Revenue Cycle and Regulatory Compliance Study Guide

THE IMPORTANCE OF COMMUNICATION IN HEALTH CARE

  • Foundations of Communication   - Successful interpersonal communication involves a combination of self-expression and active listening to achieve a mutual understanding of shared information.   - The social dynamics involved in communication either enhance or detract from a situation, regardless of external factors.   - Communication should remain the primary focus during interactions with others; allowing negative life aspects to affect personal attitudes decreases the ability to deliver quality care and communicate effectively.

  • Forms and Clarity in Messages   - Both verbal (including written documentation) and nonverbal communication are critical in the healthcare environment.   - Messages must be clear and concise to ensure the primary meaning is understood by all parties.   - Clinical Documentation Example: A provider must document the clinical presentation of a patient during an encounter. These details are essential for establishing treatment plans, making referrals, and filing preauthorization requests for therapies.

  • Communication in the Revenue Cycle   - Communication typically begins at the point of service during the registration and scheduling phase.   - Patient information is gathered at this stage to create an account used for verifying insurance and benefits.   - It is vital to communicate the patient's financial responsibility for services early. Failure to do so leads to unpaid patient portions even after a third-party payer has settled the claim.   - Out-of-Network Scenario: If a patient receives services from an out-of-network provider, they will experience a higher out-of-pocket expense. Effective communication is required to collect this portion successfully.

  • Internal and Patient Barriers   - There must be continuous communication between providers and staff to ensure medical documentation meets code requirements for reporting.   - Slang Terminology: Healthcare professionals should avoid slang to prevent errors.     - Example: Providers may use the term "initial H&P" (history and physical) for a nursing facility visit, but the correct terminology in the Professional Edition of the CPT manual is "initial nursing facility care."   - Barriers also exist when communicating complex diagnosis or procedure codes to patients; billing and coding specialists must prioritize effective communication to maintain patient adherence and improve outcomes.

STAKEHOLDERS IN THE HEALTH CARE ORGANIZATION

  • Primary Stakeholders   - Patients: Also known as consumers, they are the individuals receiving healthcare services.   - Providers: Licensed professionals who administer care within a policy framework, coordinate treatment, and maintain health information. They are authorized to submit claims for reimbursement. Providers include physicians, nurse practitioners, physical therapists, occupational therapists, and hospitals.   - Third-Party Payers: Organizations that reimburse providers for services rendered to policyholders and their dependents. These include:     - Employers.     - Commercial or private organizations.     - Government programs.     - Workers’ compensation.     - Homeowner and automobile insurance.   - Regulatory Agencies and Policymakers: These entities develop the rules, guidelines, and frameworks that determine eligibility for care, service delivery methods, quality standards, and payment structures.

  • Third-Party Payer Responsibilities   - These organizations maintain the financial stability of healthcare programs.   - Administrative processes involve analyzing premium rates, covered benefits, and reimbursement levels to determine if changes to coverage plans are necessary for subsequent years.   - Example: An employer may change premium rates or annual deductibles based 1on implementation changes from the third-party payer.

  • Terminology Updates   - It is critical to use current terminology as healthcare evolves.   - Example: The paper form currently known as the CMS-15001500 was previously referred to as the HCFA-15001500 form.

DATA RETENTION, MAINTENANCE, AND USAGE

  • Regulatory Oversight and Timelines   - Data retention is regulated by a combination of state laws and federal regulations. State laws may require longer retention than federal mandates.   - CMS Guidelines: The Centers for Medicare & Medicaid Services (CMS) requires providers to retain health insurance claims for a period of 66 years because of the potential for audits.   - HIPAA Rules: HIPAA administrative simplification rules require covered entities to retain HIPAA-related documents for 66 years and for at least 22 years after a patient's death.   - Medicare Managed Care: Organizations with these patients must maintain medical records for 1010 years.   - Many organizations elect to keep records longer than required to avoid the complexities of varying state and federal rules.

  • Backup, Recovery, and Security   - EHR (Electronic Health Record) vendors provide HIPAA-compliant solutions, including automated backups and cloud-based storage.   - Well-documented charts support continuity of care, medical decision-making, and serve as a defense in professional liability claims.   - Data Storage: Information is often stored off-site, sometimes in different states, to protect against catastrophes such as fires or hurricanes.

  • Administrative vs. Clinical Uses of Data   - Administrative Uses: Including census analysis (patient volume), population health management, quality improvement, and cost-vs-reimbursement analysis for equipment or services.   - Clinical Uses: Used by public entities, medical registries, and providers to maintain public health, determine treatment cost-effectiveness, and develop reimbursement strategies.   - HEDIS Measures: The Healthcare Effectiveness Data and Information Set (HEDIS) identifies clinical services performed to inform the public about the type and quality of care.

  • The Practice Management System   - This system is the collective source for administrative data. It integrates technological tools, EHR components, demographics, clinical data, insurance information, coded data, and other records (e.g., immunization records).

DATA TRANSMISSION AND REPORTING

  • Electronic Data Interchange (EDI)   - EDI refers to computer technology that enables the digital exchange of information between a healthcare provider and a payer over secure channels.   - Organizations submit claims electronically and receive documentation such as a Remittance Advice (RA) or Explanation of Benefits (EOB).   - EDI is used to determine patient eligibility and responsibility amounts.

  • Data Reporting and Performance   - Reporting involves collecting facts about patient outcomes and care to perform security analyses or report performance measures for incentive programs.   - Key Performance Indicators (KPIs): These are statistics used to measure business achievements and help leadership make informed decisions to support organizational goals.

COMPLIANCE, FRAUD, AND THE OFFICE OF INSPECTOR GENERAL (OIG)

  • Regulatory Authorities   - Office of Inspector General (OIG): A division of the Department of Health and Human Services (HHS) tasked with investigating insurance fraud and abuse in Medicare, Medicaid, and other federal programs.   - HIPAA: A federal regulation providing protection for the security and confidentiality of Protected Health Information (PHI) in electronic, paper, and verbal forms.

  • Key Definitions   - Fraud: Intentionally billing for services never performed, reporting fraudulent diagnoses, or making intentional medical coding errors.   - Abuse: Billing patterns and practices that are unnecessary or excessive but do not reach the level of intentional fraud.   - Covered Entity: Any entity (provider, health plan, clearinghouse) that transmits health information in electronic form.

  • The HIPAA Breach Notification Rule   - This rule regulates the reporting of impermissible use or disclosure of PHI.   - All breaches require internal review. Large-scale breaches (such as cyber hacks) require public notification.   - Minor breaches (e.g., an invoice sent to the wrong address) may only require a single call to the patient.   - Organizations may provide identity theft protection services following a breach.

COMPLIANCE PLANS FOR INDIVIDUAL AND SMALL GROUP PRACTICES

  • Purpose and Cultural Impact   - Every organization must maintain a policy and procedure manual that includes a specific compliance plan.   - A formal plan indicates a good-faith effort to achieve compliance. Organizations should consult the OIG Federal Register to identify areas of risk.

  • The Seven Foundation Components (OIG Guidance)   - 1. Internal Monitoring and Auditing: Performing periodic audits of practices.   - 2. Practice Standards: Developing written standards and procedures.   - 3. Designation of a Compliance Officer: Assigning an individual to monitor efforts and enforce standards.   - 4. Training and Education: Conducting sessions on standards and procedures.   - 5. Responding to Violations: Investigating allegations and disclosing incidents to government entities.   - 6. Open Communication: Using staff meetings to avoid erroneous conduct and bulletin boards to keep employees updated.   - 7. Disciplinary Standards: Establishing and publicizing well-defined guidelines for enforcement.

PROVIDER SELF-DISCLOSURE PROTOCOL (SDP)

  • Protocol Overview   - The SDP is a voluntary program developed by the OIG for health care providers to self-report potential fraud.   - The OIG considers self-disclosure a cooperative effort and may assign lower penalties for transgressions compared to OIG-initiated audits.   - Self-disclosure reduces the cost and disruption associated with involuntary investigations.

QUESTIONS & DISCUSSION

  • Dialogue: Indicators of Potential Billing Fraud and Abuse   - Billee: "The new provider who will be working in our after-hours clinic just asked me about coding encounters and suggested that we report 9920599205 or 9921599215 for all encounters. The provider feels this is okay since the patients will likely have urgent or acute problems."   - Codee: "I agree this is a challenging situation… Coding every patient at the highest level - just because it's after hours - is incorrect coding, and would be an indicator of potential fraud. This would be a red flag to Medicare or any other payer… Code assignment is based on the documentation for each encounter."   - Billee: "I agree! Thanks for talking about this with me."

  • Challenge Questions   - Q: When does communication with the patient begin?   - A: Registration and scheduling (Point of Service).   - Q: What is the intent of the OIG?   - A: To identify and eliminate fraud, waste, and abuse.   - Q: What is the purpose of the Self-Disclosure Protocol (SDP)?   - A: It allows providers to voluntarily report potential fraud to work with the OIG for a fair resolution.

  • Data Classification Matching Exercise   - 1. Clinical use: D. Information about type and quality of care.   - 2. Transmission: C. Patient eligibility.   - 3. Storage: B. Backup.   - 4. Administrative use: A. Quality improvement.