Mnet Health News delivers the latest news and information articles for the world of healthcare.

A+ A A-

News & Notes

CMS Funds Quality Payment Program Training

The Centers for Medicare and Medicaid Services is funding training and education about the Quality Payment Program for small healthcare practices. The training will especially help clinicians in rural and medically underserved areas and those with healthcare professional shortages. 

Read original article:


Report: Discovery Rate for Data Breaches Increases

Healthcare data breaches affecting patient records declined in February, however it is taking longer for incidents to be discovered and reported and “insider-related breach incidents have doubled,” according to the monthly Breach Barometer report from Protenus. In February, it took an average of 478 days for organizations to notify the U.S. Department of Health and Human Services, compared to 174 days in January.

Read original article:


CMS Projects Growth in Medicare, Health Spending

According to the Centers for Medicare & Medicaid Services’ Office of the Actuary National Health Expenditures Data projections for 2016-2025, growth in Medicare spending is projected to average 7.1 percent. Healthcare spending by federal, state and local governments is “projected to outpace growth by private businesses, households and other private payers,” it reports.  

Read original article:


Government Accountability Office Finds Imbalance in Uncompensated Care Payments

Funding hospitals receive for uncompensated care is not in line with the actual costs they have, according to a report from the Government Accountability Office: “Federal Action Needed to Better Align Payments with Costs.”  Since 2000, hospitals have issued more than $502 billion in uncompensated care to patients, according to an American

Hospital Association report from January 2016. Uncompensated care is the total of bad debt and charity care a hospital provides.

The GAO was asked to review federal support for hospital uncompensated care, including “key sources and amounts of federal support for hospital uncompensated care costs; the basis for determining hospital uncompensated care payments made under Medicaid and Medicare; and the extent to which Medicare (uncompensated care) payments align with hospital uncompensated care costs,” according to a summary of the report.

Hospitals receive about $50 million each year in uncompensated care payments from Medicare and Medicaid, according to the report.  The GAO finds that Medicare uncompensated care payments are not in line with the hospitals’ costs for two reasons:

  • Payments are mostly based on hospitals’ Medicaid workload instead of the actual uncompensated care costs they have; and
  • The Centers for Medicare and Medicaid Services does not consider Medicaid payments hospitals receive to offset uncompensated care costs when issuing payments through Medicare. In 2014, for example, most of the Medicare payments—about 85 percent or $7.7 billion—were based on hospitals work for Medicaid patients; meaning they may also receive payments from Medicaid based on that care.

“CMS officials acknowledge this could result in payments not aligned with uncompensated care costs, particularly in states that have expanded Medicaid resulting in fewer uninsured individuals and lower uncompensated care costs,” according to the GAO report.  CMS proposed a rule in April that includes consideration of “using hospitals actual uncompensated care costs as the basis for making Medicare UC payments.”

The GAO notes in its report that CMS officials said the Medicare and Medicaid programs are run separately.

“Medicare UC payments that are not aligned with uncompensated care costs or adjusted to reflect Medicaid payments undermine CMS’s efforts to efficiently pay for healthcare services,” according to the report.

The GAO issued recommendations for CMS to improve the connection between Medicare UC payments and hospitals’ costs and take Medicaid payments into consideration when also issuing UC payments under Medicare.

The Department of Health and Human Services has proposed to transition to a new data source to identify hospitals’ uncompensated care costs, according to the GAO report, which includes comments from HHS.  “Specifically, HHS proposes to define uncompensated care costs as the costs of charity care and non-Medicare bad debt,” according to the report.

HHS also concurs with the GAO’s recommendations and is considering comments on its own proposed rule including the data source transition for determining uncompensated care before finalizing its rule.  “We agree that aligning uncompensated care payments to actual uncompensated care costs is important and helps make sure that HHS is directing these payments to hospitals appropriately,” HHS notes in its comments. 

“In the event HHS finalizes its proposal to begin using uncompensated care cost data from the Medicare cost report to determine the distribution of these Medicare payments, we intend to continue to review the definition of uncompensated care as appropriate.”  More information:


Checking in With ICD-10 (Part II-A Look Back at Preparing for ICD-10)

The WEDI survey also shows there was value in testing ICD-10 claims during the implementation process, but the delays in the deadline had both positive and negative effects. “When additional time was provided, some organizations did not take advantage of this time. The extended implementation period also added costs for many organizations.”

In advance of the implementation date, BillingTree recommended its healthcare provider clients focus on preparing their infrastructure and technology systems for ICD-10 while communicating with patients and ensuring they had current contact information for payments they could use as permitted under the Telephone Consumer Protection Act. That way when a claim is processed, a provider can easily follow up with a patient about any balance due and resolve the account for both parties.

According to WEDI, a majority of healthcare providers responding to the survey indicated costs of ICD-10 were in line with their expectations or higher, but many also said the expenses were less than expected.  “The majority of respondents indicated that they did not expect to realize any [return on investment] with ICD-10,” according to the news release.

“The interesting part about ICD-10 was that it’s kind of like Y2K,” said Lyman Sornberger, chief healthcare strategy officer for Capio Partners LLC, during a presentation at ACA International’s Spring Forum and Expo. “Everybody panicked [and] it got delayed.”  Once some time passed, Sornberger said denials were inconsistent, reflecting increases from 3 percent to as high as 30 percent, mostly related to smaller hospitals being unprepared for the transition.

Now that ICD-10 has been in effect for several months, CMS is beginning to audit healthcare providers’ charts to test their use of ICD-10.  According to the CMS ICD-10 assessment and maintenance toolkit, providers should select high-risk cases to audit as well as cases representing a shift from the use of ICD-9 to ICD-10 diagnostic codes to identify any patterns of incorrect coding.

Sornberger said he knew of one healthcare provider that received a request from CMS for 1,000 charts, but there is no limit on how many they can request.  There are still some questions regarding if patients will notice any changes from ICD-10 or if the additional diagnostic codes will ultimately change the billing process.

Yohe said that if any delay in claims occurs under ICD-10, patients might be frustrated if they get a bill many months after they received care when they thought it had already been processed under their insurance.  To help smooth out any bumps, Yohe said healthcare providers should designate staff to work with patients on payments or determine a way they can easily pay over the phone or online.

“We saw an uptick in getting a phone system established specifically for payments,” Yohe said. He also recommended providers make sure they accept payments from medical savings accounts and flexible spending accounts.

“At the end of the day, the patient won’t get their bill until their insurance claim is settled and the patient balance is settled,” Yohe said. “That means passing the claim back and forth a few times between the administrative office and the healthcare provider before they get it right to establish patient responsibility.

As a provider, you’re at the mercy of two different parties getting paid.” Now that an initial set of ICD-10 codes—which bring consistency between the U.S. healthcare system and systems in other industrialized countries—are in place, more could be added in October, according to the website 

There will be more than 3,600 new procedure codes and nearly 2,000 pending diagnosis codes. Yohe said that in the healthcare world, discussion is already starting about when we will see ICD-11. According to, however, ICD-11 is not estimated to be ready in the U.S. until 2023.

For now, healthcare providers should continue to communicate with patients and insurance companies and test their key performance indicators. According to CMS, tracking performance indicators can help providers address problems with productivity, reimbursement and claims submissions.  The WEDI survey results show the impact to productivity experienced by vendors and health plans was mostly neutral, but providers experienced a slight decrease in productivity.  

“Once you have established baselines for your KPIs, compare data pre-and post-October 1, 2015, to put your current KPIs in context,” according to CMS. “Tracking KPIs can help you detect problems and identify opportunities for improvement.”


Checking in With ICD-10 (Part 1)-Katy Zillmer

The updated ICD-10 medical diagnostic coding system, which took effect last year, has allowed healthcare providers to more accurately describe a patient’s care for insurance reimbursement, but mistakes can cause claim denials and delays—ultimately impacting their revenue cycle process.

ICD-10 is a replacement for ICD-9, which is used to document medical diagnoses and inpatient procedures.  The switch to ICD-10 added more than 69,000 codes for diagnoses and more than 71,000 for procedures, according to the Centers for Disease Control and Prevention. All entities covered by the Health Insurance Portability and Accountability Act were required to implement the new system by Oct. 1, 2015.

“At its core, ICD-10 is not a bad thing,” said David Yohe, vice president of marketing for Billing Tree, which works on payment processing for healthcare provider clients. “It’s about having a more granular way to reflect what the physician or the care given ended up being for.”  Yohe said his provider clients have not reported a noticeable difference in the dollars they collect; just a delay in their revenue cycle processes.

“It’s just pushing their revenue cycle out longer,” he said. “It’s adding 20 to 40 days to the receivables cycle as a result of the back-and-forth and the coding.  They are not sure that it’s going to have a big effect in the long term as far as the amounts due.”  Looking back at the time leading up to implementation of ICD-10, which included multiple testing processes and delays of the effective date by the Centers for Medicare and Medicaid Services, Yohe said providers were most concerned about getting their systems ready and whether they would experience a large number of insurance reimbursement claim denials.

In May, the Workgroup for Electronic Data Interchange released post-ICD-10 implementation survey results showing the delays by CMS “improved the ability to perform testing and resulted in a smoother transition.” The survey, conducted in March, is one of several completed by WEDI to track the status of the implementation process in the healthcare industry. WEDI shared the findings with the U.S. Department of Health and Human Services.

“We wanted this post-implementation survey to be a closing chapter of assessment on why the transition went so well overall and also to leverage specific lessons learned for future large implementations,” said Jean Narcisi, chair of WEDI in a news release.  WEDI received a low response rate to the March survey compared to others, indicating ICD-10 project personnel are reassigned to other work “and likely a lack of interest in further ICD-10-related activities that are not operational in nature.”

Common themes in the survey responses included the value of starting the testing process early, communicating with partners and conducting extensive testing, according to the WEDI news release.  Overall, the transition on Oct. 1, 2015 was considered “non-eventful” by some in the industry, according to WEDI and survey participants said CMS’ ICD-10 website, WEDI’s website and coding materials from industry organizations were all helpful tools.

There was a slight decrease in productivity for providers, especially in the areas of coding and clinical documentation, but the impact for vendors and health plans was primarily neutral, according to the survey.  Overall, WEDI concludes from the survey that the collaboration in the industry was a “major factor in the success of the ICD-10 transition.”

Part II “A Look Back at Preparing for ICD-10” will appear in our next issue.


New Rules for Patient Credit Reporting Begin-With More on the Horizon

The month of June saw the enactment of some new changes in the area of credit bureau reporting that were previously announced earlier this year.  All three of the most prominent credit bureaus put out a statement in March, pointing out that the goal was to ensure transparency for consumers and patients.  This came about as a result of plans that had been put in motion by several Attorneys General from multiple states.

One of the new requirements put forth is that the name of the original creditor and classification code must be reported.  Another new stipulation is that an agency or debt purchaser cannot report debt that did not come about based on an agreement to pay or a contract such as an assessment, ticket, or even some types of fines.

More changes are yet to come; on September 1, 2016 collection agencies will need to file a monthly report that includes information on accounts currently open, accounts that require correction or deletion, and that have been paid within the last 90 days.

The following year, on September 15 of 2017, several more changes will go into effect.  The most noteworthy include:

-Medical debt collection accounts should not be reported if they are less than 180 days of age

-Full date of birth must be reported for any authorized new user  on all accounts

-A delete must be reported for all accounts being paid by insurance or for those that were already paid by insurance

-Reporting must be done using new minimum reporting requirements for a patient or consumer’s personally identifiable information

The statement that was put out in the month of March encouraged all who are tasked with submitting data to credit bureaus to ensure implementation of these upcoming changes on or before the effective dates.



News & Notes

HHS Continues Audit for HIPAA Compliance 

The U.S. Department of Health and Human Services Office for Civil Rights is conducting its next phase of audits of covered entities and their business associates. The audit program is used to assess HIPAA compliance, identify best practices and risks and vulnerabilities and enable HHS to address problems before they may result in a data breach.

Healthcare Sector Jobs Exceed Nationwide Average 

A new report from CareerBuilder shows job growth in the healthcare industry is expected to exceed the national average for full-time, permanent jobs. Overall, 34 percent of employers plan to add fill-time permanent employees in the second quarter. In the healthcare industry, 44 percent of companies with 50 or more employees are expected to increase their staff counts, according to the report.

Health Spending Growth Factors Change Since Great Recession 

The Kaiser Family Foundation and Bureau of Economic Analysis recently found the factors influencing health spending trends have changed since the Great Recession. The economic recovery, leading to more people seeking treatment, the Affordable Care Act and a decline in prescription drug prices all influenced spending trends.


Health Industry Will be a Target of Data Breaches in 2016

The healthcare industry will be more susceptible to data breaches this year as the transition to electronic medical records continues and the black market value for those records grows. In its third annual Data Breach Industry Forecast, Experian’s Data Breach Resolution group says the healthcare industry will be a target in 2016, and businesses need more internal employee training to prevent security risks. 

There have been more than 15,000 data breaches over the last decade; and according to Experian, security risks to businesses will continue this year. Healthcare data breaches continue to be a threat in 2016 based on prominent cyber-attacks on Anthem, Premera BlueCross Blue Shield and more organizations. According to a separate study by Privacy Analytics, because many individuals are not familiar with “deidentifying” data, it may be shared in ways that presents a high risk of a data breach. 

According to “The State of Data Sharing for Healthcare Analytics 2015-2016 Change, Challenges and Choice,” by Privacy Analytics, more than two-thirds of respondents to a survey of healthcare organizations said they lack complete confidence in their organization’s ability to share data without privacy risks.  Health records are the most common type of data being stored or shared (55 percent), followed by medical claims data (44 percent), according to the survey. 

Changing Landscape of Data “In 2015, research from the Ponemon Institute revealed that while more companies now have a data breach response plan in place, many are still not confident in their ability to manage a significant incident,” according to Experian’s report. “Concerns regarding the effectiveness of response plans indicate a need for business leaders to reevaluate and audit their programs.” 

Experian also reviewed its predictions on data breaches for 2015 and how businesses faired based on those predictions. In 2015, employee errors continued to be one of the leading causes of data breaches and employee training programs needed improvement. As a result, it is also essential for companies to increase their preparation for a data breach and response plans should one occur, according to Experian. 

“The landscape has changed with hackers targeting organizations for different types of data that could be used for extortion or to simply cause harm,” according to the Experian report. “While traditional data breach threats remain, it is important that business leaders take note of emerging trends and update their data breach response plans accordingly.” 

According to the Privacy Analytics study, one in five respondents said their healthcare organization has taken steps to reduce risk and improve deidentification in the records that are shared. Healthcare organizations are slowly starting to make data available for secondary uses, but two out of three respondents to the Privacy Analytics survey said they lack total confidence in their organization’s ability to share data without creating privacy risks. 

“The demands for data, combined with the magnitude of PHI [Protected Health Information] being collected in electronic medical records, medical monitoring apps and other healthcare networks makes this cause for concern,” according to Privacy Analytics. Nearly 50 percent of respondents to the survey said preventing patient “reidentification” is a top challenge when they share or store data and the concern is highest among organizations that are already sharing data. 

Privacy Analytics also reports results of its survey reflecting that employee errors or the need for more employee training may contribute to challenges in information security among healthcare organizations. “Additional challenges include low staff knowledge on managing data safely (26 percent), low staff knowledge of data sharing practices and tools (25 percent), cost concerns (24 percent), and lack of organizational policies (23 percent),” according to the Privacy Analytics survey. 

Overall, according to Privacy Analytics, the results of the survey show there is a gap between regulatory requirements and healthcare organizations’ ability to meet them and an overall growing demand for health data. “The growing demand to share health data brings with it growing risks. The proliferation of PHI and subsequent requests for data is pushing the boundaries of compliance as organizations try to satisfy demand. The response has been to err on the side of caution and keep data locked away,” according to Privacy Analytics.

But those who do share and store PHI must do so responsibly, and the survey reflects their struggles to prevent patient re-identification and meet compliance requirements. “Many organizations feel unprepared to responsibly store and share data for secondary purposes, and thus, are unable to advance analytics in their organization,” according to Privacy Analytics. Experian recommends for healthcare organizations to continue investing in data security technologies and training employees on proper security practices in 2016. More information: and


Medical Company Sued Following Change to Medical Debt Collection Rules

Last summer the rules that govern the collection of medical debt became tighter when the FCC gave voice to a ruling that made it more difficult to reach out to patients on their mobile devices without first providing express consent for such a call.  

A hospital chain based in California has become one of the first healthcare providers in the country to be sued based upon that ruling made last July.  The focal point of the class-action lawsuit is Prospect Medical Group’s Southern California Hospital at Culver City.  The allegations set forth in the suit claim that an automated dialer was used by the hospital to contact the cell phone of a patient named Donna Ratliff to collect on a debt without having prior consent to call her mobile device.

The medical debt collection industry originally asked the FCC to give greater clarification on the Telephone Consumer Protection Act in the hopes that greater flexibility would be extended.  The medical debt collection industry was also hoping that the FCC could address more recently related issues such as consent to call, reaching wrong numbers and auto-dialing mobile devices.  But instead, the FCC pointedly asserted that collectors of medical debt must have prior consent before contacting a cellular phone, leaving few options for phone numbers that have been reassigned.

Prospect Medical issued a statement that makes it clear that they follow necessary protocols to obtain the proper consent to make contact with patients on mobile devices.  The statement said  “All of our patients are asked to sign an irrevocable authorization permitting our hospitals to contact them via telephone—including, specifically, via cellphone—in their efforts to collect outstanding debt."  

Hospitals have previously enjoyed a measure of room to move when calling patients for the purpose of medical debt collection as a part of the medical encounter.  However, medical providers must ensure diligence about ensuring that the debt can be linked back to the medical encounter when the patient first provided the cell number to the provider.

“At this point, best practice for providers is to secure written consent during the initial intake process that very clearly states and obviously makes note of the fact that auto-dialers could be used and that mobile devices will be contacted if that is the number that the patient has provided to the facility” said Mnet Financial CEO David Hamilton.

Violations of TCPA are already quite active with lawsuits related to the TCPA increasing between 2010 and 2014 more than 560% based on data provided by the Association of Credit and Collection Professionals (ACA).  “With the FCC’s latest clarification, we are seeing an increase of these kinds of lawsuits and it isn’t likely to change in the near future” said Hamilton.  The penalties for such infractions can range from as little as $500 per phone call, up to as much as $1,500 for a willful violation.

The California case does deal with the matter of express consent but does not, however, broach the issue of what happens when a medical debt collector reaches out to someone erroneously.  The FCC does allow collectors of medical debt to call a wrong number once without threat of penalty, whether or not someone answers the call.  However, studies show that more than 100,000 mobile phone numbers are changed each and every day.  This situation has led to ACA International suing the FCC in challenge to the order issued last July.  

“It’s increasingly difficult for medical debt collectors to keep up with the risk involved” said Hamilton.  “It’s nearly impossible to confirm that the person you are reaching out to is going to actually be the person you are trying to reach.  It’s a very difficult situation.

Mr. Hamilton says that the best possible way for a provider to protect themselves is to create a very thorough process for obtaining consent from the patient and simply respecting the wishes of those who choose to opt out.


What to Do When Your Data Security Policies Need a Checkup

Data security breaches present a significant risk for credit and collection agencies and their healthcare provider clients, especially with the growing use of technology and the switch to electronic records in the healthcare industry. “Most credit and collection organizations believe they are at low risk for a data breach,” Jeffrey Hausfeld, managing director for Financial Management Solutions, LLC, said during an ACA International seminar, “Practical HIPAA Security and Privacy,” in October. 

In fact, he said the risk has never been greater, and collection agencies working with healthcare clients have an added layer of security they need to provide under the Health Information Technology for Economic and Clinical Health (HITECH) Act to ensure HIPAA compliance. 

Collection agencies that perform a service or function for a healthcare provider or health insurance plan are generally considered their business associates, Hausfeld noted. Adam Bullian and Robert Zimmerman, COO and managing partner of QIP Solutions, respectively, also contributed to the presentation on risk assessments, audits and training related to healthcare data security. 

“HIPAA requires you maintain the same security [as] your healthcare provider [clients],” Hausfeld said. According to the Ponemon Institute Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, which includes input from healthcare providers and their business associates, more than 90 percent of healthcare organizations have experienced a data breach and 40 percent experienced more than five in the last two years. 

The Ponemon Institute study, released in May 2015, also shows that criminal attacks are the number one cause of data breaches for healthcare organizations, and they increased by 125 percent compared to five years ago. “In fact, 45 percent of healthcare organizations say the root cause of the data breach was a criminal attack and 12 percent say it was due to a malicious insider,” according to the study. 

The Ponemon Institute reports that the economic impact of a data breach has remained consistent over the past five years of the survey, however the cause of the incidents has shifted from lost or stolen devices to criminal attacks on the data of healthcare organizations and their associates. 

“At the same time, employee negligence remains a top concern when it comes to exposing patient data,” according to the study. It can be costly to invest in resources for securing protected health information (PHI) and your organization’s technology, but it is necessary to remain compliant and the expense in the aftermath of a data breach is much more. 

According to the Ponemon Institute, the average cost of a data breach for healthcare organizations is more than $2.1 million. And business associates of healthcare organizations can face fines if HIPAA compliance is not in place after an audit of their operation. Fortunately, there are many steps business associates can take to maintain and improve their compliance and minimize risks if a data breach should occur. 

Assess, Prepare, Train 

“We strongly suggest you take a risk-based approach and focus on critical risks before other items,” Zimmerman said.  Organizations that complete an internal audit of their security systems or have an external audit often find they have an incomplete risk analysis, undocumented movement of PHI data, limited security awareness training and lack tests of their disaster recovery plan if a data breach occurs. Companies should complete a risk assessment to set a baseline for controls they have in place and develop a process to resolve any risks. 

“It’s also going to reduce your costs because you have a process,” Zimmerman said. “It is definitely the first step toward HIPAA compliance.” Partners of business associates in the healthcare industry want verification that these measures are in place. In fact, an agreement is required for business associates working with providers and insurance plans as well as their subcontractors with access to PHI. 

Organizations should also take inventory of where PHI is stored, such as computers or mobile devices, who has access to it and if that access is authorized. When evaluating access to PHI, organizations can designate a team of employees to go to if a data breach occurs and train them to mitigate the risks quickly and as much as possible. Creating that team can be a part of your organization’s training process for new employees and a refresher for existing staff. Training is one of the most effective ways organizations can safeguard PHI and maintain compliance with HIPAA.

Bullian recommends training should be tailored to your organization by evaluating who should participate, how often it should be held and the best format, such as online, virtual, email reminders or a combination of those options. Training should include review of password security procedures, how to identify a phishing email and evaluation of mobile device security if those are used by your organization. “Another best practice is to have supplemental training throughout the year,” Bullian said. 

Keep it Simple Maintaining and improving security and privacy measures does not need to be overwhelming; the longer a process is in place and evaluated on a regular basis, the more reliable your practices will be over time. A sound and consistent plan provides assurance to your healthcare organization and insurance partners that HIPAA compliance remains in place. 

“This is not a one and done type of effort,” Zimmerman said. “When you use a process, it should be very effective and very efficient. The main thing is really to ensure that your organization is secure and that you can show others.” ACA International is offering a two-part online training on Data Security and Privacy Dec. 9-10. The training will cover implementing policies and procedures, how to notify consumers in the event of a data security breach and strategies to develop a data security compliance program. Visit education to access the events calendar and training registration.


Recent TCPA Ruling Observations


Recently the Federal Communications Commission (FCC) released a Declaratory Ruling that was effective upon its release.  The reason for the issuance of the Order by the FCC was to acknowledge and bring clarity to requests brought by petitioners questioning how the Commission interprets the Telephone Consumer Protection Act (TCPA) while enhancing consumer protections and acting to bring a close to any loopholes.

Congress originally passed the TCPA in 1991 to bring regulation to pre-recorded messages and auto-dialer usage that was perceived as being out of control.  The Act was created to serve as a protection to consumers by restraining companies from participating in unwanted telemarketing activities.  Eventually the FCC confirmed that the TCPA was designed to restrict text message telemarketing activities as well.  Thus, new rules were enacted in 2013 to prevent companies from contacting consumers through text messages or phone calls from a representative without express written consent.  

A company’s failure to abide by these regulations could ultimately result in regulatory action as well as the expense of litigation.  TCPA lawsuits have increased markedly since those new rules were enacted in 2013.  Across multiple industries nationwide, companies that make unsolicited calls to consumers or text them have become the target of multiple class action lawsuits; resulting in huge fines for companies; including many notable American brands.

Best Dialing Practices

So what are the best practices for the healthcare industry based on the most recent Order?  Mnet Financial CEO David Hamilton recommends the following:

*Make certain that you have determined the type of phone you are calling; whether it is a landline or a wireless phone.  There are phone “type” solutions that can provide identification services.

*Capture and secure proper consent from patients before contacting them and be certain that consent covers contact through a wireless device.

*Review office practices to ensure that your list of wireless numbers is current.

*Ensure the phone has not been reassigned and that the person who originally gave consent is still the owner of the phone.  There are services that make it clear when a number has been recycled and is now being used by someone else.

*Always repeat the process of verification for any new patient records or records that have not recently been verified.

*Since one call can be made to a reassigned phone number without liability, be selective about using the exemption.  

*Review messaging being delivered to wireless devices to be certain they are compliant.

It should be noted that on the same day the FCC released their Ruling, the Association of Credit and Collection Professionals (ACA) immediately filed a lawsuit seeking judicial review of the Ruling from the U.S. Court of Appeals in the D.C. Circuit.  Since then, other organizations have filed suit as well, seeking to challenge the FCC’s interpretation of the TCPA.  We will keep you updated as the story develops.


TCPA & Patient’s Right to Revoke Consent

Even though it might seem a bit implausible at first glance; imagine the following scenario.  A passenger chooses to offer consent to an airline that they frequently fly with to receive calls or text messages from the airline regarding upcoming flights that they have booked.  At some point during a subsequent flight, the passenger decides that they no longer wish to receive any calls or texts from the airline.  

Based on the latest Federal Communication Commission’s (FCC) Declaratory Ruling pertaining to revoking consent, the passenger could legitimately flag down a member of the flight crew mid-flight; and provide them with their name and phone number while letting them know that they no longer wish to receive calls or texts from the airline.  After that point, if a call or text were to come through, the passenger would have the capability of suing the airline based on the Telephone Consumer Protection Act (TCPA).

While the illustration might seem a bit far-fetched, this is the issue at hand regarding the topic of revocation in the FCC’s Declaratory Ruling on July 15, 2015.  The ruling, which deals with revoking consent is very broad, making it problematic for companies to comply with; particularly larger companies with multiple offices throughout the country.  

However, because of the language used in the creation of the rule, there is so much room for mistakes that many companies that actually have the express consent to contact a consumer on a cell phone will choose instead not to do so.  The eventuality will be that consumers, or patients, in this case will no longer be able to receive contact through phone call or text to their cell phones.

Obtaining consent in the first place is very clear; but revoking that consent is a completely different subject.  The tide has turned against businesses when it comes to this topic.  The ruling points out that “we clarify that a called party may revoke consent at any time and through any reasonable means.  A caller may not limit the manner in which revocation may occur.”  The Commission further added “Consumers have a right to revoke consent, using any reasonable method, including orally or in writing.”

Many people today are tied to their cell phone for reminders on just about every aspect of their daily lives, from doctor appointments, to automated payments and credit or debit card alerts from a banking institutions.  In today’s world, many would be adversely impacted if businesses were to stop texting consumers simply because the situation regarding consent and its revocation have become too much to deal with.  

Provider offices should ensure that they and their vendor partners are mindful of the following best practices:

-Proof of consent is necessary and should be noted within the system.

-Protocols for tracking consent are a must.  Recordings are necessary for vocal consent and written consent should be scanned into the system.  

-Protocols for revocation of consent are also necessary.  All methods of revocation of consent should be covered; including live notification, vocally, through traditional mail, via fax or email, through SMS (text messaging), through website portals.

-Everyone who will ever work with this patient’s file again must be aware that the patient has revoked their consent.  Also, the cell phone numbers of those who have revoked their consent should be immediately removed from any automatic dialers.

-If the patient has multiple accounts and the consumer is not clear about which account they wish to revoke consent for, all of the accounts should be flagged as consent revoked.

Although the rules regarding consent revocation appear difficult to live up to, if a medical facility or their vendor partners have a plan set up and well documented and can prove that the plan is a regular part of their business practice; the challenge can be met.


ICD 10 Coding System Takes Effect October 1

Medical Office Staff

Next month, the ICD-10 coding system, which will have a significant impact on all aspects of the healthcare revenue cycle, will take effect.  The implementation of the new coding system on Oct. 1 comes after several delays. The system was announced in 2009 and initially scheduled to start in 2013. The system was then scheduled to take effect on Oct. 1, 2014, but was delayed by Congress as part of a bill that also pushed back Medicare reimbursement cuts.

Now healthcare providers are in the home stretch of preparing for the system, which brings a higher level of specificity to the codes used to report medical diagnoses and inpatient procedures. All HIPAA-covered entities are required to make the transition and use the codes for billing Medicare or Medicaid. Private payers are also expected to require use of ICD-10.

The International Classification of Diseases, or ICD, is used to standardize codes for medical conditions and procedures. According to Centers for Medicare and Medicaid Services (CMS), diagnosis and billing medical codes in the U.S. have not been updated in more than 35 years and contain outdated, obsolete terms.  ICD-10 uses 68,000 codes compared to 13,000 available in ICD-9; however, providers do not need to use all of the codes. This new system will allow for more specific diagnoses and more flexibility if new codes need to be added.

ICD-10 will bring the U.S. up to speed with other industrialized countries, virtually all of which currently use the coding system.  During the last several years, providers, payers and other leaders working in the healthcare revenue cycle have completed a coordinated effort to prepare for ICD-10.  

CMS has coordinated end-to-end testing of the codes among Medicare Fee-for-Service healthcare providers, clearinghouses and billing agencies, with overall success in the acceptance of test claims. The acceptance rate during testing in April (88 percent) was higher than in January, with an increase in test claims submitted and a decrease in the percentage of errors related to both ICD-9 and ICD-10 diagnosis codes, according to CMS.

In response to requests from the provider community, CMS announced the release of additional guidance on new ICD-10 codes for medical diagnoses and inpatient procedures. It also made changes to prevent some claim denials during the first year the system is in place.  “Many physicians have been concerned about adopting this code set because of the heavy investment of time and resources and the potential for claims disruptions that could interfere with patient care,” said American Medical Association (AMA) President Steven Stack.

CMS and AMA are also providing additional resources and guidance to help providers make sure they are prepared for the new ICD-10 codes.  The guidance will allow for flexibility in the claims auditing and quality reporting process as the medical community gains experience using the new ICD- 10 code set, according to a CMS news release.  Together with the AMA, CMS will provide educational resources including webinars, on-site training, articles and national provider calls to help physicians and other healthcare providers learn about the updated codes and prepare for the transition.

“As we work to modernize our nation’s healthcare infrastructure, the coming implementation of ICD-10 will set the stage for better identification of illness and earlier warning signs of epidemics, such as Ebola or flu pandemics,” said CMS Acting Administrator Andy Slavitt in a news release. “With easy-to-use tools, a new ICD-10 ombudsman, and added flexibility in our claims audit and quality reporting process, CMS is committed to working with the physician community to work through this transition.”

CMS will also offer ongoing Medicare acknowledgment testing for providers through Sept. 30 and additional in-person training for small physician practices.  “We appreciate that CMS is adopting policies to ease the transition to ICD-10 in response to physicians’ concerns that inadvertent coding errors or system glitches during the transition to ICD-10 may result in audits, claims denials, and penalties under various Medicare reporting programs,” Stack said.

CMS also has a Road to 10 website directed at smaller physician practices and provider training videos that offer helpful ICD-10 implementation tips.  

More information: (ICD-10 QuickStart Guide.) (Five Facts on ICD-10.)

Subscribe to this RSS feed