Expect Stricter HIPAA Enforcement

Posted by on August 11, 2009 · Leave a Comment 

GavelFiveThe Department of Health and Human Services (HHS) announced that the Office for Civil Rights (OCR) will now be responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) security rule in addition to the privacy rule. (The Centers for Medicare & Medicaid Services was previously responsible for the security rule). This consolidation of HIPAA enforcement activity highlights the Administration’s heightened scrutiny of security and privacy of health information. In fact, the American Recovery and Reinvestment Act of 2009 mandates enhanced patient privacy rights and physician practice requirements, increased financial penalties for violations of the privacy rule and the security rules and allocated additional resources for enforcement.

How will this affect you? Well if your group practice has not yet put in place a plan to implement the Red Flag rules, you will be at risk of a  HIPPA violation once the enforcement begins.

Filed under Compliance · Tagged with , , , , ,

Medicare to Intensify Audits in all 50 States

Posted by on August 6, 2009 · Leave a Comment 

audit_rThe Centers for Medicare & Medicaid Services (CMS) recently confirmed that the Recovery Audit Contractors (RACs) will operate in all 50 states by the end of this year. RACs identify over payments and under payments by CMS to Medicare providers.

The RAC program evolved from the three-year RAC demonstration project stipulated by the Medicare Modernization Act (MMA) of 2003. The Tax Relief and Health Care Act (TRHCA) of 2006 made the RAC program permanent and authorized CMS to expand it to all 50 states by 2010. The permanent RAC program limits the medical record review period to three years and prohibits audits on claims paid before Oct. 1, 2007. The program requires RACs to have a physician medical director and certified coders available to discuss denials with providers.  CMS also announced the number of medical records RACs may request per National Provider Identifier (NPI) for 2009. CMS will likely adjust these limits each year.

Medical Record Limits for 2009 are:

  • 10 medical records per 45-day period for solo practitioners;
  • 20 medical records per 45-day period for 2 to 5 provider offices;
  • 30 medical records per 45-day period for groups of 6 to 15 providers; and
  • 50 medical records per 45-day period for groups of 16 or more providers.

Every group should start preparing a plan to deal with these audits. The old saying is “failure to plan, is a plan to fail”.  Groups will need to develop a system for documenting each record request and track the audit of each claim to completion. As with any audit, if your group can’t provide the documentation of the services rendered, it is as if the service was never rendered. I have provided the RAC map of the four audit companies, the states they will audit and the contact numbers for each company.

  • Diversified Collection Services 866-201-0580
  • CGI Technologies and Solutions 877-316-7222
  • Connolly Consulting, Inc. 866-360-2507
  • HealthDataInsights, Inc. 866-376-2319

Filed under CMS, Compliance · Tagged with , , , , ,

« Previous PageNext Page »