Is Your Practice Prepared for a HIPAA Audit?

Now your state Attorney General can bring HIPAA actions.

HIPAA is a key component of your practice’s day to day policies. However, if you are not following your practice’s policies and procedures, your practice may land up in serious trouble.

The HITECH Act now requires the US Department of Health and Human Services (HHS) to periodically audit covered entities and business associates subject to HIPAA privacy and Security rules. 

Gear up for HIPAA – know what to expect when the auditors come calling!

All covered entities and business associates are targets of an audit. A HIPAA audit basically aims to determine whether you have all the HIPAA-required policies and procedures in place.

Here’s what you can expect in case of an audit:

• You have to show that you have been using these policies and procedures.
• You will need to provide a mountain of documentation that auditors will ask for – be it training policies, materials and rosters to your security incident policy and security incident report. So be prepared for it.
• You will get only three weeks’ notice to procure the substantial documentation and gear up for the on-site audit.
• Watch out: Auditors can randomly choose and interview any staff; be prepared or bear the consequences.
• The audits will be more specific and focus on some problem areas such as a) whether you have an updated NPP b) compliance with the new privacy rights and restrictions.  

HIPAA Omnibus Final Rule:

The HIPAA Omnibus final rule introduced and strengthened a new penalty structure. It also introduced new definitions pertaining to HIPAA violations.  Under the new penalty structure, you need to know the definitions for three terms: Reasonable Clause, Reasonable Diligence and Willful neglect. Get the detailed definitions HERE.

Moreover, willful neglect violations must be looked into and penalties are compulsory. The HITECH provisions allow corrective actions, even if there is no penalty. Note: Now your state Attorney General can bring HIPAA actions.

How HITECH §13409 apply to individuals

Under Wrong Disclosures (HITECH §13409), such breaches can be applicable to individuals and are now being used in criminal cases. Moreover, civil lawsuits covering HIPAA violations are becoming more commonplace.

Penalty under the new tiered penalty structure

Furthermore, effective for incidents post February 17, 2009, you are now facing steeper penalties for HIPAA violations. The new penalty for all violations of a similar type in one calendar year is $1.5 million. Tier 1: $100 to $50,000 per violation, Tier 2: $1,000 to $50,000 per violation; Tier 3: $10,000 to $50,000 per violation; Tier 4: $50,000 per violation.

Prepare Yourself With Novel Codes To Report Neurolysis

Keep a count of joints, irrespective of the numbers of nerves.

While reporting the paravertebral facet joint nerve injections in 2012, you will no more be counting nerves that your surgeon targeted. You have up to now been reporting injections for every nerve at a single vertebral level. Effective Jan. 1, you'll require adjusting your method to look for the precise anatomical site involved and also the work that your surgeon did. Read on for more on what changes to expect for these injections in CPT 2012: what goes obsolete and what new comes in.

Know the CPT 2012 Deletions

Here are four CPT codes that will be deleted in CPT 2012:

64622 (Destruction by neurolytic agent, paravertebral facet joint nerve; lumbar or sacral, single level)

+64623 (Destruction by neurolytic agent, paravertebral facet joint nerve; lumbar or sacral, each additional level [List separately in addition to code for primary procedure])

64626 (Destruction by neurolytic agent, paravertebral facet joint nerve; cervical or thoracic, single level)

+64627 (Destruction by neurolytic agent, paravertebral facet joint nerve; cervical or thoracic, each additional level [List separately in addition to code for primary procedure])

Look at New Codes

You will find four novel CPT codes in CPT 2012. These include the following:

64633 (Destruction by neurolytic agent, paravertebral facet joint nerve[s], with imaging guidance [fluoroscopy or CT]; cervical or thoracic, single facet joint)

+64634 (Destruction by neurolytic agent, paravertebral facet joint nerve [s], with imaging guidance [fluoroscopy or CT]; cervical or thoracic, each additional facet joint [List separately in addition to code for primary procedure])

64635 (Destruction by neurolytic agent, paravertebral facet joint nerve[s], with imaging guidance [fluoroscopy or CT]; lumbar or sacral, single facet joint)

+64636 (Destruction by neurolytic agent, paravertebral facet joint nerve[s], with imaging guidance [fluoroscopy or CT]; lumbar or sacral, each additional facet joint [List separately in addition to code for primary procedure])

Don't Distinctly Report Image Guidance

While reporting neurolysis defined by new CPT codes 64633-64636, ensure that your surgeon has used and documented the image guidance used to carry out the paravertebral facet joint nerve destruction. The CPT codes for 2012 are inclusive of the image guidance, so you do not individually report the fluoroscopy or CT guidance used for the paravertebral nerve localization.

Medical Coding Tip: You are not supposed to report 77003 (Fluoroscopic guidance and localization of needle or catheter tip for spine or paraspinous diagnostic or therapeutic injection procedures [epidural, subarachnoid, or sacroiliac joint], including neurolytic agent destruction) for fluoroscopic guidance and 77012 (Computed tomography guidance for needle placement [eg, biopsy, aspiration, injection, localization device], radiological supervision and interpretation) for CT guidance with 64633-64636.

Thyroid Coding: Learn When to Report Dissections Distinct From Thyroidectomy

Why not add a title?

this lens' photo

Remember, "Functional," "selective," and "radical" denote the same procedure.

Believing you know thyroidectomy codes completely may set you up for disaster. You actually have to study the code descriptors and identify the terminology related with neck dissection to precisely code these procedures. Follow this expert medical coding advice and know what CPT codes you should select in this case.

Medical Coding Tip: While coding for thyroidectomy procedures (60240-60271), keep a close watch on the code descriptors. A lot of of them include all of the procedures that the otolaryngologist carried out, thus you won't have to report further codes for the auxiliary services.

Decide Whether to Report Dissections

Test yourself with the following example.

Assume your otolaryngologist does away with both thyroid lobes with the isthmus and pyramid lobe tissue. He furthermore classifies and excises all enlarged lymph nodes. The malignancy has not spread considerably, thus the otolaryngologist excises merely a few selection of lymph nodes. Accordingly, he carries out a thyroidectomy with restricted neck dissection. What CPT codes must you report, and should you report a distinct code for the dissection?

Answer 1: You must report only 60252 (Thyroidectomy, total or subtotal for malignancy; with limited neck dissection). You must not report a distinct code for the dissection. This code comprises reimbursement for the thyroidectomy as well as the limited dissection.

What in case the physician states in the operative note that she carried out a "central neck dissection?" What would you code in this particular situation?

Answer 2: A central neck dissection is alike the example above and signifies a limited neck dissection, not a radical neck nor a modified radical neck dissection. Consequently, in case it is stated that a central neck dissection is carried out with a total thyroidectomy, you would report 60252 (Thyroidectomy, total or subtotal for malignancy; with limited neck dissection).

Let's try a different example. Throughout a total thyroidectomy, an otolaryngologist dissects all the levels of lymph nodes and should sacrifice the spinal accessory nerve, jugular vein along with the sternocleidomastoid muscles to eliminate a malignant lymphatic chain. What CPT codes should you report, and should you report a distinct code for the dissection?

Answer 3: In the above case, you must report only the thyroidectomy along with radical neck dissection with 60254 (Thyroidectomy, total or subtotal for malignancy; with radical neck dissection). By definition, you must not distinctly report the radical neck dissection (38720, Cervical lymphadenectomy [complete]).

CPT, though, throws you a curve ball once your physician combines thyroidectomy along with modified radical neck dissection. None of the thyroidectomy Supercoder CPT codes identify this combination, which you'll have to code out distinctly.