EXPERIENCEV

AL

UE

RESULTS

Grooming a Top Notch Patient Access Professional

Betsy Keating, RN, CHAMSenior Consulting Manager

October 25, 2011

Agenda

♦ Introduction

♦ Examples

♦ Compliance Overview

♦ Training and Education

♦ Performance Management

2

Introduction

Patient Access Associates perform a diverse and complex range of tasks during the registration process:

♦Data Collection

♦Insurance, Benefit Verification

♦Identification of Pt. Financial Liability, POS Collections

♦Securing required signatures

♦Acquisition of Referrals and Pre Certification

Embedded within the daily functions of an Access Associate are laws and regulations applicable to their day-to-day job responsibilities.

3

Today’s Discussion

♦ Identify violations that could lead to legal liability for the organization and employee.

♦ Provide an understanding of the laws and regulations that impact Patient Access Services.

♦ Learn techniques to incorporate a full realm of compliance training into existing education plans.

4

HIPAA Enforcement Examples

♦ Following investigation by the U.S. Dept. of Health and Human Services, office for Civil Rights, the University of California at LA settles potential violation of HIPAA for $865,000.

– Complaint alleged that two UCLAH employees looked at electronic health records repeatedly without permission. Upon further investigation, it was reported between 2005 -2008 numerous employees looked at the EMR of patients without valid reason.

5

HIPAA Enforcement Examples

♦ In 2009, Mass General lost PHI on over 192 patients – consisting of patient schedules with names, MRN’s billing information, diagnoses, procedures.

– An employee, while commuting, left the documentation on a subway train. The documents were never found.

– $1M settlement

6

Penalty and Action Plan

♦ Covered entities are responsible for actions of their employees.

♦ Penalties in the amount of $1.8M were incurred between the two facilities.

♦ Corrective action plan established.

– Privacy and Security Policies and Procedures

– Regular and robust training

– Independent monitor to assess compliance

7

Recovery Audit Contractor

♦ Three year demonstration – pilot (2005 through 2008)

– Identified $1.03 billion of improper Medicare payments

– $900 million in overpayments returned to Medicare Trust Fund

♦ 40 percent of overpayments due to medically unnecessary services (65 percent for services provided in an inappropriate setting)

♦ 8 percent due to insufficient documentation

♦ 35 percent connected to incorrect coding

♦ 17 percent – other category

8

RAC Exposure (*Evaluation of the 3-year demonstration)

Improper payments due to:

♦ Medically Unnecessary Services

♦ Services provided in an inappropriate setting

♦ Incorrect coding

♦ Improper documentation

♦ Other

9

Patient Access Link

♦ Medical Necessity – Critical function in all access areas to:

– Prevent improper Medicare payments.

– Ensure provider can pursue payment from beneficiaries.

♦ Advance Beneficiary Notice (ABN) – Failure to issue an ABN can lead to financial losses to an organization due to inability to bill for services denied by Medicare as medically unnecessary.

♦ Medicare Secondary Payer Questionnaire (MSPQ)– Since 1980, the MSP provisions have protected Medicare funds by ensuring that Medicare does not pay for services and items that certain health insurance or coverage has primary responsibilities for paying.

10

Patient Access Link

♦ Physician Order Documentation – Denials when medical records failed to have a clear admission order.

– Level-of-care orders documented

– Inadequate or incomplete admission orders

– Presence of an order on elective surgeries

– Physician education

– Standard Order Sets with clear delineation to admit to inpatient or place in observation

– Identification of Inpatient Only Procedures

11

Risk of Non Compliance

♦ RAC Exposure

♦ HIPAA Penalties

♦ Quality and Safety

♦ Customer Satisfaction

♦ Financial Liability

♦ Healthcare Fraud

♦ Loss of integrity and credibility

12

Impact

♦ Privacy Violations – misuse of information

– Failure to comply with requirements and standards – not more than $100 for each violation not to exceed $25,000

– Criminal penalties up to $50,000, $100,000 and $250,000 with imprisonment up to 10 years

♦ Security Breach Notification and Penalties

– Notify patients

– If breach affects over 500 patients, notify DHHS

– Notify local media

– Results: Damage to the organizations reputation, Financial losses, Fraud, Fines, and Personal Liability

♦ Returned overpayments to Medicare Trust Fund

13

Patient Access Leadership Responsibilities

Patient Access is at the forefront and recognized as a vital component of the Revenue Cycle and strongly influences the financial integrity of the organization.

Essential to:

♦Engage in robust recruitment and retention strategies.

♦Develop a comprehensive education and training plan.

♦Put in place proper resources to ensure compliance.

14

Education and Training

15

Training Techniques

Student Centered – Focus on the Trainee

Motivation – Build motivation activities

Activation – Give trainee opportunity for active participation

Reinforcement – Learner demonstrates a means of reinforcing newly learned skill

Transfer – Trainer checks throughout program to ensure trainee has an understanding of skill

Environment – Comfortable and suitable for learning

16

Training Plan . . . Methodology

♦ Utilize a combination of techniques.

– Classroom training

– Preceptor

– On-the-job training

♦ Engage a subject matter expert as the dedicated trainer.

♦ Provide ongoing feedback, encouragement, and validation.

♦ Monitor, track, and measure competency.

♦ Provide training that incorporates:

– Demonstration

– Hands On Experience

– Policy and Procedure Review

♦ E Learn

♦ Training Modules

17

Patient Access Orientation Training Plan

Week 1

Monday Tuesday Wednesday Thursday Friday

Dept. Orientation

Patient Access Overview – Scope of Responsibility

Data Collection – Patient Interviews

Insurance Training

Compliance and Regulatory Agencies

System Training

Service Excellence

Scripting Financial Responsibility

• Completion of Healthcare System mandatory training modules

• Review of Associated Policies and Procedures

• Practical Application in ‘test’ system

18

Patient Access New Orientation Training Plan

Week 2

Monday Tuesday Wednesday Thursday Friday

Physician Order Documentation

Outpatient Registration

Inpatient Registration

Emergency Dept. Registration

Scheduling, Pre Encounter Workflow, Check In

• Review of Associated Policies and Procedures

• Practical Application in ‘test’ system

19

Compliance

Compliance training is a critical component of an Access Department’s training and education plan.

Educational goals should ensure the Access Associate:

♦Possesses a complete understanding of the laws and impact within Patient Access.

♦Complies with policies and procedures.

♦Possesses knowledge and understanding of Medicare Compliance, Regulatory Agencies governing compliance and healthcare laws.

20

Essential Documentation for an Effective Training Plan

♦ Outline

♦ Defined Objectives

♦ Content

♦ Method of Delivery

♦ Method of Evaluation

♦ Measurement of Competency

21

Sample Compliance Training Module

Topic: Medical Necessity and ABN Compliance

Objective: At the completion of this program, the trainee will possess the skills to perform medical necessity checks on all Medicare beneficiaries rendering outpatient procedures and be compliant when issuing an ABN.

Content:

Medical Necessity Software DemoPolicy and Procedure

Method of Delivery:

Instructor led discussion, demo, and policy reviewSelf Learn Training Module with post testPractical application utilizing sample physician orders

Method of Evaluation:

Post Test CompetencyDirect Observation

22

Effective Compliance Program

♦ Establish compliance standard, procedures and policies.

♦ Assign oversight responsibility for compliance to an individual high in the organization’s structure.

♦ Conduct effective training and educational programs (communications of standards).

♦ Perform internal audits and continued monitoring to detect noncompliance and improve quality.

♦ Develop effective lines of communication for reporting violations and clarifying policies.

♦ Enforce standard well-publicized discipline guidelines and procedures.

♦ Respond appropriately and immediately to detected offenses in order to prevent further offense through corrective action.

23

Key Ingredients to Compliance Training

24

♦ Medicare Compliance

– Medical Necessity, Advance Beneficiary Notice (ABN)

– Important Message from Medicare

– Medicare Secondary Payer Questionnaire (MSPQ)

♦ The Joint Commission

– Patient Identification

– Patient Rights

♦ Laws

– Health Information Portability and Accountability Act 1996 (HIPAA)

– Health Information Technology for Economic and Clinical Health Act 2009 (HITECH)

– Red Flags Rules 2007

– Patient Self Determination Act 1991 (PSDA)

– Emergency Medical Treatment and Labor Act (EMTALA)

Regulatory Agencies

CMS: The Center for Medicare Services issues Regulations for Hospitals and Conditions of Participation (COP). Every hospital accepting payment for Medicare and Medicaid patients –including Joint Commission accredited hospitals must comply with these conditions.

TJC: The Joint Commission provides evaluation and accreditation services for multiple healthcare organizations such as general, psychiatric, children’s rehabilitation, and critical access hospitals. TJC standards address the organization’s level of performance in key functions such as patient rights, patient treatment and infection control, and on its ability to provide safe, high quality care. Joint Commission sets an important standard for hospital compliance under the premise that if an organization does the right things and does them well, there is a strong likelihood patients will experience good outcomes.

OIG: Office of Inspector General is the federal government’s Department of Health and Human Services publishes compliance program guidance for multiple sectors of healthcare and billing companies.

25

Patient AccessDay-to-Day Responsibilities

When: During Registration, Outpatient, Emergency Department, Central Scheduling, Financial Counseling, Admitting, Check-In

– Ensure positive identification of patients prior to the onset of registration

– Address the communication needs of each patient

– Meets the spiritual needs of patients

– Secure signatures Consent for Treatment, Assignment of Benefits, and Release of Information

– Perform Medical Necessity, ABN

– Complete Medicare Secondary Payer Questionnaire

– Comply with EMTALA

– Distribute Patient Right to Privacy brochure

– Ensure Privacy and Security

– Be respectful of the patient’s option to ‘opt out’ of hospital directory

– Distribute Important Message from Medicare

– Address Advance Directive

– Ascertain Release of Information privileges

26

HIPAA

The law known as “HIPAA” stands for the Health Insurance Portability and Accountability Act of 1996. Congress, designed the Act to:

– Provide consumers with greater access to health care insurance.

– Protect the privacy of health care data.

– Promote more standardization and efficiency in the health care industry.

27

Patient Access ResponsibilitiesPrivacy and Security

Ensure Privacy:

♦ Do not disclose or share your password with another employee.

♦ Log off computer when walking away from workstation.

♦ Avoid work related conversations in hallways or elevators.

♦ Update, test and maintain correct fax numbers.

♦ Know your hospital’s policies for leaving messages on answering machines.

♦ Do not post patient information around your workstation.

♦ Dispose paper information in closed receptacles for shredding.

♦ Do not use your password to look up information on family members or friends.

28

HITECH

29

The Health Information Technology for Economic and Clinical Health Act (HITECH or "The Act") is part of the American Recovery and Reinvestment Act of 2009 (ARRA). ARRA contains incentives related to health care information technology in general (e.g. creation of a national health care infrastructure) and contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among providers.

HITECH

HITECH also widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for more enforcement.

♦Right to Restrict enforced in 2010: Requires the covered entity to agree on restriction of disclosure to a health plan if: The disclosure is for the purposes of carrying out payment or healthcare operations and is not otherwise required by law; and, The Protected Health Information (PHI) pertains solely to a health care item or service for which the individual, or person on behalf of the individual other than the health plan, has paid the covered entity in full.

*Patient Access Considerations: Insured Self Pay procedure

30

EMTALA

31

Under EMTALA, patients are to be “triaged” by a “clinician” to determine severity of illness and degree of emergency prior to being asked about insurance or method of payment.

EMTALA

Three primary requirements on Medicare participating hospitals:

♦ The hospital must provide an appropriate medical screening exam (MSE).

♦ The hospital must treat and stabilize the emergency medical condition, or transfer.

♦ A hospital must not transfer an individual with an emergency medical condition that has not been stabilized.

Regulations were amended in 2003 to specifically permit reasonable registration procedures, including inquiries about insurance, before the medical screening examination is done, again as long as those inquiries do not delay the examination. A request for payment, however, may not be made at that time.

Patient Access Responsibilities:

♦ Know your hospital bylaws to identify ‘who’ can perform the MSE.

♦ Know triggers that communicate completion of MSE.

32

33

The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs — or "red flags" — of identity theft in their day-to-day operations. By identifying red flags in advance, businesses will be better equipped to spot suspicious patterns that may arise -- and take steps to prevent a red flag from escalating into a costly episode of identity theft.

RED FLAGS REGULATION

Red Flags Regulation

Patient Access Responsibilities:

♦ Comply with patient identification policies.

♦ Be alert to suspicious, altered documents.

♦ Be alert to suspicious PHI, such as date of birth and photo identification not consistent with the appearance of the patient.

34

Patient Self Determination Act

Advance Directive means a written instruction, such as a living will or durable power of attorney for health care, relating to the provision of health care when the individual is incapacitated.

Organization’s Responsibility:

♦Provide written information regarding Advance Directives.

♦Document in Medical Record.

♦Educate patients, employees and community.

35

Policies and Procedures

♦ Medical Necessity ABN♦ EMTALA♦ Medicare Secondary Payer

Questionnaire♦ Patient Identification♦ Emergency Department

Registration♦ Orders for Outpatient Testing♦ Advance Directive ♦ Registration of Family and

Friends♦ Patient Rights and

Responsibilities

Related

♦ Guarantor Policy

♦ Performance Management

♦ Performance Improvement Plan

♦ Registration Quality Assurance

♦ Insured Self Pay Policy

♦ Patient Search, Name Standard

36

Primary

Competency

Competency:

♦ Quality of being adequately or well qualified.

♦ Ability of an individual to perform a job properly.

♦ Set of defined behaviors that provide a structured guide enabling the identification, evaluation and development of the behaviors in individual employees.

♦ Combination of knowledge, skills, and behavior used to improve performance.

37

Performance Management

38

Performance Measurement

♦ Demonstration of Competency

♦ Ongoing Evaluation

– QA Monitoring

– MSP Audits

– Medical Necessity Compliance – Vendor Reports

– ‘Rounding’ with Reason

♦ Performance Management

– Behavioral Based

– Addresses Confidentiality and Security

39

Method of Evaluation

♦ Pre- and Post- Test

♦ Return Demo

♦ Direct Observation

♦ Verbal Affirmation – Sign Off

40

Employee Responsibilities

♦ Timely completion of mandatory training and education modules.

♦ Perform Medical Necessity check for outpatient procedures every time.

♦ Issue ABN when indicated.

♦ Accurate and complete documentation on MSPQ.

♦ Understand the importance of completion of MSPQ.

♦ Collaboration with Case Managers and other clinicians to ensure level of care orders are in place.

♦ Consistent review of outpatient orders and appropriate follow up for incomplete, illegible orders.

♦ Utilize solid interview techniques, adapt scripting.

41

Individual and Department Key Performance Indicators

Individual KPI

1. MSPQ audit

2. MED Necessity ABN audit

3. Documentation Audits

a. Consents

b. Place of Service Order

Department KPI

1. MSPQ audit

2. ABN Audit

3. Technical Denials

42

Performance Management

Key Behaviors to ensure compliance:

♦ Adheres to the Health System’s Code of Conduct.

♦ Remains up to date and compliant with all Federal, State and Local laws, Joint Commission standards or regulatory requirements which apply to assigned area of responsibility.

♦ Ensures confidentiality of all customers/patients/residents information and that information is only available to those who have a business reason to know.

♦ Accepts responsibility for one’s actions and decisions.

♦ Builds trust and maintains consistency through words and actions.

43

Improvement Needed

Behaviors

♦ Fails to follow laws, regulations or Health System policies consistently.

♦ Demonstrated by:

– Sub par auditing results

– Less that 100% MSP completion

– Failure to check Medical Necessity or issue an ABN 100% of time

44

Access Leadership Responsibilities

♦ Develop policies.

♦ Communicate, Communicate, Communicate!

– Disseminate Information to staff.

♦ Measure Results.

– Improved Performance

– Reduction in Denials

♦ Audit.

– Round

– Individual and Department Performance

♦ Review results with staff, coach, and mentor.

♦ Report results to Sr. Leadership.

45

Training Tool Kit

♦ Department Orientation Check List

♦ Training Module Documentation

♦ Competency Validation, Inventory, and Tracking Sheet

♦ Performance Management Evaluation Criteria

♦ Applicable Policies and Procedures

♦ Trainer Evaluation

♦ Sign In Sheet

46

Benefits of an Effective Training Program

Employee

♦ Employee Satisfaction

♦ Professionalism

♦ Professional Development

Patient

♦ Patient Satisfaction

♦ Safety and Quality

♦ Positive Outcomes

♦ Dignity and respect

Organization

♦ Financial Security

– Reduced denials

– Less turnover

– No penalties

♦ Builds credibility

♦ Employer Satisfaction

♦ Improved Outcomes

47

Unintentional Consequences – failure to comply

♦ Incorrect data validation – risk of privacy breach

Ask Don’t Tell Campaign

♦ Medical Necessity Checks on limited number of procedures

♦ Physician Selection errors - *Safety and Privacy

♦ Incorrect Guarantor listing

♦ Opt Out Vulnerability - *Safety

48

References

♦ www.cms.gov

♦ www.emtala.com

♦ www.ftc.gov

♦ www.hhs.gov/ocr/privacy/hipaa/enforcement/examples

♦ www.racmonitor.com/news/33-top-stories/347-understanding-the-importance-of-patient-access-in-the-rac-process

49

Contact Information

Betsy Keating RN CHAMSenior Consulting Manager

IMA Consulting

bkeating@ima-consulting.com

484-832-8149

50