis and emphysema. Approximately 15.7 million men and women in the United States were reportedly diagnosed with COPD in 2015; millions more are believed to go undiagnosed every year, according to the Centers for […]
AAPC Knowledge Center
Editor’s Note: Click the PDF button above for a full edition of the November 2017 edition of Briefings on Accreditation and Quality
This September, a Missouri hospital found out the hard way that when not addressed quickly, restraint and seclusion deficiencies can threaten a hospital’s ability to remain open, as well as who keeps their job. CMS twice this year ruled that Mercy Hospital Springfield was putting patients in immediate jeopardy for what it deemed abusive incidents, including some involving restraint and seclusion. This included one incident where a nurse pinned a violent patient to the floor and didn’t report it.
Annually, there are 460,000 emergency department visits that occur following cases of self-harm, and the patients treated during those visits are six times more likely to make another suicide attempt in the future. Nationally, suicide is the 10th leading cause of death, a fact that hasn’t gone unnoticed by CMS or The Joint Commission.
Patient handoffs continue to be a major concern for hospitals. In September, The Joint Commission published Sentinel Event Alert 58 on inadequate handoff communications and its effect on patient care. Handoffs (also known as transitioning) are the passing of patients between caregivers, plus the information that caregivers exchange during the process. The latter represents a major point of failure for healthcare; each handoff runs the risk of key treatment information being garbled, forgotten, or not passed on.
In what is likely a result of a new survey matrix, new or revised Life Safety and Environment of Care requirements, and increased pressure from CMS, hospitals scored much worse across the board on The Joint Commission’s list of most challenging standards for the first half of 2017, compared to the same period last year. The Joint Commission released its list in the September issue of Perspectives.