Message from the CEO of Compliancy Group

Today I want to talk about the odds of being audited.

It’s been all over the news lately that OCR has finally launched their Phase 2 audit program, ushering in a series of 200 desk and onsite audits that will be completed by the end of the year. If you consider the odds of being randomly selected for one of these Phase 2 audits, you wouldn’t be alone in thinking that the chances are slim. It’s a claim we’ve seen time and again.

But set aside these Phase 2 audits for a moment and consider that two of the largest fines ever–totaling $5.5 million–were levied against North Memorial Health System of Minnesota and the Feinstein Institute for Medical Research just a few weeks ago. In each of these cases, an OCR investigation was triggered by a PHI breach. And in each case, OCR discovered a lapse in the organization’s HIPAA compliance which lead to these behemoth fines.

So while the odds of being selected for a Phase 2 audit are relatively slim, the odds of having a breach and triggering OCR investigation are as high as they’ve ever been.

If you need help with your compliance efforts, reach out to VE Cycle Management today.  We can get you on track wth Compliancy Guard, the tool that saves you more than money.

Read on to check out some of the content we’ve put out this month, and some of the free educational webinars we have slated for the weeks ahead. And remember that Compliancy Group is here to give you compliance with confidence.

Marc Haskelson 

President, CEO

The Importance of HIPAA and HITECH Compliance

Meaningful Use

Did you properly attest?

What happens if you falsely Attest to Meaningful Use?

Recently, the former CFO of the Shelby Regional Medical Center, Joe White, has been sentenced to 23 months in federal prison and ordered to pay $4.5 million in restitution.  White oversaw the hospital’s implementation of electronic health records (EHR) and was responsible for Meaningful Use attestation to obtain incentive payments. He pleaded guilty to making a false statement about the hospital’s status as a meaningful user of EHR when, in fact, the hospital failed to meet the requirements. As a consequence of the ensuing turmoil, Shelby Regional Medical Center has permanently closed.

What message does this send?  

Although this is a more severe example of dishonesty, the underlying warning is still there for recipients of Meaningful Use incentives. Falsely attesting or failure to meet requirements could result in civil penalties, refund of incentive money, and could lead to criminal charges.

Does attesting for Meaningful Use mean you’re HIPAA compliant?

Attesting for Meaningful Use does not exempt you from the obligation to comply with HIPAA regulations. Regardless of whether you are applying for Meaningful Use or not, you are still required to be HIPAA compliant. The HITECH Act has served to strengthen HIPAA security and privacy provisions by adding greater fines and penalties for non-compliance. Bottom line, if your services involve Protected Health Information (PHI) you are required to be HIPAA compliant.

 HITECH?

The HITECH Act was established with the intent to promote the adoption of health information technology. This was promoted and incentivized by the Government through the Meaningful Use program. Providers can obtain incentive payments by attesting and proving that they are using certified EHR technology to improve patient care.  

 Do you think you are compliant?

According to HHS, 70% of the healthcare industry is not HIPAA compliant while CMS states that 79% of Meaningful Use Audits have resulted in failure. The two prevalent factors were incomplete risk assessments and misconceptions about the differences between HIPAA and HITECH. If you are unsure of your compliance with HIPAA, HITECH or Meaningful Use you need to take corrective action immediately.

  Become Compliant Now And Protect Your Practice

100% Of Our Clients Have Passed Their Audits

Find out how you can quickly become HIPAA compliant, prove your due diligence, satisfy Meaningful Use, and protect your organization’s reputation from irreparable damage and financial penalties.

Seal of HIPAA Compliance

Why The Guard?
  • HIPAA, HITECH, Meaningful Use, and Omnibus compliance
  • Expert HIPAA Coaches
  • Risk Analysis, Gap Identification and Remediation Plans
  • Built-in Training, Policies & Procedures
  • BA Agreement Templates & Tracking
  • HIPAA Hotline Support
  • Over 1,000 Satisfied CEs & BAs

CoffeeChat #2 Is up on our YouTube Channel

Take a listen to our latest CoffeeChat https://youtu.be/zMKxGhcfdVY here on our YouTube channel.  This episode talks about how just getting a HIPAA Risk Assessment is not enough to be HIPAA compliant according to HITECH and OMNIBUS regulations.  Use the contact us page to find out how CompliancyGuard can help your practice Achieve, Illustrate and Maintain HIPAA compliance.

How can CompliancyGuard help you avoid HIPAA fines?

Well I will tell you how…

CompliancyGuard is like an insurance policy that protects you from failing HIPAA audits and the excessive fines that can come with those.

The fact is that over 70% of Covered Entities (CEs) will fail their HIPAA audits.  And while the reasons for such failures can be all over the place, primarily it will be because of inadequate preparation to achieve complete HIPAA compliance and the inability to maintain compliance after initial risk assessment.

What CompliancyGuard does for you and your practice is simply and effectively provide you a “One-Stop-Shop” solution that sets you up for success and allows you to Achieve, Illustrate and Maintain HIPAA compliance so that it is completely taken off your plate.  It is a HIPAA compliance officer in a box.  Check out these case studies and tell me you don’t want to have this solution in your back pocket when the HIPAA auditors come knocking!

http://compliancy-group.com/hipaa-case-studies/

Thinking of starting your own practice?

With over 70% of hospital employees getting out and getting back into private practice whether they have done it before or doing it for the first time this article has the top 5 things we recommend our providers do before starting out on their own.  They don’t teach you this in med school!

http://www.kareo.com/gettingpaid/2014/09/the-5-first-steps-to-start-a-new-medicalpractice/

Now of course we recommend outsourcing as many activities as you can, and we can help you with cost effective solutions and personal service that a national company can’t compete with.  Please consider us as a source to help you in improving your reimbursement and gaining efficiencies in your office!

ICD 10 Delayed – Again

The Centers for Medicare and Medicaid Services posted in August 2014 that the road to ICD-10 compliance will be another year longer.  The new date for conversion is 10/1/2015.  As we’ve published before, this conversion is long over due and WILL be coming at some point even if they keep pushing back the date.

This conversion was not a part of the Affordable Care Act, so if you are thinking that if the ACA goes away so will this conversion and that is just simply “head in the sand” thinking.  This is an implementation of a international coding standard and we here in the US are just behind the curve with the rest of the western world in using this new classification system.  We do need to catch up and we eventually will.  Don’t let this conversion scare you out of your practice!  I have had a lot of providers tell me that they will quit first before converting, and that just isn’t practical.  ICD-10 will benefit the medical community by increasing the accuracy of diagnosis coding and allow entitlement programs and insurance carriers to gain more specificity in tracking diagnosis populations.  With more specificity comes more attention which leads to more reimbursement for the provider.

If you are a small practice, I urge you to check out the CMS website for the “Road to 10” implementation map

Road to 10: CMS Online Tool for Small Practices

CMS has released Road to 10, an online resource built with the help of providers in small practices, is now available. This tool is intended to help small medical practices jumpstart their ICD-10 transition.

“Road to 10” includes specialty references and gives providers the capability to build ICD-10 action plans tailored for their practice needs.

Also, VE Cycle Management specializes in providing solutions that are already ICD-10 ready.  We can help!  Contact us today!

ICD-10 Delay

So on 3/31/14 both the house and senate voted on a “Dr. Fix” bill that included language for another one year delay on the ICD-10 implementation.  CMS has been saying for more than a year that there will be no more delays…period… Then what does the congress do? Overrule them.  Many healthcare organizations are speaking out that the delay portion of the bill did not have to be included. That congress has once again cost us billions of dollars by not listening to their constituency or the experts when it comes to throwing in additional pieces of legislature just to pad the bill.  Here is what the American Healthcare Information Management Association had to say: http://journal.ahima.org/2014/03/31/senate-votes-on-icd-10-delay-bill/

While most experts agree it was a stupid move to include the delay in the bill, now providers are wondering what they are supposed to do.  Check out this link: http://www.fiercehealthit.com/story/icd-10-delay-how-providers-should-respond/2014-04-02

As far as VE Cycle Management is concerned we are going to continue to prepare our clients for ICD-10 as part of what we do for them daily.  Providers now have some extra time to train, map and migrate and may think that the road to full implementation will be slowed again.  The point is and the point that my company will emphasize is “don’t put off tomorrow what you can do today!” 

ICD-10 is still coming, we are the only western nation still on ICD-9, most of Europe is on ICD-11 so it’s just a matter of time and you have to make sure your staff, technology, and you are ready for it.  Ask us, we’ll help!