The BridgeBlog

By Peter Cizik

Judging by the number of calls we’re getting, many organizations impacted by HIPAA are taking a serious renewed look at their HIPAA compliance stance. Maybe you should too. It may be because:

1. The continued publication of data breach stories (there are too many to list in our latest HIPAA Flash e-Newsletter);
2. OCR audits are fully ramped up now
3. The requirement to attest to HIPAA compliance as a requirement of the meaningful use incentive program
4. State Attorney Generals are trained to audit on HIPAA and many see fines as a new ‘income’ source for their state
5. Recent visibility of breaches and the time and money it takes to deal with them

I don’t have to remind anyone reading this that healthcare is a highly regulated industry and it’s not going to get any better. HIPAA is “low hanging fruit” from a compliance standpoint—as long as you treat it with the ’seriousness’ it deserves. Get your documentation ducks in a row and train your staff.

I didn’t say it would be easy—it does take time to get the proper documentation in place and actually follow it. You already have to train employees on other topics annually—add HIPAA to the list. Don’t view it as a “check-off” item—make sure the content really meets your needs, is current and updated, and tie it to what you do internally to manage HIPAA compliance.

One size does not fit all. The people calling us today had training in place, but violations were still occurring. The programs were too long (couldn’t get staff to take them), were not up-to-date, were too generic (didn’t incorporate organization-specific information), and the person delivering them was too busy to keep up or all of the above.

Do yourself a favor—make sure your organization is as prepared as possible. We’re all staring at the looming ICD–10 transition in 2013—the last thing you need is to be distracted with HIPAA violations and breaches. BridgeFront has the tools and resources to help you each step of the way.

Visit our website for more information about our HIPAA compliance products and services. You can also contact us directly by emailing info@bridgefront.com or call (866) 447-2211.

The Centers for Medicare and Medicaid Services (CMS) recently announced it will provide a 90-day grace period for enforcement of HIPAA 5010. This doesn’t mean providers don’t have to comply with the requirement.

CMS will accept complaints about non-compliance with the rule and could require Covered Entities to show evidence of a good-faith effort to comply. In addition, any claim or bill submitted after January 1, 2012 not in HIPAA 5010 will still get rejected, but this delay will allow for resubmitting in the appropriate format without penalty.

Below are four tips to ensure reimbursement continues to occur at your organization after January 1, 2012:

1. With HIPAA 5010, the 837 transaction set now requires anesthesia services to be reported in minutes instead of units.

2. With the start of HIPAA 5010, the 835 transaction set offers new data elements; these will provide payers the ability to allow direct billing by a Medicaid agency to other health plans.

3. For Version 5010, the 837 transaction set provides for a present-on-admission indicator related to each diagnosis code.

4. The 270/271 transaction sets, with Version 5010, clarify instructions for patient hierarchy, such as when a subscriber is a patient and when a dependent is a patient.

For more HIPAA 5010 tips and information, sign-up for our monthly tips handout.

By Kent Lane

You get the OCR audit notification letter and the panic begins. You are one of the ‘unlucky’ providers or health plans to be audited as part of the OCR’s HIPAA HITECH audit program; what do you do first?

During & After the Audit

On the OCR website, it details each step of the new HITECH audit program, including a timeline of events. Below are five critical steps:

1. Required documentation of your privacy and security compliance efforts (see below for more information)
2. Interviews with key personnel on site, and observe processes and operations to help determine compliance
3. Following the site visit, auditors will develop and share with the entity a draft report
4. Prior to finalizing the report, the covered entity will have the opportunity to discuss concerns and describe corrective actions implemented to address concerns identified
5. The final report submitted to OCR will incorporate the steps the entity has taken to resolve any compliance issues identified by the audit, as well as describe any best practices of the entity

Documentation Must Include Policies, Procedures & Training

In accordance with HIPAA regulations, all Covered Entities and Business Associates must institute and document its policies, procedures, and practices—which includes initial and refresher staff training—to improve the privacy and security of protected health information (PHI).

Your training must address privacy and security regulations:

• Privacy training must include all elements of the federal, state and organization privacy regulations
• Security training should cover topics such as, the use of virus protection software to prevent or lessen the threat of malicious software; login and password management; and how to respond to security incidents
• The training should also include your organizational security policies and procedures

BridgeFront HIPAA Online Training

We offer simple to use, cost effective online training and guides. Training is easily modified to include your policies and procedures. We guarantee our training and guides will pass your audit.

For more information on our HIPAA training and education, visit us at www.bridgefront.com or contact us directly. Send an email to info@bridgefront.com or call (866) 447-2211.

By Kent Lane

Over the past 10 years of visiting clinics and hospitals, for business or personal reasons, it’s hard for our consultants not to observe HIPAA compliance; and most of the time they’re surprised at what they see. The question on their mind is, “who will be the next data breach victim?” Below are some common HIPAA violations scenarios from our experience and from a recent Physicians Practice article.

Lack of new hire and refresher staff education

The first violation noted is usually lack of staff education. Current HIPAA Privacy and Security regulations require this:

• Everyone in your organization be trained on HIPAA
• Annual, refresher training be provided
• Training is documented
• Your Business Associates are trained

We see everything from “no training” to “word of mouth training.” Education is the first thing auditors will look for when conducting compliance audits.

Bulletin boards identifying patient information

Upon walking into a clinic, Judy Norman was greeted by a beautiful bulletin board that welcomed new patients to the practice, identifying the patient by their full name and town. Patient names and addresses are protected health information under HIPAA and may not be shared in this manner without authorization from the patient.

Announcing patient names

In most practices, patients are called up in the waiting room by their full names in front of everyone. Using first only is recommended. Also, refrain from conversations in the lobby such as, “How is your knee feeling?”

The check-in process

The check-in process for patients often leaves much to be desired in terms of privacy. Consider this common interaction at a doctor’s office:

Staff: What’s your birth date?
Me: March 5, 1990
Staff: Is your name Ericka Adler?
Me: Yes
Staff: Is your address still ___________?
Me: Yes
Staff: Are you still with Blue Cross Blue Shield?
Me: Yes

In this one conversation, overheard by everyone, information is revealed that is protected health information under HIPAA and which could be used for identity theft. This is an interaction that is unnecessary and inappropriate. Patients should be spaced out so they cannot be overheard with the reception staff. In addition, the amount of information reviewed verbally should be minimized. Consider asking if anything has changed or request the patient review private information on a computer screen to confirm its accuracy.

Patient charts in plain view

Pete Johnson is sitting in a room waiting for his physician. He sees another patient’s chart sitting on the desk in plain view. Then, as he is paying his bill at the receptionist’s desk after his visit, he sees additional charts in plain view that identify a patient’s name, address and other information without the need to even open the chart.

Jennifer Cortez brings her daughter to a practice for a procedure and in the procedure room a large mounted screen identifies the scheduled procedures for the day: every patient’s full name and birthday, the time of the procedure, the assigned physician, and the service being provided. This is a blatant disclosure of protected health information.

Patient names and addresses are protected health information under HIPAA and should not be readily accessible or in plain view of other patients.

Protected health information and social media

An OB/GYN practice client ran into trouble when its receptionist recognized a woman from her neighborhood who came in for STD testing. The receptionist promptly posted a gleeful message on Facebook regarding the patient’s medical issue after tracking down the test results, and common acquaintances on Facebook became privy to this confidential information.

Improper access to patient information by office staff and dissemination of these details using social media are significant challenges that must be addressed.

Use these scenarios as part of your next group discussion

Since you’re reading this, you probably understand the importance of patient privacy and security and the consequences when violations occur. However, does your organization share your expertise? Consider sharing these scenarios in your next staff meeting or group discussion. This activity and annual training will enable them to gain expertise and competency on HIPAA privacy and security, keeping your organization safe from violations and penalties.

For more information on HIPAA training and education, visit us at www.bridgefront.com or contact us directly. Send an email to info@bridgefront.com or call (866) 447-2211.

In a recent poll and study on the ICD-10 transition, 75% of healthcare professionals indicated deep concern over the conversion, while another 50% expect a loss of revenue. Respondents are concerned about staff training, understanding the new ICD codes, and increasing denials. Nearly half of all financial leaders who contributed to the study by HealthLeaders Media, ICD-10 Puts Revenue at Risk, anticipate a revenue loss of some kind from ICD-10. Even more significant, is that they anticipate losing margin over the next few years. The Importance of Education In the ICD-10 Puts Revenue at Risk study, Albert Oriol, the VP and CIO of Rady Children’s Hospital and Health Center in San Diego comments on the amount of learning that must take place prior to the conversion.

He says, “Many have compared ICD-10 to Y2K, [but] ICD-10 is more complex. It requires staff along the care continuum to learn and use a new order of magnitude of diagnostic and procedure codes—from the scheduler, to the physician, HIM professional and the biller. Unquestionably, ICD-10 introduces an added layer of complexity to the multitude of challenges already at hand.”

BridgeFront case studies can prove that revenue cycle staff education can improve employee productivity and increase accuracy; well-trained employees also have fewer denials, rejections, and re-bills. Staff education can clearly reduce the negative impact healthcare providers are expecting after the transition to ICD-10.

Informational Web Portal

BridgeFront recently announced its ICD-10 and HIPAA 5010 informational portal, located at www.icd10-education.com. Healthcare professionals can visit the website for complimentary resources on the conversions to ICD-10 and HIPAA 5010. Visitors can sign-up for a free on-demand webinar and a monthly preparation email newsletter.

ICD-10 and HIPAA 5010 Education by BridgeFront

BridgeFront also announces its ICD-10 and HIPAA 5010 online education. For more information, complete this form or contact us directly. Send an email to info@bridgefront.com or call 1-866-447-2211.

By Nancy Friedman, President of the Telephone Doctor

If your job entails taking calls or working with unhappy, irate customers, you’ve got your work cut out for you. Employees who work with this type of situation are especially vulnerable to outbursts from customers who are going through an emotional, stressful time.

Handling this type of customer takes time and training, but it can be accomplished effectively. Here are some of the Telephone Doctor’s best techniques for turning this situation into satisfied customers.

Get Off on The Right Foot

Realize that upset angry customers are not unhappy with you, but with the situation. Don’t take a customer’s hostility personally. You are merely the rod that redirects the violent lightening. You can do a great deal to diffuse the anger before you get to the customer. How? By smiling before you answer that call. You can really “hear” a smile over the phone. It’s very difficult to be rude to someone who is warm and friendly.

Four Steps to Handling the Irate Customer

There are four basic steps to handling an irate customer; we call them our ‘ASAP’ techniques.

A

Acknowledge the person’s feelings and apologize for the inconvenience the customer has encountered. Make an effort to be sincere. In today’s impersonal society, it’s incredibly rare to hear the words, “I’m sorry that happened. Let me get the ball rolling to fix it.” Those are MAGIC words. You’ll probably spend about 80 percent of your time massaging the caller’s feelings and 20 percent actually solving the problem.

S

Sympathize and empathize with the caller. Phrases like “I can understand why you’re upset” can help soothe ruffled feathers. Pretend it’s you calling. Then get busy solving the problem.

A

Accept 100 percent responsibility for the call. OWN IT. This is probably the toughest part. Chances are excellent that you had nothing to do with the problem. However, it’s your job to take the responsibility and help initiate a solution.

P

Prepare to help. Begin by re-introducing yourself – callers don’t usually remember your name. State that you will be able to help. Use the caller’s name, if possible. This helps to diffuse anger. A willing attitude is essential, because if the caller senses insincerity or indifference, it will cause them to stay angry. It’s exasperating to file a complaint with someone who obviously doesn’t care.

Excuses – When to Use Them

NEVER. Never make an excuse to a complaining caller. No one wants to hear “The computer is down” or “I’m the only one here.” That is your problem, not the caller’s problem. When you give an excuse, the caller automatically hears “I’m not going to help you.”

Transferring Calls

Sometimes you’re not able to solve the problem on the spot. Many times you need more information from another department. Perhaps the call needs to be handled by another person. Although these are legitimate courses of action, they usually upset your caller all over again.

If you need more information, TELL the caller. Ask them if they’re able to hold while you obtain it, or would they prefer a call back. “Joe, I need to check with our claims department in order to answer your question. It will take two or three minutes, are you able to hold/wait while I check?” Avoid untrue, frustrating phrases like “Hold on a second.” Nothing takes a second.

If you need to transfer a caller, if you can, let them know the name of the person they’ll be speaking with. It’s also good to explain a reason why you’re bringing in a third party. “Joe, Mrs. Smith in our claims department is the real expert in resolving your type of situation. May I transfer you directly to her?”

For more customer service tips, explore BridgeFront’s Customer Communications online education. Visit our website at www.bridgefront.com, send an email to info@bridgefront.com or call 1-866-447-2211.

————————————————————————————————————————————————————

Reprinted with permission of Telephone Doctor Customer Service Training, St. Louis, MO. Nancy Friedman, president, is a featured speaker at association and corporate meetings. She has appeared on OPRAH, The Today Show, CNN, FOX News, Good Morning America, CBS This Morning and many others and has written articles for USA Today and the Wall Street Journal. For more information, log on to www.telephonedoctor.com or call 314-291-1012.

There are two new ‘HIPAA sheriffs’ in town…both ready to monitor and audit your HIPAA compliance practices. Recently, the OCR granted the authority to assess healthcare’s HIPAA compliance practices to State Attorney Generals (AGs) and the firm KPMG under the 2009 HITECH Act.

Steps to Survive a HIPAA Audit

In preparing for a visit from your State AG or a HITECH auditor, BridgeFront and the OCR recommend these steps:

1. Implement an annual employee training program
2. Ensure you’ve documented patient information safeguards
3. Review privacy and security policies and procedures
4. Vigilant implementation of policies and procedures
5. Regular internal audits and risk assessments
6. A prompt action plan to respond to data breach incidents

OCR Announces State Attorney General HIPAA Authority

This spring, the OCR announced its new HIPAA training program for State Attorney Generals (AGs). Under the 2009 HITECH Act, AGs now have the authority to bring civil actions on behalf of state residents for HIPAA violations.

“Most state AGs are elected into office…which means there is more pressure to pursue HIPAA violations, particularly if there’s a ‘good story’ behind the data breach. They want to be seen as protecting the little guy,” says Jeff Drummond, health law partner in the Dallas office of Jackson Walker, LLP.

HITECH Auditors Set to Begin

Last week, the Department of Health and Human Services (HHS) awarded a $9.2 million contract to the consulting firm KPMG to launch its HIPAA audit program as mandated by the HITECH Act. The HHS will work with KPMG to roll out the program in three phases, says Susan McAndrew, OCR’s deputy director for health information privacy…starting later this year.

“This is just another opportunity for covered entities to take a moment for a self-assessment,” McAndrew says. “This will help them down the road in terms of building their own capacity for a robust compliance program…”

In a recent BridgeFront compliance study more than 60% of participants indicated they use online education as part of their compliance program.

BridgeFront is the leading provider of compliance online education. Visit us on the web for a free course trial at www.bridgefront.com/trial or contact us directly. Send an email to info@bridgefront.com or call (866) 447-2211.

By Lorraine Schnelle, Co-Founder and EVP of BridgeFront

Remember sitting or standing in a circle and whispering something into the ear of the kid next to you…then watching the faces as your message was passed from person to person. The looks on each face ranged from confusion, surprise, and laughter as you all played the “telephone game.”

This picture popped into my head as I was thinking about a survey question I asked participants in a recent online webinar. The webinar was on educational tools and techniques. The attendees were primarily healthcare finance professionals—many of whom are responsible for managing one or more areas of the revenue cycle.

The survey question was, “What educational activity do you rely on most when delivering staff education?” The top two answers were on the job (OTJ) and one-on-one instruction.

Sounds to me like it could easily turn into the “telephone game” played out in our everyday work world. Don’t get me wrong, the National Training Laboratory found the average retention rate of students participating in “practice by doing” educational activities is 75%. Their study re-enforces the value of OTJ training.

However a word of caution, don’t rely on OTJ or verbal instruction as the main ‘source of truth.’ Because this same study found that only about 5% of what a student hears is retained.

Ensure you have additional educational activities and materials that are and will be used by your staff to support and re-enforce key learning concepts. This material can be in form of online courses, written procedures, video demonstration, work flow diagrams, user manuals, screen shot job aid, etc.

—————————————————————————————————————————————————————-

For more information about BridgeFront’s online education, go to www.bridgefront.com or contact us directly. Call 1-866-447-2211 or send an email to info@bridgefront.com.

By Lorraine Schnelle, Co-Founder & EVP of BridgeFront

Improving the total patient experience is on the agenda of most healthcare organizations today. A newly published whitepaper suggests that customer service—throughout the revenue cycle—plays a vital role in the patient experience.

According to the whitepaper, The Revenue Cycle: An Essential Component in Improving Patient Experience by The Beryl Institute, good customer service—at each step of the revenue cycle process—is often more recognized by patients than quality healthcare; and good customer service often leads to increased patient satisfaction.

A typical revenue cycle in healthcare includes coding, insurance verification, third-party payers, financial counseling, billing, payment, or follow-up and collection. The whitepaper suggests that every step of the revenue process impacts the patient experience—beginning with the patient’s first interaction with the organization in scheduling his/her appointment, to discharge and communications with the finance department.

Here are four suggestions, noted in the whitepaper, for healthcare organizations to improve customer service at every step of the revenue cycle process:

1. Establish patient loyalty as an organization-wide goal
2. Educate employees on the new initiative
3. Train employees on essential interpersonal and soft skills
4. Ensure outsourced business providers also understand the new goals

The whitepaper’s research stems from the Hospital Consumer Assessment of Healthcare Providers and Systems (HCAHPS) annual survey. The HCAHPS survey is the first national, standardized, publicly reported survey of patients’ perspectives of hospital care.

————————————————————————————————————————————————————

BridgeFront is a leading provider of revenue cycle and customer service online education. For more information on BridgeFront, go to www.bridgefront.com. If you have specific questions, please contact us directly. Send an email to info@bridgefront.com or call (866) 447-2211.

By Kent Lane, COO of BridgeFront

Companies with new products generally lack good customer support at the beginning of their product launch. However, when you find a product and company that does break the mold, you should shout about it—and ’shouting’ is what the new company Yard Rents just did.

Yard Rents is a new business in the Portland area. Essentially, they’re an outdoor and indoor equipment rental company that delivers and picks up what you need, when you want it and where you need it. Simply go online, select what you need and then ‘presto’ there they are with a van full of what you ordered.

This company is a perfect merger of internet freedom plus real live customer service. Upon delivery, they helped connect the equipment, instruct me on the usage, test the starting of the engine … and even made sure that I was wearing the right safety devices.

“Holly paradigm shift Batman!” (If you are old enough to remember the TV series Batman and Robin, you enjoyed that quote … if not old enough, sorry.)

These guys have taken the aloof sense of the internet and personalized it to the point where I feel as connected to them as I do any brick and mortar company I do business with. No more will I haunt rental companies, stand in their lines, and tout heavy equipment around … never again. Just point click and open the front door to a smiling, knowledgeable Yard Rents team member.

See them at www.yardrents.com (Portland, Oregon area only for now).

And … while you’re in the learning mood, take a look at your customer service departments. Would someone ’shout’ about them? One look and you may see a cross section of employees that certainly know how to communicate electronically…but can they successfully communicate to your patients and clients?

Give them the training they need to become ambassadors of your organization.  Our ‘Communicating with Customers’ e-learning series will transform any text’er to a successful verbal communicator. Courses are about 20 minutes each, and include real-life experiences and expert tips to handle any situation. Act today; take a look online and then call us at (866) 447-2211. Mention this blog post and get an additional 5% off.