August 2009 Archives

August 24, 2009

HITECH Act Breach Notification Final Rule Published

The HITECH Act (The Health Information Technology for Economic and Clinical Health Act), enacted February 17, 2009, significantly supplemented and altered the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). One such provision of the HITECH Act made both covered entities and their business associates liable for breaches of patients' unsecured protected health information ("PHI").

On August 24, 2009, a Final Rule was published in the Federal Register, which clarified covered entities' and business associates' liabilities for breaches of patients' unsecured PHI. This Final Rule is effective September 23, 2009.

In summary, the Final Rule clarifies that when a breach occurs,

- A covered entity must notify each individual whose unsecured PHI has been, or is reasonably believed by the covered entity to have been, accessed, acquired, used or disclosed as a result of such breach;

- A covered entity must notify the media in the event of a breach of unsecured PHI involving more than 500 residents of a State or jurisdiction;

- A covered entity must notify HHS in the event of a breach of unsecured PHI involving 500 or more individuals.

- A business associate must notify the covered entity of any breach of unsecured PHI.

The Final Rule also provides guidance regarding what constitutes "unsecured" PHI, updating previous guidance on this issue.

Continue reading "HITECH Act Breach Notification Final Rule Published" »

August 18, 2009


Centers for Medicare and Medicaid Services (CMS) noted that consignment closets (also known as stock and bill arrangements) have not complied with durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) supplier standards. As a result, CMS issued a Change Request (CR) affecting physicians and DMEPOS suppliers, which allows for consignment closets only when all of the following are met:

1. When the DMEPOS is furnished to the patient, the title is transferred to the physician;
2. The physician bills for the DMEPOS using his or her own DMEPOS billing number;
3. Services related to the DMEPOS are performed by those associated with the physician (as opposed to a DMEPOS supplier); and
4. When patients are having complications with the DMEPOS, they are instructed to contact the physician and not the DMEPOS supplier.

CMS cautions, however, even if a physician satisfies the aforementioned requirements, he or she must also be aware of the limitations of Stark. In general, Stark prohibits physicians from "self-referring" for "designated health services," which include DME. There is an exception from this general Stark prohibition for the in-office furnishing of certain limited items of DME by physicians (i.e., canes, crutches, walkers and folding manual wheelchairs, and blood glucose monitors), all of which are subject to certain specified requirements, as well as infusion pumps that constitute DME. Physicians may not furnish or bill Medicare for any other items of DME except in certain special circumstances (e.g., rural providers).

The CR impacts consignment closet arrangements with physicians only. Arrangements with hospitals and other facilities are, at least as of now, not affected by these recent changes.


August 17, 2009


The Recovery Audit Contractor ("RAC") for region D, HealthDataInsights, Inc. recently published its RAC website, and published its first list of approved RAC audit issues for complex coding reviews.

Pursuant to the recently-published CMS RAC Review Phase In Strategy, complex reviews regarding DRG validation and coding errors were scheduled to begin in August or September 2009. Consistent with this time frame, this month, the RACs for Region C (Connolly Consulting, Inc.) and Region D published nearly-identical lists of issues that CMS has approved for complex coding review auditing. This means that Medicare providers and suppliers in Regions C and D (comprising the western, southern and southeastern states) will soon begin to receive requests for medical records from the RACs for review of the identified issues.

Approved issues include:
• Blood transfusions (excessive units)
• Untimed codes (excessive units)
• IV hydration therapy (excessive units)
• Bronchoscopy services (excessive units)
• Once-in-a-lifetime procedures
• Pediatric codes exceeding age parameters
• Injections - Pegfilgrastim, Neulasta

Notably, since the lists of approved issues is nearly identical for both Regions C and D, Medicare providers and suppliers in all regions are well advised to pay particular attention to these types of claims, as it is likely the RACs in Regions A and B may follow the lead of Regions C and D and select these same issues for review.


August 6, 2009

OIG Report Reveals Weakness in "Incident To" Rule

OIG recommends revision of the "incident to" rule. The Office of Inspector General (OIG) released a report, "Prevalence and Qualifications of Nonphysicians Who Performed Medicare Physician Services" analyzing services that nonphysicians perform for which physicians bill Medicare. The "incident to" rule involves physicians billing for nonphysician-rendered services that are compensated under Medicare Part B. Nonphysicians can include physician assistants, nurses, medical technicians, and medical assistants. According to the report, as the "incident to" services may be helpful for a busy physician, patients may be at risk for receiving medical care from a person who does not practice with the same standard of care or training as a physician or qualified nonphysician.

The study revealed that nonphysicians performed large percentages of procedures that "the physician did not perform personally." For instance, "[i]n the first quarter of 2007, physicians who were allowed services that exceeded 24 hours of physician worktime in a day personally performed approximately half of these services. Nonphysicians performed the remaining services, which may have billed as 'incident to' services." This provided for around $105 million for physician-rendered services and $85 million for nonphysician-rendered services. Put differently, physician-rendered services accounted for roughly 55% of the total services while nonphysician-rendered services accounted for roughly 45%. Furthermore, the OIG found that, in the same first three months in 2007,that Medicare allowed $12.6 million in unqualified nonphysician-rendered services (that is, roughly 14.5% of the nonphysician rendered services and roughly 7% of total billed services).

As a result of these findings, the OIG made three recommendations to the Centers for Medicare and Medicaid Services (CMS).
1. The OIG recommends that CMS revise the "incident to" rule to only allow physicians to bill Medicare under the "incident to" rule if another licensed physician performs the service or a nonphysician who has the necessary training to perform the procedure "under direct supervision of a licensed physician."
2. The OIG recommends that CMS require physicians who utilize nonphysician services to bill under different service code modifiers "to ensure that physicians are billing for services performed by nonphysicians with appropriate qualifications."
3. The OIG recommends CMS to take the necessary steps to address situations in which physicians bill for nonphysician-rendered services that were not "incident to" services.

CMS responded to the recommendations agreeing with the first and third, but stating the second recommendation would not be as easy to implement as the OIG suggests. "[I]ncidental services are often shared by physicians and staff, making definition of a service not 'personally performed' operationally difficult." The OIG recognizes CMS' concern, but maintains that it should continue to monitor and improve the "incident to" rule.

Continue reading "OIG Report Reveals Weakness in "Incident To" Rule" »

August 5, 2009

Recovery Audit Contractor ("RAC") Vendor for Region C Publishes Approved Audit Issues

The Recovery Audit Contractor ("RAC") vendor for Region C, Connolly Consulting (presently acting in South Carolina and Florida), has published its initial approved audit issues. Medicare providers and suppliers in these states can expect RAC auditing to begin soon in following areas, including:

• Blood Transfusions
• Untimed codes
• IV Hydration Therapy
• Bronchoscopy Services
• Once in a lifetime procedures
• Pediatric codes exceeding age parameters
• J2505: Injection, Pegfilgrastim, 6 mg.

Providers should be aware, however, that even if Connolly Consulting does not act in their state, this could be the beginning of a precedent for auditing in the remaining regions.

Continue reading "Recovery Audit Contractor ("RAC") Vendor for Region C Publishes Approved Audit Issues" »

August 3, 2009

HIPAA Designated to Office for Civil Rights

HHS turns HIPAA over to the Office for Civil Rights. Today, Kathleen Sebelius--Department of Health and Human Services (HHS) Secretary--transferred the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule's delegation from the Centers for Medicare and Medicaid Services (CMS) to the Office for Civil Rights (OCR). The HHS contends that this "will eliminate duplication and increase efficiencies in how the department ensures that Americans' health information privacy is protected."

HIPAA's Security Rule enumerates various security procedures for covered entities to ensure protection of protected health information (PHI) in connection with electronic health records. Alongside HIPAA's Security Rule is the Health Information Technology for Economic and Clinical Health (HITECH) Act, which provides greater protections for PHI through electronic health records.

Continue reading "HIPAA Designated to Office for Civil Rights" »

August 3, 2009

OIG Permits Hospitals to Discount Medicare Inpatient Deductibles

OIG issued Advisory Opinion 09-10 permitting "network hospitals to discount the Medicare inpatient deductible for the Requestors' policyholders...." Requestors are offer Medigap policies in a majority of US states. The Arrangement would allow for the Medigap policyholders to receive a 100% discount on Medicare Part A, inpatient deductibles received at participating hospitals and preferred provider organizations (PPOs). "Each Requestor's Medigap policy would pay the PPO a fee for administrative services each time one of its insureds receives this discount." Then, the Requestors would return a portion of the savings from this Arrangement and give it back to the policyholder as a $100 credit for the following year's premium.

The OIG noted that this would implicate anti-kickback and civil monetary penalties (CMP) as "[t]he law is clear that prohibited remuneration under the anti-kickback statute may include waivers of Medicare cost-sharing amounts...[t]he safe harbor regulation for waivers of inpatient deductibles specifically excludes such waivers when they are part of an agreement with an insurer, such as the Requestors." However, for the following reasons, the OIG concluded that the Arrangement would not implicate OIG sanctions:

- the waivers would leave the per service Medicare payments unaffected;
- the discounts would make no difference to patients (because those patients affected had already purchased a supplemental insurance plan to cover those costs);
- any hospital may participate, thus eliminating unfair competition between the hospitals;
- the physicians will not receive a remuneration; and
- the Arrangement could, potentially, "lower Medigap costs for the Requestors' policy holders who select network hospitals."

Continue reading "OIG Permits Hospitals to Discount Medicare Inpatient Deductibles" »