I have recently noticed several pieces of news that I thought would be of interest to providers of behavioral health services and others.
1. The National Council Public Policy Update of April 8, 2010 pointed out an important change in timely filing requirements for Medicare claims:
Requirements of the Patient Protection and Affordable Care Act makes (sic) several changes to the Medicare timely filing requirements. Under the new law, all claims from before Jan. 1, 2010 must be filed by Dec. 31, 2010. Beginning on Jan. 1, 2010, all claims must be filed within one year after the date of service in order to be considered timely.
Sec. 6404 of the law details the requirements. This is a change from the former allowance of 3 calendar years to file a claim. Be clear about this: you now have 1 calendar year after the date of service to file a timely claim for payment for those services. Now might be a good time to use your billing software to learn which old Medicare claims have not been paid (the claims may have been lost) and if there are any Medicare services that have not been billed. If these are not already three years old, you have only until the end of 2010 to file them, and with services that are new in 2010, you have one calendar year to file a claim for the services.
2. Seth recently posted a message on our User Group about the potential privacy and security problems that can be caused by data left on newer copiers and multifunction machines. NJAMHAA Newswire of May 3, 2010 also commented on the possibility of HIPAA violations that can result from careless use of these machines. Seth’s comments follow:
Now that you finally got all your computer hard drives encrypted and you are feeling pretty smug, here comes another headache — thousands of images containing PHI stored on a hard drive hidden inside other office machines. Take a peek at this investigative report by CBS news:
This is a pretty big vulnerability. If you have one of these higher end digital copiers, printers, or multifunction machines and it is stolen — or you neglect to remove or wipe the hard drive before selling or trading it in, you have a reportable security breach. Nobody would be likely to have a list of the patient documents that had been copied over the years, so you
would have to assume that EVERYONE’s protected information was at risk. That means reporting to the Feds, taking out the newspaper ad announcing your negligence, and the rest of the breach notification nightmare!
Apparently all major manufacturers offer security add-ons of some sort. Now would be a good time to inventory your document devices to determine if they contain hard drives and whether you can retrofit appropriate security add-ons to avoid a potentially disastrous situation in the future.
3. The National Council on April 23 published a review of Parity Act implementation that will allow you to determine whether your insurer or the payer with which you are dealing is in compliance with the Parity Act. Is your insurer in compliance with the Parity Act? will help you ask the right questions and provides resources to help you answer the question.
4. On April 22, FierceEMR and other sources reported that hospital-based doctors are now eligible for ARRA incentive payments for meaningful use of certified EHR technology, and that a bill has been introduced by Rep. Patrick Kennedy (D-RI) and Rep. Tim Murphy (R-PA) seeking to include mental health professionals, Community Behavioral Health Organizations (CBHOs), psychiatric hospitals and chemical dependency programs in the ARRA incentives. Time will tell what will fly.
5. And finally, the Mercom Capital HIT Report of May 3 indicated that HHS is seeking comment on the anticipated impact the stricter disclosure reporting requirements included in the HITECH Act will have on providers.
To help guide the Health and Human Services Department in tightening rules for health information privacy, HHS has asked providers, payers and consumers to comment on the benefits and burdens of accounting for the disclosure of protected health information, even if the data is intended for treatment and billing purposes. The HITECH Act called for HHS to strengthen the privacy rule of the Health Insurance Portability and Accountability Act (HIPAA). With the changes, providers, plans and their business partners will have to account for disclosures of patient information contained in an electronic health record, even if the data is for healthcare provision and payment.
HHS’ Office of Civil Rights (OCR), which oversees health information privacy, published a request for comments in the May 3 Federal Register
“to inform our regulations under the HITECH Act,” according to the announcement. Under HIPAA, providers and plans currently do not have to report releases of protected data when the disclosures are related to patient treatment, payment and healthcare operations. HHS said in the notice that it will remove the exemption for those disclosures when it involves an electronic health record (EHR).
Needless to say, there is a great deal going on in the world of behavioral health care and health care in general. Please feel free to share news items you discover that might be useful to other readers.
Don’t forget, your comments are always welcome. Please share them below.