The BridgeBlog

By Lorraine Schnelle, CPA

There’s one thing that will never change at your practice or organization. That is patient satisfaction is critical to your success. As ICD-10 preparation activities occur, it’s important to recognize how your transition plans impact the patient’s experience.

Prior to implementing ICD-10, pay special attention to the tests or procedures that are scheduled for October 1, 2013 and after. Both the physician office and scheduling staff need to ensure the correct coding system is used based on the patient’s date of service and the payer. There may be situations where both an ICD-9-CM and ICD-10-CM code will need to be provided. If the appropriate codes are not provided, it could cause multiple delays in scheduling the service and have a negative effect on patient satisfaction.

Wait times may become longer if patient intake must review the order and third party payer to determine which coding system is applicable. Additionally, patient satisfaction may be further affected if intake must contact the physician’s office to clarify the diagnosis code.

As payers receive claims on or after October 1, 2013, there may be delays in the business office and/or as the payer processes the claims. This may result in slowed payment by payer(s) before a patient receives their portion of the medical bill. This may also bear negatively on patient satisfaction.

Even today, prior to implementing ICD-10, if eligibility determination is delayed or not completed prior to a patient receiving service — and ultimately the payer determines it wasn’t a covered benefit — a patient may be understandably upset. This is why it’s important to ensure any eligibility determination processes and procedures, including dual-coding situations, are reviewed and revised to help minimize patient dissatisfaction.

Stay tuned for next week’s post on financial results and ICD-10. Ready, set, go!

By Lorraine Schnelle, CPA

During normal operating cycles, most healthcare organizations do more with less to maximize cash flow — which can be difficult. Now, healthcare faces a major and all-important transition: the implementation of ICD-10 on October 1, 2013.

You may be involved right now in a project related to preparing for ICD-10. Let’s discuss a few reasons to prepare for a change in productivity.

Your organization may upgrade or install one or more new computer software programs; perhaps for the conversion to HIPAA Version 5010 or the transition to an electronic health record (EHR), or another clinical or financial initiative. Some of these upgrades will help prepare for ICD-10; others will help support quality or other programs.

Both the installation effort and system testing requires time and effort. Not only will the information technology (IT) department be involved; but others may be asked to help build and test the system’s functionality. Downtime is also a real possibility and can affect productivity. However, having redundant systems in place can reduce the chances of system downtime during an upgrade or implementation.

Now, we can’t forget that it takes time to learn how to use a new computer system; this process will likely add to the disruption in individual productivity.

What are some issues you can anticipate with a system upgrade implementation? It’s likely that there will be many ICD-10 planning meetings to discuss:

• Computer system issues;
• Processes and procedures;
• Payer issues and contracts;
• Education planning and preparation;
• And other project steps as they relate to converting to ICD-10.

Depending on the amount of time people need for the planning process, individual positions may need to be backfilled with additional staff to maintain day-to-day operations. What can you do to help minimize the impact this will have on productivity?

There may also be a loss in productivity and performance immediately after the transition to ICD-10, as we work with both ICD-9 and ICD-10 codes. Practices and organizations should prepare for processing claims with both ICD-9 and ICD-10 codes, leading to a dual-coding environment.

Adopting and applying these new processes and procedures will take time. How will you help ensure there is time to review and revise your organization’s processes and procedures prior to ICD-10?

Stay tuned for next week’s post on patient satisfaction and ICD-10. Ready, set, go!

By Lorraine Schnelle, CPA

Flash Forward to 2014

Flash forward to February 1, 2014, four months after your practice or organization has started using ICD-10 codes. As you review how well the transition went, what do you see?

Was your practice or organization successful in…maintaining coding accuracy and productivity; retaining a stable accounts receivable position; and sustaining a viable cash flow?

These three goals can’t be achieved without support from you and others during the implementation process. It’s the hard work and execution by many individuals in various roles that will lead to your organization’s successful transition to ICD-10.

It is imperative that everyone understand how they can influence financial outcomes and, more specifically, support workflow processes. To have a “This is very important to our success” attitude rather than a “This isn’t my problem” approach as it relates to the implementation of ICD-10 is crucial to a smooth transition. You must take ownership and personally commit to proactively preparing for this significant change. Otherwise, the view on February 1, 2014 may be disappointing and frustrating.

There are a lot of cogs in the ICD-10 wheel, focusing on only the coding aspect and skipping over the billing and technology outcomes; for example, you could see increased claims denials, declines in productivity, and other negative results. It will require hard work by many individuals in various roles to ensure your practice or organization successfully transitions to ICD-10.

By understanding the broad impact this change has on healthcare and, more specifically, your practice or organization, you can play a major role in minimizing potential negative outcomes, and begin to proactively work toward:

• Maintaining coding accuracy and productivity
• A stable accounts receivable position
• Sustaining cash flow

Over the next several weeks, we will creating additional blog posts focusing on the steps you can take within your organization to make this transition as smooth as possible. Ready, set, go!

By Peter Cizik

Judging by the number of calls we’re getting, many organizations impacted by HIPAA are taking a serious renewed look at their HIPAA compliance stance. Maybe you should too. It may be because:

1. The continued publication of data breach stories (there are too many to list in our latest HIPAA Flash e-Newsletter);
2. OCR audits are fully ramped up now
3. The requirement to attest to HIPAA compliance as a requirement of the meaningful use incentive program
4. State Attorney Generals are trained to audit on HIPAA and many see fines as a new ‘income’ source for their state
5. Recent visibility of breaches and the time and money it takes to deal with them

I don’t have to remind anyone reading this that healthcare is a highly regulated industry and it’s not going to get any better. HIPAA is “low hanging fruit” from a compliance standpoint—as long as you treat it with the ’seriousness’ it deserves. Get your documentation ducks in a row and train your staff.

I didn’t say it would be easy—it does take time to get the proper documentation in place and actually follow it. You already have to train employees on other topics annually—add HIPAA to the list. Don’t view it as a “check-off” item—make sure the content really meets your needs, is current and updated, and tie it to what you do internally to manage HIPAA compliance.

One size does not fit all. The people calling us today had training in place, but violations were still occurring. The programs were too long (couldn’t get staff to take them), were not up-to-date, were too generic (didn’t incorporate organization-specific information), and the person delivering them was too busy to keep up or all of the above.

Do yourself a favor—make sure your organization is as prepared as possible. We’re all staring at the looming ICD–10 transition in 2013—the last thing you need is to be distracted with HIPAA violations and breaches. BridgeFront has the tools and resources to help you each step of the way.

Visit our website for more information about our HIPAA compliance products and services. You can also contact us directly by emailing info@bridgefront.com or call (866) 447-2211.

The Centers for Medicare and Medicaid Services (CMS) recently announced it will provide a 90-day grace period for enforcement of HIPAA 5010. This doesn’t mean providers don’t have to comply with the requirement.

CMS will accept complaints about non-compliance with the rule and could require Covered Entities to show evidence of a good-faith effort to comply. In addition, any claim or bill submitted after January 1, 2012 not in HIPAA 5010 will still get rejected, but this delay will allow for resubmitting in the appropriate format without penalty.

Below are four tips to ensure reimbursement continues to occur at your organization after January 1, 2012:

1. With HIPAA 5010, the 837 transaction set now requires anesthesia services to be reported in minutes instead of units.

2. With the start of HIPAA 5010, the 835 transaction set offers new data elements; these will provide payers the ability to allow direct billing by a Medicaid agency to other health plans.

3. For Version 5010, the 837 transaction set provides for a present-on-admission indicator related to each diagnosis code.

4. The 270/271 transaction sets, with Version 5010, clarify instructions for patient hierarchy, such as when a subscriber is a patient and when a dependent is a patient.

For more HIPAA 5010 tips and information, sign-up for our monthly tips handout.

By Kent Lane

You get the OCR audit notification letter and the panic begins. You are one of the ‘unlucky’ providers or health plans to be audited as part of the OCR’s HIPAA HITECH audit program; what do you do first?

During & After the Audit

On the OCR website, it details each step of the new HITECH audit program, including a timeline of events. Below are five critical steps:

1. Required documentation of your privacy and security compliance efforts (see below for more information)
2. Interviews with key personnel on site, and observe processes and operations to help determine compliance
3. Following the site visit, auditors will develop and share with the entity a draft report
4. Prior to finalizing the report, the covered entity will have the opportunity to discuss concerns and describe corrective actions implemented to address concerns identified
5. The final report submitted to OCR will incorporate the steps the entity has taken to resolve any compliance issues identified by the audit, as well as describe any best practices of the entity

Documentation Must Include Policies, Procedures & Training

In accordance with HIPAA regulations, all Covered Entities and Business Associates must institute and document its policies, procedures, and practices—which includes initial and refresher staff training—to improve the privacy and security of protected health information (PHI).

Your training must address privacy and security regulations:

• Privacy training must include all elements of the federal, state and organization privacy regulations
• Security training should cover topics such as, the use of virus protection software to prevent or lessen the threat of malicious software; login and password management; and how to respond to security incidents
• The training should also include your organizational security policies and procedures

BridgeFront HIPAA Online Training

We offer simple to use, cost effective online training and guides. Training is easily modified to include your policies and procedures. We guarantee our training and guides will pass your audit.

For more information on our HIPAA training and education, visit us at www.bridgefront.com or contact us directly. Send an email to info@bridgefront.com or call (866) 447-2211.

By Kent Lane

Over the past 10 years of visiting clinics and hospitals, for business or personal reasons, it’s hard for our consultants not to observe HIPAA compliance; and most of the time they’re surprised at what they see. The question on their mind is, “who will be the next data breach victim?” Below are some common HIPAA violations scenarios from our experience and from a recent Physicians Practice article.

Lack of new hire and refresher staff education

The first violation noted is usually lack of staff education. Current HIPAA Privacy and Security regulations require this:

• Everyone in your organization be trained on HIPAA
• Annual, refresher training be provided
• Training is documented
• Your Business Associates are trained

We see everything from “no training” to “word of mouth training.” Education is the first thing auditors will look for when conducting compliance audits.

Bulletin boards identifying patient information

Upon walking into a clinic, Judy Norman was greeted by a beautiful bulletin board that welcomed new patients to the practice, identifying the patient by their full name and town. Patient names and addresses are protected health information under HIPAA and may not be shared in this manner without authorization from the patient.

Announcing patient names

In most practices, patients are called up in the waiting room by their full names in front of everyone. Using first only is recommended. Also, refrain from conversations in the lobby such as, “How is your knee feeling?”

The check-in process

The check-in process for patients often leaves much to be desired in terms of privacy. Consider this common interaction at a doctor’s office:

Staff: What’s your birth date?
Me: March 5, 1990
Staff: Is your name Ericka Adler?
Me: Yes
Staff: Is your address still ___________?
Me: Yes
Staff: Are you still with Blue Cross Blue Shield?
Me: Yes

In this one conversation, overheard by everyone, information is revealed that is protected health information under HIPAA and which could be used for identity theft. This is an interaction that is unnecessary and inappropriate. Patients should be spaced out so they cannot be overheard with the reception staff. In addition, the amount of information reviewed verbally should be minimized. Consider asking if anything has changed or request the patient review private information on a computer screen to confirm its accuracy.

Patient charts in plain view

Pete Johnson is sitting in a room waiting for his physician. He sees another patient’s chart sitting on the desk in plain view. Then, as he is paying his bill at the receptionist’s desk after his visit, he sees additional charts in plain view that identify a patient’s name, address and other information without the need to even open the chart.

Jennifer Cortez brings her daughter to a practice for a procedure and in the procedure room a large mounted screen identifies the scheduled procedures for the day: every patient’s full name and birthday, the time of the procedure, the assigned physician, and the service being provided. This is a blatant disclosure of protected health information.

Patient names and addresses are protected health information under HIPAA and should not be readily accessible or in plain view of other patients.

Protected health information and social media

An OB/GYN practice client ran into trouble when its receptionist recognized a woman from her neighborhood who came in for STD testing. The receptionist promptly posted a gleeful message on Facebook regarding the patient’s medical issue after tracking down the test results, and common acquaintances on Facebook became privy to this confidential information.

Improper access to patient information by office staff and dissemination of these details using social media are significant challenges that must be addressed.

Use these scenarios as part of your next group discussion

Since you’re reading this, you probably understand the importance of patient privacy and security and the consequences when violations occur. However, does your organization share your expertise? Consider sharing these scenarios in your next staff meeting or group discussion. This activity and annual training will enable them to gain expertise and competency on HIPAA privacy and security, keeping your organization safe from violations and penalties.

For more information on HIPAA training and education, visit us at www.bridgefront.com or contact us directly. Send an email to info@bridgefront.com or call (866) 447-2211.

In a recent poll and study on the ICD-10 transition, 75% of healthcare professionals indicated deep concern over the conversion, while another 50% expect a loss of revenue. Respondents are concerned about staff training, understanding the new ICD codes, and increasing denials. Nearly half of all financial leaders who contributed to the study by HealthLeaders Media, ICD-10 Puts Revenue at Risk, anticipate a revenue loss of some kind from ICD-10. Even more significant, is that they anticipate losing margin over the next few years. The Importance of Education In the ICD-10 Puts Revenue at Risk study, Albert Oriol, the VP and CIO of Rady Children’s Hospital and Health Center in San Diego comments on the amount of learning that must take place prior to the conversion.

He says, “Many have compared ICD-10 to Y2K, [but] ICD-10 is more complex. It requires staff along the care continuum to learn and use a new order of magnitude of diagnostic and procedure codes—from the scheduler, to the physician, HIM professional and the biller. Unquestionably, ICD-10 introduces an added layer of complexity to the multitude of challenges already at hand.”

BridgeFront case studies can prove that revenue cycle staff education can improve employee productivity and increase accuracy; well-trained employees also have fewer denials, rejections, and re-bills. Staff education can clearly reduce the negative impact healthcare providers are expecting after the transition to ICD-10.

Informational Web Portal

BridgeFront recently announced its ICD-10 and HIPAA 5010 informational portal, located at www.icd10-education.com. Healthcare professionals can visit the website for complimentary resources on the conversions to ICD-10 and HIPAA 5010. Visitors can sign-up for a free on-demand webinar and a monthly preparation email newsletter.

ICD-10 and HIPAA 5010 Education by BridgeFront

BridgeFront also announces its ICD-10 and HIPAA 5010 online education. For more information, complete this form or contact us directly. Send an email to info@bridgefront.com or call 1-866-447-2211.

By Nancy Friedman, President of the Telephone Doctor

If your job entails taking calls or working with unhappy, irate customers, you’ve got your work cut out for you. Employees who work with this type of situation are especially vulnerable to outbursts from customers who are going through an emotional, stressful time.

Handling this type of customer takes time and training, but it can be accomplished effectively. Here are some of the Telephone Doctor’s best techniques for turning this situation into satisfied customers.

Get Off on The Right Foot

Realize that upset angry customers are not unhappy with you, but with the situation. Don’t take a customer’s hostility personally. You are merely the rod that redirects the violent lightening. You can do a great deal to diffuse the anger before you get to the customer. How? By smiling before you answer that call. You can really “hear” a smile over the phone. It’s very difficult to be rude to someone who is warm and friendly.

Four Steps to Handling the Irate Customer

There are four basic steps to handling an irate customer; we call them our ‘ASAP’ techniques.

A

Acknowledge the person’s feelings and apologize for the inconvenience the customer has encountered. Make an effort to be sincere. In today’s impersonal society, it’s incredibly rare to hear the words, “I’m sorry that happened. Let me get the ball rolling to fix it.” Those are MAGIC words. You’ll probably spend about 80 percent of your time massaging the caller’s feelings and 20 percent actually solving the problem.

S

Sympathize and empathize with the caller. Phrases like “I can understand why you’re upset” can help soothe ruffled feathers. Pretend it’s you calling. Then get busy solving the problem.

A

Accept 100 percent responsibility for the call. OWN IT. This is probably the toughest part. Chances are excellent that you had nothing to do with the problem. However, it’s your job to take the responsibility and help initiate a solution.

P

Prepare to help. Begin by re-introducing yourself – callers don’t usually remember your name. State that you will be able to help. Use the caller’s name, if possible. This helps to diffuse anger. A willing attitude is essential, because if the caller senses insincerity or indifference, it will cause them to stay angry. It’s exasperating to file a complaint with someone who obviously doesn’t care.

Excuses – When to Use Them

NEVER. Never make an excuse to a complaining caller. No one wants to hear “The computer is down” or “I’m the only one here.” That is your problem, not the caller’s problem. When you give an excuse, the caller automatically hears “I’m not going to help you.”

Transferring Calls

Sometimes you’re not able to solve the problem on the spot. Many times you need more information from another department. Perhaps the call needs to be handled by another person. Although these are legitimate courses of action, they usually upset your caller all over again.

If you need more information, TELL the caller. Ask them if they’re able to hold while you obtain it, or would they prefer a call back. “Joe, I need to check with our claims department in order to answer your question. It will take two or three minutes, are you able to hold/wait while I check?” Avoid untrue, frustrating phrases like “Hold on a second.” Nothing takes a second.

If you need to transfer a caller, if you can, let them know the name of the person they’ll be speaking with. It’s also good to explain a reason why you’re bringing in a third party. “Joe, Mrs. Smith in our claims department is the real expert in resolving your type of situation. May I transfer you directly to her?”

For more customer service tips, explore BridgeFront’s Customer Communications online education. Visit our website at www.bridgefront.com, send an email to info@bridgefront.com or call 1-866-447-2211.

————————————————————————————————————————————————————

Reprinted with permission of Telephone Doctor Customer Service Training, St. Louis, MO. Nancy Friedman, president, is a featured speaker at association and corporate meetings. She has appeared on OPRAH, The Today Show, CNN, FOX News, Good Morning America, CBS This Morning and many others and has written articles for USA Today and the Wall Street Journal. For more information, log on to www.telephonedoctor.com or call 314-291-1012.

There are two new ‘HIPAA sheriffs’ in town…both ready to monitor and audit your HIPAA compliance practices. Recently, the OCR granted the authority to assess healthcare’s HIPAA compliance practices to State Attorney Generals (AGs) and the firm KPMG under the 2009 HITECH Act.

Steps to Survive a HIPAA Audit

In preparing for a visit from your State AG or a HITECH auditor, BridgeFront and the OCR recommend these steps:

1. Implement an annual employee training program
2. Ensure you’ve documented patient information safeguards
3. Review privacy and security policies and procedures
4. Vigilant implementation of policies and procedures
5. Regular internal audits and risk assessments
6. A prompt action plan to respond to data breach incidents

OCR Announces State Attorney General HIPAA Authority

This spring, the OCR announced its new HIPAA training program for State Attorney Generals (AGs). Under the 2009 HITECH Act, AGs now have the authority to bring civil actions on behalf of state residents for HIPAA violations.

“Most state AGs are elected into office…which means there is more pressure to pursue HIPAA violations, particularly if there’s a ‘good story’ behind the data breach. They want to be seen as protecting the little guy,” says Jeff Drummond, health law partner in the Dallas office of Jackson Walker, LLP.

HITECH Auditors Set to Begin

Last week, the Department of Health and Human Services (HHS) awarded a $9.2 million contract to the consulting firm KPMG to launch its HIPAA audit program as mandated by the HITECH Act. The HHS will work with KPMG to roll out the program in three phases, says Susan McAndrew, OCR’s deputy director for health information privacy…starting later this year.

“This is just another opportunity for covered entities to take a moment for a self-assessment,” McAndrew says. “This will help them down the road in terms of building their own capacity for a robust compliance program…”

In a recent BridgeFront compliance study more than 60% of participants indicated they use online education as part of their compliance program.

BridgeFront is the leading provider of compliance online education. Visit us on the web for a free course trial at www.bridgefront.com/trial or contact us directly. Send an email to info@bridgefront.com or call (866) 447-2211.