Chapter 1
Coding as a Profession
Each time you receive healthcare, a record is maintained of the resulting observations, medical or surgical interventions, and treatment outcomes. This medical record includes information concerning your symptoms and medical history, the results of examinations, reports of X-rays and laboratory tests, diag- noses, and treatment plans.
At its most basic, coding is the process of translating this written or dictated medical record into a series of numeric or alpha-numeric codes. There are separate code sets to
describe diagnoses, medical and surgical services/procedures, and supplies. These code sets serve as a common shorthand language to ease data collection (for example, to track disease), to evaluate the quality of care, and to determine costs and reimbursement.
Coders may use several coding systems, such as those required for ambulatory settings, physician offices, or long-term care. Most coders specialize in coding patients’ medical information for insurance purposes. Physician-based coders review charts and assign CPT®, HCPCS Level II, and ICD-10-CM codes (about which you will learn more later) for insurance billing. Because coding is tied directly to reimbursement, codes must be assigned correctly to ensure physician livelihood.
Proper code assignment is determined both by the content of the medical record and by the unique rules that govern each code set. Coding rules also may vary depending on who pays for the patient care. For instance, government programs such as Medicare may follow different guidelines than commercial insurers.
Medical care is complex and variable, as are coding requirements. Exceptional precision is required to select appropriate codes. Coders must master anatomy and medical terminology, and must be detail-oriented. Seemingly subtle differences
in language, a patient’s condition, or the care provided can change code selection completely.
Technicians who specialize in coding are medical coders or coding specialists. Medical coders assign a code to each diagnosis, service/procedure, and (when applicable) supply, using classification systems. The classification system determines the amount healthcare providers will be reimbursed if the patient is covered by Medicare, Medicaid, or other insurance programs using the system.
The Business of Medicine
If the medical record is inaccurate or incomplete, it will not translate properly to the language of codes and reimbursement for services may be lost. The coder must evaluate the medical record for completeness and accuracy and communicate regularly with physicians and other healthcare professionals
to clarify diagnoses or to obtain additional patient information. Coders may use computer programs to tabulate and analyze data to improve patient care, for better control of cost, to provide documentation for use in legal actions, or use in research studies.
Technicians who specialize in coding inpatient hospital services are referred to as health information coders, medical record coders, coder/abstractors, or coding specialists. These technicians assign a code to each diagnosis and procedure, relying on their knowledge of disease processes. Coders then use classification system software to assign the patient to one of several hundred Medicare Severity-Diagnosis Related Groups, or MS-DRGs. The MS-DRG determines the amount the hospital will be reimbursed if the patient is covered by Medi- care or other insurance programs using the MS-DRG system.
Medical records and health information technicians also may specialize in cancer registry. Cancer (or tumor) registrars maintain facility, regional, and national databases of cancer patients. Registrars review patient records and pathology reports, and assign codes for the diagnosis and treatment
of different cancers and selected benign tumors. Registrars conduct annual follow-ups on all patients in the registry
to track their treatment, survival, and recovery. Physicians and public health organizations then use this information to calculate survivor rates and success rates of various treatments, locate geographic areas with high incidences of certain cancers, and identify potential participants for clinical drug trials. Public health officials also use cancer registry data to target areas for the allocation of resources to provide intervention and screening.
Regardless of the setting in which they work, continuing education is essential for coders. Code updates and policies are changed as often as quarterly, and it is important to stay abreast of these changes to ensure proper coding and reimbursement.
Widespread adoption of electronic health records (EHR)—as opposed to paper-based patient records—will continue to broaden and alter coders’ job responsibilities. For example, coders must be familiar with EHR computer software, maintaining EHR security, and analyzing electronic data to improve
healthcare information. Coders also may assist with improving EHR software and may contribute to the development and maintenance of health information networks. Finally, coders will take on an auditing role in reviewing EHR code suggestions, based on documentation.
Medical coding is a technical and rapidly-changing field that offers practitioners a variety of career opportunities. For instance, skilled coders may become consultants, educators, or medical auditors. Coding as a profession has evolved over the past several decades and will continue to do so as the business of medicine embraces new technologies, code sets, and payment methodologies.
The Difference Between Hospital and Physician Services
Outpatient coding focuses on physician services. Outpatient coders will focus on learning CPT®, HCPCS Level II, and ICD-10-CM codes. They work in physician offices, outpatient
clinics, and facility outpatient departments. Outpatient facility coders also work with Ambulatory Payment Classifications (APCs).
Inpatient hospital coding focuses on a different subset of skills. Inpatient coders work with ICD-10-CM and ICD-10-PCS. These coders also assign MS-DRGs for reimbursement. Outpatient coders usually have more interaction throughout the day, and must communicate well with physicians; inpatient coders tend to have less interaction throughout the day.
How a Physician Office Works and How the Coder Fits into It
Physician offices vary in size from a single-provider practice to multiple providers and multiple specialties. When you visit a physician, typically, a front desk person obtains your insurance and demographic information, or this information is entered electronically before your visit. After your information has been entered into the practice management system, you are seen by the provider. The provider documents the visit in your
coder. When the physician performs the coding, the coder takes on the role of auditor to verify the documentation supports the codes the physician selected. In some practices, the physician leaves the responsibility of assigning codes to a trained coding staff.
In this type of setting, the coder reviews the physician’s docu- mentation and codes the services based on what is documented in the patient record.
When the documentation has been translated into codes, the codes are attached to a fee and billed to the patient or insurance carrier, also called payer. The charges are billed to the insurance carrier using a CMS-1500 claim form. The claim form can be sent to an insurance carrier on paper or electronically. Many insurance carriers now accept only electronic claims. Electronic claims benefit the provider office
by allowing timely submissions to the insurance carrier and proof of transmission of the claim. Once the insurance carrier receives the claim, the insurance carrier uses the codes to identify the services performed and to determine payment
or denial. If a service is denied, there is additional work to validate or appeal the denial. The determination of the payer is then sent to the provider in the form of a remittance advice. The remittance advice explains the detail of outcome of the insurance adjudication on the claim, including the payment amount, denial, and/or reason for denial. The coder’s role is extremely important to proper reimbursement and the livelihood of a physician’s office.
Understanding the Hierarchy of Providers
Physician offices and hospitals are staffed by a variety of medical providers. Each provider has differing levels of education. As such, each state has guidelines for each level of provider. This is referred to as the state’s scope of practice.
Practical Coding Note
Some states provide state-specific guidelines for scope of practice for varying levels of providers. Check your state’s health board’s website for the scope of practice information.
medical record and completes an encounter form, or a form to relay the services rendered, to the front desk. Upon completion
of your exam, you check out and pay your co-pay. This process may vary from office to office, but each of these steps must be completed.
After you leave the provider’s office, someone takes the docu- mentation the provider reported and translates it into codes (CPT®, ICD-10-CM, and HCPCS Level II). This is submitted to the payer to obtain reimbursement. This translation of
the documented information from your visit is referred to as coding. Coding can be performed by the physician or the
Physicians undergo four years of college and four years of medical school, plus three to five years or more of residency. Residency is training in a specialty of practice. A physician can continue training in a subspecialty, referred to as a fellowship.
Physicians often have mid-level providers working in the same office. Mid-level providers include physician assistants (PA) and nurse practitioners (NP). Mid-level providers are known also as physician extenders because they extend the work of a physician. PAs are licensed to practice medicine with physician
supervision. A PA program takes approximately 26½ months to complete. Nurse Practitioners have a Master’s Degree in Nursing.
Mid-level providers often are reimbursed at a lower rate than physicians. Although the scope of practice varies by state, mid- level providers require oversight by a physician.
The Different Types of Payers
Although some patients pay in full for their own medical expenses, most patients have some type of insurance coverage. This is significant because individual payers may specify coding requirements in addition—or even contradictory—to those guidelines found in the CPT® and other codebooks.
Considered most simply, there are only two types of payers: private insurance plans and government insurance plans. Within each of these categories are finer distinctions.
Commercial carriers are private payers that offer both group and individual plans. The contracts they provide vary but may include hospitalization, basic, and major medical coverage.
Blue Cross/Blue Shield organizations also are private payers, and usually, operate in the state in which they are based. Blue Cross originally covered hospital benefits and Blue Shield originally covered medical and surgical benefits. They both have since expanded their coverage.
The most significant government insurer is Medicare. Medi- care is a federal health insurance program—administered by the Centers for Medicare & Medicaid Services (CMS)—that provides coverage for people over the age of 65, blind, or disabled individuals, and people with permanent kidney failure or end-stage renal disease (ESRD). CMS regulations often serve as the last word in coding requirements for Medi- care and non-Medicare payers alike. The Medicare program is made up of several parts:
l Medicare Part A helps to cover inpatient hospital care, as well as care provided in skilled nursing facilities, hospice care, and home healthcare.
l Medicare Part B helps to cover medically necessary doctors’ services, outpatient care, and other medical services (including some preventive services) not covered under Medicare Part A. Medicare Part B is an optional benefit for which the patient must pay a premium, and which generally requires a yearly co-insurance. Coders working in physician offices will mainly deal with Medicare Part B.
l Medicare Part C, also called Medicare Advantage, combines the benefits of Medicare Part A, Part B, and— sometimes—Part D. The plans are managed by private insurers approved by Medicare, and may include Preferred Provider Organizations (PPOs), Health Maintenance
Organizations (HMOs), and others. The plans may charge different copayments, coinsurance, or deductibles for services. Accurate and thorough diagnosis coding
is important for Medicare Advantage claims because reimbursement is impacted by the patient’s health status. The CMS-hierarchical condition category (CMS-HCC) risk adjustment model provides adjusted payments based on a patient’s diseases and demographic factors.
If a coder does not include all pertinent diagnoses and co-morbidities, the provider may lose out on additional reimbursement for which the provider is entitled.
l Medicare Part D is a prescription drug coverage program available to all Medicare beneficiaries. Private companies approved by Medicare provide the coverage.
Medicaid is a health insurance assistance program for some low-income people (especially children and pregnant women) sponsored by federal and state governments. It is administered on a state-by-state basis, and coverage varies—although each of the state programs adheres to certain federal guidelines.
State-funded insurance programs that provide coverage for children up to 21 years of age may include Crippled Children’s Services, Children’s Medical Services, Children’s Indigent Disability Services, and Children with Special Health Care Needs, among others. Typically, these programs are designed for beneficiaries with specific chronic medical conditions.
Each provider determines whether to contract with an insurance carrier, private or governmental. When contracted with the insurance carrier, the provider is considered a participating provider (par provider). Participating providers are required
to accept the allowed payment amount determined by the insurance carrier as the fee for payment and follow all other guidelines stipulated by the contract. The difference between the physician’s fee and the insurance carrier’s allowed amount is adjusted by the participating provider. The non-participating provider (provider not contracted with the insurance carrier) is not required to make this adjustment. For Medicare services, even if a provider is non-participating, there are limits set
on what can be charged for each CPT® code, referred to as a limiting charge.
The Medical Record
Documentation is the recording of pertinent facts and observations about an individual’s health history, including past and present illnesses, tests, treatments, and outcomes. The medical record chronologically documents patient care to assist in continuity of care between providers, facilitate claims review and payment and can serve as a legal document. It is imperative all services provided to a patient be supported and documented in the medical record.
A coder is required to read and understand the documentation in a medical record in order to code accurately the services rendered. Different types of services are documented in the medical record, such as evaluation and management services, operative reports, X-rays, etc.
Evaluation and Management Documentation
Evaluation and management services are often provided in a standard format such as SOAP:
S—Subjective—The patient’s statement about his or her health, including symptoms.
O—Objective—The provider assesses and documents the patient’s illness using observation, palpation, auscultation, and percussion. Tests and other services performed may be documented here as well.
A—Assessment—Evaluation and conclusion made by the provider. This is usually where the diagnosis(es) for the services are found.
P—Plan—Course of action. Here, the provider will list the next steps for the patient, whether it is ordering additional tests, or taking over the counter medications, etc.
Not all evaluation and management documentation will be documented in a clear SOAP format, but each chart should contain the components of the visit.
Operative Report Documentation
Operative reports are used to document the detail of a procedure performed on a patient. Most operative notes will have a header and a body in the report.
The header might include:
l Date and time of the procedure
l Names of the surgeon, co-surgeon, assistant surgeon
l Type of anesthesia and anesthesia provider name
l Pre-operative and post-operative diagnoses
l Procedure performed
l Complications
The body might include:
l Indication for surgery
l Details of the procedure(s)
l Findings
Typically, approximately 20 percent of an operative report contains words less important to a coder. A coder is tasked with breaking down the information and applying the correct
code. Throughout this textbook, examples of operative reports are dissected to help you locate pertinent information to coding.
Operative Report Coding Tips
1. Diagnosis code reporting—Use the post-operative diagnosis for coding unless there are further defined diagnoses or additional diagnoses found in the body of the operative report. If a pathology report is available, use the findings from the pathology report for the diagnosis.
2. Start with the procedures listed—For the coder who is new to coding a procedure, one way of quickly starting the research process is by focusing on the procedures listed
in the header. Read the note in its entirety to verify the procedures performed. Procedures listed in the header may not be listed correctly and procedures documented within the body of the report may not be listed in the header at all; however, it will give a coder a place to start.
3. Look for keywords — Keywords may include locations and anatomical structures involved, surgical approach, procedure method (debridement, drainage, incision, repair, etc.), procedure type (open, closed, simple, intermediate, etc.), size and number, and the surgical instruments used during the procedure.
4. Highlight unfamiliar words—Research for understanding.
5. Read the body—All procedures reported should be documented within the body of the report. The body may indicate a procedure was abandoned or complicated, possibly indicating the need for a different procedure code or the reporting of a modifier.
Medical Necessity
The term medical necessity relates to whether a procedure or service is considered appropriate in a given circumstance. To cite an extreme example, partial amputation of a limb may be medically necessary to eradicate a tumor or severe infection, but it’s certainly not medically necessary to treat a splinter.
Generally, a medically necessary service or procedure is the least radical service/procedure that allows for effective treatment of the patient’s complaint or condition.
CMS has developed policies regarding medical necessity based on regulations found in title XVIII, §1862(a)(1) of the Social Security Act. The National Coverage Determinations Manual describes whether specific medical items, services, treatment procedures, or technologies can be paid for under Medi-
care. Services and procedures are covered only when linked
to designated, approved diagnoses. Non-covered items are deemed not reasonable and necessary.
Medicare (and many insurance plans) may deny payment for a service that is not reasonable and necessary according to the Medicare reimbursement rules. When a physician provides services to a Medicare beneficiary, he or she should bill only those services that meet the Medicare standard of reasonable and necessary for the diagnosis and treatment of a patient.
National Coverage Determinations (NCDs) explain when Medicare will pay for items or services. Each Medicare Administrative Contractor (MAC) is responsible for interpreting national policies into regional policies. These are called Local Coverage Determinations (LCD). The LCDs further define what codes are needed and when an item or service will be covered. LCDs have jurisdiction only within their regional area.
If an NCD doesn’t exist for a particular item, it’s up to the MAC to determine coverage. According to CMS guidelines (www. cms.gov/transmittals/downloads/R2NCD1.pdf), “Where coverage of an item or service is provided for specified indications or circumstances but is not explicitly excluded for others, or where the item or service is not mentioned at all in the
CMS Manual System, the Medicare contractor is to make the coverage decision, in consultation with its medical staff, and with CMS when appropriate, based on the law, regulations, rulings and general program instructions.”
Practices should check policies quarterly to maintain compliance.
Below is an example of excerpts of an LCD from Novitas Solutions, a CMS contractor. LCD L30273 is regarding Vitamin D Assay testing.
This snapshot shows the contractor name and numbers and the type of MAC contractor.
The LCD includes information on the National Coverage Policy the LCD is attached to:
The LCD explains when the service is indicated or necessary:
The LCD also gives guidance on coverage limitations:
The LCD describes the specific CPT® codes to which the policy applies:
Finally, the LCD will list ICD-10-CM codes that support Medical Necessity for the given service or procedure (below is an example and is not a complete list):
Source: Novitas Solutions https://www.cms.gov/medicare-coverage-database/details/lcd-details.aspx?LCDId=34888&ContrId=323&ver=2&ContrVer=1&DocID=L34888&bc=gAAAAAgAAAAAAA%3d%3d&
If you are providing a service and the Medicare patient’s diagnosis does not support the medical necessity requirements per the LCD, the service may not be covered. In such a case, the practice would be responsible for obtaining an Advance Beneficiary Notice of Noncoverage (Advance Beneficiary Notice, or ABN), as explained below.
Commercial (non-Medicare) payers may develop their own medical policies. These policies will not necessarily follow Medicare guidelines and are specified in private contracts between the payer and the practice or provider. Coders will need to be aware of the contract requirements of the individual commercial payers to which they submit claims.
The Advance Beneficiary Notice
Both Medicare beneficiaries and providers have certain rights and protections related to financial liability. These financial liability and appeal rights and protections are communicated to beneficiaries through notices given by providers.
Providers should use an Advance Beneficiary Notice (ABN) when a Medicare beneficiary requests or agrees to receive a procedure or service that Medicare may not cover. The ABN is a standardized form that explains to the patient why Medicare may deny the particular service or procedure. Additionally, an ABN protects the provider’s financial interest by creating
a paper trail that CMS requires before a provider can bill the patient for payment if Medicare denies coverage for the stated service or procedure.
The ABN form, entitled Revised ABN CMS-R-131, along with a full set of instructions, is available as a free download on the CMS website: http://www.cms.gov/Medicare/Medicare-General- Information/BNI/ABN.html. CMS will accept the ABN
CMS-R-131 for either a potentially non-covered service or for a statutorily excluded service.
Providers must complete the one-page form in full, giving the patient an explanation as to why Medicare is likely to refuse coverage for the proposed procedure or service. Common reasons Medicare may deny a procedure or service include:
l Medicare does not pay for the procedure/service for the patient’s condition
l Medicare does not pay for the procedure/service as frequently as proposed
l Medicare does not pay for experimental procedures/ services
The explanation of why Medicare may deny the service or procedure should be as specific as possible. A simple statement of Medicare may not cover this procedure is not sufficient.
The provider must present the patient with a cost estimate for the proposed procedure or service. CMS instructions stipulate, “Notifiers must make a good faith effort to insert a reasonable estimate…the estimate should be within $100 or 25 percent
of the actual costs, whichever is greater.” Medicare allows an estimate that substantially exceeds the actual costs “would generally still be acceptable” because the beneficiary “would not be harmed if the actual costs were less than predicted.”
CMS rules require the provider to present the ABN “far enough in advance that the beneficiary or representative has time to consider the options and make an informed choice.” The ABN “must be verbally reviewed with the beneficiary or his/her representative and any questions raised during that review must be answered” before the patient signs the ABN.
After the ABN has been completed and reviewed in full, the Medicare beneficiary may choose to proceed with the procedure/service and assume financial responsibility, or may elect to forego the procedure or service. If the patient chooses to proceed, he or she may request the charge be submitted to Medicare for consideration (with the understanding that it will probably be denied). A copy of the completed, signed form must be given to the beneficiary or representative, and the provider must retain the original notice on file.
The patient’s signature is not required for assigned claims (that is, claims submitted by and paid to a physician on behalf of the beneficiary). If the beneficiary refuses to sign a properly presented ABN, but still requests the procedure or service, the provider should document the patient’s refusal. The provider and a witness should then sign the form.
In the case of unassigned claims (claims are submitted by the provider but the payment is sent to the patient who then
reimburses the physician), a signature is required on the ABN to hold the patient financially liable. If the patient refuses to sign, the only options are not to provide the service or procedure (which might raise potential negligence issues), or to provide the service with the understanding the provider may not be able to recoup payment from either Medicare or the beneficiary.
An ABN should not be used to bill the beneficiary for additional fees beyond what Medicare reimburses for a given procedure or service. In particular, an ABN does not allow the provider to shift liability to the beneficiary when Medicare payment for a particular procedure or service is bundled into payment for other, covered procedures or services.
Providers should list on the ABN every recommended procedure or service that might not be covered. Although liability for non-covered services normally rests with the beneficiary, Medicare relieves beneficiaries from financial liability where they did not know and did not have reason to know a service
would not be covered. Without a valid ABN, the Medicare beneficiary cannot be held responsible for denied charges.
Note: ABNs are never required in emergency or urgent care situations. In fact, CMS policy prohibits giving an ABN to a
patient who is “under duress,” including patients who need Emergency Department (ED) services before stabilization. When screening and stabilizing care is denied by Medicare as medically unnecessary, physicians cannot seek payment from beneficiaries.
A. Notifier:
B. Patient Name: C. Identification Number:
Advance Beneficiary Notice of Noncoverage (ABN)
NOTE: If Medicare doesn’t pay for D. below, you may have to pay.
Medicare does not pay for everything, even some care that you or your health care provider have good reason to think you need. We expect Medicare may not pay for the D. below.
D. E. Reason Medicare May Not Pay: F. Estimated Cost
WHAT YOU NEED TO DO NOW:
• Read this notice so you can make an informed decision about your care.
• Ask us any questions that you may have after you finish reading.
• Choose an option below about whether to receive the D. listed above.
Note: If you choose Option 1 or 2, we may help you to use any other insurance that you might have, but Medicare cannot require us to do this.
H. Additional Information:
This notice gives our opinion, not an official Medicare decision. If you have other questions on this notice or Medicare billing, call 1-800-MEDICARE (1-800-633-4227/TTY: 1-877-486-2048).
Signing below means that you have received and understand this notice. You also receive a copy.
According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.
The valid OMB control number for this information collection is 0938-0566. The time required to complete this information collection is estimated to average 7 minutes per response, including the time to review instructions, search existing data resources, gather the data needed, and complete and review the information collection. If you have comments concerning the accuracy of the time estimate or suggestions for improving this form, please write to CMS, 7500 Security Boulevard, Attn: PRA Reports Clearance Officer, Baltimore, Maryland 21244-1850.
Form CMS-R-131 (03/11) Form Approved OMB No. 0938-0566
Source:: CMS www.cms.gov/BNI/02_ABN.asp#TopOfPage
Non-Medicare payers may not recognize an ABN. Careful research is needed to determine the use of an ABN outside of Medicare. In some instances, health plan contracts may have a “hold harmless” clause found within the language that
prohibits billing the patient for anything other than co-pays or deductibles.
Section Review 1.1
1. Which statement below describes a medically necessary service?
A. Performing a procedure/service based on the cost to eliminate wasteful services.
B. Using the least radical service/procedure that allows for effective treatment of the patient’s complaint or condition.
C. Using the closest facility to perform a service or procedure.
D. Using the appropriate course of treatment to fit within the patient’s lifestyle.
2. According to the example LCD from Novitas Solutions, measurement of vitamin D levels is indicated for patients with which condition?
A. fatigue
B. fibromyalgia
C. hypertension
D. muscle weakness
3. What form is provided to a patient to indicate a service may not be covered by Medicare and the patient may be responsible for the charges?
A. LCD
B. CMS-1500
C. UB-04
D. ABN
4. Select the true statement regarding ABNs.
A. ABNs may not be recognized by non-Medicare payers.
B. ABNs must be signed for emergency or urgent care.
C. ABNs are not required to include an estimated cost for the service.
D. ABNs should be routinely signed by Medicare Beneficiaries in case Medicare does not cover a service.
5. When presenting a cost estimate on an ABN for a potentially noncovered service, the cost estimate should be within what range of the actual cost?
A. $25 or 10% B. $100 or 10% C. $100 or 25%
D. An exact amount
HIPAA was originally sponsored by Sen. Edward Kennedy and Sen. Nancy Kassebaum. This act is sometimes referred to as the “Kennedy-Kassebaum Law” or “Kennedy-Kassebaum Act.”
www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/ index.html
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a five-part Act.
Title II—Preventing Healthcare Fraud and Abuse; Administrative Simplification; Medical Liability Reform is the most important Title concerning the position of a medical coder.
Title II of HIPAA is known as Administration Simplification. Administration Simplification speaks to the increasing use of technology in the healthcare industry and addresses the need for:
l National standards for electronic health care transactions and code sets;
l National unique identifiers for providers, health plans, and employers;
l Privacy and Security of health data.
Under federal guidelines (www. hhs.gov/ocr/privacy/hipaa/ understanding/coveredentities/index.html), a covered entity is any of the following:
l A healthcare provider, such as:
— Doctors
— Clinics
— Psychologists
— Dentists
— Chiropractors
— Nursing Homes
— Pharmacies
l A health plan, to include:
— Health Insurance Companies
— HMOs
— Company Health Plans
— Government programs that pay for healthcare, such as Medicare, Medicaid, and the military and veterans health care programs
The definition of “health plan” in the HIPAA regulations exclude any policy, plan, or program that provides or pays for the cost of excepted benefits. Excepted benefits include:
l Coverage only for accident, or disability income insurance, or any combination thereof;
l Coverage issued as a supplement to liability insurance;
l Liability insurance, including general liability insurance and automobile liability insurance;
l Workers’ compensation or similar insurance;
l Automobile medical payment insurance;
l Credit-only insurance;
l Coverage for on-site medical clinics;
l Other similar insurance coverage, specified in regulations, under which benefits for medical care are secondary or incidental to other insurance benefits.
l A healthcare clearinghouse: This includes entities that process nonstandard health information they receive from another entity into a standard format (such as a standard electronic format or data content), or vice versa.
The Need for National Standards for
Electronic Healthcare Transactions and Code Sets
According to CMS, “transactions are electronic exchanges involving the transfer of information between two parties for a specific purpose.” National standards for electronic healthcare transactions are designed to improve the efficiency and effectiveness of the healthcare system by standardizing the formats used for electronic transactions. The transactions include:
1. Health claims and equivalent encounter information
2. Enrollment and dis-enrollment in a health plan
3. Eligibility for a health plan
4. Health care payment and remittance advice
5. Health plan premium payments
6. Health claim status
7. Referral certification and authorization
8. Coordination of benefits
Any covered entity performing one of these transactions electronically is required to follow the standards set for that trans- action. Within the transactions, code sets have been designated for standard use. The code sets include:
l HCPCS (Healthcare Common Procedure Coding System)
l CPT® (Current Procedural Terminology)
l CDT® (Common Dental Terminology)
l ICD-10-CM (Prior to October 1, 2015, this was ICD-9- CM)
l NDC (National Drug Codes)
An additional standard required in all transactions is unique identifiers for providers, health plans, and employers. The identifier for providers has been set as the National Provider Identifier (NPI). The identifier for employers is the Employer Identification Number (EIN) issued to employers by the Internal Revenue Service (IRS).
The Need for Privacy and Security
The Health Insurance Portability and Accountability Act of 1996, or HIPAA, provides federal protections for personal health information when held by covered entities.
If an entity is not a covered entity as described above, it does not have to comply with the Privacy Rule or the Security Rule.
The Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.
The OCR released a document called HIPAA Administrative Simplification. The excerpt below discusses the healthcare provider’s responsibilities surrounding Protected Health Information (PHI) for Treatment, Payment and Health Care Operations (TPO). Healthcare providers are responsible for developing Notices of Privacy Practices and policies and procedures regarding privacy in their practices.
§ 164.506 uses and disclosures to carry out treatment, payment, or healthcare operations.
(a) Standard: Permitted uses and disclosures. Except with respect to uses or disclosures that require an authorization under §164.508(a)
(2) and (3), a covered entity may use or disclose protected health information for treatment, payment, or healthcare operations as set forth in paragraph (c) of this section, provided that such use or disclosure is consistent with other applicable requirements of this subpart.
(b) Standard: Consent for uses and disclosures permitted.
(1) A covered entity may obtain the consent of the individual to use or disclose protected health information to carry out treatment, payment, or healthcare operations.
(2) Consent, under paragraph (b) of this section, shall not be effective to permit a use or disclosure of protected health information when an authorization, under §164.508, is required or when another condition must be met for such use or disclosure to be permissible under this subpart.
(c) Implementation specifications: Treatment, payment, or healthcare operations.
(1) A covered entity may use or disclose protected health information for its own treatment, payment, or healthcare operations.
(2) A covered entity may disclose protected health information for treatment activities of a healthcare provider.
(3) A covered entity may disclose protected health information to another covered entity or a health care provider for the payment activities of the entity that receives the information.
(4) A covered entity may disclose protected health information to another covered entity for health care operations activities of the entity that receives the information, if each entity either has or had a relationship with the individual who is the subject of the protected health information being requested, the protected health information pertains to such relationship, and the disclosure is:
(i) For a purpose listed in paragraph (1) or (2) of the definition of health care operations; or
(ii) For the purpose of healthcare fraud and abuse detection or compliance.
(5) A covered entity that participates in an organized health care arrangement may disclose protected health information about an individual to another covered entity that participates in the organized healthcare arrangement for any healthcare operations activities of the organized healthcare arrangement.
[67 FR 53268, Aug. 14, 2002]
At the time of publication, since the compliance date in April 2003, HHS has received over 106,522 HIPAA complaints. OCR has resolved ninety-five percent of complaints. OCR has investigated and resolved over 23,314. See www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html.
How HIPAA Works
A key provision of HIPAA is the “Minimum Necessary” requirement. That is, only the minimum necessary protected health information should be shared to satisfy a particular purpose. If information is not required to satisfy a particular purpose, it must be withheld.
Under the Privacy Rule, the minimum necessary standard does not apply to the following:
l Disclosures to or requests by a health care provider for treatment purposes.
l Disclosures to the individual who is the subject of the information.
l Uses or disclosures made pursuant to an individual’s authorization.
l Uses or disclosures required for compliance with the HIPAA Administrative Simplification Rules.
l Disclosures to the U. S. Department of Health & Human Services (HHS) when disclosure of information is required under the Privacy Rule for enforcement purposes.
l Uses or disclosures that are required by other law.
It is the responsibility of a covered entity to develop and implement policies, best suited to its particular circumstances, to meet HIPAA requirements. As a policy requirement, only those individuals whose job requires it may have access to protected health information. Only the minimum protected information required to do the job should be shared. If the entire medical record is necessary, the covered entity’s policies and procedures must state so explicitly and include a justification.
More information on handling requests and disclosures for protected health information may be found at: www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/minimum- necessary.pdf
HITECH and Its Impact on HIPAA
The Health Information Technology for Economic and Clinical Health Act, or HITECH, was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) “to promote the adoption and meaningful use of health information technology.” Portions of HITECH strengthen HIPAA rules by addressing privacy and security concerns associated with the electronic transmission of health information. HITECH establishes four categories of violations—depending on the covered entity’s level of culpability for releasing protected information—and minimum and maximum penalties. HITECH also “lowers the bar” for what constitutes a violation, but provides a 30-day window during which any violation not due to willful neglect may be corrected without penalty.
HITECH allows patients to request an audit trail showing all disclosures of their health information made through an electronic record. HITECH also requires an individual be
notified if there is an unauthorized disclosure or use of his or her health information. Some samples of what may constitute breaches under HITECH can be found at www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/allcases.html.
As the use of electronic medical records and transactions become more widespread, so too will concern over the protection and privacy of medical records. All individuals working within healthcare have a role in safeguarding patients’ private medical information.
The Need for
Compliance Rules and Audits
All physician offices and healthcare facilities should have and actively use a compliance plan. At its most basic, the compliance plan is a written set of instructions outlining the process for coding and submitting accurate claims, and what to do
if mistakes are found. A compliance plan may offer several benefits, among them:
l faster, more accurate payment of claims
l fewer billing mistakes
l diminished chances of a payer audit
l less chance of running afoul of self-referral and anti- kickback statutes
Additionally, the increased accuracy of physician documentation that may result from a compliance program actually may assist in enhancing patient care. Finally, compliance programs show the physician practice is making a good faith effort to submit claims appropriately and sends a signal to employees that compliance is a priority while providing a means to report erroneous or fraudulent conduct, so that it may be corrected. The Patient Protection and Affordable Care Act (PPACA) makes compliance plans mandatory as a condition of participation in federal healthcare programs; however, there is not yet an implementation date for the mandatory compliance.
The Office of Inspector General (OIG), a government agency tasked “to protect the integrity of Department of Health & Human Services (HHS) programs, as well as the health and welfare of the beneficiaries of those programs,” has offered compliance program guidance to form the basis of a voluntary compliance program for a physician practice. The OIG Compliance Program Guidance for Individual and Small Group Physician Practices was published in the Federal Register on October 5, 2000. This document still is considered appropriate guidance for compliance in physician offices today.
Key actions of the program include:
l Conduct internal monitoring and auditing through the performance of periodic audits: This ongoing evaluation includes not only whether the physician practice’s standards and procedures are in fact current and accurate, but also whether the compliance program is working; eg, whether individuals are properly carrying out their responsibilities and claims are submitted appropriately.
l Implement compliance and practice standards through the development of written standards and procedures: After the internal audit identifies the practice’s risk areas, the next step is to develop a method for dealing with those risk areas through the practice’s standards and procedures. Written standards and procedures are a central component of any compliance program. Those standards and procedures help to reduce the prospect of erroneous claims and fraudulent activity by identifying
risk areas for the practice and establishing tighter internal controls to counter those risks, while also helping to identify any aberrant billing practices.
l Designate a compliance officer or contact(s) to monitor compliance efforts and enforce practice standards: Ideally, one member of the staff needs to accept the responsibility of developing a corrective action plan, if necessary and oversee adherence to that plan. This person can either be in charge of all compliance activities for the practice or play a limited role merely to resolve the current issue.
l Conduct appropriate training and education on practice standards and procedures: Education is important to any compliance program. Ideally, education programs will be tailored to the physician practice’s needs, specialty, and size and will include both compliance and specific training.
l Respond appropriately to detected violations through the investigation of allegations and the disclosure of incidents to appropriate government entities: It is important that the compliance contact or other practice employee look into possible violations and if so, take decisive steps to correct the problem. As appropriate, such steps may involve a corrective action plan, the return of any overpayments,
a report to the government, and/or a referral to law enforcement authorities.
l Develop open lines of communication, such as (1) discussions at staff meetings regarding how to avoid erroneous or fraudulent conduct and (2) community bulletin boards, to keep practice employees updated regarding compliance activities: The OIG believes that all practice employees, when seeking answers to questions or reporting potential instances of erroneous or fraudulent conduct, should know to whom to turn for assistance in these matters and should be able to do so without fear of retribution.
l Enforce disciplinary standards through well-publicized guidelines: The OIG recommends that a physician practice’s enforcement and disciplinary mechanisms ensure that violations of the practice’s compliance policies will result in consistent and appropriate sanctions, including the possibility of termination, against the offending individual.
The above is a highly condensed summary of the OIG’s recommendations. For a complete explanation of the components of an ideal compliance plan, visit the OIG website: oig.hhs.gov/ authorities/docs/physician.pdf.
The scope of a compliance program will depend on the size and resources of the physician practice. As a means to implement a compliance program, the OIG encourages physician practices to participate in other provider’s compliance programs, such as the compliance programs of the hospitals or other settings in which the physician’s practice. Physician practice management companies also may serve as a source of compliance program guidance.
The OIG Work Plan
Each year, in October, the OIG releases a work plan outlining its priorities for the fiscal year ahead. Some of the projects described in the work plan are statutorily required, such as the audit of the department’s financial statements, which is mandated by the Government Management Reform Act. Of special interest to healthcare, the work plan announces potential problem areas with claims submissions that it will target for special scrutiny.
For example, an excerpt from the 2015 OIG Work Plan:
Source: http://oig.hhs.gov/reports-and-publications/archives/ workplan/2015/WP15-2%20Medicare%20AB.pdf
This information guides providers in their delivery of diagnostic radiology services and cautions against the use of over-utilization.
The next example demonstrates the OIG’s focus on sleep studies. Because payments totaled approximately $415 million for polysomnography services, and analysis showed high utilization associated with these services, the OIG will investigate to determine why there was such a large increase in providing services.
Source: http://oig.hhs.gov/reports-and-publications/archives/ workplan/2015/WP15-2%20Medicare%20AB.pdf
For more information, you can find the most recent OIG Work Plan at oig.hhs.gov
Section Review 1.2
1. Who would NOT be considered a covered entity under HIPAA?
A. Doctors
B. HMOs
C. Clearinghouse
D. Patient
2. Under HIPAA, what would be a policy requirement for “Minimum Necessary?”
A. Only individuals whose job requires it may have access to protected health information.
B. Only the patient has access to protected health information.
C. Only the treating physician has access to protected health information.
D. Anyone within the provider’s office can have access to protected health information.
3. Which Act was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and affected privacy and security?
A. HIPAA
B. HITECH
C. SSA
D. FECA
4. What document has been created to assist physician offices with the development of compliance manuals?
A. OIG Compliance Plan Guidance
B. OIG Work Plan
C. OIG Suggested Rules and Regulations
D. OIG Internal Compliance Plan
5. What document should be referred to when looking for potential problem areas identified by the government indicating scrutiny of the services within the coming year?
A. OIG Compliance Plan Guidance
B. OIG Security Summary
C. OIG Work Plan
D. OIG Document Planner
What AAPC Will Do for You
AAPC was founded in 1988 to provide education and professional certification to physician-based medical coders, and to elevate the standards of medical coding by providing student training, certification, and ongoing education, networking, and job opportunities. AAPC has expanded beyond outpatient coding to include training and credentials in documentation and coding audits, inpatient hospital/facility coding, regulatory compliance, and physician practice management. At press time, AAPC has a membership base of over 150,000 world- wide, of which more than 103,000 are certified.
AAPC credentialed coders have proven mastery of all code sets, evaluation and management principles, and documentation guidelines. Certified Professional Coders (CPCs®) and other AAPC credentialed coders represent the best in the medical coding career field.
AAPC offers more than 400 local chapters. Through local chapters, AAPC members can obtain continuing education, gain leadership skills, and network.
AAPC specifies a Code of Ethics to promote and maintain the highest standard of professional service and conduct among its members. As a member of AAPC, a coder is bound by the AAPC Code of Ethics.
AAPC Code of Ethics
Commitment to ethical professional conduct is expected of every AAPC member. The specification of a Code of Ethics enables AAPC to clarify to current and future members, and to those served by members, the nature of the ethical responsibilities held in common by its members. This document establishes principles that define the ethical behavior of AAPC members.
It shall be the responsibility of every AAPC member, as a condition of continued membership, to conduct themselves in all professional activities in a manner consistent with ALL of the following ethical principles of professional conduct:
l Integrity
l Respect
l Commitment l Competence l Fairness
l Responsibility
Adherence to these ethical standards assists in assuring public confidence in the integrity and professionalism of AAPC members. Failure to conform professional conduct to these ethical standards, as determined by AAPC’s Ethics Committee, may result in the loss of membership with AAPC.
The quality of the AAPC certifications, along with the strength in its membership numbers, offers certified AAPC members credibility in the workforce—as well as higher wages. According to the 2014 AAPC Salary Survey, salaries for credentialed professional coders (CPC) average $50, 030 per year.
Glossary
ABN—Advance Beneficiary Notice. AMA—American Medical Association. APC—Ambulatory Payment Classification.
ARRA—American Recovery and Reinvestment Act of 2009.
ASC—Ambulatory Surgical Centers. CDT—Current Dental Terminology. CMS—Centers for Medicare & Medicaid Services.
CMS-HCC—Centers for Medicare & Medicaid Services—Hier- archical Condition Category.
CPC®—Certified Professional Coder. CPT®—Current Procedural Terminology. EHR—Electronic Health Record.
EIN—Employer Identification Number.
E/M or E&M—Evaluation, and Management. HCPCS—Healthcare Common Procedure Coding System. HHS—Department of Health & Human Services.
HIPAA—Health Insurance Portability and Accountability Act of 1996.
HITECH—Health Information Technology for Economic and Clinical Health Act.
HMO—Health Maintenance Organization.
ICD-9-CM—International Classification of Disease, 9th Clinical Modification.
ICD-10-CM—International Classification of Disease, Tenth Edition, Clinical Modification
LCD—Local Coverage Determination.
MAC—Medicare Administrative Contractor.
MS-DRG—Medicare Severity Diagnostic Related Group.
NCD—National Coverage Determination.
NP—Nurse Practitioner. NPI—National Provider Identifier. OCR—Office for Civil Rights.
OIG—Office of Inspector General.
PA—Physician Assistant.
PHI—Protected Health Information.
PPACA—Patient Protection and Affordable Care Act
SOAP—Standard format for E/M Services—Subjective, Objec- tive, Assessment, Plan.
TPO—Treatment, payment, and healthcare operations.
amcicodingblog.wordpress.com 