Compliance
Alliance
Compliance Alliance
U.B. Associates, Inc.
Second Quarter - 2011
Volume 5, Number 2
In This Issue:
Compliance – Back to Basics
 Compliance-Back to
Basics
In this issue we are going “back to basics” with some topics or issues that necessitate
occasional reminders for everyone.
 Coding Corner:
Revisiting Signature
Rules
FPMP Compliance Plan: Although compliance plans/programs for physician practices
were once strongly advised but optional, the passage of the Patient Protection and
Affordable Care Act of 2010 has made them MANDATORY. It is now more important than
ever that every employee be well-versed on UBMD’s Compliance Plan. This includes
physicians, NPs, billers, receptionists, and everyone in-between. Our Compliance Plan
should be a part of all new employees’ training. It is imperative that all employees, new
and existing, know how to proceed correctly if and when certain circumstances arise.
 Quarterly Quote
 Compliance/Coding
Q&A
 Q&A: Answers to
2011 1st Quarter Quiz
 2011 2nd Quarter
Quiz
By: Sue Marasi, CPC-A, Compliance Administrator
All employees should have quick access to our Compliance Plan for reference purposes.
If you do not have a hard copy in your office, our Compliance Plan can be found on our
new website: http://ahc.buffalo.edu/compliance.php
Outside Investigations: As our Compliance Plan states, all practice plans “are subject to
announced and unannounced audits, surveys, and investigations by government
agencies.” Those agencies could include the OIG and OMIG, among others, and could be
in the form of a letter or personal visit by a governmental official.
According to our Compliance Plan, all practice plans are required to cooperate with
appropriately authorized investigations, and appropriate response to an investigative
inquiry requires strict adherence to the laws and other guidance; therefore, if you
receive a letter from a government agency requesting information, you should always
IMMEDIATELY contact Compliance Officer, Brigid Maloney, BEFORE taking any action,
no matter how simple the request may seem. Should an investigator show up at your
office, you should follow these steps:
1) obtain identification of individuals and review documents authorizing
investigation;
2) request the purpose of the investigator’s visit and specifically with whom the
investigator desires to speak;
3) notify Compliance Officer, Brigid Maloney, and your practice plan president or
administrator immediately, and inform the investigator that FPMP policy requires
you to contact these people prior to allowing investigation to begin;
4) assure full cooperation with investigators within the scope of the investigation;
5) remove all non-essential personnel from the area involved in investigation;
6) suspend any routine destruction of records during investigation;
7) maintain a log of all events associated with the investigation;
8) staff members have the right to speak to any investigator they choose, but they
have the equal right to decline to be interviewed or to ask investigator to
schedule the interview at a later date.
In summary, requests from OIG or OMIG that are handled inappropriately can result in
unnecessary fines and other avoidable penalties; therefore, we cannot stress enough how
important it is that you contact Compliance Officer Brigid Maloney immediately and
prior to any action should you be contacted by anyone regarding any investigation.
HIPAA: We’ve all heard the saying “curiosity killed the cat”. Well, curiosity in your
workplace could cost you your career, and worse. Health care entities could face costly
fines for HIPAA violations. Three fairly recent cases involving HIPAA violations illustrate
the seriousness of HIPAA enforcement.
Locally, in March, a well-known sports figure passed away. Shortly after, two employees
of a local medical insurance company were fired from their jobs after they
inappropriately accessed the medical records of the deceased, a violation of the
company’s HIPAA privacy and security policy.
Have a topic regarding
compliance or coding that
you would like to see
covered in Compliance
Alliance?
We are always looking
for suggestions!
Please send yours to Sue
Marasi in the Compliance
Office.
************
Quarterly Quote:
"It takes 20
years to build a
reputation and 5
Earlier this year, Cignet Health of Prince George’s County, Maryland was issued a Notice
of Final Determination by the U.S. Department of Health & Human Services (HHS) Office
for Civil Rights (OCR) for violations of the HIPAA Privacy Rule. This case represents the
first civil monetary penalty (CVP) issued by HHS for HIPAA Privacy Rule Violations. After
receiving individual complaints filed by patients stating that they were denied access to
their medical records when requested, an investigation was initiated. The HIPAA Privacy
Rule requires such records be given to patients within 30 days, and no later than 60 days,
of the patient’s request. The CVP for these violations was $1.3 million.
Additionally, Cignet failed to cooperate with OCR’s investigation and failed to produce
records demanded in the investigation. Even after finally producing the records in
response to an OCR subpoena, OCR found that Cignet failed to cooperate on a continuing
basis for several weeks. The HIPAA Privacy Rule, under law, requires entities to
cooperate with such investigations. The CVP for these violations was $3 million.
Also earlier this year, Massachusetts General Hospital (MGH) agreed to pay the U.S.
Government $1 million to settle potential violations of the HIPAA Privacy Rule. The
agreement also required MGH to enter into a Corrective Action Plan to develop and
implement policies and procedures to safeguard the privacy of its patients. The
investigation in this case was also in response to a complaint filed by a patient whose
protected health information (PHI) was lost. The PHI of 192 patients was lost. An
investigation by OCR indicated that MGH failed to implement reasonable and appropriate
safeguards to protect the privacy of PHI when removed from the hospital’s premises, and
impermissibly disclose PHI, which potentially violated the HIPAA Privacy Rule. The
documents containing the PHI were left on a subway train by a hospital employee, and
were never recovered.
Statements made by contributors to articles related to these cases had a common
theme: Ensuring peoples’ personal health information privacy is vital. We in the health
care field have a prominent responsibility to protect our patients’ health information.
minutes to ruin
Coding Corner: Revisiting Signature Rules
it."
By: Beverly Welshans, CCSP, CPC, CPCH, CPCI, UBMD Director of Audit & Education
~ Warren Buffet
Beverly is out of the office for a brief period, so we have decided to re-run one of
her previous articles regarding signature rules.
The contractors who review Medicare claims, such as MAC’s, CERT contractors and RACs
(Recovery Audit Contractors), are assigned the task of detecting and correcting improper
payments and/or identifying fraud in the Medicare Fee for Service Program. They rely
solely on the documentation in the medical record to support the charges submitted.
CMS requires that all services provided and/or ordered be validated by a signature from
the author. In the medical review process questions arise when there is not a legible
signature identifying the provider.
Earlier this year The Centers for Medicare & Medicaid Services (CMS) provided
clarification on steps these contractors should take to validate an “illegible identifier”
for the provider of the service. (CR 6698: implementation date April 16, 2010). One of
their many recommendations pertains to signature logs. In some situations, the provider
may be issued a notice giving them the opportunity to provide a signature log within 20
calendar days to support their claim. Reviewers will consider all submitted signature
logs regardless of the date they were created. A best practice might be to create a
signature log for each provider containing their printed name followed by every possible
variation of their signature. Taking this simple step now may reduce potential take
backs in the future.
*********************
Your Compliance & Coding Questions
Do you have a question regarding coding or compliance that you
always wanted to know but were afraid to ask? Now is your
chance to ask them! Please send any questions you may have on
any coding or compliance topic, general or specific, to Sue Marasi
at: smmarasi@buffalo.edu If you would prefer to remain
anonymous, you may send questions to the Compliance Office.
CONTACT US:
UB Associates, Inc.
UB Downtown
Gateway Bldg.
77 Goodell St., Suite 310
Buffalo, NY 14203
Fax: 716-849-5620
Brigid M. Maloney,
Compliance Officer
Phone:
716- 888-4705
E-mail:
bmaloney@buffalo.edu
♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦
Suzanne M. Marasi,
Compliance Administrator
Phone:
716-888-4708
E-mail:
smmarasi@buffalo.edu
♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦♦
Bev Welshans
Director of Audit &
Education
Phone:
716-888-4702
E-mail:
welshans@buffalo.edu
*****************
Check out our new
website at:
http://ahc.buffalo.edu/
compliance.php
(It is accessible,
but still in process
of being updated.)
Q: I know that if an institution is found guilty of employing an excluded
individual, the institution can be heavily fined. But what causes exclusion?
A: Mandatory exclusions, which are no less than 5 years, can result from: conviction
of health care program-related crimes; conviction relating to patient abuse; Felony
conviction relating to health care fraud; and Felony conviction relating to controlled
substance. Permissive exclusions, in which the period varies according to the
nature of the offense, can result from: conviction relating to fraud; conviction
relating to obstruction of an investigation or audit; misdemeanor conviction relating
to controlled substance; health care license revocation or suspension;
exclusion/suspension under a federal or state health care program; claims for
excessive charges or unnecessary services, and failure to furnish medically
necessary services; fraud, kickbacks, and other prohibited activities; entities
controlled by sanctioned individual; failure to disclose required information; failure
to supply information on subcontractors and suppliers; failure to supply payment
information; failure to grant immediate access; failure to take corrective action;
default on health education loan or scholarship obligations; individuals controlling a
sanctioned entity.1
Answers to 2011 First Quarter Quiz:
1. OIG is not concerned with how physician specialty and diagnosis affect lab
test ordering. False
2. New focus areas of the OIG for providers/suppliers include: d. Both a and
b
3. One who follows the doctor around and writes, word for word, what the
doctor says as he is examining the patient is called a: c. Scribe
4. Residents, interns and fellows may not act as scribes. True
5. Physicians are classified as creditors, and therefore are required to follow
the Red Flags Rule. False
1
Compliance Today, March 2011
Second Quarter 2011 Quiz
(Please fill in ALL fields and print clearly to assure proper credit is given to you.)
Name:
Practice Plan:
Date:
1. True or False: Passage of the Patient Protection and Affordable Care Act of 2010 has made it
mandatory to have an effective compliance plan/program in place.
2. True or False: If you receive a letter from a government agency requesting information, you
should always contact Compliance Officer Brigid Maloney before taking any action.
3. HIPAA violations could result in:
a.
b.
c.
d.
Job loss
Monetary fines
Both a and b
None of the above
4. True or False: In regards to signature rules, CMS requires that all services provided and/or
ordered be validated by a signature from the author.
5. Reasons for mandatory exclusions include:
a.
b.
c.
d.
Conviction relating to fraud
Conviction relating to obstruction of an investigation or audit
Failure to take corrective action
All of the above
****************************************
Once you have completed this quiz, please return it to Sue Marasi
via e-mail (smmarasi@buffalo.edu) or fax: 849-5620
to be graded and recorded with your compliance education credits.
A score of 80% (4/5 correct) or higher is required to receive .25 hour credit toward your 2 hour biannual compliance
education requirement.