With both Centers for Medicare and Medicaid Services (CMS) and the Government Accountability Office (GAO) ready to step up the policing of the HITECH Act’s EHR incentive payments, it looks like it’s time to get ready for the emergence of the meaningful use audit.

Earlier this year, participants attending the HIMSS 2012 conference in Las Vegas heard from CMS staff about audit programs targeted at healthcare organizations claiming EHR incentive payments.  Now the Government Accountability Office (GAO) has weighed in with recommendations to CMS on improving the integrity of the process of verifying provider eligibility for incentive payments.

The government’s meaningful use audit was always planned

As CMS and the Office of National Coordinator (ONC) proceeded with implementation of the EHR incentive program provided for in the HITECH Act, CMS adopted a self-certification strategy for providers to certify their meaningful use of certified EHR technology, and claim incentive payments.  However, CMS always planned to follow up with a meaningful use audit process to verify the accuracy of the claims made by providers.  Among the points made by the CMS staff included the following:

• One deficiency in meeting a required Meaningful Use measure will result in a finding of non-compliance, and CMS will move to recoup the entire incentive payment.
• CMS will use some type of risk factor approach to decide whom to audit.  CMS may not disclose the factors it considers, but the combination could include providers who have been subject to previous audits.
• A meaningful use audit of a provider claiming incentives under the Medicaid program will be subject to a different audit program, which will be administered by state Medicaid agencies.

The GAO issues recommendations to CMS on their administration of EHR incentive programs

In April 2012, the GAO issued an 83-page report on the first year of the EHR incentive programs administered by CMS.  The report contained four major recommendations:

• CMS should establish timeframes evaluating the effectiveness of its Medicare EHR incentives audit strategy.
• CMS should request more information from Medicare providers during the attestation process.
• CMS should evaluate extent to which it should conduct more verifications on a prepayment basis.
• CMS should consider collecting meaningful use attestations from Medicaid providers on behalf of the states.

The implications of these recommendations are clear.  CMS should move more quickly on its meaningful use audit process, and on evaluating how that process is working.  CMS suggested state Medicaid agencies collect more information from providers during the attestation process to make post-payment audits easier.  The GAO says CMS should adopt its own recommendations for attestations by Medicare providers.  And CMS should consider more prepayment verifications.

Proactive steps in preparation for a meaningful use audit

So it’s clear that a meaningful use audit process is coming, even if the method for selecting providers is not transparent.  With that in mind, here’s what providers should do with these two converging trends:

• Make sure you make and keep hard copies or digital copies in PDF format of any reports you relied on to document meaningful use.
• Document the reasons for claiming an exemption from any meaningful use measures that do not apply to your organization or practice.
• If you rely on the FAQs interpreting meaningful use questions on the CMS website, keep a dated copy of the FAQ content with your other meaningful use documentation.  CMS is not rigorously maintaining time and date stamps on these FAQs, and the content may change over time.  During an audit, the contents of a FAQ an auditor is relying on may now be different than the content you relied on when making your attestation.
• Don’t forget about the requirement for a HIPAA Security Risk Assessment.  This is a measure that your system vendor most likely will not help you with.  And an auditor will not be impressed with statements like “of course we do that” if you have no documentation to back it up.

Right now, failure in an audit of meaningful use attestation may “only” result in a recoupment of the incentive payments.  For almost any healthcare provider, from a solo physician practice to a large medical center, that will be a significant financial burden.  But what happens if your audit takes place in the third or fourth year of receiving incentives, and the repayment period goes back for several years?  Could CMS consider this a more serious violation, maybe even rising to the level of making false claims?

Don’t take any chances; analyze your compliance with meaningful use measures carefully.  Document that compliance, and make sure you can retrieve it if and when the time comes!

Learn more about The Meaningful Use Audit – Coming to a location near you soon! at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

This month, the Centers for Disease Control and Prevention’s National Center for Health Statistics released a study entitled Residents Living in Residential Care Facilities: United States 2010.  This study, which drew data from 2,302 residential care facilities with four or more beds, was the first survey that utilized a national cross section of these facilities.  The resulting data reveals some very interesting information about residents within assisted living facilities and trends in senior living.  In turn, it provides excellent input into concepts for design of assisted living facilities and senior living projects.

I would encourage the readers to read this brief but here are some fascinating excerpts:

• 70% of residents were female while 54% of the residents were 85 and over
• The median length of stay among all current residents was 671 days
• Mean national monthly charge per resident was $3,165 with Medicaid paying for at least some of the services in 19% of the cases
• 38% of residents received assistance with three or more activities of daily living with 72% of residents receiving assistance with bathing
• High blood pressure (57%) and Alzheimer’s (42%) were the two most common chronic conditions diagnosed

I would imagine that the above statistics would resonate with most assisted living and senior living providers.  But, what does this all mean looking to the future of assisted living design and trends in senior living?

Older residents, greater acuity

When I started in the long-term care business, I would say the vast majority of the assisted living residents we had were in their 60’s and 70’s.  But now, we see that 54% of the residents are 85 and over.  Boomers, due to economic reasons and more importantly, personal preference, have delayed the move from their personal residence into a senior living community.  In increasing fashion, there are more tools and programs that allow them to age in place.  As a result, assisted living facilities and senior living communities are seeing older and more frail residents come into their communities and this senior living trend will continue.

Bathroom design must address reduced independence

With 72% of the residents needing assistance with bathing, the importance of bathroom design is substantial.  Couple that with the statistic that 36% need assistance with toileting, we can see the vital need of proper bathroom design.  Some suggestions:

• Zero threshold shower units
• Built in shower seats
• Single lever faucets
• Walk in tubs with doors that open outward
• Taller toilets or raised toilet seats
• Grab bars near toilets and in showers/bathtubs

Aging in place

With the median length of stay at 22 months (and that’s just at the time of the interviews), assisted living facilities will continue to address the need for aging in place.  Just as boomers will resist the move from their residence into a senior living community, so will they resist a move from assisted living into skilled nursing.  As a result, the ability of assisted living facilities to handle greater acuity will be important.

Wellness centers which feature gym equipment, exercise classes such as yoga as well as integrating aquatic therapy will encourage the healthy living lifestyle that boomers have embraced.  In addition, medical components such as therapy, home health and primary care will provide much needed assistance to allow residents to age in place.

Dedicated memory care – a growing senior living trend

There are an estimated 5.4 million Americans with Alzheimer’s and of those, 5.2 million are over 65.  By 2050, it is projected that nearly 16 million will suffer from Alzheimer’s.  So, it’s really no surprise that the study shows 42% of the residents suffer from Alzheimer’s.  The population will continue to grow and the impact of Alzheimer’s will have a significant effect on senior living projects.  As such, it makes strategic sense to seriously consider a dedicated memory care unit.  (Notice I say a dedicated unit.)  We saw an increase in the number of these units 10-15 years ago and many of these units experienced some difficulties associated with lack of funding and low demand.  However, as public awareness has increased and the impact of dementia has grown due to a larger aging population, greater demand for these types of units will grow.

Do these trends in senior living point to a bright future?

Yes they do.  Boomers are turning 65 at a rate of 10,000 a day and they are living longer and healthier.  Challenges still exist for the industry-rising acuity, lack of funding and the push for aging at home.  However, the need for senior living projects including assisted living facilities will not be going away anytime soon.  A new “norm” is beginning to take shape and senior living will change to meet those needs.

Learn more about Trends in Senior Living at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

The HIPPA Privacy Rule addresses Protected Health Information (PHI), and the HIPAA Security Rule directly address Electronic Protected Health Information (ePHI).  In both cases, a HIPAA breach can be a serious occurrence for all parties involved.  So what are some best practices for avoiding such occurrences?

HIPAA breach of protected health information – a disturbing new report

A new report entitled “The Financial Impact of Breached Protected Health Information” has emerged, and naturally, it is disturbing.  The report reminds us of the scale and scope of HIPAA breaches of PHI that have occurred over the past few years, and reinforces the theorem that the general public is very skeptical of the ability of providers, health plans and other organizations that use or process ePHI  to maintain it securely.

The litany of causes of these HIPAA breaches is depressingly familiar:

• Lost or stolen patient records – many times lost or stolen as part of the loss or theft of a piece of hardware or storage media containing the records.
• Malicious and non-malicious breachers – inside and outside the organization, who seek patient records for identity theft or who simply don’t follow protocols and leave information vulnerable.
• Use of mobile devices that do not have adequate security protections but are becoming widely used to capture PHI.

Thankfully, up to now, reported direct effects on the health of patients as a result of HIPAA breach of PHI have been few, but it may not take many before the population gets out its torches and pitchforks and demands even more draconian remedies and punishment for those that are careless or who have evil intent.

Best practices for keeping a HIPAA breach of PHI or ePHI out of your future

So what does the average medical practice with some computers in the office do to protect the PHI of its patients and its own viability?  And how would it fair in a HIPAA audit?

Here are 6 simple steps a medical practice can take to safeguard its ePHI and avoid a HIPAA breach:

1. Have solid procedures for granting access to the office computers or network.  Control who can give access and to what levels, and document what is set up for each user.
2. Establish procedures for use of logins and passwords.  At one of our clients, we recently observed that all employees were using the same login and password for access to the EHR system.  So much for accountability among users!
3. Enforce workstation security, with automatic logoffs and screen savers for periods of inactivity.  And don’t forget physical security of workstations.  Simple tethering devices can defeat a hardware thief, or at least make him or her look for easier pickings somewhere else.  And laptops left in place as part of a workstation can also be locked down to deter the casual thief.
4. Backup your data nightly.  Traditional tape back-ups are giving way to cloud back-up services that can be set to operate automatically during off-hours.  But if you still use media for back-up, take the back-up media off-site.  Don’t leave it next to the server or computer that is being backed up!
5. Make sure you don’t leave records with PHI unprotected on workstation computers.  Electronic medical records may be well protected when the information stays within the EHR application and data base.  But what about when you create a report containing PHI, dump it into a spreadsheet and save it on your desktop?  If your desktop computer is stolen despite your reasonable physical lock-down device, you may have a reportable HIPAA breach on your hands.
6. If you must keep reports with PHI on your computer, and especially if you copy files onto movable media such as CDs or flash drives, encrypt the file.  There are several free encryption programs that encrypt using 256-bit encryption levels.  Even if the media or your computer is stolen, if the files with PHI are encrypted, you do not have a HIPAA breach on your hands.

So kudos to the many healthcare organizations and individuals who contributed to the latest report on the financial impact of HIPAA breaches of PHI.  Their report also contains a method of calculating the potential dollar cost of a breach, just in case the “soft cost” idea of damage to your reputation is not enough to convince you to take steps to avoid a HIPAA breach.

All providers maintaining ePHI and/or those planning to claim EHR Meaningful Use incentive payments are required to perform a HIPPA Risk Assessment periodically.  Such an assessment is a good way to make sure you are using “best practices” related to HIPAA Security and Privacy Rules.

Privacy of information is of paramount importance to all of us.  So do your part to keep it safe!

Learn more about HIPAA Breach of PHI: Repairs are Costly, but Avoidance can be Simple! at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

Part two of a two part series on HIPAA and Email

In Part I of this post, we reviewed some of the statements that the Office of Civil Rights (OCR), the Privacy Rule enforcers, include in their on-line FAQs relevant to HIPAA and email rules.  And now that we’ve got a better understanding of those rules,  let’s explore how medical practices and other providers can ensure they’re using HIPAA compliant email.  After all, knowing the rules is one thing … but putting them into practice is what’s going to keep you and your healthcare organization out of trouble.

5 strategies for achieving HIPAA compliant email

Like so many other things with HIPAA compliance, there’s not one, singular answer that addresses the question of what constitutes HIPAA compliant email.  However, the options addressed below represent a collection of first-line strategies that go a long way toward addressing HIPAA email regulations.

1. Be the expert on the topic of HIPAA compliant email on behalf of your patients.   This means making sure you have appropriate notices visible, both on-line and in the real world, warning patients about the potential security risks of transmitting protected health information (PHI) using email over the non-secure portion of the Internet.  For instance, many practices include a page for submitting questions to the office via email.  Consider posting a statement that warns about security prominently on that page, such as:

• “Please keep in mind that communications via email over the internet are not secure.  Although it is unlikely, there is a possibility that information you include in an email can be intercepted and read by other parties besides the person to whom it is addressed.
• Please do not include personal identifying information such as your birth date, or personal medical information in any emails you send to us.  No one can diagnose your condition from email or other written communications, and communication via our website cannot replace the relationship you have with a physician or another healthcare practitioner.” 

2. Document the patient’s consent to receive communication by email.  Don’t assume that because your patient sent an email requesting PHI or sharing PHI, that he or she understands the risks of sending or receiving such emails.  Consider using a form like this “Emergency Contact Sheet” to document the patient’s preferences in many areas.  If you’re using an EHR system, do not enter a patient’s email address without making sure the patient knows they may get appointment reminders and other email notices.

3. Use an EHR system with a patient portal function.  If you’re using an EHR system with a patient portal function, encourage patients to use the portal’s capabilities for secure communications.  Most portals utilize secure channels for the information available via the portal, but make sure the vendor certifies that to you – and then test it yourself prior to encouraging patients to use it.

4. Consider signing up for a secure, HIPAA compliant email application.  If you must use email to communicate with patients,  a secure email application will protect your communications by using secure channels to send those emails.

5. Manually encrypt transmitted files.  If you don’t have a patient portal and don’t want to use a secure, HIPAA compliant email application, avoid including PHI in the text of email, and encrypt any files containing PHI that you are sending to patients.

Use HIPAA compliant email practices … sleep well at night

It is not far-fetched to think that one of these days, the OCR, while investigating a complaint from a patient about a privacy violation, determines that a provider was disclosing PHI when communicating via email with a patient.  And that every such email constituted an unauthorized disclosure – a breach.  And that every such email to any patient was a breach.  It might not take long to get to a breach involving more than 500 patients, with all the attendant notices to the media and reports to the Secretary of HHS that would entail.

Don’t be the practice or provider that finds itself in that unenviable position, simply because you didn’t pay enough attention to establishing HIPAA compliant email with your patients!

Email will be around for a while, in healthcare and so many other areas of our lives.  It’s a great tool, but like any tool, must be respected for its power – both for communications we want and for the potential to disclose information we want kept private.

Using email in healthcare requires more effort and safeguards than in other areas, but it certainly is possible to mix the two.

Learn more about HIPAA Compliant Email: some proactive strategies at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

Part one of a two part series on HIPAA and email.

Email has been widely used by both business and the general public for much of the last twenty years, and reliance on it has found its way into the daily lives of millions.  Recently, email has become even more accessible with the introduction of the smartphone.  However, leave it to healthcare to throw a curve ball to this cozy relationship.  The fact is, HIPAA and email have long been at odds.

HIPAA Privacy and Security rules are concerned with email, and the web in general

Across the board, healthcare providers are increasingly

• using, or
• are considering using, or
• are being asked to use,

email to communicate with patients about their medical conditions.  If you find yourself described here, then  it bears repeating that the Internet, and things like email sent over the Internet, is not secure.  Although it is unlikely, there is a possibility that information included in an email can be intercepted and read by other parties besides the person to whom it is addressed.  And it’s that “possibility” that becomes the area of focus.

HIPAA and email can coexist … it’s a matter of understanding the rules

So what do the Privacy and Security rules allow – or prohibit – when it comes to HIPAA and email?

Under many of the HIPPA regulations, the standards call for reasonable safeguards, reasonable approaches, reasonable policies, etc.  But what is considered reasonable?  The Office of Civil Rights (OCR) of the Department of Health and Human Services includes several statements on its HIPPA FAQs page.  Notably …

“The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so. See 45 C.F.R. § 164.530(c). For example, certain precautions may need to be taken when using e-mail to avoid unintentional disclosures, such as checking the e-mail address for accuracy before sending, or sending an e-mail alert to the patient for address confirmation prior to sending the message.”

What if a patient initiates communications with a provider using email?  The OCR says:

“Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.”

Must providers acquiesce to use of email for communications with patients?

Note that an individual has the right under the Privacy Rule to request and have a covered health care provider communicate with him or her by alternative means or at alternative locations, if reasonable. See 45 C.F.R. § 164.522(b). For example, a health care provider should accommodate an individual’s request to receive appointment reminders via e-mail, rather than on a postcard, if e-mail is a reasonable, alternative means for that provider to communicate with the patient. By the same token, however, if the use of unencrypted e-mail is unacceptable to a patient who requests confidential communications, other means of communicating with the patient, such as by more secure electronic methods, or by mail or telephone, should be offered and accommodated.

The OCR also interprets the HIPAA Security Rule to apply to email communications.

“The Security Rule does not expressly prohibit the use of email for sending e-PHI. However, the standards for access control (45 CFR § 164.312(a)), integrity (45 CFR § 164.312(c)(1)), and transmission security (45 CFR § 164.312(e)(1)) require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI.

 The standard for transmission security (§ 164.312(e)) also includes addressable specifications for integrity controls and encryption. This means that the covered entity must assess its use of open networks, identify the available and appropriate means to protect e-PHI as it is transmitted, select a solution, and document the decision. The Security Rule allows for e-PHI to be sent over an electronic open network as long as it is adequately protected.”

To summarize the rules that apply to HIPAA and email …

• Email communications are permitted, but you must take precautions;
• It is a good idea to warn patients about the risks of using email that includes patient health information (PHI);
• Providers should be prepared to use email for certain communications, if requested by the patient, but must ensure they are not exposing information the patient does not want shared; and
• Providers must take steps to protect the integrity of information and protect information shared over open networks.

HIPAA and email continued …

So how should healthcare providers ensure they’re using HIPAA compliant email?  I’ll cover that in Part II of this series.  Stay tuned.

Learn more about HIPAA and Email: there are rules at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

The HITECH Act has brought a huge rush of EHR vendors into the market.  And separating the good from the bad is ultimately found in the details where there’s an intersection of ease of use and advanced functionality.  One such example is with the Meaningful Use Certification Test Criteria procedure §170.302.i regarding the generation of patient lists based on the problem list, medication list, demographics and laboratory test results.  The purpose behind this section of the meaningful use criteria is to be able to follow up on patients having certain diagnoses, risk factors, etc.  While most EHR systems have the ability to generate these lists, very few of them provide a good system for contacting the patients and, most importantly, tracking patient compliance.  It’s just one of those marketable features that are unfortunately too often missed in the EHR software design process.

During the time that I was running Westland Medical Systems, subsequently PracticeOne, I had the opportunity to work with some large OB/GYN and other primary care practices where patient recall and follow-up was a major task of the EHR system.  The importance of having a comprehensive system that can automate this area cannot be overemphasized. 

 §170.302.i directly addresses an EHR system’s ability to manage patient recalls

Consider the example of receiving a laboratory result for a pap smear where the results are abnormal.  There are three categories that describe the abnormality: ASCUS (usually the result of an infection), LGSIL (sometimes called CIN I) and HGSIL (which can be either CIN II or CIN III).  The most important point is that whether the pap result is normal or one of the abnormal results, the follow-up protocol with the patient will be different.  The best EHR Systems will automatically suggest the proper follow-up protocol based on the result.  Other EHR’s will allow you to manually create a tickler or reminder.  Keep in mind that here is where a good EHR follow-up system goes much further than the functionality outlined in§170.302.i in that follow-up ticklers need to be created in real-time, not just generated from data stored in the patient database.

Once a protocol is selected, or a tickler is created, how does the medical practice follow-up to make sure the patient comes back in for the necessary treatment?  Take our pap smear example.  If the result was an ASCUS (result indicates an infection) then the patient would most likely need to come back into the practice right away and be prescribed an antibiotic.  The best EHR systems will route a message to the appointment desk and/or  perhaps create a script for the prescription for the physician to sign.  If the result is a CIN I then a tickler for the patient to return to the practice in three or six months for another pap smear might be appropriate.  In this case the better EHR systems will create a tickler with the proper follow-up date so that the patient will be contacted via either a letter or phone call to schedule the required appointment and follow-up laboratory order.
 

Patient communication via an EHR’s patient access portal can help increase proper follow-up too

Patient Access Portals are also an excellent way of communicating lab results and follow-up recalls to the patients.  The key to making this method of communication effective is to send the patient emails or even text messages telling them to log into the Patient Access Portal to view lab results and to remind the patient to make an appointment.  The Patient Access Portal should allow a patient to either request an appointment or even make one on-line.  Remember, the “old web” was one-way communication.  But today’s, and tomorrow’s web, commonly referred to as “Web 2.0″, is dynamic and interactive.  Patients will more and more expect this method of communication.

Tracking patient compliance via an effective EHR patient recall and follow-up system

How the EHR system tracks the compliance or non-compliance of the patient recall is a final measure of the EHR system’s success on this topic.  What happens if the patient does not return to the medical practice for follow-up care?  A good EHR system will automatically track compliance and funnel the non-compliant recalls into a follow-up tickler list for further action.  There is a wide range of methods marking compliance, based on which EHR system you have implemented.  However, the best EHR systems will have a more automated way of noting the compliance.  For example, in the case of our pap smear recall, the recall should be marked as completed when the follow-up pap smear is performed and the new results received.

Note that, while many EHR Systems may provide various capabilities for patient follow-up and compliance tracking, many times the system implementations fall short of capabilities offered.  §170.302.i on generating patient lists is just one example of a meaningful use criteria that specifies a software function that can be much more user-friendly and useful with some additional thought and effort on the part of the vendor.  Other capabilities such as problem, medication and allergy lists can also be designed to both meet the minimal meaningful use certification criteria and make life easier for users. 

A third-party consultant with experience in practice management and EHR software applications can help vendors improve their application functionality and help practices take full advantage of the capabilities of the software.  In the long run, this will result in improved return on investment on an EHR purchase.

Learn more about §170.302.i … and how EHR vendors can help improve patient follow-up at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

Does your medical record documentation support the codes you’re using?  And why should you care?  Well, one reason is because the Centers for Medicare and Medicaid (CMS) has just announced new efforts to analyze claims submitted for payment by Medicare, utilizing new “cutting edge methods” to identify fraud and abuse.

CMS is attempting to prevent payment of medical claims that may be fraudulent, vs. chasing providers for refunds of claims already paid.  To accomplish this, CMS will use a risk-scoring methodology to identify providers who may then be the target of anti-fraud agencies such as Recovery Audit Contractors (RACs).

Medical record documentation, risk categories, and claim submission patterns

So how will this work its way down to individual providers?  CMS is already assigning providers to risk categories based on past investigations.  For instance, physicians may be in the lowest risk category, while Home Health and DME providers in the highest.  But it doesn’t matter what category you are in if CMS detects a questionable pattern of claims submission, such as a skewed profile of the use of Evaluation & Management (E&M) CPT codes, or submission of a volume of claims that could not be humanly accomplished in a day or a week.

Fraudulent medical claims most often lead to exclusion and prosecution … not settlements

And the “hammer” will be heavy.  It is interesting to note that each week several providers are prosecuted or sentenced, or excluded from Medicare, for fraudulent claims activities.  Yet the number of corporate integrity agreements (CIA) the HHS Office of Inspector General enters into each month is only a fraction of the number of providers prosecuted or excluded.  This seems to indicate CMS and the Department of Justice can find enough evidence to impose harsher penalties, vs. allowing providers to continue in the Medicare program under formal compliance arrangements.

So how does all this relate to medical record documentation? 

For physicians using E&M codes for many of their services, the one of the keys to defending yourself from post-audit give-backs, let alone getting into a CIA, getting excluded from Medicare or prosecuted, is to make sure your medical records documentation meets the CMS requirements for this documentation.

The standards for this medical record documentation are fairly clear.  Many physicians do an excellent job of documenting their patients’ conditions and their plan for treatment – in their heads.  The challenge is to get it on paper or into your EHR.  That’s the only place it matters when you get audited.

And it doesn’t matter that your documentation is no worse than what you see other physicians doing in their office or hospital notes.  CMS does not grade on the curve…

To learn more about the best practices in E&M documentation and coding take a moment to flip through our presentation on medical documentation and Risk-Based Coding.  CMS is taking preventive steps to cut down on fraud and abuse.  Implement your own prevention program by making sure your medical records documentation is where it needs to be.  What are you waiting for?

Learn more about Medical Record Documentation … will your’s survive a RAC audit? at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

On October 5, 2011, the Office of the Inspector General (OIG) published it’s long anticipated (drum roll please) … OIG 2012 Work Plan.  For those of you who are not familiar with this annual document, it outlines the compliance risk areas that subject both Medicare and Medicaid providers (including skilled nursing providers) to audit and enforcement actions.  As such, it is a valuable read as it can offer skilled nursing providers essential guidance on issues which will affect their operating practices.

Now, I’m guessing that most of you aren’t going to take the time to carefully sift through all 165 pages of this scintillating publication.  (Not exactly light reading.)  But, if you would like an excellent overview of the 2012 OIG work plan, I would strongly recommend that you read Tom Lee’s blog entitled OIG Work Plan Update-What’s new for 2012?.  It’s important to note that the work plan contains several critical provisions that pertain specifically to nursing home providers.

Skilled Nursing and the 2012 OIG Work Plan … what to know and what to do

The OIG has specified eight “projects” that specifically target skilled nursing facilities and three of these projects are new this year:

• Nursing home compliance plans

This one is a biggie.  The OIG intends on reviewing Medicare and Medicaid certified nursing homes to ensure that they have implemented compliance plans as a part of their daily operations.  The intent is to verify that the compliance plan contains the key elements as identified in the OIG’s compliance program guidance.  The Affordable Care Act of 2010 requires that CMS issue regulations by 2012 and that nursing home providers must have a compliance program in place by 2013.  This program must contain eight key elements:

1. Designation of a compliance officer and compliance committee
2. Development of compliance policies and procedures including standards of conduct
3. Developing open lines of communication
4. Appropriate training and teaching
5. Internal monitoring and auditing
6. Response to detected deficiencies
7. Enforcement of disciplinary standards
8. Periodic risk assessment of the compliance program systems and structures

• What should you do to address the 2012 OIG work plan? It should go without saying (but I’m going to say anyway), that if you don’t have a formal, written compliance plan in place, put one together right now!  First, make sure it addresses all eight key elements.  Second, make sure it’s a part of your daily operations by involving operations people in the system.  Lastly, the plan must be dynamic and active so do an annual assessment of your compliance program and make sure you make the necessary changes in the program as a result of your assessment.

• Questionable billing patterns during non-Part A nursing home stays

The OIG will identify, through a series of studies, questionable billing patterns for nursing home and Medicare providers, associated with the billing of Part B services for residents whose stays were not paid for under the Medicare Part A program.  The studies will focus on ambulance, imaging, laboratory and podiatry services.  By the way, Congress has directed the OIG to examine these areas for evidence of possible abuse by providers and thus, its inclusion in the 2012 OIG work plan.

• What should you do to address the 2012 OIG work plan?  Part B services incurred during a non-Part A stay must be billed directly by a supplier or other provider.  Establish a regular audit process to insure that inappropriate billing of Part B services is not occurring.

• Safety and quality for post-acute care for Medicare beneficiaries

The OIG will examine the transfer process from acute care hospital to post acute care settings for Medicare beneficiaries.  OIG will also endeavor to examine the overall transfer process.  There are three post acute care providers specifically identified-skilled nursing facilities, inpatient rehabilitation facilities and long-term care hospitals.  This process will look to identify rates of adverse events and preventable re-admissions to hospitals.

• What should you do to address the 2012 OIG work plan?  OIG has seen average lengths of stay at acute hospitals drop and the acuity level at SNF’s rise.  They will be looking to identify SNF’s that are unable to provide the appropriate level of care to admitted patients.  Make sure that your quality assurance program actively monitors patient care and acuity and adjusts your admission criteria to comply with regulations.

And let’s not forget Hospice and the 2012 OIG Work Plan …

In addition to the three new skilled nursing related projects, there is one project that is classified as new for hospice but also directly involves SNF’s:

• Hospice marketing practices and financial relationships with nursing facilities

The OIG intends on reviewing hospice marketing materials as well as practices and financial relationships with nursing facilities.  In particular, they will look to identify particular instances where hospices and nursing facilities are involved in inappropriate enrollment and compensation under the Medicare program.

• What should you do to address the 2012 OIG work plan?  A recent OIG report found that a staggering 82% of hospice claims for beneficiaries in skilled nursing facilities did not meet Medicare coverage requirements.  Not surprising they’ve included this in the 2012 OIG work plan after that kind of result.  OIG will be looking at hospices that have a “high percentage” of their beneficiaries in nursing facilities.  Make sure that your hospice arrangements and coverages are appropriate.  With the OIG looking at hospices, why risk getting involved in the investigation?

The OIG work plan gives nursing home operators the ability to be proactive

The Office of the Inspector General’s annual work plan has created a series of efforts that have recouped billions of dollars in repayments, interest, and penalties from healthcare providers … skilled nursing operators included.  As a matter of fact, for every dollar spent on this enforcement effort, the feds realize a 1,670% return.  If this tells us anything, it tells us that the federal government will continue this effort, and will do so in serious fashion.  And that’s understandable.  After all, it’s our own tax dollars that are being protected.

That said, we in the long-term care industry have been made privy to the focus of these audits in advance.  This provides us with the opportunity to self audit our operations in each of the areas addressed in the OIG Work Plan.  And honestly … what more can we ask for?

Well, that’s it for my brief review of the 2012 OIG work plan as it relates to skilled nursing.  That wasn’t so bad now was it?

Learn more about Focus on Skilled Nursing and the 2012 OIG Work Plan at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

In part one of my long term care financing post, I discussed types of loans, lenders, borrower qualifications and financing assistance.  While the previous post was labeled with assisted living facility financing, the principles we discussed in that post, plus the discussion today, also apply to skilled nursing facility financing.  So today, we’ll be offering up some considerations before you embark on the financing journey.  When I ended my last post, my good friend Hymie Barber who is the Managing Director for Catalyst/Cambridge Healthcare Finance in Los Angeles, and I were enjoying an excellent lunch at a local Chinese restaurant and discussing financing in long term care.  We discussed some ideas on thoughts we’d like to share with long term care operators/owners out there that are considering financing or refinancing their skilled nursing projects.

Nursing Home Operators … “Understand your project financing needs”

“Man’s got to know his limitations” – a great quote from one of my favorites, Clint Eastwood in his role as Harry Callahan.  Okay, so what does Dirty Harry have to do with your financing needs?  Well, the message here is know yourself and what your financing needs are.

• What do you need the funds for?  Is it for expansion, rehabilitation, construction or simply to replace an existing loan?
• What terms are important to you?  For example, loan term, equity requirements, cash out options?
• How does the financing fit into your skilled nursing facility’s strategic plan/goals?  For instance, you may be looking to refinance an existing loan to free up cash flow to acquire or build another facility.
• One other thing is understand that while you are the expert in long term care operations, you are not the expert in financing.  Be willing to listen to the lender or your consultant.  And, don’t be afraid to ask questions!

Skilled nursing project financing requires a firm grasp on operations and the local market

“Luck happens when opportunity meets preparation” – I heard this one many years ago while listening to a tape (yes, it was that long ago!) by the great Earl Nightingale.  It has always stuck with me since part of this valuable message is that we can make our own luck.

• Have three years of operating and financial data ready to go for the potential lenders.  Include census and payor mix information for those three years.  
• Make sure that you are familiar with your skilled nursing operations revenue and expense details, including revenue rates, staffing patterns, labor costs.
• Understand your primary and secondary market well – know your referral sources and competition.
• If this is a new project, make sure you have either a marketing and/or feasibility study for the project.  And a good feasibility study should include a financial proforma that at least brings the planned operation to breakeven, if not a three to five year horizon.  (Please make sure you are familiar with what it says!)
• Your intimate knowledge of your operations and your market and your ability to clearly and confidently articulate that knowledge will go a long way towards assuring a lender that you are a good borrower.

Skilled nursing facility financing … quality documents, timely submission, and be ready for curveballs

“Don’t confuse effort with results” – in my corporate days, I was notorious for saying this.  Okay, you know your facility and you can talk a good game, but can you really close the deal?

• While it’s important to be able to effectively convey your expertise in the nursing home operations, financing your project is also a lot about the paperwork.  So be ready to commit the resources necessary to get the required paperwork to your lender in a timely fashion.
• It won’t matter that your paperwork is in on time unless the content is quality.  Does the documentation address the needs of the lender?  Is the information contained in the paperwork reflective of your skilled facility?  Are your responses to the lender’s questions clear, concise and well written?
• A skilled nursing project, or any healthcare project’s financing process can be one that is filled with additional informational requests.  Make time and be prepared to quickly respond to these requests.  Remember, the lender can’t do this process alone.  
• Carefully review any documents that you will be submitting to the lender.  The information on these documents must be accurate.  As an example, it does not engender confidence in the eyes of the lender if the operating data, such as payor mix, is in conflict with what you say the payor mix is in your facility.

Financing transactions for healthcare projects will take time.  Even the faster ones can take 90 to 120 days.  So be realistic in your expectations when you start the process.  Proper preparation with special attention paid to the items we have discussed in this blog will go a long way towards making the process as efficient as possible.  Be mindful that lenders want to loan funds to a good candidate (notice I said “good”) so they will work with you to make it happen.

To my good friend Hymie, thanks so much for a wonderful lunch and for sharing your thoughts on the financing process for skilled nursing and assisted living operators.

So now, I hope that you’re a bit more prepared for the financing journey should you choose to go down that path.  And if you do, your fortune cookie will hopefully say, “Your endeavor will be successful”.

Learn more about Skilled Nursing Facility Financing … the devil is in the details at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.

The other day, I was having lunch with my good friend, Hymie Barber who is the Managing Director for Catalyst/Cambridge Healthcare Finance in Los Angeles.  We were fortunate enough to eat at an excellent kosher Chinese restaurant (I didn’t realize there were kosher Chinese restaurants!) and eventually, the meal conversation turned to the long term care industry, a topic that’s of interest to the two of us, and specifically about the number of individuals who had approached us recently wishing to explore opportunities to enter into the assisted living market, or by existing providers looking to expand their current operations.

With interest rates at levels that we haven’t seen since the 1940’s and 1950’s, there are plenty of assisted living operators out there who are studying local markets, seeking construction loans to build new projects or add units to their existing facilities, as well as to refinance existing loans.  And with that in mind, over some excellent fish, we ended up comparing notes on what information we both would like to see long term care providers have prior to seeking any assisted living facility financing.

Types of loans available for assisted living facility projects

In general, there are three main types of loans that assisted living providers, or any other healthcare facilities, seek:

• Construction loans:  to build new facilities
• Acquisition loans:  to acquire existing healthcare facilities
• Refinance loans:

-  to replace current debt that is maturing
-  to replace current debt that carries a high interest rate
-  to replace recourse with non-recourse debt
-  to modernize or re-position a facility in an existing market
-  to cash out with some equity

Typical assisted living facility financing lenders

Banks …

• recourse loans (personal guarantees)
• 20-25 year amortization with a five year maturity
• interest rate float with prime or LIBOR
• typically not interested in cash out

Specialty finance companies …

• recourse loans (personal guarantees)
• 20-25 year amortization with a three to five year maturity
• interest rate float with prime or LIBOR (typically higher than bank rates)
• will entertain some portion to cash out

Government insured products (FHA/HUD, FNMA, SBA, USDA) …

• non-recourse for FHA/HUD
• up to 35 year amortization, fully amortizing
• interest rates fixed for entire loan term (at closing)
• no cash out

What makes for a good borrower in the lenders’ eyes?

Contrary to what some operators and owners believe, this is not one of those black box questions with some mysterious answers.  Here are some characteristics that lenders are going to be looking for…

• Industry experience (seems kind of obvious doesn’t it, but don’t forget to highlight your experience – it counts!)
• Accurate data with at least three years operating results (please make sure it’s organized too!)
• Good credit history (if you don’t it’s not the end of the world, but it will definitely limit your options)
• Positive trend analysis (lenders are not particularly anxious to lend to someone whose operating results have been trending downwards for the past few years)

Don’t forget that a presentable facility with a good star rating is a definite plus in the lenders’ minds too.

What help should I consider when seeking financing for an assisted living project?

Well, of course you should seek out a good healthcare consulting firm (hint, hint) which can guide you in the preparation as well as a financial consultant such as Hymie.  Why?  Lenders are constantly entering and exiting the market and each of them have their own sweet spot and their own appetite for certain situations.  It helps to know what product(s) may best fit the owners’/operators’ short, medium and long range goals.  Plus, it is important, as I mentioned before, that the borrower be organized and prepared for the financing process.  Good help can avoid wasted time, facilitate the financing process and better ensure financing success.

By now, Hymie and I haven’t even finished our fish and our veggies quite yet but that’s all the room I’ve got for this blog.  In my next installment, we’ll finish our delicious meal (including my fortune cookie) and talk about some essential information that borrowers need to know before they start down the path of financing.

Learn more about Assisted Living Facility Financing … getting started at The Fox Group, LLC - The Fox Group, LLC - Consultants To The Healthcare Industry.