Developments in Health Care posts by Searfoss and Associates, LLC
Tuesday, October 11, 2011
Friday, October 7, 2011
5 year record retention for Maryland
Ever wonder how long to keep medical records? In Maryland, the requirement is generally for 5 years. For pediatric patients, records are kept until the patient is 21 years of age, or for 5 years, whichever is longer. Its a very straightforward rule. See below, item F (emphasis added).
The section also clarifies what needs to be in the record. See item B (emphasis added). This is the standard that is used by the Board of Physicians in their investigations of licensed medical professionals.
COMAR
TITLE 10 Department of Health and Mental Hygiene
07.02.20
The section also clarifies what needs to be in the record. See item B (emphasis added). This is the standard that is used by the Board of Physicians in their investigations of licensed medical professionals.
COMAR
TITLE 10 Department of Health and Mental Hygiene
07.02.20
Clinical Records.
A. Records for all Patients. Records for all patients shall be maintained in accordance with accepted professional standards and practices.
B. Contents of Record. Contents of record shall be:
- Identification and summary sheet or sheets including patient's name, social security number, armed forces status, citizenship, marital status, age, sex, home address, and religion;
- Names, addresses, and telephone numbers of referral agencies (including hospital from which admitted), personal physician, dentist, parents' names or next of kin, or authorized representative;
- Documented evidence of assessment of the needs of the patient, of establishment of an appropriate plan of initial and ongoing treatment, and of the care and services provided;
- Authentication of hospital diagnoses (discharge summary, report from patient's attending physician, or transfer form);
- Consent forms when required (such as consent for administering investigational drugs, for burial arrangements made in advance, for release of medical record information, for handling of finances);
- Medical and social history of patient;
- Report of physical examination;
- Diagnostic and therapeutic orders;
- Consultation reports;
- Observations and progress notes;
- Reports of medication administration, treatments, and clinical findings;
- Discharge summary including final diagnosis and prognosis;
- Discipline assessment; and
- Interdisciplinary care plan.
C. Staffing. An employee of the facility shall be designated as the person responsible for the overall supervision of the medical record service. There shall be sufficient supportive staff to accomplish all medical record functions.
D. Consultation. If the medical record supervisor is not a qualified medical record practitioner, the Department may require that the supervisor receive consultation from a person so qualified.
E. Completion of Records and Centralization of Reports. Current medical records and those of discharged patients shall be completed promptly. All clinical information pertaining to a patient's stay shall be centralized in the patient's medical record.
F. Retention and Preservation of Records. Medical records shall be retained for a period of not less than 5 years from the date of discharge or, in the case of a minor, 3 years after the patient becomes of age or 5 years, whichever is longer.
G. Current Records—Location and Facilities. The facility shall maintain adequate space and equipment, conveniently located, to provide for efficient processing of medical records (reviewing, indexing, filing, and prompt retrieval).
H. Closed or Inactive Records. Closed or inactive records shall be filed and stored in a safe place (free from fire hazards) which provides for confidentiality and, when necessary, retrieval.
Monday, September 12, 2011
Article on private payer quality programs (subscription)
Read the Part B News article by Grant Huang. It features quotes from me, Anders Gilberg and Larry Epstein. No, I swear I didn't influence the list of interviewees!
09/12/2011
Monday, August 29, 2011
Article on fraud and abuse in MD MGMA MediNews
Thanks to the Maryland Medical Group Management Association for publishing this article. Its on page 10. Love international intrigue.
The International Industry of Mystery: Medicare Fraud
July-August 2011
The International Industry of Mystery: Medicare Fraud
July-August 2011
Tuesday, August 23, 2011
Two articles on my view of ICD-10 implementation
Thanks to ICD-10 Watch for interviewing me after the Centers for Medicare & Medicaid Services (CMS) call on ICD-10. I felt it could have been soo much better! And here are some of comments to their reporter after the call.
ICD-10 Superbill: Will superbills survive ICD-10 implementation?
ICD-10 Implementation: How to get your staff ready to use ICD-10 codes
Tuesday, May 31, 2011
The Crystal Ball Was Right! First reg overview - Privacy
My last installment was apparently more timely than I realized! In that edition, I provided an overview of upcoming regulations to pay attention to. Today, two of those regulations appeared in the Federal Register:
Over the next several days, I will be breaking down these proposed rules. This first blog will break down the proposed privacy regulation.
Designated Record Set defined
The Agency believes that this term limits the scope of PHI subject to accounting for both covered entities and business associates. "Designated record sets include the medical and health care payment records maintained by or for a covered entity, and other records used by or for the covered entity to make decisions about individuals. [...] We believe that this information which forms the basis for covered entities' health care and payment decisions about the individual, generally represent the protected health information that is of most interest to the individual." 76 FR 31430 Already defined in 45 CFR 164.501, "Designated record set means:
An interesting proposed change in the regulation would alter the responsibility of accounting. Specifically, "a covered entity would not be required to account or a business associate's disclosure of information outside of a designated record set." This is an important change. While the Business Associate is still responsible for accounting purposes and thus reporting of unauthorized access and disclosures outside of the designated record set, the covered entity that they are working with does not need to mirror records for anything other than the designated record set. This appears to streamline the rule and may decrease the accounting burden on covered entities.
Time period of accounting
This is a significant change and will likely have a positive affect on the health care industry. The proposed regulation reduces the period for PHI disclosure accounting from six years to three years. Of note however, "We believe that it is appropriate to maintain a consistent accounting time period for all types of disclosures." So this requirement applies to both written and electronic PHI.
Bootstrapping paper records under this law
Although a predictable attempt of the Agency, I'm not sure if this proposed change is going to fly. The rule notes that "Disclosures to carry out treatment, payment and heath care operations as provided in section 164.506 would continue to be exempt for paper records." 76 FR 31432 Yet it notes, "in accordance with section 13405(c) of the HITECH Act, an individual would be able to obtain information (such as the name of the person accessing the information) for all access to electronic protected health information stored in a designated record set for purposes of treatment, payment and health care operations."
The way I read this, the Agency is using the "designated record set" to parse the information included in the accounting requirement. Consider the following scenario: as a medical office, you contract with a clearinghouse to take your paper claims and convert them to electronic records. As part of one claim, you are requested by the health plan to submit medical records. Your office faxes them over which is converted into an electronic file that is stored on the health plan's system. Because a Business Associate (the clearinghouse) converts the medical claim, which is part of the designated record set, this seems to fit into the new scope of required accounting. Further, because the health plan (also a covered entity) has converted previously paper medical records to an electronic format, it would also seem that this format is too included in the scope. I hope that HHS is working on a telepathy module for us all to download into our brains to know when our business partners convert information that is sent to them to electronic formats.
Easing time period accounting
A very good development in the proposed rule is to permit multiple disclosures to the same individual for the same purpose to reflect a time period. For example, "three disclosures that began in January 2010 and ended in May 2010 could be described as "between January 2010 and May 2010." For individual disclosures, new flexibility is permitted with "a month and year (e.g., December 2010), or a date range (e.g., December 1, 2010 and December 15, 2010" when the exact date of disclosure is not known. Further, the dates may be descriptive if it is part of normal business practices such as "within 15 days of discharge." 76 FR 31434.
Accounting of disclosures that do not compromise the security or privacy of patient information
In instances where disclosures would put another patient in jeopardy of identity disclosure, the proposed rule would permit generic terms to describe who the information was disclosed to. "For example, if a physician's office mistakenly sends an appointment reminder to the wrong patient (and determines that the impermissible disclosure does not require breach notification because it does not compromise the privacy or security of the information), then the accounting may indicate that the disclosure was to "another patient."
[Part II will be posted soon.]
- HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Acts
- Permanent Certification Program for Health Information Technology; Revisions to ONC-Approved Accreditor Processess
- Five Year Review of Work Relative Value Units Under the Physician Fee Schedule appearing June 6
- Proposed Changes to Electronic Prescribing Incentive Program appearing June 1
Over the next several days, I will be breaking down these proposed rules. This first blog will break down the proposed privacy regulation.
This is a notice of proposed rulemaking which outlines implementation aspects of requirements from the Health Information Technology for Economic and Clinical Health Act (HITECH). However, the U.S. Department of Health and Human Services (HHS) "proposes to expand the accounting provision [of protected health information (PHI) disclosure] to provide individuals with the right to receive and access report indicating who has accessed electronic protected health information in a designated record set." 76 FR 31426
If you wish to submit comments on the regulation, they are due Aug. 1, 2011.
The Agency in an aside makes it clear why this regulation matters: "an individual is seeking information on why she has recently begun to receive information related to her health condition from a third party." This begs the question of what are you doing in your office to explain your care coordination procedures? You know your patients don't take time to read the Privacy Notice fully. You can prevent concern up front.
Considerations to think about
This is a proposed rule, so none of these changes are final. However, consider the following:
- While you hand out your annual Notice of Privacy Practices, does your office explain how you and others on the care team (including the health insurer) may reach out directly or with a third-party about their condition? For example, I still get tons of calls about my asthma which is seasonal and I spend a great deal of time explaining that its under control and I am prepared every year for it with the onslaught of pollen. If I didn't know that the health plan does data mining and outsources these chronic condition programs to a third party, I would be livid that my medical record was disclosed (I could believe that it was sold). Instead, I do my best to tell the nurses that I am a good patient.
- Have you worked with the patients who have to date received the disclosure accounting information to find out if the format and information is helpful? Its worthwhile to find out if there are things you can do to make it more transparent and simple to use.
- As part of your EMR stimulus dollar purchase, have you asked your vender about disclosure tracking?
Overview of Proposed Changes
- A patient's individual right to access a written accounting of disclosures explained in a standardized "access report"
- Accounting is for both written and electronic protected health information within a "designated record set"
- Applies "when any person accesses an electronic designated record set, whether that person is a member of the workforce or a person outside the covered entity"
- Defines what needs to be included in the accounting, noting too that "impermissible disclosures that id not rise to the level of breach" are covered
- Disclosure accounting for three instead of six years
- Revision to the annual HIPAA Privacy Notice requirements
Quick background
The "Kennedy-Kassebaum bill", also known as the Health Insurance Portability and Accountability Act (HIPAA), not only modified how COBRA is administered but in a few pages established standardized electronic transactions, significant privacy regulations and security requirements for "protected health information (PHI)". This legislation established what arguably is the modern medical industry backbone for health care transactions and business operations.
Covered entities are the parties that engage in health care, such as health plans, health care providers and those professionals directly involved in treatment, payment or other health care operations. Business associates are the third parties that come in touch with the PHI that comes out of the patient encounters described above. Business associates include (but are not limited to) claims billing services, chart abstraction services, dictation services, etc.
The Agency believes that this term limits the scope of PHI subject to accounting for both covered entities and business associates. "Designated record sets include the medical and health care payment records maintained by or for a covered entity, and other records used by or for the covered entity to make decisions about individuals. [...] We believe that this information which forms the basis for covered entities' health care and payment decisions about the individual, generally represent the protected health information that is of most interest to the individual." 76 FR 31430 Already defined in 45 CFR 164.501, "Designated record set means:
- A group of records maintained by or for a covered entity that is:
(i) The medical records and billing records about individuals maintained by or for a covered health care provider;
(ii) The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
(iii) Used, in whole or in part, by or for the covered entity to make decisions about individuals.
- For purposes of this paragraph, the term record means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a covered entity.
An interesting proposed change in the regulation would alter the responsibility of accounting. Specifically, "a covered entity would not be required to account or a business associate's disclosure of information outside of a designated record set." This is an important change. While the Business Associate is still responsible for accounting purposes and thus reporting of unauthorized access and disclosures outside of the designated record set, the covered entity that they are working with does not need to mirror records for anything other than the designated record set. This appears to streamline the rule and may decrease the accounting burden on covered entities.
Time period of accounting
This is a significant change and will likely have a positive affect on the health care industry. The proposed regulation reduces the period for PHI disclosure accounting from six years to three years. Of note however, "We believe that it is appropriate to maintain a consistent accounting time period for all types of disclosures." So this requirement applies to both written and electronic PHI.
Bootstrapping paper records under this law
Although a predictable attempt of the Agency, I'm not sure if this proposed change is going to fly. The rule notes that "Disclosures to carry out treatment, payment and heath care operations as provided in section 164.506 would continue to be exempt for paper records." 76 FR 31432 Yet it notes, "in accordance with section 13405(c) of the HITECH Act, an individual would be able to obtain information (such as the name of the person accessing the information) for all access to electronic protected health information stored in a designated record set for purposes of treatment, payment and health care operations."
The way I read this, the Agency is using the "designated record set" to parse the information included in the accounting requirement. Consider the following scenario: as a medical office, you contract with a clearinghouse to take your paper claims and convert them to electronic records. As part of one claim, you are requested by the health plan to submit medical records. Your office faxes them over which is converted into an electronic file that is stored on the health plan's system. Because a Business Associate (the clearinghouse) converts the medical claim, which is part of the designated record set, this seems to fit into the new scope of required accounting. Further, because the health plan (also a covered entity) has converted previously paper medical records to an electronic format, it would also seem that this format is too included in the scope. I hope that HHS is working on a telepathy module for us all to download into our brains to know when our business partners convert information that is sent to them to electronic formats.
Easing time period accounting
A very good development in the proposed rule is to permit multiple disclosures to the same individual for the same purpose to reflect a time period. For example, "three disclosures that began in January 2010 and ended in May 2010 could be described as "between January 2010 and May 2010." For individual disclosures, new flexibility is permitted with "a month and year (e.g., December 2010), or a date range (e.g., December 1, 2010 and December 15, 2010" when the exact date of disclosure is not known. Further, the dates may be descriptive if it is part of normal business practices such as "within 15 days of discharge." 76 FR 31434.
Accounting of disclosures that do not compromise the security or privacy of patient information
In instances where disclosures would put another patient in jeopardy of identity disclosure, the proposed rule would permit generic terms to describe who the information was disclosed to. "For example, if a physician's office mistakenly sends an appointment reminder to the wrong patient (and determines that the impermissible disclosure does not require breach notification because it does not compromise the privacy or security of the information), then the accounting may indicate that the disclosure was to "another patient."
[Part II will be posted soon.]
"Got arrested. Almost lost a patient. Doesn't take a lot of beer to cause a lot of trouble."
Monday, May 23, 2011
Looking into the future: the 2011 regulatory calendar
The coming year includes a number of interesting regulatory releases that will, if nothing else, compete well with my marathon plan of reading all of Jane Austen’s books in 2011. And like normal, I expect most if not all to be delayed.
For example, the Centers for Medicare & Medicaid Services (CMS) sent the final Rural Health Clinic rule to the Office of Management and Budget (OMB), which must review all regulatory publications prior to release, ages ago. So long ago, that if the rule is not published by June 27 of this year, three years after the second Notice of Proposed Rule Making was published, the agency must start all over again. It’s the fun of regulatory work and the guidelines established by Congress.
What should you expect in 2011? The normal annual publications will come out like the in- and out-patient hospital rules along with the physician fee schedule. Looking into my crystal ball, other regulations of note include:
- Five Year Review of Work Relative Value Units (CMS-1582-PN). Scheduled for March, this notice will likely be published with the proposed physician fee schedule (usually August) or before and will address how CMS should update the work values for the codes covered by Medicare.
- Changes to Electronic Prescribing Incentive Program for Calendar Year 2011 (CMS-3248-P). Received by OMB May 2. This proposed rule likely will address concerns raised over the Medicare 2010 program which provides a 2 percent bonus payment for meeting the reporting threshold.
- Elimination of the Requirement for Termination of Non-Random Prepayment Complex Medical Reviews (CMS-6022-F2). Received May 5. This is a second final rule to the Sept. 26, 2008 final rule which implemented requirements from Section 934 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108-173). The law added a new subsection regarding random prepayment reviews and non-random prepayment complex medical reviews, and requiring CMS to establish termination date(s) for non-random prepayment complex medical reviews. The second final rule will likely address questions and concerns raised in public comments to the proposed and final rules as well as concerns raised by Medicare contractors.
- Availability of Medicare Data for Performance Measurement (CMS-5059-P). Received May 11 as a proposed regulation; anticipated publication date of May 2011 has a few days left. Rule likely will address how Medicare will share data as part of the Medicare quality programs implemented as part of health reform, and possibly how data exchanges such as Regional Health Information Organizations can use Medicare data. Even better will be if it includes how Medicaid programs should release their information! The more bland summary states: “this rule would authorize the release and use of standardized extracts of Medicare claims data to measure the performance of providers and suppliers in ways that protect patient privacy and in accordance with other requirements.”
- HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Acts. Received Feb 9 as a proposed rule and related to the publication from May 2, 2010. Anticipated publication date of June 2011. This regulation is the much-anticipated update of the privacy regulations for the accounting of disclosures provisions of section 13405(c) of the Health Information Technology for Economic and Clinical Health Act.
As you can see, there are several significant regulations that are anticipated over the summer. Stay tuned for analysis of these, and other, regulations affecting physicians and other health care providers.
“Went to see Batman. Parked at Mission Point. Removed Wanda’s appendix. Broke up. Got back together. What can I say? Just your average weekend.”
- Personal Journal of Doogie Howser, M.D. , Oct. 17/18, 1989, “A Stitch Called Wanda” episode 3, Season 1.
Wednesday, May 18, 2011
ACOs vs Medical Homes: Definitions Matter
If you haven’t already figured out, each of my blog entries will feature a quote from the sitcom Doogie Hoswer, M.D. Watching the show again, thanks to Hulu, I remember why I wanted to be a doctor and very intimately why I decided to become a health care attorney. But the reason I am including the quotes here, and references are even simpler – I’ve called 2011 the year of “Back to the Future”. So be it Michael J. Fox or Neil Patrick Harris, the 1980s are upon us in a brave new way.
I know you have already heard this term “accountable care organization”; the latest buzz word in health care. The term is attributed to Elliott Fisher of Dartmouth and Mark McClellan, the former director of the Centers for Medicare & Medicaid Services (CMS), now at the Brookings Institution. Pulled from academic work directly into the health reform bill, Section 3022 of Public Law 111-148, describes ACOs as a delivery organization supporting “a shared savings program […] that promotes accountability for a patient population and coordinates items and services […] and encourages investment in infrastructure and redesigned care processes for high quality and efficient service delivery. Groups of providers of services and suppliers may work together to manage and coordinate care.”
So how is this different from the medical home model and the capitation reimbursement model or what we already went through during the 1980 and early 1990s? That is a great question and I think a number of lawmakers and other health care influencers have it mixed up. Definitions do matter and confusion will only make things more difficult to implement.
Let’s break it down with a crib sheet version you can post on your wall:
Capitation = Flat payment made per member (patient) per month and requires members to stay within a defined network or group of health care providers. The model requires the coordination of a full spectrum of inpatient, outpatient, primary and specialty care services to keep medical costs within the contracted rate (profitable), with shared savings distributed among the service providers/suppliers and the insurer. Risk is assumed (with some adjustment based on patient comorbidities acknowledged through claims) by the provider.
ACO = Capitation but not captive patient population. Patients may move from one ACO to another or a non-ACO provider. Shared savings based on separately defined quality metrics (unique to ACO; not in capitation model).
Medical Home = Per click payment for care coordination of a defined patient population based on primary care providers coordinating specialty care. Shared savings are supplemental and may be based on quality metrics.
The distinctions here are significant. Models that discuss a single-specialty only could be a Medical Home model where specialty care is coordinated and outsourced. However, these models (I have heard discussion of a pediatrics ACO model for instance) seem to not meet the definition outlined above or monetarily make sense as the pediatricians would still need to contract with other specialists that are willing, qualified and able to treat their under 18 population. Likely, these entities will want in on the shared savings, or more importantly the ACO provider will want the others to have skin in the game to keep costs appropriate. Instead, a pediatrics Medical Home model does seem plausible and a defined patient demographic could augment the sustainability (and predictability) of the model.
Also of note, these terms are being applied by not only Medicare. Private insurance companies are beginning pilots in the models. Medicaid programs are likely to follow as states are looking for new ways to cut state expenditures. Thus, the definitions are again VERY important as we are not just in the proverbial “Kansas” of Medicare any longer.
Other than what I believe is the misuse of the terms, a notable change in our blast-from-the-past experiment is whether the non-captive patient population of the new ACO model will work. I am glad to have a court-side seat to witness the successes and failures of this go-around. And have already ordered my several year supply of kettle corn for munching through the commercials and a pair of ruby slippers when the experiment gets a little too trippy for my tastes.
“Today I made my first really adult decision. I decided to stay a kid a little while longer.”
Tuesday, May 17, 2011
New video blog - first installment on EHR Incentive Program clarification
During the May 3 and May 5, 2011 educational conference hosted by the Centers for Medicare & Medicaid Services (CMS) for the EHR Incentive Program, CMS staff answered the following question: "Will Medicare HMO or privately insured patients be included in my Medicare patient calculation for quality assessment"? Their answer was "This program only applies to Medicare Part B."
I could hear people scratching their head.
So this video posted online attempts to answer the question in plain language.
Simply, the answer is no. Medicare HMO patients are enrolled under Medicare Part C which is not in-scope for this program. This means that only traditional Medicare patients will be included in your population calculation.
I could hear people scratching their head.
So this video posted online attempts to answer the question in plain language.
Simply, the answer is no. Medicare HMO patients are enrolled under Medicare Part C which is not in-scope for this program. This means that only traditional Medicare patients will be included in your population calculation.
Monday, May 16, 2011
Future installments of this blog
While I always intended my blog to be more like the random thoughts of Doggie Howser (if you don’t know what I am talking about, you need to brush up on your random TV trivia!), I will do my best on this blog to focus on professional ramblings that might be of interest to others. I will also coordinate the postings here with those on Twitter. But in the meantime, I will include nostalgic aspects of starting my health career with Neil Patrick Harris who played a boy genius and all around good kid.
So what can you expect from this blog? Every week, atleast two articles will be posted that focus on current events in health care. Most will focus on federal work, although some will focus on developments in the State of Maryland but will always include a broader impact. Topics that appeal to a broader audience (including patients) and are of a short nature will be featured in podcast format on YouTube.
Some topics that I already have planned are:
- Accountable Care Organizations and how they differ from other models already started, like Medical Homes
- Calendar of federal regulations for 2011
- Assignment of Benefits, also known as “Pay the Employee”
Upcoming regulations that are scheduled to come out:
- HIPAA Privacy update
- Standardization of EOBs
- Health insurance transparency
- OIG Civil Monetary Penalty enforcement
If you have suggestions on topics, please email them to info@SearfossAssoc.com and I will work them into the publication schedule. As noted in the Content Sharing Policy, you may feel free to link and print this content. If you want to republish it, please follow the publication instructions.
“Kissed my first girl. Lost my first patient. Life will never be the same again…”
- Personal Journal of Doogie Howser, M.D. , Sept. 22, 1989, “Pilot” episode 1, Season 1.
Friday, May 6, 2011
Grand opening!
It is with great pleasure that I announce the formation of the new firm, Searfoss & Associates, LLC which will officially open on Monday, May 9. The Maryland law firm will focus on legal, legislative and regulatory issues affecting individual and group health care providers and integrated health systems.
In this new adventure, I am committed to providing my clients with superior client relations - catering communication and engagement styles to the client needs - while continuing my advocacy to improve the health care industry.
The firm's website is SearfossAssoc.com. The website will be frequently updated with news on current developments in health care. Stay up-to-date on the latest! Sign up to receive emails updates or follow the firm on Twitter at SearfossAssoc, Facebook and LinkedIn.
My contact information is listed below for your convenience. I appreciate your continued support and referrals!
Jennifer L. Searfoss, Esq., C.M.P.E.
Principal
o 443-837-5548
jen@searfossassoc.com
In this new adventure, I am committed to providing my clients with superior client relations - catering communication and engagement styles to the client needs - while continuing my advocacy to improve the health care industry.
The firm's website is SearfossAssoc.com. The website will be frequently updated with news on current developments in health care. Stay up-to-date on the latest! Sign up to receive emails updates or follow the firm on Twitter at SearfossAssoc, Facebook and LinkedIn.
My contact information is listed below for your convenience. I appreciate your continued support and referrals!
Jennifer L. Searfoss, Esq., C.M.P.E.
Principal
o 443-837-5548
jen@searfossassoc.com
Subscribe to:
Posts (Atom)