Every time a person seeks medical treatment, healthcare professionals are required to use a specific code for billing and tracking purposes. The International Classification of Diseases, Revision 10 (ICD-10), was launched Oct. 1, 2015 — after 20 years of delays.
The new ICD-10 codes multiply the medical coding options available by a factor of five, jumping from roughly 13,000 diagnostics codes under the ICD-9 to more than 69,000 with ICD-10.
ICD-10 attempts to label every possible diagnostic scenario imaginable. Whether you’ve had an initial encounter with an orca whale (W56.21XA, W56.22XA or W56.29XA) or an unlikely repeat orca encounter (W56.21XD, W56.22XD or W56.29XD), been injured by a brass musical instrument (Y93.J4), or walked into a wall (W22.01XA, W22.01XD or W22.01XS), believe it or not ICD-10 has a classification for it.
Don’t believe us? Take a peak for yourself. Check out the ICD-10 Code Lookup Database or you can just look at the entertaining graphic below provided by Quill.com. The graphic illustrates 14 funny examples of ways people injure themselves and how ICD-10 classifies them.
A personal favorite? It has to be V91.07XA: Burn because of to water skis on fire, initial encounter. It’s easy to wonder how this happens once, let alone more than once, V91.07XD: Burn because of water skis on fire, subsequent encounter.
Take a look at the following graphic depicting some of the most bizarre ICD-10 codes, thanks to and provided by Quill.com. What will these codes, when aggregated over the next few years, say about us as a people? That we’re likely into, and injured by, some pretty weird stuff! Perhaps I’ll write a book.
Electronic protected health information (ePHI) is patient information that is protected under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA compliance is a complex and confusing topic, and it only gets more daunting when it comes to communication between providers and patients. If you are sending protected health information over email as a healthcare organization or a healthcare organization’s business associate, HIPAA compliance applies to you. With fines for breaches that can land upwards of a million dollars, it’s a subject that is not to be taken lightly by any organization. Let’s take a moment to settle the score on the myths and facts revolving around ePHI and HIPAA-compliant emails.
Myth: All email is HIPAA-compliant
This is a dangerously false assumption. It may come as a surprise that most free email services are not HIPAA-compliant. This includes big players such as Yahoo!, Gmail, and Hotmail. No, ePHI should never be sent through these systems. If you must send ePHI to run your business, seek out an email provider that specializes in HIPAA compliance and is specifically geared towards protecting you and the patient data that flows through your organization.
Myth: My business is too small to worry about HIPAA
Practices and organizations of all sizes get hit with HIPAA violation fines – no one is exempt. HIPAA regulations apply across the board, regardless of the size of your business. Penalties for not being compliant can range from a simple slap on the wrist to a fine of $100 per email that contains ePHI sent through an unencrypted avenue. HIPAA compliance is everyone’s responsibility, and no business is too small to suffer a surprise audit that results in business-crushing fines. Protect yourself up-front by adhering to HIPAA guidelines, and you won’t find your business under the gun for non-compliance.
Myth: Any email with PHI must have encryption
If emails are sent in-office over a secure network, encryption over e-mail is not necessary. But once that email is sent out of the office over a wide area network, or through the internet, encryption is a must.
Myth: The recipient must have encrypted email
The majority of patients use a free, non-encrypted email host. According to the HIPAA Omnibus Rule, patients have the right to request that their ePHI be sent to them via an unsecured email system. Many secure email systems can send secure messages to people without secure email – and that can be okay. But it’s important to document that request from the patient and also to inform them that when using unsecured email and waiving their right to receive their ePHI privately, they inherit the risk of a potential security breach. Documentation protects you from future accusations of negligence.
Last fall, the provisions governing Business Associate Agreements under the HITECH law went into effect. Many covered entities used templates and models offered by professional societies and the Department of Health and Human Services, but it’s becoming increasingly clear that the “model” agreements were simply a stopgap measure, and that organizations that use BAAs need to conduct ongoing reviews of the documents and customize the language to meet the individual needs of their company.
The need for ongoing reviews to business associate agreements stems from an increased focus on compliance, and audits from the Office of Civil Rights (OCR) in DHHS. In the past, HIPAA compliance audits were limited to specifically covered entities, such as doctors’ offices and hospitals. Using HIPPA-compliant providers like healthcare fax companies to transmit protected data on their encrypted servers has been the best way for health care professionals to avoid audit issues.
However, the provisions of HITECH allow for audits of subcontractors as well, ensuring that they too are complying with the privacy and security policies of the act. Essentially, then, a business associate agreement serves as an agreement by the subcontractor that it will adhere to the rules and standards of HIPAA — and they understand the consequences of noncompliance.
Some argue that the notion of business associate agreements is outdated, given that HITECH holds all subcontractors who have access to HIPAA-protected data to the same privacy and security standards as the covered entity itself, even without the written agreement. The law still states, though, that covered entities must negotiate and maintain compliant BAAs with the companies that have access to their data — even those that may not directly have access to the data.
The simple fact that the OCR is conducting audits of business associate agreements and the companies covered by the agreements, highlights the importance of maintaining up-to-date and comprehensive agreements — meaning that the “boilerplate” agreement that you signed to meet the basic compliance standards may not be enough at this point.
Considerations for Review
Since it’s been a year since the new provisions went into effect, it’s very likely that your BAAs are reasonably up-to-date, and in compliance with the laws. That being said, if you used a template, or you only made minor changes to existing agreements, it’s best to review the agreements you have on file to ensure they comply with current law.
Many experts agree that BAAs should be reviewed at least once a year or more often if they expire, or if there are significant changes to the business relationship.
When reviewing your business associate agreements, there are a few key points to pay close attention to:
Big news from HIMSS today about HIMSS16, especially for sports fans. What may make the following news even bigger is if Peyton Manning is in the midst of a retirement reflection period following this current football season. What news it would be if he decided to make an announcement about the future of his career from the HIMSS podium — HIMSSanity!
Here’s the full announcement:
Denver Broncos quarterback Peyton Manning, the NFL’s only five-time Most Valuable Player and a 14-time Pro Bowl selection, will be the closing keynote speaker at HIMSS16. He takes to the podium at 1 p.m. PDT, on Friday, Mar. 4, 2016. The HIMSS Conference & Exhibition ranked as the largest medical conference in North America during the first half of 2015 (Trade Show Executive, September 2015).
Peyton Manning has earned his place among the greatest quarterbacks in league history as the active leader in nearly every statistical passing category.
In each of his three seasons with Denver, Manning has led the Broncos to an AFC West Division title and a first-round playoff bye. During that time, he ranks first in the NFL in regular-season wins, passing touchdowns and completion percentage.
Named 2013 Sportsman of the Year by Sports Illustrated, Manning’s season ended with a trip to Super Bowl XLVIII, making him only the third quarterback in NFL history to lead multiple teams to a Super Bowl.
For his actions off the field, Manning was honored as the recipient of the Byron “Whizzer” White Humanitarian Award and the NFL’s Walter Payton Man of the Year in 2005 as well as the Bart Starr Award in 2015.
Manning serves as a member of the American Red Cross National Celebrity Cabinet and The Pat Summit Foundation Advisory Board. He and his wife, Ashley, established the PeyBack Foundation in 1999 to promote the future success of disadvantaged youth by assisting programs that provide leadership and growth opportunities for children at risk.
The Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) today released final rules that simplify requirements and add new flexibilities for providers to make electronic health information available when and where it matters most and for health care providers and consumers to be able to readily, safely, and securely exchange that information. The final rule for 2015 Edition Health IT Certification Criteria (2015 Edition) and final rule with comment period for the Medicare and Medicaid Electronic Health Records (EHRs) Incentive Programs will help continue to move the health care industry away from a paper-based system, where a doctor’s handwriting needed to be interpreted and patient files could be misplaced.
“We have a shared goal of electronic health records helping physicians, clinicians, and hospitals to deliver better care, smarter spending, and healthier people. We eliminated unnecessary requirements, simplified and increased flexibility for those that remain, and focused on interoperability, information exchange, and patient engagement. By 2018, these rules move us beyond the staged approach of ‘meaningful use’ and focus on broader delivery system reform,” said Dr. Patrick Conway, M.D., M.Sc., CMS deputy administrator for innovation and quality and chief medical officer. “Most importantly we are seeking additional public comments and plan for active engagement of stakeholders so we take time to get broad input on how to improve these programs over time.”
HHS heard from physicians and other providers about the challenges they face making this technology work well for their individual practices and for their patients. In recognition of these concerns, the regulations announced today make significant changes in current requirements. They will ease the reporting burden for providers, support interoperability, and improve patient outcomes. Providers can choose the measures of progress that are most meaningful to their practice and have more time to implement changes to program requirements. Providers are encouraged to apply for hardship exceptions if they need to switch or have other technology difficulties with their EHR vendor. Additionally, the new rules give developers more time to create user-friendly technologies that give individuals easier access to their information so they can be engaged and empowered in their care.
As part of today’s regulations, CMS announced a 60-day public comment period to gather additional feedback about the EHR Incentive Programs going forward, in particular with the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), which established the Merit-based Incentive Payment System and consolidates certain aspects of a number of quality measurement and federal incentive programs into one more efficient framework. We will use this feedback to inform future policy developments for the EHR Incentive Programs, as well as consider it during rulemaking to implement MACRA, which we expect to release in the spring of 2016.
Following the release today of the finalized modified rules for the current stage of meaningful use, CHIME released the following statement, summarizing the position of many in healthcare. Overall, the organization supports the modifications, including the adopted 90-day reporting period:
We are pleased that the Centers for Medicare & Medicaid Services today finalized modifications to the current stages of the Meaningful Use program and agreed to extend the comment period on Stage 3. CHIME and its 1,700-plus members agree with CMS that it is time to focus the meaningful use program on adoption of information technology systems that improve both the quality and safety of patient care.
The 752-page rule grants flexibility for providers who are doing their best to not only meet the intent of the federal program, but also ensure the adoption of health information technology that improves patient care.
Importantly, the rule adopts a 90-day reporting period for the current stages of the program, down from 365 days. CHIME has long called for a 90-day reporting period and applauds CMS for adopting this new standard. While several members are positioned to take advantage of this shorter period, others will be challenged to meet it since there are fewer than 90 days remaining in the year. We urge CMS to implement a hardship exemption for those unable to meet this timeframe.
CHIME also applauds the agency for modifying requirements surrounding patient access to electronic records. The rule stipulates that for 2015 and 2016, one patient discharged from a hospital view, download or transmit their electronic record.
With regard to Stage 3, the extra comment period will enable providers, CMS and other stakeholders to ensure that the next stage of Meaningful Use advances interoperability and takes into account new payment models being advanced by Medicare.
Also today, the Office of the National Coordinator for Health Information Technology finalized a rule on certification of electronic health records. CHIME supports key provisions in the rule that should lead to greater transparency regarding vendor products; improved testing and surveillance of health IT, and an improved focus on user-centered design.
We are reviewing the regulations and will have more detailed comments in the coming days.
TapCloud creates a real-time stream of data that enables care teams to quickly grasp whether a patient is getting better or worse, assess the effectiveness of treatments and medications and identify the onset of emerging complications. TapCloud is currently being used in settings from single practitioner to national hospital systems.
TapCloud allows patient’s and provider’s to communicate in ways never before possible to improve the doctor/patient relationship, focus clinicians on patients that need the most attention and insure that the patients that require services receive them in a timely manner to maximize health benefits to the patient (including quality of life, not just physical issues) and minimize the expenditure of health resources.
TapCloud is a solution for gathering key patient information in between clinical visits. There are two parts to the TapCloud solution: a patient facing instructional and information collecting APP and a web-based clinician dashboard. Typical use is for patients to follow/consume their provider-based care plan/educational info and enter their well-being, pain levels, symptoms, side effects, medication compliance and vitals into the APP (unique design allows patients to complete this in less than 1 minute per day). This information is then presented in a comprehensive dashboard that allows clinicians to rapidly interpret key insights into a patients overall well-being. Based on this patient reported information, clinical protocols will dictate if any specific patient needs to be seen, have a home health visit or meds adjusted, etc.
Our CEO, Tom Riley, is a former health insurance executive who spent the past 25 years living at the intersection of healthcare and technology. A few years ago, after his mom was diagnosed with ovarian cancer, his experience with the healthcare system became much more personal as he became a primary caregiver for her. During that time he attended office visits with his mom on a regular basis, and discovered that there is an inherent gap in communications between the way doctors organize/accept information from patients, and the way patients organize and deliver information to their doctors and other clinical staff.
Over and over again, he found himself serving as a translator between his mom and her doctors. He would help his mom by creating easy to understand checklists of things she was supposed to be doing each day, activity, medications, etc. And he would help the doctors by keeping track of his mom’s symptoms and watching for developing complications and then making sure that the information was shared during her appointments. It frequently made a significant impact on the diagnosis of issues, and the assessment of treatment effectiveness. It also helped his mom regain a measure of “quality of life” by making sure that even non-critical complications like chronic constipation were identified and addressed.
After his mom passed away, he decided to devote his time to taking what he had learned first-hand and developing a solution to improve patient-doctor communications in acute-care settings like post-surgical recovery and chemotherapy and since has morphed into a chronic disease management solution as well. TapCloud runs on smart-phones and tablets and includes personalized services for the patient, helping them organize and customize generic discharge/care plan instructions into a personalized daily plan for them to follow. At the same time, the technology uses a sophisticated, but incredibly easy to use, interface to probe for indications of developing complications and/or medication side-effects. It allows clinicians to effectively monitor patient progress remotely and focus their attention on the right patients. It also ensures that doctors are aware of all of the issues affecting a patient, not just the life-threatening ones that have their patients end up in the ED or admitted to the hospital without them even realizing their patients were experiencing any issues.
Guest post by Ken Perez, vice president of healthcare policy, Omnicell.
“I get by with a little help from my friends.”– The Beatles
In simple terms, healthcare delivery reform under the Patient Protection and Affordable Care Act (ACA) is catalyzed by the Centers for Medicare and Medicaid Services (CMS) through establishment of performance standards or goals and application of behavioral economics—financial carrots and sticks—to encourage improved quality and reduced cost. The financial incentives—both positive and negative—are usually offered to healthcare provider organizations, such as accountable care organizations, which are on the hook to meet numerous quality measures and hold costs below targeted benchmarks, or commercial health insurers running Medicare Advantage plans, which pass along some of the onus to maintain quality performance onto providers.
However, these applications of behavioral economics do not directly target or impact the central player in the healthcare system—the individual member or patient. Engagement by the patient in their care is critical and explains why billions of dollars are spent each year on patient outreach and communications, as well as development and promotion of consumer-friendly apps and wearable devices. When patients are engaged, the healthcare system can more effectively and efficiently prevent, diagnose and treat health conditions.
On Sept. 1, 2015, CMS’s Center for Medicare and Medicaid Innovation (Innovation Center) announced the Medicare Advantage (MA) Value-Based Insurance Design (VBID) Model, an initiative that will test whether allowing health plans administering MA plans to offer targeted additional benefits or reduced cost sharing to enrollees who have certain chronic conditions will result in better quality and more cost-effective care.
The model’s goals are to enhance enrollee health, decrease the use of avoidable high-cost care, and reduce costs for MA plans, beneficiaries, and ultimately, the Medicare program. The model focuses on MA enrollees with the following chronic conditions: diabetes, congestive heart failure, chronic obstructive pulmonary disease (COPD), past stroke, hypertension, coronary artery disease, and mood disorders.
The MA VBID Model will take effect Jan. 1, 2017, and run for five years in seven states which were deemed representative of the overall national MA market: Arizona, Indiana, Iowa, Massachusetts, Oregon, Pennsylvania, and Tennessee.
It’s here. The day has arrived. The biggest thing to happen to the administration of healthcare in decades is upon us: Today is ICD-10 conversion day.
It’s been a long and winding road. But we’re here. The trip has certainly not been easy and there have been multiple detours. But, the destination has arrived. “Momma, are we there yet?”
Take a breath. Stretch your legs and try to find some joy in the tumultuous trip. You’ve earned it. It’s been a long ride.
But the trip is not over yet. Like all road trips, there’s the way back. And that, too, is a long road ahead. There’s still much to see and do, and much to prepare. Much to look forward to on the road ahead.
For a minute, though, on perhaps the most important day, why not take a moment to reflect on the journey and congratulate yourself on a job done well, which you’ve done with integrity and professionalism, in which you have been filled with excitement and glib, where you’ve experienced pain, pressure and perhaps even a little joy as you pushed yourself to the max.
Many of us never thought this day would come. Some of you hoped it never would.
Now, thankfully, we can move on to a new goal, a new destination.
Though ICD-10 is upon us and there is little, if anything, that can be done at this point other than wringing your hands in disbelief or praying for peace with the patience of a saint (depending on your religious worldview and personality), we wait for the storm to hit, then pass and roll on a bit for a time. And it will pass. The storm will dissipate.
For some reason, when I think of the current state of ICD-10 and its impact to healthcare I’m reminded of a hurricane. The analogy of a hurricane seems like an apt example of the phase healthcare currently is in in regard to ICD-10.
The road here has been long – there has been much fear and anticipation of the coming storm. Surges of energy, wind and waves have met us and battled at the banks of the beach. The wind and thunder has been loud, the elements seem to have shaken the very foundation of our lives and our “homes.” Pain, fear, struggle and stress have been the order of the day. But at last we’re here. The storm is upon us, in fact it is half over, and we stand in its eye, one of the most beautiful and peaceful times one can ever experience.
Peace, calm expectation and a subtle excitement of the storm’s beauty are in the eye, as is anxiety of the anticipation of what’s to come — the second half of the storm. Having personally stood in the eye of one of the largest hurricanes on US record, and having survived one of the most terrifying storms of my life, I can tell you that the eye of the storm is a brilliant, calm and peaceful place in what is actually an extremely deadly and dangerous place to be.
However, when the eye passes, the storm rages again, even more fierce than the penetrating force of the first half of the storm. Again, there’s more fear; more stress; more panic. Finally, the storm passes, slowly and subtly. The wind disappears, the sun breaks free and among the chaos, birds sing with striking clarify and beauty. It’s as if their songs are the only remaining sound because the storm has sucked all else away. Their song is an encouragement as you assess your losses and determine the first steps required to put your life back together.
Certainly, ICD-10 is not deadly, nor is it as dramatic as surviving a killer storm, but the process has been stressful, and painful and chaotic for millions. We’re in the eye, half way between beginning and end. Much has happened, but there is still a great deal more to come. I image that’s how many of you are feeling today; trying to ride out the storm — in peace, in fear or maybe a combination of the two. So, on this occasion, as we wait, I thought I’d provide a few final thoughts about ICD-10 from those working alongside you, in the trenches, who are also weathering the storm. Hopefully these insights provide you some peace, and help you get through this stressful time.
With the transition to ICD-10, we expect three types of industry disruption occurring at different times. First, starting in the first few days after the Oct. 1, 2015 cutover, when providers start transmitting claims containing ICD-10 codes (between 10/3 and 10/10), we predict that providers that chose to ignore the ICD-10 mandate will receive a monumental wake-up call when clearinghouses and payers immediately reject their ICD-9 coded claims as non-clean HIPAA transactions. We believe that most of the nonconformists will be smaller, rural professional providers and small practices. They will scramble to get ready in short order if they wish to be paid for their services.
Second, by mid- to late-October, providers will start receiving payments based on claims submitted using ICD-10 codes. Most professional claims are reimbursed based on the CPT/HCPCS codes and therefore are not susceptible to payment shifts. Institutional claims are paid via a wide range of reimbursement mechanisms, mainly due to combinations of both ICD-10 diagnosis as well as procedure codes. ICD-10 testing between providers and payers illustrates that four out of five payment disputes are because of poor coding accuracy from the provider. We see an increase in phone calls to payers and an elongated revenue cycle collection timeframe.
Third, throughout 2016, we see overall data quality issues emerging as the industry stabilizes and acclimates to the new code set. Although CMS relaxed coding accuracy requirements for Medicare fee for service claims, commercial payers have not followed suit. Be prepared for an increase in chart reviews and ongoing adjustments to previously paid claims.
Coastal Orthopedics has been serving the coastal South Carolina region for more than 30 years, and has helped countless members of our community regain and maintain a full quality of life. In those years of serving our community, ICD-10 has without a doubt been one of the biggest challenges that our practice has faced to date. With major overhauls to our practice workflow and ultimately our ability to provide the best care to our patients on the horizon, we set out early to meet the demands of the ICD-10 transition proactively.
The success of our transition to ICD-10 has been two-fold. One: our software partners (SRS Soft EHR and Allscripts Practice Management) have continued to deliver exceptional tools that have allowed our practice to leverage the power of healthcare information technology to expand our ability to provide exceptional care exponentially. Two: The dedicated staff and physicians of our practice, who truly love getting to be a part of helping our patients live their best life, have invested countless hours of preparation into being sure that our patients continue to receive only the best care. After months of updating our office systems/processes, working with care partners across the community, working with our software partners to fine tune our systems, and working with insurance companies to ensure that our patients get the most of their benefits, we’re ready to take ICD-10 head-on.
October 1st will be just another day of providing exceptional orthopedic care to our community for Coastal Orthopedics.
The day before, the day of and the day after ICD-10 goes live, it will be too late. But, as we get closer to ICD-10 go live, there are some final preparations that you can do before it does, and some remediation that can be done post go live. Physician practices and hospitals can focus on the procedures and visit types that drive their practices. We call this focus, the Codes that Matter. A very small percentage of procedures and visit types drive 95 percent of revenue so focus on those key areas to protect your revenue.
In addition, the physicians and hospitals need to take a snap shot of financial and revenue cycle performance prior to going live. This is especially critical at this point. The hospitals and physician practices have to know where they are today so they can effectively evaluate their financial and revenue cycle performance post go live. Financial “fire drills” need to be conducted to practice and prepare for revenue cycle impacts. How to prevent 10 percent to 15 percent revenue hits? If we see those issues arising, how do we quickly address and how do we rapidly deploy teams to close the issues. Waiting until the day before, similar to cramming for the test will not work well for the October go-live. There are a couple of things listed above that can still make a difference so the time is now before the die is cast.