HIPAA âminimum necessaryâ - Health Care Compliance Association

More documents

Recommendations

Info

April 200846Compliance pitfallsin behavioral healthprograms: What towatch for from thestartBy Kenneth P. MarionEditor’s note: Kenneth Marion is the principalat New York Compliance Planning in AtlanticBeach, New York. He can be reached by e-mailat kmarion@nycomplianceplanning.com.It is surprising and overwhelming when themanagement team at a behavioral health providerlearns that requirements for a complianceprogram previously limited to hospitals(they thought) are now required of them.Where do they start? What have others done?What mistakes can be avoided?This discussion is targeted at the free-standingbehavioral health program. Programs thatare part of a hospital-based health system arealready well into corporate compliance. However,even those of us in the thick of it mayfind a pitfall they have not yet identified.The Deficit Reduction Act of 2005 (DRA)brought many organizations to the realizationthat a compliance program is a necessity. We nowfind ourselves operating in jurisdictions that havetheir own False Claims Act, and those jurisdictionsare learning to use it as a recovery tool.The basic principles of compliance programsare universal. Regardless of the size of thesetting, the seven pieces of the complianceprogram puzzle, found in Federal SentencingCOMPLIANCEGuidelines and guidances offered by theOffice of the Inspector General (OIG) of theDepartment of Health and Human Services(HHS), are your starting point:1. Policies and procedures, especially acode of conduct2. A compliance officer3. Education and training4. Monitoring and auditing5. Reporting and investigating6. Discipline and enforcement7. Response and preventionAll the pieces of the compliance puzzle for behavioralhealth have to be derived from othersources, because our programs do not haveguidance like that for hospitals, physicianpractices, etc. Therefore, everything we do isbased on our understanding and extrapolationof requirements for others.The value to the organization of a clear code ofconduct and a clear code of ethics may not beobvious to the workforce. The codes become apowerful disciplinary tool, when the workforcehas documented knowledge of these corporatestandards. Right from the start, you will meetthe questions/objections of the social workprofessionals who want to know how this codeinteracts with the code of their national association.And you should receive similar queriesfrom the psychologists and others as well. Thisis a minefield that is fairly easy to navigate.Specific requirements should be limited toyour organizational code of conduct, ratherthan your code of ethics. With this arrangement,there is little to conflict.What is the difference between a code of ethicsand a code of conduct? A code of conductcontains the “thou shalt nots,” but the code ofethics contains the “thou shalts.”The most difficult and complicated pitfall inbehavioral health compliance is caused by101Health Care Compliance Association • 888-580-8373 • www.hcca-info.orgthe medical model of treatment. Medicareand Medicaid are medical programs. Theinclusion of the allied professions found inbehavioral health is unique and begrudging atbest. Herein lay denials and take backs whichare avoidable if behavioral health staff “get it.”The medical model we’re talking about is theassessment of a patient, followed by a diagnosisbased on the assessment results, whichyields a plan of treatment that is executed,and results in a return of function or theneed to reassess for additional problems. Thecommon disconnects in behavioral healthare between diagnosis and treatment and thedetermination of return of function.The physician in behavioral health doesnot fall prey to this pitfall, because it is his/her model of treatment. The social workerand other providers of the mainstay of ourindustry, verbal therapies, are the ones vexedwhen trying to apply this concrete, measurablemodel of care.Failure to achieve clarity about the model willyield denials and take backs. The patient whois diagnosed with schizophrenia, paranoidtype with both positive and negative symptomatology,is very often not a good candidatefor individual therapy, and auditors willwant to see documentation of the therapeuticapproach and the results of this treatment. Atthe same time, when there is a “best practice”followed, treatment will be standardized and,hopefully, focused.In behavioral health, where a very smallnumber of CPT® (AMA Current ProceduralTerminology) and HCPCS® (CMS HealthcareCommon Procedure Coding System)codes are routinely in use, it is very importantto keep up with changes that do occur. TheCPT “Changes” volume and each annualHCPCS manual require review. And keep
a look out for the World Health OrganizationInternational Statistical Classification ofDiseases and Related Health Problems-10thRevision (ICD-10).Other training pitfalls abound. The way inwhich the enforcement process works is commonlymisunderstood. It is the antithesis of thebasic concept “innocent until proven guilty.”Teaching the typical enforcement effort (whichidentifies a potential problem, investigates, andthen requires payback) leaves many concerned,if not outraged. Some will never recover.With others, an opportunity presents itself toenlighten them to the importance of attentionto detail and adherence to the rules.The Recovery Audit Contractor (RAC)programs, which are coming online now, areanother problem. Although we would expectthat big fish will get fried first, because this isa program where the contractor gets a piece ofthe recovery, we find that it is our documentation,which is often not concrete, that maycause us many take backs.Behavioral health operations face huge risks.Paramount is the potential for fraud in fieldoperations. Often, case management services ortherapeutic services are needed outside of theoffice. Fraught with risk regarding the actualdelivery of service and the length of service, administratorsneed to watch carefully and to putrestrictions in place. If you don’t start with thesecontrols, they can be difficult to put in place.What was provided and to whom and for howlong are the questions that will be asked.The question of how long the service was providedis a common one and easily becomes aproblem. The standard requirements foundin the CPT environment include “up to 20minutes” or “less than 20 minutes” or “20 to30 minutes.” The code set used in a Medicaidplan may expect “15 minutes” or “15 to 30minutes,” etc. These multiple requirements,not found in the purely medical setting whereCPT is exclusive, create additional confusionand potential for error, as does the structureof the work — the 30 minute session, the 50minute hour, etc.Identifying the targets of OIG is the easiestpart. Each year, the OIG proffers its WorkPlan for the coming year and literally tells uswhat is on the target range. The risk, however,does not lie here, but in our organizations. Itis the employee who files a complaint or blowsthe whistle who can cause serious problems.Continued on page 63Want to include a Stark review in your audit plan this year,but don’t know how to get started?Consider our new STARK COMPLIANCE - GUIDED SELF ASSESSMENTWe provide your staff with classroom training on theStark law and regulations and on what to look forwhen conducting a Stark audit; We supply audit toolsthat allow your staff to review the most commonfinancial relationships with physicians; and we makeour experts available to answer questions as youconduct your self-assessment, and to help with orconduct review of unique financial relationships thatyou discover. Package pricing starts at $7,500.For more information visit www.meaderoach.com orcall Steve Ortquist at 312-285-4850.Steve OrtquistPartner, Meade & Roach, LLP312.285.4850SOrtquist@MeadeRoach.comHealth Care Compliance Association • 888-580-8373 • www.hcca-info.org47April 2008
Page 1: Volume TenNumber FourApril 2008Publ
Page 7 and 8: documented system of incurred expen
Page 10 and 11: Quality of care incardiac casesEdit
Page 13 and 14: “Red flags” and compliance prog
Page 15 and 16: complete Extraordinary Circumstance
Page 22: EXPERIENCE. I
Page 26 and 27: focusfeatureCode RACIs your hospita
Page 28 and 29: April 200828Health Care Compliance
Page 30 and 31: Complianceand the rise inuncompensa
Page 32 and 33: HCCA Regional ConferencesJoin us at
Page 34 and 35: April 200834
Page 36 and 37: HCCA Training ResourcesGuidebooks &
Page 40 and 41: Winds of change inReimbursement, Pa
Page 42 and 43: Implications of PPSreform for home
Page 44 and 45: Refocusing thecompliance paradigmEd
Page 48 and 49: April 200848Medicare Advantageand P
Page 50 and 51: Online Compliance Trainingauthored
Page 52 and 53: Every day, clinical and researchpro
Page 54 and 55: A Master Class in Hospital Reimburs
Page 56 and 57: Outpatient therapy clinics and thei
Page 58 and 59: Compliance Today Editorial BoardThe
Page 60 and 61: Outpatient therapy clinics and thei
Page 62 and 63: The role of teambuilding in complia
Page 64 and 65: Register beforeAugust 13 andSave $5
Page 66 and 67: Conflicts of interest: Device maker
Page 68 and 69: Corporate Compliance & Ethics WeekM
Page 70 and 71: April 200870New HCCA MembersThe Hea
Page 72 and 73: Your HCCA Staff888-580-8373 | 952-9
Page 74: s a v e t h e d a t e !Research Com

HIPAA âminimum necessaryâ - Health Care Compliance Association

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

HIPAA âminimum necessaryâ - Health Care Compliance Association