VALUE EXPERIENCE RESULTS Grooming a Top Notch Patient Access Professional Betsy Keating, RN, CHAM Senior Consulting Manager October 25, 2011 Agenda ♦ Introduction ♦ Examples ♦ Compliance Overview ♦ Training and Education ♦ Performance Management 2 Introduction Patient Access Associates perform a diverse and complex range of tasks during the registration process: ♦ Data Collection ♦ Insurance, Benefit Verification ♦ Identification of Pt. Financial Liability, POS Collections ♦ Securing required signatures ♦ Acquisition of Referrals and Pre Certification Embedded within the daily functions of an Access Associate are laws and regulations applicable to their day-to-day job responsibilities. 3 Today’s Discussion ♦ Identify violations that could lead to legal liability for the organization and employee. ♦ Provide an understanding of the laws and regulations that impact Patient Access Services. ♦ Learn techniques to incorporate a full realm of compliance training into existing education plans. 4 HIPAA Enforcement Examples ♦ Following investigation by the U.S. Dept. of Health and Human Services, office for Civil Rights, the University of California at LA settles potential violation of HIPAA for $865,000. – Complaint alleged that two UCLAH employees looked at electronic health records repeatedly without permission. Upon further investigation, it was reported between 2005 -2008 numerous employees looked at the EMR of patients without valid reason. 5 HIPAA Enforcement Examples ♦ In 2009, Mass General lost PHI on over 192 patients – consisting of patient schedules with names, MRN’s billing information, diagnoses, procedures. – An employee, while commuting, left the documentation on a subway train. The documents were never found. – $1M settlement 6 Penalty and Action Plan ♦ Covered entities are responsible for actions of their employees. ♦ Penalties in the amount of $1.8M were incurred between the two facilities. ♦ Corrective action plan established. – Privacy and Security Policies and Procedures – Regular and robust training – Independent monitor to assess compliance 7 Recovery Audit Contractor ♦ Three year demonstration – pilot (2005 through 2008) – Identified $1.03 billion of improper Medicare payments – $900 million in overpayments returned to Medicare Trust Fund ♦ 40 percent of overpayments due to medically unnecessary services (65 percent for services provided in an inappropriate setting) ♦ 8 percent due to insufficient documentation ♦ 35 percent connected to incorrect coding ♦ 17 percent – other category 8 RAC Exposure (*Evaluation of the 3-year demonstration) Improper payments due to: ♦ Medically Unnecessary Services ♦ Services provided in an inappropriate setting ♦ Incorrect coding ♦ Improper documentation ♦ Other 9 Patient Access Link ♦ Medical Necessity – Critical function in all access areas to: – Prevent improper Medicare payments. – Ensure provider can pursue payment from beneficiaries. ♦ Advance Beneficiary Notice (ABN) – Failure to issue an ABN can lead to financial losses to an organization due to inability to bill for services denied by Medicare as medically unnecessary. ♦ Medicare Secondary Payer Questionnaire (MSPQ)– Since 1980, the MSP provisions have protected Medicare funds by ensuring that Medicare does not pay for services and items that certain health insurance or coverage has primary responsibilities for paying. 10 Patient Access Link ♦ Physician Order Documentation – Denials when medical records failed to have a clear admission order. – Level-of-care orders documented – Inadequate or incomplete admission orders – Presence of an order on elective surgeries – Physician education – Standard Order Sets with clear delineation to admit to inpatient or place in observation – Identification of Inpatient Only Procedures 11 Risk of Non Compliance ♦ ♦ ♦ ♦ ♦ ♦ ♦ 12 RAC Exposure HIPAA Penalties Quality and Safety Customer Satisfaction Financial Liability Healthcare Fraud Loss of integrity and credibility Impact ♦ Privacy Violations – misuse of information – Failure to comply with requirements and standards – not more than $100 for each violation not to exceed $25,000 – Criminal penalties up to $50,000, $100,000 and $250,000 with imprisonment up to 10 years ♦ Security Breach Notification and Penalties – Notify patients – If breach affects over 500 patients, notify DHHS – Notify local media – Results: Damage to the organizations reputation, Financial losses, Fraud, Fines, and Personal Liability ♦ Returned overpayments to Medicare Trust Fund 13 Patient Access Leadership Responsibilities Patient Access is at the forefront and recognized as a vital component of the Revenue Cycle and strongly influences the financial integrity of the organization. Essential to: ♦ Engage in robust recruitment and retention strategies. ♦ Develop a comprehensive education and training plan. ♦ Put in place proper resources to ensure compliance. 14 Education and Training 15 Training Techniques Student Centered – Focus on the Trainee Motivation – Build motivation activities Activation – Give trainee opportunity for active participation Reinforcement – Learner demonstrates a means of reinforcing newly learned skill Transfer – Trainer checks throughout program to ensure trainee has an understanding of skill Environment – Comfortable and suitable for learning 16 Training Plan . . . Methodology ♦ Utilize a combination of techniques. – Classroom training – Preceptor – On-the-job training ♦ Engage a subject matter expert as the dedicated trainer. ♦ Provide ongoing feedback, encouragement, and validation. ♦ Monitor, track, and measure competency. ♦ Provide training that incorporates: – Demonstration – Hands On Experience – Policy and Procedure Review ♦ E Learn ♦ Training Modules 17 Patient Access Orientation Training Plan Week 1 Monday Tuesday Wednesday Thursday Dept. Orientation Patient Access Overview – Scope of Responsibility Data Collection Insurance – Patient Training Interviews System Training Service Excellence Scripting Financial Responsibility • Completion of Healthcare System mandatory training modules • Review of Associated Policies and Procedures • Practical Application in ‘test’ system 18 Friday Compliance and Regulatory Agencies Patient Access New Orientation Training Plan Week 2 Monday Tuesday Physician Outpatient Order Registration Documentation Wednesday Thursday Friday Inpatient Registration Emergency Dept. Registration Scheduling, Pre Encounter Workflow, Check In • Review of Associated Policies and Procedures • Practical Application in ‘test’ system 19 Compliance Compliance training is a critical component of an Access Department’s training and education plan. Educational goals should ensure the Access Associate: ♦ Possesses a complete understanding of the laws and impact within Patient Access. ♦ Complies with policies and procedures. ♦ Possesses knowledge and understanding of Medicare Compliance, Regulatory Agencies governing compliance and healthcare laws. 20 Essential Documentation for an Effective Training Plan ♦ ♦ ♦ ♦ ♦ ♦ 21 Outline Defined Objectives Content Method of Delivery Method of Evaluation Measurement of Competency Sample Compliance Training Module Topic: Medical Necessity and ABN Compliance Objective: At the completion of this program, the trainee will possess the skills to perform medical necessity checks on all Medicare beneficiaries rendering outpatient procedures and be compliant when issuing an ABN. Content: Medical Necessity Software Demo Policy and Procedure Method of Delivery: Instructor led discussion, demo, and policy review Self Learn Training Module with post test Practical application utilizing sample physician orders Method of Evaluation: Post Test Competency Direct Observation 22 Effective Compliance Program ♦ Establish compliance standard, procedures and policies. ♦ Assign oversight responsibility for compliance to an individual high in the organization’s structure. ♦ Conduct effective training and educational programs (communications of standards). ♦ Perform internal audits and continued monitoring to detect noncompliance and improve quality. ♦ Develop effective lines of communication for reporting violations and clarifying policies. ♦ Enforce standard well-publicized discipline guidelines and procedures. ♦ Respond appropriately and immediately to detected offenses in order to prevent further offense through corrective action. 23 Key Ingredients to Compliance Training ♦ Medicare Compliance – Medical Necessity, Advance Beneficiary Notice (ABN) – Important Message from Medicare – Medicare Secondary Payer Questionnaire (MSPQ) ♦ The Joint Commission – Patient Identification – Patient Rights ♦ Laws – Health Information Portability and Accountability Act 1996 (HIPAA) – Health Information Technology for Economic and Clinical Health Act 2009 (HITECH) – Red Flags Rules 2007 – Patient Self Determination Act 1991 (PSDA) – Emergency Medical Treatment and Labor Act (EMTALA) 24 Regulatory Agencies CMS: The Center for Medicare Services issues Regulations for Hospitals and Conditions of Participation (COP). Every hospital accepting payment for Medicare and Medicaid patients –including Joint Commission accredited hospitals must comply with these conditions. TJC: The Joint Commission provides evaluation and accreditation services for multiple healthcare organizations such as general, psychiatric, children’s rehabilitation, and critical access hospitals. TJC standards address the organization’s level of performance in key functions such as patient rights, patient treatment and infection control, and on its ability to provide safe, high quality care. Joint Commission sets an important standard for hospital compliance under the premise that if an organization does the right things and does them well, there is a strong likelihood patients will experience good outcomes. OIG: Office of Inspector General is the federal government’s Department of Health and Human Services publishes compliance program guidance for multiple sectors of healthcare and billing companies. 25 Patient Access Day-to-Day Responsibilities When: During Registration, Outpatient, Emergency Department, Central Scheduling, Financial Counseling, Admitting, Check-In – – – – – – – – – – – – – 26 Ensure positive identification of patients prior to the onset of registration Address the communication needs of each patient Meets the spiritual needs of patients Secure signatures Consent for Treatment, Assignment of Benefits, and Release of Information Perform Medical Necessity, ABN Complete Medicare Secondary Payer Questionnaire Comply with EMTALA Distribute Patient Right to Privacy brochure Ensure Privacy and Security Be respectful of the patient’s option to ‘opt out’ of hospital directory Distribute Important Message from Medicare Address Advance Directive Ascertain Release of Information privileges HIPAA The law known as “HIPAA” stands for the Health Insurance Portability and Accountability Act of 1996. Congress, designed the Act to: – Provide consumers with greater access to health care insurance. – Protect the privacy of health care data. – Promote more standardization and efficiency in the health care industry. 27 Patient Access Responsibilities Privacy and Security Ensure Privacy: ♦ Do not disclose or share your password with another employee. ♦ Log off computer when walking away from workstation. ♦ Avoid work related conversations in hallways or elevators. ♦ Update, test and maintain correct fax numbers. ♦ Know your hospital’s policies for leaving messages on answering machines. ♦ Do not post patient information around your workstation. ♦ Dispose paper information in closed receptacles for shredding. ♦ Do not use your password to look up information on family members or friends. 28 HITECH The Health Information Technology for Economic and Clinical Health Act (HITECH or "The Act") is part of the American Recovery and Reinvestment Act of 2009 (ARRA). ARRA contains incentives related to health care information technology in general (e.g. creation of a national health care infrastructure) and contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among providers. 29 HITECH HITECH also widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for more enforcement. ♦ Right to Restrict enforced in 2010: Requires the covered entity to agree on restriction of disclosure to a health plan if: The disclosure is for the purposes of carrying out payment or healthcare operations and is not otherwise required by law; and, The Protected Health Information (PHI) pertains solely to a health care item or service for which the individual, or person on behalf of the individual other than the health plan, has paid the covered entity in full. *Patient Access Considerations: Insured Self Pay procedure 30 EMTALA Under EMTALA, patients are to be “triaged” by a “clinician” to determine severity of illness and degree of emergency prior to being asked about insurance or method of payment. 31 EMTALA Three primary requirements on Medicare participating hospitals: ♦ The hospital must provide an appropriate medical screening exam (MSE). ♦ The hospital must treat and stabilize the emergency medical condition, or transfer. ♦ A hospital must not transfer an individual with an emergency medical condition that has not been stabilized. Regulations were amended in 2003 to specifically permit reasonable registration procedures, including inquiries about insurance, before the medical screening examination is done, again as long as those inquiries do not delay the examination. A request for payment, however, may not be made at that time. Patient Access Responsibilities: ♦ Know your hospital bylaws to identify ‘who’ can perform the MSE. ♦ Know triggers that communicate completion of MSE. 32 RED FLAGS REGULATION The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs — or "red flags" — of identity theft in their day-to-day operations. By identifying red flags in advance, businesses will be better equipped to spot suspicious patterns that may arise -- and take steps to prevent a red flag from escalating into a costly episode of identity theft. 33 Red Flags Regulation Patient Access Responsibilities: ♦ Comply with patient identification policies. ♦ Be alert to suspicious, altered documents. ♦ Be alert to suspicious PHI, such as date of birth and photo identification not consistent with the appearance of the patient. 34 Patient Self Determination Act Advance Directive means a written instruction, such as a living will or durable power of attorney for health care, relating to the provision of health care when the individual is incapacitated. Organization’s Responsibility: ♦ Provide written information regarding Advance Directives. ♦ Document in Medical Record. ♦ Educate patients, employees and community. 35 Policies and Procedures Primary ♦ Medical Necessity ABN ♦ EMTALA ♦ Medicare Secondary Payer Questionnaire ♦ Patient Identification ♦ Emergency Department Registration ♦ Orders for Outpatient Testing ♦ Advance Directive ♦ Registration of Family and Friends ♦ Patient Rights and Responsibilities 36 Related ♦ ♦ ♦ ♦ ♦ ♦ Guarantor Policy Performance Management Performance Improvement Plan Registration Quality Assurance Insured Self Pay Policy Patient Search, Name Standard Competency Competency: ♦ Quality of being adequately or well qualified. ♦ Ability of an individual to perform a job properly. ♦ Set of defined behaviors that provide a structured guide enabling the identification, evaluation and development of the behaviors in individual employees. ♦ Combination of knowledge, skills, and behavior used to improve performance. 37 Performance Management 38 Performance Measurement ♦ Demonstration of Competency ♦ Ongoing Evaluation – QA Monitoring – MSP Audits – Medical Necessity Compliance – Vendor Reports – ‘Rounding’ with Reason ♦ Performance Management – Behavioral Based – Addresses Confidentiality and Security 39 Method of Evaluation ♦ Pre- and Post- Test ♦ Return Demo ♦ Direct Observation ♦ Verbal Affirmation – Sign Off 40 Employee Responsibilities ♦ ♦ ♦ ♦ ♦ ♦ Timely completion of mandatory training and education modules. Perform Medical Necessity check for outpatient procedures every time. Issue ABN when indicated. Accurate and complete documentation on MSPQ. Understand the importance of completion of MSPQ. Collaboration with Case Managers and other clinicians to ensure level of care orders are in place. ♦ Consistent review of outpatient orders and appropriate follow up for incomplete, illegible orders. ♦ Utilize solid interview techniques, adapt scripting. 41 Individual and Department Key Performance Indicators Individual KPI 1. 2. 3. 42 MSPQ audit MED Necessity ABN audit Documentation Audits a. Consents b. Place of Service Order Department KPI 1. 2. 3. MSPQ audit ABN Audit Technical Denials Performance Management Key Behaviors to ensure compliance: ♦ Adheres to the Health System’s Code of Conduct. ♦ Remains up to date and compliant with all Federal, State and Local laws, Joint Commission standards or regulatory requirements which apply to assigned area of responsibility. ♦ Ensures confidentiality of all customers/patients/residents information and that information is only available to those who have a business reason to know. ♦ Accepts responsibility for one’s actions and decisions. ♦ Builds trust and maintains consistency through words and actions. 43 Improvement Needed Behaviors ♦ Fails to follow laws, regulations or Health System policies consistently. ♦ Demonstrated by: – Sub par auditing results – Less that 100% MSP completion – Failure to check Medical Necessity or issue an ABN 100% of time 44 Access Leadership Responsibilities ♦ Develop policies. ♦ Communicate, Communicate, Communicate! – Disseminate Information to staff. ♦ Measure Results. – Improved Performance – Reduction in Denials ♦ Audit. – Round – Individual and Department Performance ♦ Review results with staff, coach, and mentor. ♦ Report results to Sr. Leadership. 45 Training Tool Kit ♦ ♦ ♦ ♦ ♦ ♦ ♦ 46 Department Orientation Check List Training Module Documentation Competency Validation, Inventory, and Tracking Sheet Performance Management Evaluation Criteria Applicable Policies and Procedures Trainer Evaluation Sign In Sheet Benefits of an Effective Training Program Employee Organization ♦ Employee Satisfaction ♦ Professionalism ♦ Professional Development ♦ Financial Security – Reduced denials – Less turnover – No penalties ♦ Builds credibility ♦ Employer Satisfaction ♦ Improved Outcomes Patient ♦ Patient Satisfaction ♦ Safety and Quality ♦ Positive Outcomes ♦ Dignity and respect 47 Unintentional Consequences – failure to comply ♦ Incorrect data validation – risk of privacy breach Ask Don’t Tell Campaign ♦ Medical Necessity Checks on limited number of procedures ♦ Physician Selection errors - *Safety and Privacy ♦ Incorrect Guarantor listing ♦ Opt Out Vulnerability - *Safety 48 References ♦ ♦ ♦ ♦ ♦ 49 www.cms.gov www.emtala.com www.ftc.gov www.hhs.gov/ocr/privacy/hipaa/enforcement/examples www.racmonitor.com/news/33-top-stories/347-understanding-theimportance-of-patient-access-in-the-rac-process Contact Information Betsy Keating RN CHAM Senior Consulting Manager IMA Consulting bkeating@ima-consulting.com 484-832-8149 50