Part B Insider (Multispecialty) Coding Alert

Physician Notes:

CMS: Start Searching Now for Overpayments--Or Face Penalties

Plus: Phone app developers could be considered business associates in certain instances.

You’ve always felt an obligation to return overpayments to your MAC—but now you need to search your files for them and return them within 60 days of identification, or you could face allegations of violating the False Claims Act.

CMS published a final rule on Feb. 11 requiring providers and suppliers “to report and return overpayments by the later of the date that is 60 days after the date an overpayment was identified, or the due date of any corresponding cost report, if applicable,” CMS says.

You must perform “reasonable diligence” to identify all of your overpayments within the past six years, and once you discover them, you have to issue refunds to the MAC within 60 days. If you don’t, you could be held liable under the False Claims Act or Civil Monetary Penalties Law—and you could even find yourself excluded from the federal health care programs.

Resource: To read more about the new overpayment time frames and regulations, read the CMS Fact Sheet on the topic at www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2016-Fact-sheets-items/2016-02-11.html.

In other news…

Phone apps go beyond Angry Birds and Pandora these days—and some are so advanced that they can even fall under the HIPAA privacy laws.

The HHS Office of Civil Rights released a report this week demonstrating just how a phone app can be subject to the HIPAA laws. According to the document, entitled “Health App Use Scenarios & HIPAA,” phone apps are not considered covered entities under HIPAA, but under some circumstances they could be considered “business associates,” which would require them to comply with some aspects of the HIPAA Rules.

For example, suppose the physician tells the patient to download a health app to her phone, and the physician contracts with the app developer for patient management services such as remote patient health monitoring. The information that the patient enters into the app then populates the physician’s EHR automatically. In this case, “the developer is a business associate of the provider, because it is creating, receiving, maintaining and transmitting protected health information (PHI) on behalf of a covered entity,” the OCR says in the document.

Likewise, if a health plan offers members an app to request, download and store health plan records and check claims status or coverage decisions, the app developer is considered a business associate.

To read more about how the HIPAA laws cover app developers, visit the HHS website at http://hipaaqsportal.hhs.gov/community-library/accounts/92/925889/OCR-health-app-developer-scenarios-2-2016.pdf.