Healthcare Law and ICD-10-CM/PCS Codes

Mitigation and Settlements

• Entities may settle allegations of violations by agreeing to corrective actions, financial settlements, or other terms to resolve legal issues and avoid litigation.

ICD-10-CM/PCS

• ICD-10-CM/PCS is a classification system with 17,000 numeric clinical codes for diseases, symptoms, abnormal findings, complaints, social circumstances, and external causes of injury or disease.
• Codes are organized into DRGs (diagnosis related groups), which form the basis for government payment.

Upcoding

• Upcoding is the practice of using a billing code that provides a higher reimbursement rate than the code that accurately reflects the service furnished.
• Upcoding has been a major focus of OIG's enforcement efforts, and HIPAA added an additional civil monetary penalty to the OIG's sanction authorities for upcoding violations.

DRG Creep

• DRG Creep is the practice of billing using a DRG code that provides a higher payment rate than the DRG code that accurately reflects the service provided.

Enforcement and Discipline

• OIG believes that the compliance program should include a written policy statement setting forth the degree of disciplinary actions that may be imposed.
• Discipline will be administered for non-compliant activity, and employees have an obligation to report suspected noncompliance.

Failure to Report

• Failure to report an offense is a serious act of noncompliance and equally deserving of discipline as the actual misconduct.

Progressive Discipline

• Progressive discipline is a multi-step process that includes:
  • Meeting with the employee to discuss the problem and secure a commitment to correcting behavior
  • Written warning that emphasizes the seriousness of the situation and stresses the urgency of modified behavior
  • Suspension without pay or a probationary period where if the behavior continues, the employee will face termination

Board Involvement

• It is in the best interest of the organization for the Board to have an active rather than a passive role in compliance.

Management Support

• Management buy-in is critical in influencing and making a compliance program work.
• Compliance officers should work with management and include them in investigations.
• Managers must also lead by example, as actions speak louder than words.

Physician Support

• Physician support is key in the healthcare setting.
• Ways to communicate compliance with physicians include:
  • Discussing both business and clinical aspects of an issue
  • Emphasizing clinical and fiscal improvements
  • Building trust through involvement
  • Involving physicians early in the process
  • Providing data
  • Working one-on-one with them

Staff Support

• It isn't a crime to make a mistake; it is a crime to not do anything about that mistake once it is detected.
• Staff must know that compliance is everyone's responsibility, not just the Compliance Department.

Financial Support

• Management all the way up to the Board must be willing to financially invest in Compliance.

Compliance Budget

• You can't run a compliance program properly without the financial resources.
• The amount of $$ you need will depend on the size and scope of compliance responsibilities.

Staffing

• Organization size, setting, and culture will influence how the compliance department is staffed.
• In a small organization, the Compliance Officer role may not be full-time.
• Administrative support may be necessary.

Conduct Risk Assessment

• After the compliance department is in place, the first step is to launch an effective compliance program by conducting a risk assessment.
• The purpose is to identify risks in the organization, analyze those risks against controls in place, prioritize those risks, and develop plans for action to address the risks prioritized.

Develop Mission and Goals

• Once staff is in place, it must function as a team towards a common goal.
• Develop a compliance department mission statement.
• Develop annual team goals that are achievable and measurable.
• An annual compliance report should be developed to get the word out and build support for the compliance department.

Notice to Individuals

• The notice to the individual must include:
  • A description of what happened, including date of breach and date of discovery
  • Description of the types of information involved in the breach
  • Steps individuals can take to protect themselves from harm
  • Descriptions of what the CE is doing to investigate the breach, to mitigate harm to the individuals and protect against further breaches
  • Contact information for the individuals to ask questions or learn additional information

Enforcement Penalties

• Initially, enforcement was complaint-driven, but enforcement has increased, as well as an increase in Civil Monetary Penalties for violations.
• HITECH has penalty tiers, with a minimum of $100 per violation up to $50,000 per violation.
• Tiers are based on accidental vs intentional, as well as actions taken by CE to correct and prevent future breaches.
• Four Tiers:
  • Violations that were inadvertent and the CE would have taken different action if they were aware. $100 up to $50,000 per violation
  • Violations due to reasonable cause but not willful neglect. $1,000 up to $50,000 per violation
  • Violations due to willful neglect, but problem has been corrected by CE. $10,000 up to $50,000 per violation
  • Violations due to willful neglect and problem has not been corrected. Starts at $50,000