SlideShare una empresa de Scribd logo

Pitfalls of Documentation in the Age of Ehr

Compliancy Group
Compliancy Group

The Compliancy Group, makers of The Guard a complete compliance solution, offers a FREE HIPAA educations series. To register for our upcoming webinars please visit www.compliancy-group.com/webinar

Educación
1 de 32
Compliance  Simplified  –  Achieve  ,  Illustrate,  Maintain   Industry  leading  Education   Todays  Webinar     •  Please  ask  questions   •  Todays  slides  are  available     http://compliancy-­‐group.com/slides023/     Certified  Partner  Program   •  Past  webinars  and  recordings     http://compliancy-­‐group.com/webinar/     855.85HIPAA     www.compliancygroup.com  
Pitfalls of Documentation in the Age of EHR By: Lori A. LaSalle, Esq. Gina R. Dolan, Esq.
PITFALLS OF DOCUMENTATION IN THE AGE OF EHR Agenda •  EHR Basics; •  Quality of Care; •  Malpractice Litigation; •  Privacy and Security; •  Billing Fraud & Abuse
EHR Basics •  Types of EHR (cloud vs. on-site server); •  Contractual issues; •  Meaningful use; •  Costs of implementation.
EHR Contractual Issues •  Identify the hardware and software requirements; •  Ownership of Data; Termination/bankruptcy •  License (#of users, offices, terminals); •  Implementation –  Data conversion –  Timelines/acceptance testing –  Interfaces
EHR Contractual Issues (cont’d) •  Pricing and payments; •  Warranties –  Performance –  Viruses –  Compliance with laws, –  Infringement –  Certification requirements •  Training & support
EHR Contractual Issues (cont’d) •  Confidentiality/Privacy & Security; •  Termination and transition –  Provisions for breach –  Transition of data •  Limitation of Liability/Indemnification
Meaningful Use Medicare EHR Incentive N.Y.S. Medicaid EHR Program Incentive Program •  Administered by Centers for •  Administered by N.Y.S. Medicare and Medicaid Medicaid Agency Service (CMS) •  Maximum incentive •  Maximum incentive payment: $63,750.00 payment: $44,000.00 •  Payments over 6 years but do not have to be •  Payments over 5 consecutive consecutive years •  No Medicaid payment •  Payment adjustments will adjustments begin in 2015 for providers •  In the first year, providers who are eligible but decide can receive an incentive not to participate payment for adopting, •  Providers must demonstrate implementing, or upgrading EHR technology. Providers
Cost of EHR Implementation •  Electronic Health records improve are but do not save money. The money saved from administrative efficiency is replaced by IT costs. •  It is reported that for an average five-physician practice, implementation cost an estimated $162,000 with $85,000 in maintenance expenses the first year.
Quality of Care •  Patient Communication –  Instant messaging; –  Asynchronous communication –  Taking patient history; Decision support functions Check boxes Reliance of history available on computer
Quality of Care Study conducted at the Manhattan VA primary care clinic on whether physician experience modifies the impact of exam room computers on the physician-patient interaction. Results: Patients seeing residents were: •  less likely than patients seeing faculty to strongly agree that they were satisfied with their overall relationship with the physician; •  More likely to agree that the computer adversely affected the amount of time the physician spent talking; •  Faculty spent a smaller proportion of time interacting with the computer than patients seeing resident.
Malpractice Litigation •  Only addressing what there is a box for; •  Everyone that sees the patient cut and pastes the same physical exam note; •  Audit trails; •  Pt. being treated for rheumatoid arthritis received a default oncology dose b/c placed on the oncology floor
Privacy & Security •  HIPAA –  Privacy and security of protected health information (“PHI”) –  Compliance standards for safeguarding and protecting PHI •  HITECH –  Electronic PHI –  Civil monetary penalties for breaches
Privacy & Security “Breach” (as defined by HITECH): “An impermissible use or disclosure that compromises the security or privacy of the PHI such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.”
Privacy & Security •  Increased risk of liability for electronic records: –  Stolen laptops –  Lost cell phones –  Computer hackers •  Potential for greater impact per breach •  More serious breaches = higher penalties
Privacy & Security Penalties enforced by the Office of Civil Rights (OCR): –  Unintentional violations: $100 to $50,000 per violation –  Violations due to reasonable cause: $1,000 to $50,000 per violation –  Violations due to willful neglect that are corrected: $10,000 to $50,000 per violation –  Violations due to willful neglect that are not corrected: $50,000 per violation
Privacy & Security •  HIPAA violations are happening in physicians’ offices, hospitals, and at home •  The most common causes of security breaches: –  Physical theft and loss •  Portable devices (laptops; cell phones; etc.) –  NOT hacking or IT issues!
Privacy & Security
Privacy & Security Provider   Year   Individuals  Affected   How  Data  Was  Breached   Keith  W.  Mann,  DDS   2009   2,000   On-­‐premise  system  servers   (managed  by  Professional   Computer  Services)  hacked.   Daniel  J.  Sigman  MD   2009   1,500   Backups  of  on-­‐premise   system  were  stolen  from   Dr.  Sigman’s  home.   Kaiser  Permanente  Medical   2009   15,500   Portable  hard-­‐drive  was  leM   Care  Program   inside  a  van.  Van  was  then   stolen.   Texas  Health  Arlington   2010   654   Poorly  trained  employees   Memorial  Hospital   marked  electronic  charts   incorrectly  in  an  on-­‐premise   system.   Mayo  Clinic   2010   1,740   Employee  found  snooping   on  paWents’  records  using   Mayo  Clinic’s  on-­‐premise   EHR  system.   NYC  Health  &  Hospitals   2010   1,700,000   Hard  drives  from  an  on-­‐ CorporaWon   premise  system  stolen  from   the  back  of  a  van.   South  Shore  Hospital   2010   800,000   Hard  drives  from  an  on-­‐ premise  system  lost  on   their  way  to  a  contractor   for  destrucWon.  
Privacy & Security Detecting Privacy and Security Problems: 1. HIPAA Audits 2. EHR Meaningful Use Incentive Payment Audits
Privacy & Security Mitigating Risks •  Policies and Procedures –  Appropriate for record storage and access –  Applicable to use of EHR and electronic devices •  Staff Training –  HIPAA Policies and Procedures –  Use of EHR (including risk areas) –  Use of other electronic devices (computers/laptops; cell phones; •  Internally Monitoring Compliance •  Breach Disaster Plans •  Business Associates –  Business Associate Agreements –  Security plans •  A proactive risk management approach can help mitigate potential liability!
Billing Fraud & Abuse •  Increases in healthcare costs tied to EHR adoption? •  EHR changing the way providers are billing for their services •  New York Times Article (September 21, 2012) –  Attributed a portion of the recent growth in health care costs to the increased use of EHR –  Faxton St. Luke’s Healthcare in Utica, N.Y –  Baptist Hospital in Nashville, T.N. –  Hospitals that received government incentives to adopt electronic records showed a 47% rise in Medicare payments at higher levels from 2006 to 2010, compared with a 32% rise in hospitals that have not received any government incentives
Billing Fraud & Abuse HHS/DOJ Letter hospital organizations (September 24, 2012) •  Concern that EHRs are being used to “game the system” •  Addressed false documentation of care issues: –  “cloning” –  “upcoding” –  Use of templates and prompts •  Outlined what is being done to ensure payment accuracy and to prevent/ prosecute healthcare fraud. Some of the actions being enforced by CMS include: –  Review of billing through audits –  Initiating more extensive medical reviews –  Requiring individual verification of patient care information –  Addressing inappropriate increases in coding intensity in CMS payment rules –  Using new tools to stop Medicare payments upon suspicion of fraud in order to mine data for detection •  HHS, DOJ, FBI and other law enforcement agencies are monitoring these trends and will take action upon detection •  No actual guidance measures provided (only warning)
Billing Fraud & Abuse •  Why the increased risk? –  General nature of EMR –  Specific features of the EMR system •  Increased Liability: –  Government and commercial payment audits (overpayments) –  Civil monetary penalties and sanctions (False Claims; fraud) –  Termination of participation (Medicare; Medicaid; commercial managed care contracts)
Billing Fraud & Abuse Problem Areas: 1. Authorship Integrity 2. Auditing Integrity 3. Documentation Integrity
Billing Fraud & Abuse Authorship Integrity •  Multiple individuals entering data –  Example: •  Nurse documents history, medication lists, complaints •  Doctor enters own notes –  Need audit function to demonstrate who is entering data and what is entered –  Potential fraud allegations if there is an appearance that unauthorized individual performed services •  Electronic Signatures –  Provider who rendered services –  “locking” charts for billing purposes
Billing Fraud & Abuse “Cloning” •  Copying and pasting entries from: –  Other patient charts; or –  Previous visits •  Automatic generation of detailed patient histories •  Potential for fraudulent and abusive billing: –  Upcoding (higher reimbursement) –  Reimbursement for services not actually performed
Billing Fraud & Abuse Auditing Integrity •  Properly tracking changes, amendments and additions to patient records •  Changing records after authentication  potential for appearance of fraud •  Example: substantiating services billed but NOT actually performed
Billing Fraud & Abuse Documentation Integrity •  Templates –  Drop-down menus of “best practices” –  “Click-throughs” –  Automatic generation of records •  Systems should have a limited number of auto-generated data •  Potential for fraudulent and abusive billing: –  Upcoding (higher reimbursement) –  Reimbursement for services (examinations) not actually performed
Questions?
Achieve  Illustrate  Maintain   Compliance  Simplified!       HIPAA  Compliance     Meaningful  Use  core  measure  15     HITECH  Attestation     Omnibus  Rule  Ready   Free  Demo  and  15  Day  Evaluation   855.85HIPAA       http://compliancy-­‐group.com/     New  &  Past    Webinars   http://compliancy-­‐group.com/webinar/   855.85HIPAA   www.compliancygroup.com  
SOLID ADVICE. REAL SOLUTIONS. FOR HEALTHCARE BUSINESS. Speaker Contact Information: Lori A. La Salle, Esq. – llasalle@thehlp.com Gina R. Dolan, Esq. – gdolan@thehlp.com 1983 Marcus Avenue, Ste. 106 Lake Success, NY 11042 Phone: (516) 492-3390 Fax: (516) 492-3389 http://www.thehealthlawpartners.com/

Recomendados

Ruth edge presentation
Ruth edge presentationRuth edge presentation
Ruth edge presentationArk Group Australia Pty Ltd
 
Overcoming Imposible Projects
Overcoming Imposible ProjectsOvercoming Imposible Projects
Overcoming Imposible Projectsguest78aa88
 
Chapter 3 three technology in civil litigation civ lit 2nd
Chapter 3 three technology in civil litigation civ lit 2ndChapter 3 three technology in civil litigation civ lit 2nd
Chapter 3 three technology in civil litigation civ lit 2nddifordham
 
Chapter 1 one paralegal in civil litigation civ lit 2nd
Chapter 1 one paralegal in civil litigation civ lit 2ndChapter 1 one paralegal in civil litigation civ lit 2nd
Chapter 1 one paralegal in civil litigation civ lit 2nddifordham
 
Balancing Trends in Data Center Migration, Site Selection, and Operating Costs
Balancing Trends in Data Center Migration, Site Selection, and Operating CostsBalancing Trends in Data Center Migration, Site Selection, and Operating Costs
Balancing Trends in Data Center Migration, Site Selection, and Operating CostsAFCOM
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
Cooperative ACO's Must Lead to Cooperative Security Measures
Cooperative ACO's Must Lead to Cooperative Security MeasuresCooperative ACO's Must Lead to Cooperative Security Measures
Cooperative ACO's Must Lead to Cooperative Security MeasuresCompliancy Group
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 

Recomendados

Ruth edge presentation
Ruth edge presentationRuth edge presentation
Ruth edge presentationArk Group Australia Pty Ltd
 
Overcoming Imposible Projects
Overcoming Imposible ProjectsOvercoming Imposible Projects
Overcoming Imposible Projectsguest78aa88
 
Chapter 3 three technology in civil litigation civ lit 2nd
Chapter 3 three technology in civil litigation civ lit 2ndChapter 3 three technology in civil litigation civ lit 2nd
Chapter 3 three technology in civil litigation civ lit 2nddifordham
 
Chapter 1 one paralegal in civil litigation civ lit 2nd
Chapter 1 one paralegal in civil litigation civ lit 2ndChapter 1 one paralegal in civil litigation civ lit 2nd
Chapter 1 one paralegal in civil litigation civ lit 2nddifordham
 
Balancing Trends in Data Center Migration, Site Selection, and Operating Costs
Balancing Trends in Data Center Migration, Site Selection, and Operating CostsBalancing Trends in Data Center Migration, Site Selection, and Operating Costs
Balancing Trends in Data Center Migration, Site Selection, and Operating CostsAFCOM
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
Cooperative ACO's Must Lead to Cooperative Security Measures
Cooperative ACO's Must Lead to Cooperative Security MeasuresCooperative ACO's Must Lead to Cooperative Security Measures
Cooperative ACO's Must Lead to Cooperative Security MeasuresCompliancy Group
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Information Systems in Managed Health Care Plans
Information Systems in Managed Health Care PlansInformation Systems in Managed Health Care Plans
Information Systems in Managed Health Care PlansLayton Harding
 
Smart Hospital Blueprint Sanitized
Smart Hospital Blueprint SanitizedSmart Hospital Blueprint Sanitized
Smart Hospital Blueprint Sanitizedssoliani
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012wafrbf1957
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012susanbender11
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012wafrbf1957
 
Ehr driven his jan 2016
Ehr driven his jan 2016Ehr driven his jan 2016
Ehr driven his jan 2016Anil Patil
 
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenue
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect RevenueShape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenue
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenueoptum
 
Cloud9 Primary Care
Cloud9 Primary CareCloud9 Primary Care
Cloud9 Primary CareAlf Tornatore
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Jamie Jackson
 
5 Ways to Boost Regulatory Compliance
5 Ways to Boost Regulatory Compliance5 Ways to Boost Regulatory Compliance
5 Ways to Boost Regulatory ComplianceFlatirons Solutions®
 
Insights into the Canadian eHealth Landscape - MaRS Future of Medicine
Insights into the Canadian eHealth Landscape - MaRS Future of MedicineInsights into the Canadian eHealth Landscape - MaRS Future of Medicine
Insights into the Canadian eHealth Landscape - MaRS Future of MedicineMaRS Discovery District
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Electronic Records
Electronic RecordsElectronic Records
Electronic RecordsThomasSchuler
 
Current ONC Standards Activities
Current ONC Standards ActivitiesCurrent ONC Standards Activities
Current ONC Standards ActivitiesJitin Asnaani
 
HITC Attestation Webinar 1.11.12
HITC Attestation Webinar 1.11.12HITC Attestation Webinar 1.11.12
HITC Attestation Webinar 1.11.12Think DCS
 
Newcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryNewcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryImprivata
 
Final copy 7
Final copy 7Final copy 7
Final copy 7kitchen1234
 
Improving Physician Communications in Healthcare
Improving Physician Communications in HealthcareImproving Physician Communications in Healthcare
Improving Physician Communications in HealthcareTelmediq
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016Compliancy Group
 

Más contenido relacionado

Similar a Pitfalls of Documentation in the Age of Ehr

Information Systems in Managed Health Care Plans
Information Systems in Managed Health Care PlansInformation Systems in Managed Health Care Plans
Information Systems in Managed Health Care PlansLayton Harding
 
Smart Hospital Blueprint Sanitized
Smart Hospital Blueprint SanitizedSmart Hospital Blueprint Sanitized
Smart Hospital Blueprint Sanitizedssoliani
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012wafrbf1957
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012susanbender11
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012wafrbf1957
 
Ehr driven his jan 2016
Ehr driven his jan 2016Ehr driven his jan 2016
Ehr driven his jan 2016Anil Patil
 
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenue
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect RevenueShape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenue
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenueoptum
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Jamie Jackson
 
5 Ways to Boost Regulatory Compliance
5 Ways to Boost Regulatory Compliance5 Ways to Boost Regulatory Compliance
5 Ways to Boost Regulatory ComplianceFlatirons Solutions®
 
Insights into the Canadian eHealth Landscape - MaRS Future of Medicine
Insights into the Canadian eHealth Landscape - MaRS Future of MedicineInsights into the Canadian eHealth Landscape - MaRS Future of Medicine
Insights into the Canadian eHealth Landscape - MaRS Future of MedicineMaRS Discovery District
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Current ONC Standards Activities
Current ONC Standards ActivitiesCurrent ONC Standards Activities
Current ONC Standards ActivitiesJitin Asnaani
 
HITC Attestation Webinar 1.11.12
HITC Attestation Webinar 1.11.12HITC Attestation Webinar 1.11.12
HITC Attestation Webinar 1.11.12Think DCS
 
Newcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryNewcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryImprivata
 
Improving Physician Communications in Healthcare
Improving Physician Communications in HealthcareImproving Physician Communications in Healthcare
Improving Physician Communications in HealthcareTelmediq
 

Similar a Pitfalls of Documentation in the Age of Ehr (20)

Information Systems in Managed Health Care Plans
Information Systems in Managed Health Care PlansInformation Systems in Managed Health Care Plans
Information Systems in Managed Health Care Plans
 
Smart Hospital Blueprint Sanitized
Smart Hospital Blueprint SanitizedSmart Hospital Blueprint Sanitized
Smart Hospital Blueprint Sanitized
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012
 
Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012Coding Info For Email Blast Follow Up Jan 2012
Coding Info For Email Blast Follow Up Jan 2012
 
Ehr driven his jan 2016
Ehr driven his jan 2016Ehr driven his jan 2016
Ehr driven his jan 2016
 
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenue
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect RevenueShape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenue
Shape your ICD-10 Technology Strategy: Be Ready for Change and Protect Revenue
 
Cloud9 Primary Care
Cloud9 Primary CareCloud9 Primary Care
Cloud9 Primary Care
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]
 
5 Ways to Boost Regulatory Compliance
5 Ways to Boost Regulatory Compliance5 Ways to Boost Regulatory Compliance
5 Ways to Boost Regulatory Compliance
 
Insights into the Canadian eHealth Landscape - MaRS Future of Medicine
Insights into the Canadian eHealth Landscape - MaRS Future of MedicineInsights into the Canadian eHealth Landscape - MaRS Future of Medicine
Insights into the Canadian eHealth Landscape - MaRS Future of Medicine
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Electronic Records
Electronic RecordsElectronic Records
Electronic Records
 
Current ONC Standards Activities
Current ONC Standards ActivitiesCurrent ONC Standards Activities
Current ONC Standards Activities
 
HITC Attestation Webinar 1.11.12
HITC Attestation Webinar 1.11.12HITC Attestation Webinar 1.11.12
HITC Attestation Webinar 1.11.12
 
Newcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success StoryNewcastle upon Tyne Hospitals NHS Success Story
Newcastle upon Tyne Hospitals NHS Success Story
 
Final copy 7
Final copy 7Final copy 7
Final copy 7
 
Improving Physician Communications in Healthcare
Improving Physician Communications in HealthcareImproving Physician Communications in Healthcare
Improving Physician Communications in Healthcare
 

Más de Compliancy Group

HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016Compliancy Group
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud Compliancy Group
 
Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Compliancy Group
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...Compliancy Group
 
How to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsHow to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsCompliancy Group
 
Preparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practicePreparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practiceCompliancy Group
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...Compliancy Group
 
How to Survive a HIPAA Audit
How to Survive a HIPAA AuditHow to Survive a HIPAA Audit
How to Survive a HIPAA AuditCompliancy Group
 
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...Compliancy Group
 
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...Compliancy Group
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceCompliancy Group
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeCompliancy Group
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDHIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDCompliancy Group
 
What you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityWhat you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityCompliancy Group
 
Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Compliancy Group
 
Is Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingIs Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingCompliancy Group
 

Más de Compliancy Group (20)

HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud
 
Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
 
How to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsHow to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 audits
 
Preparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practicePreparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practice
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
 
How to Survive a HIPAA Audit
How to Survive a HIPAA AuditHow to Survive a HIPAA Audit
How to Survive a HIPAA Audit
 
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
 
Meaningful Use vs HIPAA
Meaningful Use vs HIPAAMeaningful Use vs HIPAA
Meaningful Use vs HIPAA
 
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA Compliance
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDHIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
 
What you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityWhat you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperability
 
Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10
 
Is Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingIs Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for Auditing
 

Último

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 

Último (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 

Pitfalls of Documentation in the Age of Ehr

  • 1. Compliance  Simplified  –  Achieve  ,  Illustrate,  Maintain   Industry  leading  Education   Todays  Webinar     •  Please  ask  questions   •  Todays  slides  are  available     http://compliancy-­‐group.com/slides023/     Certified  Partner  Program   •  Past  webinars  and  recordings     http://compliancy-­‐group.com/webinar/     855.85HIPAA     www.compliancygroup.com  
  • 2. Pitfalls of Documentation in the Age of EHR By: Lori A. LaSalle, Esq. Gina R. Dolan, Esq.
  • 3. PITFALLS OF DOCUMENTATION IN THE AGE OF EHR Agenda •  EHR Basics; •  Quality of Care; •  Malpractice Litigation; •  Privacy and Security; •  Billing Fraud & Abuse
  • 4. EHR Basics •  Types of EHR (cloud vs. on-site server); •  Contractual issues; •  Meaningful use; •  Costs of implementation.
  • 5. EHR Contractual Issues •  Identify the hardware and software requirements; •  Ownership of Data; Termination/bankruptcy •  License (#of users, offices, terminals); •  Implementation –  Data conversion –  Timelines/acceptance testing –  Interfaces
  • 6. EHR Contractual Issues (cont’d) •  Pricing and payments; •  Warranties –  Performance –  Viruses –  Compliance with laws, –  Infringement –  Certification requirements •  Training & support
  • 7. EHR Contractual Issues (cont’d) •  Confidentiality/Privacy & Security; •  Termination and transition –  Provisions for breach –  Transition of data •  Limitation of Liability/Indemnification
  • 8. Meaningful Use Medicare EHR Incentive N.Y.S. Medicaid EHR Program Incentive Program •  Administered by Centers for •  Administered by N.Y.S. Medicare and Medicaid Medicaid Agency Service (CMS) •  Maximum incentive •  Maximum incentive payment: $63,750.00 payment: $44,000.00 •  Payments over 6 years but do not have to be •  Payments over 5 consecutive consecutive years •  No Medicaid payment •  Payment adjustments will adjustments begin in 2015 for providers •  In the first year, providers who are eligible but decide can receive an incentive not to participate payment for adopting, •  Providers must demonstrate implementing, or upgrading EHR technology. Providers
  • 9. Cost of EHR Implementation •  Electronic Health records improve are but do not save money. The money saved from administrative efficiency is replaced by IT costs. •  It is reported that for an average five-physician practice, implementation cost an estimated $162,000 with $85,000 in maintenance expenses the first year.
  • 10. Quality of Care •  Patient Communication –  Instant messaging; –  Asynchronous communication –  Taking patient history; Decision support functions Check boxes Reliance of history available on computer
  • 11. Quality of Care Study conducted at the Manhattan VA primary care clinic on whether physician experience modifies the impact of exam room computers on the physician-patient interaction. Results: Patients seeing residents were: •  less likely than patients seeing faculty to strongly agree that they were satisfied with their overall relationship with the physician; •  More likely to agree that the computer adversely affected the amount of time the physician spent talking; •  Faculty spent a smaller proportion of time interacting with the computer than patients seeing resident.
  • 12. Malpractice Litigation •  Only addressing what there is a box for; •  Everyone that sees the patient cut and pastes the same physical exam note; •  Audit trails; •  Pt. being treated for rheumatoid arthritis received a default oncology dose b/c placed on the oncology floor
  • 13. Privacy & Security •  HIPAA –  Privacy and security of protected health information (“PHI”) –  Compliance standards for safeguarding and protecting PHI •  HITECH –  Electronic PHI –  Civil monetary penalties for breaches
  • 14. Privacy & Security “Breach” (as defined by HITECH): “An impermissible use or disclosure that compromises the security or privacy of the PHI such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.”
  • 15. Privacy & Security •  Increased risk of liability for electronic records: –  Stolen laptops –  Lost cell phones –  Computer hackers •  Potential for greater impact per breach •  More serious breaches = higher penalties
  • 16. Privacy & Security Penalties enforced by the Office of Civil Rights (OCR): –  Unintentional violations: $100 to $50,000 per violation –  Violations due to reasonable cause: $1,000 to $50,000 per violation –  Violations due to willful neglect that are corrected: $10,000 to $50,000 per violation –  Violations due to willful neglect that are not corrected: $50,000 per violation
  • 17. Privacy & Security •  HIPAA violations are happening in physicians’ offices, hospitals, and at home •  The most common causes of security breaches: –  Physical theft and loss •  Portable devices (laptops; cell phones; etc.) –  NOT hacking or IT issues!
  • 19. Privacy & Security Provider   Year   Individuals  Affected   How  Data  Was  Breached   Keith  W.  Mann,  DDS   2009   2,000   On-­‐premise  system  servers   (managed  by  Professional   Computer  Services)  hacked.   Daniel  J.  Sigman  MD   2009   1,500   Backups  of  on-­‐premise   system  were  stolen  from   Dr.  Sigman’s  home.   Kaiser  Permanente  Medical   2009   15,500   Portable  hard-­‐drive  was  leM   Care  Program   inside  a  van.  Van  was  then   stolen.   Texas  Health  Arlington   2010   654   Poorly  trained  employees   Memorial  Hospital   marked  electronic  charts   incorrectly  in  an  on-­‐premise   system.   Mayo  Clinic   2010   1,740   Employee  found  snooping   on  paWents’  records  using   Mayo  Clinic’s  on-­‐premise   EHR  system.   NYC  Health  &  Hospitals   2010   1,700,000   Hard  drives  from  an  on-­‐ CorporaWon   premise  system  stolen  from   the  back  of  a  van.   South  Shore  Hospital   2010   800,000   Hard  drives  from  an  on-­‐ premise  system  lost  on   their  way  to  a  contractor   for  destrucWon.  
  • 20. Privacy & Security Detecting Privacy and Security Problems: 1. HIPAA Audits 2. EHR Meaningful Use Incentive Payment Audits
  • 21. Privacy & Security Mitigating Risks •  Policies and Procedures –  Appropriate for record storage and access –  Applicable to use of EHR and electronic devices •  Staff Training –  HIPAA Policies and Procedures –  Use of EHR (including risk areas) –  Use of other electronic devices (computers/laptops; cell phones; •  Internally Monitoring Compliance •  Breach Disaster Plans •  Business Associates –  Business Associate Agreements –  Security plans •  A proactive risk management approach can help mitigate potential liability!
  • 22. Billing Fraud & Abuse •  Increases in healthcare costs tied to EHR adoption? •  EHR changing the way providers are billing for their services •  New York Times Article (September 21, 2012) –  Attributed a portion of the recent growth in health care costs to the increased use of EHR –  Faxton St. Luke’s Healthcare in Utica, N.Y –  Baptist Hospital in Nashville, T.N. –  Hospitals that received government incentives to adopt electronic records showed a 47% rise in Medicare payments at higher levels from 2006 to 2010, compared with a 32% rise in hospitals that have not received any government incentives
  • 23. Billing Fraud & Abuse HHS/DOJ Letter hospital organizations (September 24, 2012) •  Concern that EHRs are being used to “game the system” •  Addressed false documentation of care issues: –  “cloning” –  “upcoding” –  Use of templates and prompts •  Outlined what is being done to ensure payment accuracy and to prevent/ prosecute healthcare fraud. Some of the actions being enforced by CMS include: –  Review of billing through audits –  Initiating more extensive medical reviews –  Requiring individual verification of patient care information –  Addressing inappropriate increases in coding intensity in CMS payment rules –  Using new tools to stop Medicare payments upon suspicion of fraud in order to mine data for detection •  HHS, DOJ, FBI and other law enforcement agencies are monitoring these trends and will take action upon detection •  No actual guidance measures provided (only warning)
  • 24. Billing Fraud & Abuse •  Why the increased risk? –  General nature of EMR –  Specific features of the EMR system •  Increased Liability: –  Government and commercial payment audits (overpayments) –  Civil monetary penalties and sanctions (False Claims; fraud) –  Termination of participation (Medicare; Medicaid; commercial managed care contracts)
  • 25. Billing Fraud & Abuse Problem Areas: 1. Authorship Integrity 2. Auditing Integrity 3. Documentation Integrity
  • 26. Billing Fraud & Abuse Authorship Integrity •  Multiple individuals entering data –  Example: •  Nurse documents history, medication lists, complaints •  Doctor enters own notes –  Need audit function to demonstrate who is entering data and what is entered –  Potential fraud allegations if there is an appearance that unauthorized individual performed services •  Electronic Signatures –  Provider who rendered services –  “locking” charts for billing purposes
  • 27. Billing Fraud & Abuse “Cloning” •  Copying and pasting entries from: –  Other patient charts; or –  Previous visits •  Automatic generation of detailed patient histories •  Potential for fraudulent and abusive billing: –  Upcoding (higher reimbursement) –  Reimbursement for services not actually performed
  • 28. Billing Fraud & Abuse Auditing Integrity •  Properly tracking changes, amendments and additions to patient records •  Changing records after authentication  potential for appearance of fraud •  Example: substantiating services billed but NOT actually performed
  • 29. Billing Fraud & Abuse Documentation Integrity •  Templates –  Drop-down menus of “best practices” –  “Click-throughs” –  Automatic generation of records •  Systems should have a limited number of auto-generated data •  Potential for fraudulent and abusive billing: –  Upcoding (higher reimbursement) –  Reimbursement for services (examinations) not actually performed
  • 31. Achieve  Illustrate  Maintain   Compliance  Simplified!       HIPAA  Compliance     Meaningful  Use  core  measure  15     HITECH  Attestation     Omnibus  Rule  Ready   Free  Demo  and  15  Day  Evaluation   855.85HIPAA       http://compliancy-­‐group.com/     New  &  Past    Webinars   http://compliancy-­‐group.com/webinar/   855.85HIPAA   www.compliancygroup.com  
  • 32. SOLID ADVICE. REAL SOLUTIONS. FOR HEALTHCARE BUSINESS. Speaker Contact Information: Lori A. La Salle, Esq. – llasalle@thehlp.com Gina R. Dolan, Esq. – gdolan@thehlp.com 1983 Marcus Avenue, Ste. 106 Lake Success, NY 11042 Phone: (516) 492-3390 Fax: (516) 492-3389 http://www.thehealthlawpartners.com/