Part B Insider (Multispecialty) Coding Alert

Physician Notes:

Car Break-in Leads to $750,000 HIPAA Settlement for One Practice

White House: CMS not making enough effort to fix errors.

An Indiana oncology practice agreed to pay $750,000 and create a “robust corrective action plan” after a breach that could have exposed information about 55,000 current and former patients, the Department of Health and Human Services announced on Sept. 2.

Three years ago, the Office of Civil Rights (OCR) discovered that someone stole a laptop bag from the car of an employee of the cancer practice. The laptop and an unencrypted backup storage device went missing during the theft, and they included the names, Social Security numbers, dates of birth, addresses and other protected health information (PHI) for thousands of patients.

When the OCR looked deeper at the practice’s habits, the agency found that it had never conducted a risk analysis after discovering the breach in 2012, nor did the practice have a written policy regarding how to handle PHI on portable hardware and electronic media devices.

“Organizations must complete a comprehensive risk analysis and establish strong policies and procedures to protect patients’ health information,” said OCR Director Jocelyn Samuels in the Sept. 2 statement. “Further, proper encryption of mobile devices and electronic media reduces the likelihood of a breach of protected health information,” she added.

Resource: To read more about the case, visit www.hhs.gov/news/press/2015pres/09/20150902a.html .

In other news…

Although it might feel like CMS is doing everything it can to keep money away from medical practices, the White House believes the agency isn’t doing enough to save cash.

That’s the takeaway from a Feb. 26 letter that Office of Management and Budget (OMB) Director Shaun Donovan sent to HHS Secretary Sylvia Burwell, in which he said that the OMB believes “a more aggressive strategy can be implemented to reduce the levels of improper payments we are currently seeing.”

The letter, which was made public after the Center for Public Integrity filed a Freedom of Information Act suit, also said that the Medicare Fee-for-Service improper payment estimate in 2014 was $9.7 billion higher than the previous year, and the Medicaid improper payment amount was $3.1 billion higher than 2013 levels. “The $12.2 billion improper payment amount remains a concern,” Donovan said.

Donovan urged Burwell to find “new and innovative ways to address the problem” and use “every tool at our disposal” in that effort. This will probably mean that the Department of Health and Human Services, as well as its Office of Inspector General, will be using new strategies to ensure that mistakes are brought to a minimum. Keep an eye on the Insider as these new tactics are unveiled to find out how HHS intends to implement additional ways to eliminate overpayments.