Exchange Development Could Advance As State’s Flexibility Increases

Posted on February 14, 2012 by Kathleen Rand

States given more flexibility in defining EHBs.

For states who have been putting it off, some recent clarification on how essential health benefits (EHBs) are to be defined could provide a nudge towards building an insurance exchange.

On December 16^th, CMS’s Center for Consumer Information and Insurance Oversight proposed that states use an existing health plan to define the benefits to be included in individual and small-group plans beginning in 2014. This was unexpected; many believed that a national EHB standard would be developed and issued. This bulletin may permit states to offer less inclusive coverage than is now required by state law.

Giving the states a certain level of flexibility in plan design was an important decision. Whether it will become a trend – to accept more variation by state, or to create federal-level mandates for the products and pricing available through the exchanges – remains to be determined.

It is possible that some states might have decided against launching an exchange if the Department of Health and Human Services had required all qualified health plans to include a comprehensive level of essential benefits. However, it appears that does not seem imminent at the moment, giving the states some leeway and avoiding a potential political problem.

But some states still might not act because they are hesitant to embrace reform law provisions. Consequently, the default benchmark plan (i.e., the largest plan in the state’s small-group market) will be implemented. However, ultimately states will have to choose a plan that balances costs and quality of benefit structure.

The bulletin released in December calls on states to set a ‘benchmark’ to include in the essential benefits package. To do this, states must pick an existing and popular plan. There are four benchmark plans to choose from: (1) one of the three largest small-group plans in the state; (2) one of the three largest state employee health plans; (3) one of the three largest federal employee health plan options; or (4) the largest HMO offered in the state’s commercial market.

In addition, the reform law outlines 10 broad categories — including emergency services, maternity and prescription drugs — that need to be assimilated into plan design. If states choose a benchmark plan that doesn’t include all of those 10 categories, they will likely be able to borrow from other benchmark plans to fill in the overall benefit. Hence the final benchmark plan could be a fusion of more than one plan design. Enabling states to define a benchmark based on their most popular plans will help increase acceptance and action.

If a state uses one of its own plans as the benchmark, the Affordable Care Act requires that the cost of ‘essential’ (mandated by the HHS) benefits must be paid for by the state. But the bulletin suggests that states will be allowed to define any or all existing state mandates as essential.

Further, a common benchmark being utilized by states could make it easier for state insurance exchanges to certify qualified health plans. And with input from health plan operators, state legislatures will need to study and evaluate the enrollment and cost data to help ascertain which benchmark plan will be used to define its EHB.

Hospitals May Be Pressured to Change

Posted on February 8, 2012 by Kathleen Rand

As healthcare reform rolls out, hospitals re-evaluate how they do business.

The economy may be sluggish but publicly-traded hospitals continued to be profitable in 2011. But continued low admission rates, combined with growing enrollment in low-paying government programs, could give hospitals more incentive to pressure insurers for higher reimbursements during contract negotiations. Patient volume is improving, but not enough.

In mid-2011, commercial insurance enrollment increased, while Medicaid enrollment growth declined a bit. Despite this rise in commercially insured members, there seems to be a hesitation for actual health care utilization, probably because of continued economic instability and higher cost-sharing provisions in health plans. While low patient volume is a threat to the bottom line, low Medicare and Medicaid reimbursements are the biggest incentive for hospitals to pressure the insurers at the negotiating table.

Therefore, some hospitals might want to form new relationships with insurers. Health systems seem to preparing for a world where access to doctors and diagnostics, and cost control will matter more to their overall success and financial health than having a hospital in every part of the market. Consequently having increased emphasis on improved care management and better cost control will improve dealings with health plans as well.

With healthcare reform rolling out, it is a real possibility that new state-of-the-art ambulatory care centers could supplant inpatient facilities as the preferred strategy for market access. Plus the momentum toward more coordinated and patient-focused accountable care will continue among providers.

Additionally, publicly-traded hospitals could become a more attractive option in 2012 as usage increases among commercially-insured patients. Hospitals are much more sensitive to this than health insurers. An increase in the labor force also promises to be optimistic for providers. Long-term unemployment and the number of part-time workers as a percentage of the work force are higher, which could potentially hold down utilization levels. Yet, as overall utilization improves, even slowly, hospital perception levels will decline as less critical patient procedures return to the market.

To counter pressures, including a rapidly increasing Medicare payer mix, hospital systems will need long-term cost reductions of 20% to 25%. Hospitals will apply strong cash generation to acquisitions to help counter flat organic growth. Some hospital systems have taken advantage of favorable conditions in the bond market and have renegotiated credit agreements to refinance debt and extend maturities.

But even with available cash, hospital systems might not want to target acquisitions due to uncertainty surrounding the Supreme Court’s ruling on key provisions of the reform law and the November elections. The differing agendas of politicians could lengthen due diligence and slow down deal volume. And if the court strikes down key provisions, such as the development of ACOs, the purchase of physician practices by hospitals would likely decrease. However, the primary causes for consolidation, like capturing market share, improving access to capital, and finding new efficiencies, all remain in place as viable.

Exploring Medicaid Managed Care Expansion

Posted on February 2, 2012 by Kathleen Rand

Medicaid expansion coming soon.

Medicaid managed care plans may prove their worth in containing costs in 2012 since states will seek out alternative policies and payment/delivery models to cope with a looming Medicaid expansion under the health reform law, or the Affordable Care Act.

There are plan sponsors that are focused on expanding into the Medicaid market, including larger plans like United Health Group and Coventry Health Care, Inc. This business opportunity is fueled not only by federal healthcare reform, but also by state interest in outsourcing care of both the ABD (aged, blind and disabled) populations as well as the relatively healthy mothers and children traditionally in Medicaid managed care.

The bottom line is that states will continue to need managed care plans to help both limit costs as well as make costs more predictable and consistent.

Many states are facing massive Medicaid program cuts as they head into 2012. These budget problems in part are the reason why some won’t be able to shoulder the program expansions slated for 2014. The expansion is expected to cover some 16 million to 18 million more Americans whose annual income is over 130% of the federal poverty level.

There are a few factors impacting whether states are ready for the expansion. To name a couple: states are in a budget crunch now and employment in public-sector is declining and affecting state Medicaid agencies.

Even though the federal government is initially paying for the costs of the Medicaid expansion, there will be existing state staff that have to deal with the expanding population and pretty significant changes in rules. So, states have to implement something additionally with fewer resources.

The budget situation in most of these states is both a risk and an opportunity for these Medicaid managed care organizations. Premiums may not keep up with health care costs, and plans, consequently, could face potentially lower margins. If regulators want a viable private Medicaid business, they’re going to have to allow these companies a 1% to 2% net margin or operating margin.

Budget concerns also may create a long-term opportunity for Medicaid plans. More and more states that are dealing with budget issues will turn to private companies to help them manage their Medicaid costs and to make sure their Medicaid dollars are spent efficiently. While only 20% of Medicaid spending is now in managed care, that will certainly go up over time.

The emergence of ‘accountable care organization’ models in the Medicaid space as a way to address the forthcoming expansion is a trend to watch in 2012 and beyond, insiders say.

With at least 16 million more people coming into the Medicaid system under healthcare reform

ACA Dictates Medicaid Expansion

, states are going to have to focus on very cost-effective entities to provide that care. Even in states where there already is capitated managed care, there will probably be a lot of experimentation with these ACO-type entities as well.

States can’t cut enrollees, and can only cut provider rates by a reasonable amount. So the only other place to save money is to change the way care is delivered, and the only way a managed care plan can deliver that is to partner differently with the delivery system.

For instance, Oregon has been in the process of developing “coordinated care organizations” or CCOs to coordinate care of the Medicaid and dual-eligible populations. CCOs will be community run — a structure or entity accountable to the region where it operates — integrating physical health, mental health, substance-abuse services and dental care in one organization.

The CCO initiative is going to require that all MCOs change their business model in order to meet its criteria. These entities will have to develop the ability to manage internally things like behavioral health and other social services, as well as to partner with other organizations to become a CCO entity. How MCOs like CareOrgeon fit into the broader scheme of these CCOs could dictate how others end up interfacing with the Medicaid system during the expansion.

BHM Appoints New Business Division Leader Kathleen Schoenauer

Posted on January 30, 2012 by Danyell Jones

Congratulations Kathleen Schoenauer

BHM Healthcare Solutions is excited to announce the appointment of Kathleen Schoenauer, RN, BSN, CCM, to the position of Business Division Leader. Ms. Schoenauer brings a wealth of leadership and project management knowledge to the organization, as well as a strong reputation for successful implementation of state-of-the-art solutions within the fast-paced health care industry.

Prior to joining BHM, Ms. Schoenauer enjoyed an impressive 12 year career with APS. During that time, Ms. Schoenauer was responsible for the financial and business performance of multiple products and contracts to both a government and commercial customer base. Additionally, she has experience in designing and delivering services and solutions through collaboration with Medicaid agencies, state and local governments, health plans, employers and labor trust groups. Ms. Schoenauer has consistently exceeded expectations when improving profitability, designing a suite of services and building strong management teams.

BHM is very excited have Ms. Schoenauer join the organization, and looks forward to the benefit its customers will receive from her many years of experience in medical and behavioral managed care, specifically including her expertise in disease management, utilization management , and case management. “Because of her consistent ability to develop and market innovative approaches to process improvement and problem solving, we feel that she will prove to be a great asset to both our organization and our clients,” commented Mark Rosenberg, CEO of BHM.

Upon appointment to her new position, Ms. Schoenauer stated: “I look forward to my new role at BHM Healthcare Solutions and working with the talented team at BHM in providing best practice solutions for our partner clients. BHM Healthcare Solutions is a forward-thinking organization, positioned for growth and continued success helping clients achieve their goals and implement successful healthcare programs.”

7 Lessons Learned from the Swine Flu

Posted on January 25, 2012 by Casey Roberts

As the H1N1 outbreak of 2009 taught us, we as a modern society are just as apt to be exposed to outbreaks, as well as the behavior that follows. Because the next outbreak is only a matter of time away from happening, we thought now would be a good time to go over some lessons learned to be applied to the next time. So without further ado, here are the seven things that swine flu taught us.

Public Health Emergency does not mean panic – Back in 2009 when the swine flu first hit the states, public officials were declaring an emergency after 20 people had infections confirmed. More people die per day of the flu than were diagnosed back then, which doesn’t necessarily merit a panic, but what if the next outbreak is more serious?
There is tons of medication – In fact, when the outbreak hit in 2009, there was a supply of 50 million units of anti-viral drugs that could have been used immediately, not to mention a pharmaceutical industry that was prepared to make lots more.
Planning pays – There was a system in place for the case of an outbreak that did include mobilizing the proper people. There were also plans in place that were implemented to stockpile medicines should an outbreak occur.
The media helped – Although the media can be blamed for over-exaggerating or under-exaggerating outbreaks, it is also a vital part of relaying information. Just about every private citizen heard about the outbreak, its symptoms, and what to do from the media.
Rise of outbreak sites – In addition to the CDC’s site that lists outbreaks and updates, there were also other sites that sprang up to meet the need of people who wanted to be notified immediately of outbreaks. There are sites such as FluTracker and Outbreak Alert that can tell you what has been reported in your area.
Review – The outbreak of swine flu was also a good chance for everyone to brush up on good hygiene and safety practices like washing your hands, covering your mouth, and not going into work if you think you’re contagious.
More vaccine plants – The outbreak of 2009 showed how limited the United States’ own resources were limited. In fact, Time reported that only one plant in Pennsylvania produced flu vaccines in the U.S.

Casey Roberts is a student and also writes for Radiology Assistant which helps students find the right radiology degree.

Please Welcome Guest Poster Casey Roberts

Posted on January 25, 2012 by Danyell Jones

Hello everyone,

I just wanted to take a quick moment to introduce our guest poster, Casey Roberts. Casey has wonderful information about timely healthcare topics, we hope that you will enjoy these posts and welcome Casey to our online blog community.

Cheers!

Compliance and Employee Buy-In

Posted on January 24, 2012 by Kathleen Rand

Healthcare Compliance is daunting but necessary

Under the Affordable Care Act, compliance programs have become mandatory. To have an effective compliance and ethics program, according to the ACA, an organization “shall (1) exercise due diligence to prevent and detect criminal conduct; and (2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

Compliance officers are stepping up their efforts to evaluate compliance effectiveness in light of the health reform law’s mandate, which will make programs a condition of Medicare and Medicaid participation, and the HHS Office of Inspector General’s Medicare compliance reviews, which include hospital compliance programs.

With the government looking over their shoulders, theses compliance officers are trying to find the best ways to reduce risk in their organizations through processes, and to demonstrate that risk has been reduced through outcomes. An effective compliance program encompasses seven fundamental components: policies and procedures; management oversight; education and training; and reporting; enforcement and discipline; auditing and monitoring; and remedy and corrective action. However, the pivotal factor in any program is employee buy-in and behavior.

Compliance programs can have solid structure and well-defined process which covers the principles of acceptable compliance such as discrimination and harassment, confidentiality, reporting illegal or unethical behavior, and licensing and professional credentialing. Yet, even mature compliance programs have a long way to go in the effectiveness-evaluation department, according to compliance officers, who are starting to look outside the box for ways to determine their impact on the organization.

Design is good, but organizations need to know what difference is being made, and if an impact is being made on employee behavior and the organization’s culture. A compliance program should have full integration, not just focus on specific areas. Additionally, another step would be valuable in the compliance model: a measurement of the change created.

For example, an error is identified and fixed, and a corrective action plan is implemented and reported to the board. But did it change anyone’s behavior? Is anyone monitoring the corrective action plan? If the error recurs, is a root cause analysis conducted to find out why behavior didn’t change? Most people in the compliance world do auditing/monitoring and corrective action plans, but accountability regarding the change mage would go a long way in strengthening compliance programs.

Furthermore, employee behavior is a significant indicator of buy-in and overall compliance program effectiveness. The goal is for employees to call the compliance office before there’s a problem, for their awareness to increase. Culturally, it is so important for compliance to permeate as a value.

HIPAA Security Explored

Posted on January 21, 2012 by Kathleen Rand

A significant provision of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. The Affordable Care Act of 2010 will further these increases and include requirements that will be necessary to adopt. In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

Given the above stipulations, we are going to explore the some issues pertaining to HIPAA computer and technology security.

One of the first steps is to understand why computer security in healthcare is so important. It seems rather rhetorical: the answer is because everyone cares about the privacy and integrity of their health information. In most cases, the point of computer security is to prevent personal health information from falling into the wrong hands or being inadvertently altered or destroyed.

The HIPAA security standards apply to protected health information (PHI) that is either stored or transmitted electronically. PHI is health information in any form that personally identifies a patient.

Computers have made the issue of identity much more problematic. People have always been able to use someone else’s identity for criminal purposes, but the problem is aggravated when we can’t use physical means to confirm their identity. How do you know the person whose name is attached to an electronic health record (EHR) entry really made it? It’s difficult. The bottom line is this: Computer security is needed to protect the privacy of those whose information that is stored and managed. It is also needed to protect an organization from the risk of penalty and legal liability if private information is used or released.

The HIPAA security standards require healthcare organizations to have written security policies and procedures, including those that cover personnel training and sanctions for security policy violations. Your office staff and colleagues must truly understand basic security logic and take their role in protecting patients’ privacy very seriously.

The HIPAA security standards require your practice to appoint someone as the security manager, so you might want to assign these tasks to that person. Furthermore, an organization must also understand what encryption will do and when it is necessary. Contrary to what many people are saying, the HIPAA security standards do not require e-mails, or any other transmission from a doctor’s office, to be encrypted. The standards do require your practice to assess whether its unencrypted transmissions of health information are at risk of being accessed by unauthorized entities.

Encryption is the transformation of a message from plain text into nonsensical cipher text before the message is sent. Anyone who steals the cipher text message will not be able to understand it. Only those who have the code used to encrypt the message can convert it back from cipher to plain text and reveal its meaning.

For several reasons, encryption is generally not employed for information stored on a computer’s hard disk or transferred within an office’s local area network. First, the risk of disclosure to unauthorized parties is small in the closed environment. Second, encrypting data is costly. Third, encryption generally slows down the movement of information within software applications and databases.

The HIPAA security standards require an organization to obtain assurances from business associates that they will implement the necessary safeguards to protect the confidentiality, integrity and availability of the electronic health information they create, maintain or transmit on behalf of the organization.

Remember that there is no one-size-fits-all approach for computer security. What counts is being “reasonable and appropriate” when matching security measures with the level of risk that pertains to an organization’s situation.

Ten HIPAA Questions Answered

Posted on January 18, 2012 by Kathleen Rand

In this blog, we will review ten questions about the Health Insurance Portability and Accountability Act, or HIPAA. The legislation can seem overwhelming; sometimes breaking it down can make it much easier to digest.

Of course to ensure that your organization is prepared to overcome any compliance roadblock, please consult BHM regarding our HIPAA Compliance analysis: click here for more information

HIPAA ensures a 'lock' on privacy.

1. What is HIPAA?

The Health Insurance Portability and Accountability Act, or HIPAA, was passed by the federal government in 1996. The original intention of HIPAA

was to help guarantee the continuation of health insurance coverage when an individual left his or her job. Additionally, HIPAA was expanded to include a number of provisions in order to simplify and lower the costs of processing health information. A number of these provisions deal with the standardization of electronic transactions, particularly regarding security and privacy issues.

2. What is the HIPAA Security Rule?

HIPAA requires the implementation of security standards to help protect health information. Yet, it does not spell out any specific security requirements. HIPAA simply necessitates administrative, technical and physical safeguards to make sure that the integrity of health information remains confidential. These requirements have been defined and published in the HIPAA Security Rule by the Department of Health and Human Services.

4. What type of information is protected by HIPAA?

Health information is defined as any information, whether spoken or recorded in any form, that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse. This information can be related to the past, present or future physical or mental health condition of an individual, the delivery of health care to an individual, or the past, present or future payment for the provision of healthcare to an individual.

5. Who must comply with the HIPAA Security Rule?

Any Health Plan, Health Care Clearinghouse or a Health Care Provider who transmits health information in electronic form must comply with the HIPAA Security Rule. A Health Plan is defined as an individual or group plan that provides or pays the cost of medical care. A Health Care Clearinghouse is defined as a public or private entity, including a billing service, re-pricing company, community health management information system or community health information system that does either of the following functions: (1) Processes health information received from another entity in a nonstandard format; or (2) Receives a standard transaction from another entity and processes health information into nonstandard format for the receiving entity. A Health Care Provider is defined as a provider of services, a provider of medical or health services and any other person or organization who delivers, bills or is paid for health care in the normal course of business.

6. What are the repercussions of non-compliance with HIPAA?

Failure to comply with HIPAA requirements could result in significant financial loss through civil penalties, not to mention damage to an organization’s reputation. HIPAA states that civil penalties up to $100 per day per person can be issued for non-compliance. While this does not seem like a large sum, it can quickly add up. For instance, if student health information was exposed for 1000 students over the course of 30 days, the fines could reach $3,000,000.

7. May a physician or hospital “fax” a patient’s medical information to other physicians or to an insurer?

Yes. The Privacy Rules do not prohibit a “covered entity” from faxing protected health information. A physician should be sure, however, to comply with the Privacy Rules’ requirements for disclosures generally. For example, the physician should check whether the “minimum necessary” rule applies and, if it does, limit the information in the fax to the minimum necessary information.

Also, a physician should be sure to have appropriate security safeguards in place that are administrative, technical, and physical in nature. For example, the physician should use policies and procedures that require office staff to verify the recipient’s fax number and use a cover sheet that does not include protected health information.

8. What is the “minimum necessary” standard?

HIPAA requires a physician to make reasonable efforts to limit the amount of protected health information that the physician uses or discloses to the minimum amount that is necessary to accomplish the purpose of the use or disclosure.

Importantly, this requirement does not apply when a physician discloses information to another provider for treatment purposes or when a physician requests information from another provider for treatment purposes. Accordingly, the minimum necessary standard should not interfere with a physician’s ability to provide appropriate treatment to patients.

9. May a physician discuss information about a patient’s treatment with other physicians using e-mail or fax?

Yes. Physicians may use any method of communication — including e-mail, oral conversations, written letters, or other methods (including sending facsimiles) — so long as the physician uses “reasonable and appropriate safeguards” to protect the communication. HIPAA does not prohibit a covered entity from emailing or faxing protected health information to a physician.

If a covered entity refers to the Privacy Rules as the reason the individual will not fax information to a physician, the physician may direct the covered entity to the Department of Health and Human Services’ Frequently Asked Questions at: http://www.hhs.gov/ocr/privacy/hipaa/faq/index.html. The physician may also assure the individual that appropriate safeguards are in place to receive the fax securely.

10. If a patient’s family members call to ask how their loved one is doing, what can the treating physician disclose?

HIPAA allows a physician to share a patient’s information with the patient’s family member or friend if the information is limited to what is directly relevant to that person’s involvement in the patient’s care. For example, a physician may tell a person living with the patient that the patient needs plenty of rest and lots of fluids or that the patient needs to take a prescribed medication twice daily with food. The physician should not share more information than the person needs to assist with the patient’s care.

A physician should not share a patient’s information with the patient’s family or friends if the patient has asked the physician not to, or if the physician believes, in his/her professional judgment, a disclosure would be inappropriate.

RAC Learning Series Part Four – Demystifying the Query (Audit) Process

Posted on January 17, 2012 by Vickie Axsom Brown

Demystifying the Query (Audit) Process

Vickie Axsom-Brown, Senior Consultant, BHM Healthcare Solutions

BHM assists organizations mitigate RAC audit risk

Demystifying the Query Development process is key to every health care provider’s success regardless of the type of services delivered. It requires an understanding of the resources, references and tools used by RACs so providers can maintain their organization’s preparation for CMS audit “participation.”

The tools used by RACs are vast and may look like alphabet soup. The “New Issue” process begins with the responsible team’s identification of potential billing/reimbursement issues. The typical “New Issues” team is comprised of experienced claims’ processing representatives with Part A, Part B, DME, pharmacy, home health, hospice, hospitals, providers, SNFs, et. al. specific backgrounds. This team uses their experience and multiple resources to identify potential issues for which analysis will be done to validate issue value.

In addition to experience, the following data sources are used (the alphabet soup):

Raw Data – RAC database, routine CMS RAC Data Warehouse downloads, industry trends…
Outcome Reports – CERTs[i], OIG[ii], PEPPER[iii], GAO[iv], QIOs[v]….
Industry Experience[vi] & Information – AAHAM, AHA, AMA, AAASC, JCAHO, JCAHACO…
Policy/Rules and Regulations[vii] – LCDs, NCDs, CRs[viii], IOMs, MLN…
CMS Programs – ZPICS[ix], DOJ[x], Vulnerabilities Reports[xi], Carriers, FIs, MACs

Information is collected and evaluated to determine potential improper payment trends, type of provider(s) involved, resources and financial impacts, and projected outcomes. Data are analyzed by statisticians and/or SAS analysts to define the each of these elements by targeted provider type(s). Once analytical results are provided to the New Issue team, the list of improper payments is prioritized and the New Issue submission type/preparation begins.

Different submission criteria exist for New Issue automated reviews (examples of findings and results required) and New Issue complex reviews (medical record documentation and evaluation findings required). The RACs preparation and submission processes vary due to CMS Review Board supportive information/analytical requirements and can range from 30 to 120 days preparation prior to RAC submission to CMS.

All New Issues require complete data presentation with projected Medicare Trust Fund returns. The CMS New Issues submission package is well-defined and must meet all specifications before presentation to the CMS Review Board. If a New Issue package fails any defined criterion, it is returned to the RAC for re-submission. This means the RAC loses a place in line for the CMS Review Board’s review/approval of a New Issue. 2010, the CMS New Issues Review Board had an ever-increasing New Issues backlogs resulting in their encouragement that all RACs collaborate on a list of New Issues for Board consideration. RACs pursued the recommendation and drafted eight (8) New Issues for collaborative submission to the CMS Review Board.

Upon receipt of a New Issue package, designated CMS Review Board representative(s), review(s) the package for submission compliance, content, New Issue review type (automated/complex), value (financial returns), and review submission direction. The New Issue package may be presented to the RAC Validation Contractor for assessment and recommendations and/or to the CMS Review Board (physicians, policy makers, et. al.). Once reviewed, the CMS Board generates a decision:

1- Approved as submitted.

2- Approved with modifications.

3- Approved with defined limitations.

4- Denied for current review period, resubmit in one year.

5- Denied.

Approved New Issues are posted on the RACs’ provider portals and are available for the RACs inclusion in future audits.

[i] Comprehensive Error Rate Testing (CERT) Program reports (www.cms.gov/CERT/CR/LIST.asp. Lists reports by hear and Report Type, e.g., Over utilized codes, CERT findings, Use corrective actions to monitor improper payment findings. This website usually accessible from Carrier/FI/MAC Website link.

[ii] Office of Inspector General Reports (www.hhs.gov/reports.asp

[iii] Program for Evaluating Payment Patterns Electronic Report (PEPPER); Published by TMF Health Quality Initiative under contract with CMS…Audio on demand for Pepper information; PEPPER 2011: Identify Changes, Address Vulnerabilities and Be Audit-Ready

[iv] General Accounting Office “GAO” Reports (www.gpoaccess.gov)

[v] Quality Improvement Organization Reports, www.cms.gov/QualityImprovementOrgs/

[vi] Inpatient, Ambulatory, Outpatient, DME, SNF, CORF, Rehab, Hospice, Physician, et.al.; www.beckerhospitalreview.com; high risk coding errors, duplicate claims, pricing errors, billing excessive units, failure to meet LOC requirements, payment errors, SNF consolidated billing, cross over coverage (ambulance, medications, ), questionable level of care, improper diagnosis codes, mismatched codes, et.al.

[vii] Local Coverage Determinations (LCDs), National Coverage Determinations (NCDs) www.cms.gov/medicare-coverage-database/

[viii] CMS Change Requests www.cms.gov/Transmittals/downloads

[ix] Zone Program Integrity contractor – ZPICs (former Program Safeguard Contractors) www.zpicaudit.com

[x] Department of Justice, www.justice.gov/oig/reports/index.htm

[xi] Vulnerability Reports (multiple references); www.gao.gov – Spotlight or Key Issues section or www.gao.gov/docsearch/repandtest.html