Medicare Compliance & Reimbursement

You’ve heard there won’t be an ICD-10 book that you can keep on your desk because the abundance of codes would make a book too thick — but is that tale true? Actually, no — it’s one of many ICD-10 myths that the Centers for Medicare & Medicaid Services (CMS) hopes to dispel with its latest publication, called ICD-10-CM/PCS Myths and Facts.

Indeed, hard copies of the ICD-10 code book are already available and don’t take up more space than your current coding books, CMS says in the document. If you prefer leafing through a book over checking codes online, you’ll still get to handle business as usual when ICD-10 takes effect next October.

Likewise, CMS dispels the myth that you’ll have to scrap your CPT® knowledge when ICD-10 kicks in, since many providers erroneously believe that ICD-10-PCS will replace CPT®. In actuality, however, ICD-10-PCS will only be used for facility reporting of inpatient procedures, and won’t impact Part B providers’ use of CPT®.

Resource: To read the complete document, visit www.cms.gov/Medicare/Coding/ICD10/Downloads/ICD-10MythsandFacts.pdf.

This MAC Highlights the Most Common Prolonged Service Errors

You must remember to bill each add-on code with its companion code. Reporting prolonged service codes +99354-99357 can help you maximize your reimbursement for longer than usual E/M visits, but one MAC recently found that not all providers are clear on how to bill these codes.

NGS Medicare released the results of its recent audits of prolonged service codes, which noted that on average, a startling 88.7 percent of prolonged service claims were reduced or denied after auditors reviewed the documentation. In fact, only 8.5 percent of the claims that the MAC reviewed for dates of service in September 2014 were paid accurately, and the rest were either completely denied or reduced, the audit report indicates.

NGS outlined the following as the most common errors that prompted claim denials or payment reductions:

• No support of direct face-to-face or floor/unit time, which is required for prolonged services;
• Missing content of the prolonged service required beyond the regular E/M visit;
• Missing companion code (such as 99201-99215);
• Codes were reported for family meetings without the patient even present and without an accompanying E/M;
• The provider performed a diagnostic test and included the time spent on it in the prolonged service time;
• The wrong provider is on the claim vs. who actually performed the service;
• Missing, illegible, or incomplete documentation.

In the wake of the report, NGS is reminding all providers to only count the time spent during face-to-face contact, include the start and stop times of the visit, show what was discussed, and be able to prove medical necessity for the longer visit. 

HIPAA Audits Reveal That Smallest Entities Had Most Trouble Staying Compliant

If you’re wondering how covered entities fared during the first round of audits by the HHS Office for Civil Rights (OCR), you might be surprised at the answer. And you should pay close attention to these findings, because they will impact the compliance areas that OCR will focus on in the Phase 2 audits.

According to McDermott Will & Emery in an article published in The National Law Review, the Phase 1 OCR audits of 115 CEs produced the following aggregate results:

• Only 11 percent of audited CEs had no findings or observations;
• Despite representing just 53 percent of audited CEs, health care providers were responsible for 65 percent of the total findings and observations;
• The smallest audited CEs struggled with compliance under all three of the HIPAA standards;
• More than 60 percent of the findings or observations were security-standard violations, and 58 of 59 audited health care provider CEs had at least one security-standard finding or observation, even though the security standards represented only 28 percent of the total audit items;
• OCR attributed more than 39 percent of the findings and observations related to the privacy standards to a lack of awareness of the applicable privacy-standard requirement; and
• Only 10 percent of the findings and observations related to a lack of compliance with the breach-notification standards.