Medicare Compliance & Reimbursement

Keep your eyes peeled this autumn for a notification and data request from the HHS Office for Civil Rights (OCR). If you receive these communications, your practice is one of the selected entities that will face a more vigorous HIPAA audit.

OCR plans to audit 350 covered entities (CEs) and 50 business associates (BAs) during the first round of audits. For those who receive the notification and data request in Fall 2014, “the lucky recipients will be the first participants in the OCR’s effort to adopt a more aggressive approach to investigating compliance with HIPAA standards for privacy, security and breach notification,” wrote Tampa, FL-based Akerman LLP associate attorney A. Crosby Crane in a May 1 posting for the firm’s Health Law Rx Blog.

Why? The more aggressive approach stems from the December 2013 HHS Office of Inspector General (OIG) report that slammed the OCR for falling behind on HIPAA enforcement, Crane said. OCR has been making headway in implementing a permanent audit program, instead of relying on complaints as a way to assess compliance.

PECOS System Just Got Easier to Navigate

If your attempts at adding practitioners to the PECOS system have become incredibly frustrating, CMS has attempted to make that process a bit easier. After providers complained about how suddenly they’ve gotten locked out of their accounts, CMS has updated the system.

In a new feature, CMS changed the process for unlocking Identity & Access Management (I&A) System accounts online. (I&A controls access to the Provider Enrollment, Chain and Ownership System [PECOS], the National Plan and Provider Enumeration System [NPPES], and EHR [Electronic Health Record Incentive Programs].)

After three unsuccessful attempts at logging in, users will be prompted to reset their password via “Forgot Password” to unlock their account. “Forgot Password” will allow the user three attempts to correctly enter the user information associated to their account, CMS explains in its May 8 issue of “MLN Connects” news.

If you select “Forgot Password” before trying to log on, you will be given the option to answer three of your security questions or enter personal information, CMS adds.

Resource: To read the complete article, visit www.cms.gov/Outreach-and-Education/Outreach/FFSProvPartProg/Downloads/2014-05-08-enews-file.pdf.

‘Two Midnight’ Rule Needs Revision, OIG Says

It hasn’t even been a year since CMS enacted its “Two Midnight” rule, but the OIG is already questioning the decision.

Background: Last October, Medicare ruled that surgical procedures, diagnostic tests, and other treatments are “generally appropriate for inpatient hospital admission and payment under Medicare Part A when (1) the physician expects the beneficiary to require a stay that crosses at least two midnights and (2) admits the beneficiary to the hospital based upon that expectation.”

In testimony to Congress on May 20, regional inspector general Jodi D. Nudelman said that the new hospital policy “must be evaluated,” noting that “CMS’s new policy will affect hospitals’ use of observation stays and short inpatient stays, which in turn will affect Medicare and beneficiary payments to hospitals.”

In addition, she added, “The new policy may also affect beneficiaries’ access to SNF services. Information about the impact of the new policy is needed to ensure that policymakers take these issues into account as they move forward.”

To read Nudelman’s complete testimony, visit http://oig.hhs.gov/testimony/docs/2014/Nudelman_testimony_05202014.pdf.