documentation improvement in the clinic i n s i d e ... -...
TRANSCRIPT
I N S I D E T H I S I S S U E :
CONNECT WITH US!
www.rmcinc.org
OIG Work Plan:
An Overview and
Auditing Priorities
for 2017
2
Ransomware 3
Significant Coding
Clinic Changes 3-4
...with Diabetes 4-5
RMC News 6-7
Vol.7 Issue 1 1st Quarter 2017
Documentation Improvement in the Clinic By Chris Breithoff, CPC, CPCO, CRC &
Monique Vanderhoof RHIT, CPC, CCA, CRC
You have probably heard the sayings “If you think it, ink it” or “If you didn’t write it down, it didn’t
happen”. Perhaps you have even used them yourself! As cliché as they might be, these sayings are
very important for providers to understand.
These days we find that documentation is becoming easier for providers to be more thorough thanks
to the rapid adoption of EHRs. Most EHRs can be customized to a provider’s preferences,
specialties, etc. making it easier to document more sufficiently than they did with pen and paper. The
catch is that as more clinics continue to adopt EHRs we are now seeing some new areas of concern
with documentation that providers need to be weary of, so as not to find themselves in hot water.
The sooner we can catch these issues and train providers the right from the wrong, the less difficult it
will be to change habits.
Some of the most common issues being seen with EHR documentation are copy/paste, conflicting
documentation, missing signatures/attestations, and upcoding.
Copy/Paste or Cloned notes: This becomes a problem when a provider copies a previous note
into the current visit and fails to confirm and update the information included in the note so that it
reflects the current visit. If the information contained in the documentation does not accurately
represent the current condition/visit, the provider is at risk for incorrect billings. Worse yet, in an
audit situation if a note(s) appear to be cloned, they are considered unacceptable and insurance com-
panies will recoup any money paid; often plus interest.
Conflicting Documentation: Another issue that we see frequently when notes have been copied
and pasted from previous encounters is that there is conflicting documentation. A provider pulls
information from a previous note and doesn’t edit the information to fit the current situation but
instead adds new information to it. This can leave us with conflicting documentation because part of
the note says one thing and then later also says the opposite. Conflicting documentation renders itself
invalid in the case of an audit because it cannot be deciphered what really happened for that specific
date of service. Documentation MUST reflect only what was done at the time of the visit and not
include information copied from previous visits.
Templated Notes: EHRs give us many options to customize and simplify our work; using
templates is one of those options. Templates allow providers to select predefined text and structured
text boxes, etc. so that completing a note is a much easier process. The problem with templates and
cloned notes comes when all notes appear similar or identical. Documentation must show differences
in the level of services being provided at each visit. For example, you might have fairly lengthy
documentation for a patient presenting with multiple new problems, but you wouldn’t have the same
lengthy documentation with multiple body areas examined for a straightforward condition such as an
ear infection.
Missing Signatures/Attestation: We frequently see documentation in the EHR with no
signatures or attestations attached. Just as a provider would sign a paper note, they must sign an
electronic note for it to be valid for billing purposes. Every note must be signed and dated by the
provider of service. Documentation left in draft form in the EHR is not valid because it can be
changed by anyone at any time; therefore providers must be sure to finalize their documentation with
the appropriate procedure so that a signature and date are attached to the document and it is locked
from editing.
Code Creep/Upcoding: When a provider overuses checkboxes, drop down lists, etc. to create
unnecessarily lengthy documentation this creates a situation called code creep or upcoding. The
increased documentation makes the services billable at a higher level, thus payable for more $$,
when in reality a straightforward visit was all that needed to be performed. CMS states “even if a
Continued...
complete note is generated, only the medically reasonable and necessary services for the condition present at the time of the encounter as
documented can be considered when selecting the appropriate level of an E/M service.” Therefore, regardless of the large amount of
documentation, if the medical necessity for the documentation isn’t proven, it cannot be used for billing purposes.
Moral of our story: While EHR systems have many benefits, caution must be used so that the functions of the EHR are not abused.
Providers should include only information that is pertinent to the medical decision making necessary for the current diagnoses. Be sure to
capture personal, family and social history as it pertains to the current state of the patient. The documentation a provider creates must paint a
clear and concise picture of how sick the patient is at the time of the visit.
Last month I presented a webinar on the OIG Work Plan for 2017. Although we’re almost halfway through the fiscal year 2017, this
presentation provided some key points on how you can incorporate the current plan and future plans into your organization’s auditing and
monitoring functions. Paying attention to what the Office of Inspector General (OIG) for Health and Human Services (HHS) plans to audit and
monitor during the upcoming fiscal year should be a one of the key drivers in developing your own annual audit plan.
As a reminder, auditing and monitoring is one of seven key elements of an effective compliance program. Auditing and monitoring program
functions can help an organization identify risks to business, assists with preventing real or potential risks from escalating and shows a good
faith effort that you are truly looking at your own processes and controls.
This year, the OIG has cleaned up its annual work plan by deleting old items, and adding new items it plans to audit this fiscal year. Although
the plan is specific to what the OIG plans to audit in respect to HHS programs, it provides a plan of the audits that organizations may
experience as well. The annual plan covers Medicare, Medicaid, FDA, Substance Abuse/Mental Health, Public Health, Indian Health Services
and Other.
For the purposes of the presentation and my own experiences in developing an annual audit plan, the items can be grouped into categories: 1)
FYI only, 2) Monitor and 3) Audit. Auditing and compliance staff may then work with operational director to categorize each item somewhat
quickly before taking a deeper look at each item that may be placed on the organization’s work plan.
The remainder of the presentation focused on specific 2017 OIG Work Plan items and how organizations may add them to their own audit
work plan or share them as FYI only items with leadership. For example, organizations that perform Hyperbaric Oxygen Services, could
benefit from conducting a probe audit or sample of claims to ensure that the treatments were for covered conditions and that the medical
documentation adequately supported the treatments.
Perhaps more of an FYI item for those who already have a good understanding of their Provider-based Clinics, this item may prompt
organizations to review their own clinics or simply provide an educational opportunity to alert leadership that the OIG has included an item on
the topic. This may be the case for the Two-Midnight Rule item as well. If an organization has not already, now is a good time to review the
number of outpatient and inpatient services in relation to the changed interpretation to ensure the organization is following the most up-to-date
CMS guidance.
Other notable items for 2017 include items related to inpatient rehab hospitals, skilled nursing facilities and hospice medical documentation
reviews. If an organization provides these services, these may be key items to add to an organization’s audit plan.
No matter the time an organization reviews the OIG Work Plan, this resource is important in creating an annual audit plan and educating
leadership on OIG activities.
“Documentation Improvement” continued...
Page 2 C O M P L I A N C E C O N N E C T I O N S
OIG Work Plan: An Overview and Auditing Priorities for 2017 By Aurae Beidler, MHA, RHIA, CHC, CHPS
Monique Vanderhoof, RHIT, CPC, CCA, CRC is Director of Coding Services at RMC. In this role she is directly responsible for a hospital and professional fee coding project at a large psychiatric hospital. Monique and her Team of coders are well versed in behavioral health cod-
ing. Additionally, Monique is heavily involved in HCC/Risk Adjustment Coding, coder education for clients and internal RMC coders, as well as
education for providers. Monique has over 20 years of experience in the clinic and hospital settings as well as consulting. Monique is also an
AHIMA Trainer in ICD-10-CM.
Aurae Beidler, MHA, RHIA, CHC, CHPS has worked in the health care industry since 2002, for health systems and outpatient clinics including behavioral and dental health, with an emphasis in compliance operations and program implementation, training, auditing and privacy
and security of health records. Aurae has experience with coding and billing issues, risk assessments, regulatory interpretations, internal
investigations, responding to external audits and investigations, writing appeals for denied claims, policy and procedure creation, provider education and training, risk management and provider malpractice insurance and determining clinical billing risk by performing audits and
investigations. She has overseen and assisted with the implementation of a privacy and security program for outpatient clinics and developed an
institutional compliance program. She has also published several articles in Compliance Today and the Journal of AHIMA, and serves on AHIMA’s Privacy and Security Practice Council. Aurae earned a Master’s degree in Healthcare Administration (MHA) from Pacific University in 2010, a
graduate certificate in biomedical informatics from Oregon Health and Sciences University and a B.A. in Journalism from University of Oregon in 2002.
Aurae is currently credentialed as a CHC, certified in healthcare compliance, RHIA, registered health information administrator and CHPS, Certified in
Healthcare Privacy and Security.
Chris Breithoff, CPC, CPCO, CRC is the Director of Physician Coding Services at RMC.. She has worked in the medical arena since 1985 with an emphasis on coding & compliance for over 20 years. Her background includes managing large private practices, as well as managing a
physician coding department for a large teaching hospital. Chris’ areas of expertise are E/M, Critical Care, ER, GI, Pulmonary, Cardiology,
Behavioral Health and Sleep Medicine. Additionally, Chris is heavily involved in education for clients coders and internal RMC coders as well as
provider education.
Ransomware By Chris Apgar, CISSP
Ransomware is not new but it’s ever increasing use to blackmail healthcare organizations should place ransomware attacks as a definite
possibility and a risk that needs to be mitigated. It’s critical for healthcare organizations to prepare for such malicious attacks. Preventing and
quickly responding to malicious attacks should be a part of any healthcare organization’s risk management strategy.
The first place to start is with staff education. Phishing and spear phishing can and are leading to more than ransomware attacks. It can lead to
network compromise, breach and an inability to address critical patient care. Staff need to know how to spot malicious links and email and
what is and isn’t safe to click on. Training is one of the key steps in addressing ransomware.
As part of the training, healthcare organizations should run mock phishing exercises. A mock phishing exercise is a form of social engineering
and it can be used to determine how many staff click on malicious links without harming the organization. This exercise helps identify staff
who may need remedial training and it makes it real for staff. This should not be a onetime exercise. Ongoing training and social engineering
exercises keep the threat of phishing in the forefront of staff’s minds.
It’s important to implement a solid backup plan. A backup plan should cover all critical applications and data and backups of data should occur
on a daily basis. Backup media should be stored offline or a better way to say it is the media should not be accessible from the Internet to
avoid malicious access to the media. Backup media should be stored offsite and encrypted. If the media is stored offsite at a secure location, it
is less likely that the media is accessible to unauthorized individuals.
All healthcare organizations need to develop and implement a formal security incident response plan. The time to plan is not when the ransom-
ware attack occurs. A formal incident response team needs to be appointed and trained. A lot can go wrong in the event of a ransomware
attack if a plan isn’t in place and a team has not been formally trained. The FBI stated healthcare organizations should not pay the ransom and
should engage law enforcement if an attack occurs. That’s good advice but healthcare organizations need to know at what point the ransom
needs to be paid to protect patients and provide needed patient care. You don’t know what that point is if you don’t have a plan and you don’t
test the plan before a malicious attack occurs.
Developing a sound disaster recovery and business continuity plan is another step healthcare organizations can take to reduce the impact of a
ransomware attack. Ideally healthcare organizations will maintain what is called a hot site – an alternate location that can be switched over to
in the event of a ransomware attack. That is not always feasible especially for smaller healthcare organizations because of the cost. Alternate-
ly, a sound and tested plan can be used to identity critical assets such as EHRs and what steps need to be taken to continue the business of
healthcare while the data is inaccessible and how to recover. Plans include such things as what vendors need to be contacted for replacement
servers and other assets and what steps will be taken to rebuild a network and hardware to eradicate the malicious code.
In the end, it is key to make sure staff is trained, phishing tests run and that plans are in place to address malicious attacks before they happen.
It’s more than a regulatory requirement. It is just sound business practice and is needed to provide patient care before, during and after a
malicious attack. This is not a onetime event. The types of risk change over time resulting in the need to periodically test and update plans.
People are the most significant risk hence ongoing training is also required.
2016 proved to be a challenging year for many of us working in ICD-10-CM and ICD-10-PCS. Personally, I felt like I had a good grip on
what was coming down the line with the I-10 go live, but as soon as I thought I knew what I was doing, along would come a scenario which I
struggled with. Coding Clinic did a great job in 2016 clarifying a lot of questions/scenarios that were submitted. This is going to be a brief
summary of some of the clarifications that I felt were important to be reiterated, but remember that there are a lot more that you should read
and take note of.
Heart failure can now be coded with documentation of “HFpEF” (heart failure with preserved ejection fraction) as diastolic heart failure,
and “HFrEF” (heart failure with reduced ejection fraction) as systolic heart failure. No more queries when this documentation or wording
is available! (CC 1Q 16, pg 10)
Following the Coding Conventions, Instructional Notes, and Coding Guidelines when there is documentation of a condition and the words
“with” in the index. Assume a link when the index provides one, unless the provider specifically states the condition is due to another
cause. (CC 1Q 2016, pg 11)
Chris Apgar, founder of Apgar & Associates is a Certified Information systems Security Professional (CISSP). He is one of
the country’s foremost experts and spokespersons on healthcare privacy, security, regulatory arriafs, state and federal
compliance and secure and efficient electronic health information exchange. Chris has more than 19 years of experience in
regulatory compliance and is a leader of regional and national privacy, security and health information exchange forums. As
a member of Workgroup for Electronic Data Interchange, and serving on the Board of Directors since 2006, Chris is an
honest, reliable, trustworthy expert in the field of privacy and security.
Email [email protected] for more details.
Page 3 C O M P L I A N C E C O N N E C T I O N S
Continued...
Significant Coding Clinic Changes by Jennifer Jones, CCS
Page 4 C O M P L I A N C E C O N N E C T I O N S
Bleeding associated with a drug as part of anticoagulation therapy should be coded to D68.32, hemorrhagic disorder due to extrinsic
circulating anticoagulants or drug-induced hemorrhagic disorder. (CC 1Q 2016, pg 14)
Hepatic encephalopathy is not synonymous with hepatic coma. Do not code this as “with coma” unless coma is documented in the
record. (CC 2Q 2016, pg 35)
Bronchoalveolar washings and brushings are coded to the root operation of “excision”, while bronchoalveolar lavage is coded to the root
operation of “drainage”. (CC 1Q 16, pg 26)
When a lesion/plaque is an extension and goes from one body part to another, this is considered a continuation of a single lesion. When
surgery is performed on an overlapping lesion in a tubular body part, assign the furthest anatomical site from the point of entry as the
body part when coding endarterectomy, with the root operation of “extirpation”. (CC 1Q 16, pg 31)
Decompressive laminectomy/foraminotomy is coded to the root operation of “release” for the condition of foraminal stenosis, and
discectomy is coded to the root operation of “excision” for the condition of disc herniation. These are separate and distinct diagnoses that
are both treated with separate and distinct procedures. (CC 2Q 2016, pg 16)
When coding arterial catheter placement, if the most distal placement of the catheter tip is not documented, the default body part value is
based on the documentation of the site of catheter placement. If the body part is documented where the catheter tip lies (for example,
superior vena cava), code to that most distal location.
Again, this just touches on a few of the Coding Clinic advices given for first and second quarter of 2016, so make sure you read the entire
documents to keep yourself up to date.
Diabetes has always been a challenge to code since there are many conditions that are related to it. Coders would always have to search for a
documented link between certain conditions and the diabetes. For example, when a patient would have chronic kidney disease and diabetes,
the provider would have to document “chronic kidney disease due to diabetes” or “diabetic chronic kidney disease”. Coders would hope that
the provider would provide this link between the two, and in many instances, have to query to get the documentation needed.
As of 2nd quarter 2016, however, Coding Clinic has clarified that there no longer has to be a link documented between certain conditions and
diabetes. Since the Coding Guideline I.A.15 states that word “with” is interpreted to mean “due to” or “associated with” when it appears in
the Index or code title, this means that a causal relationship can now be presumed. (Unless it is specifically documented that the condition and
diabetes are unrelated or due to another cause).
So what conditions does this pertain to? If you look in the ICD 10-CM Index under diabetes, here are the conditions where you can assume a
relationship:
Betes, diabetic (mellitus) (sugar) E11.9
With
Amyotrophy E11.44
Arthropathy NEC E11.618
Autonomic (poly) neuropathy E11.43
Cataract E11.36
Charcot’s joints E11.610
Chronic kidney disease E11.22
Circulatory complication NEC E11.59
Complication E11.8
Specified NEC E11.69
Dermatitis E11.620
Foot ulcer E11.621
Gangrene E11.52
Gastroparalysis E11.43
Gastroparesis E11.43
Glomerulonephrosis, intracapillary E11.21
Jennifer Jones, CCS has 26 years of experience in the Health Information Management field. She has been a Certified
Coding Specialist for 13 years, but has also worked as a Clinical Documentation Specialist, Manager of Coding Services,
Medical Transcriptionist, Medical Assistant, Medical Biller, and Medical Receptionist. She has worked in hospitals ranging
from a 25-bed Critical Access Hospital in Oregon to a 400-bed Community Hospital in Florida, and physician offices through-
out Oregon, Washington and California. She has been pursuing education in the nursing field to help further her coding skills,
and is working towards her RHIT. Jennifer joined RMC in 2009 and currently is the Manager of Coding Services for RMC.
...with Diabetes By Mary Chelucci
“Coding Clinic Changes” continued...
Continued...
Glomerulosclerosis, intercapillary E11.21
Hyperglycemia E11.65
Hyperosmolarity E11.00
With coma E11.01
Hypoglycemia E11.649
With coma E11.641
Kidney complications NEC E11.29
Kimmelsteil-Wilson disease E11.21
Loss of protective sensation (LOPS) - see Diabetes, by type, with neuropathy
Mononeuropathy E11.41
Myasthenia E11.44
Necrobiosis lipoidica E11.620
Nephropathy E11.21
Neuralgia E11.42
Neurologic complication NEC E11.49
Neuropathic arthropathy E11.610
Neuropathy E11.40
Ophthalmic complication NEC E11.39
Oral complication NEC E11.638
Osteomyelitis E11.69
Periodontal disease E11.630
Peripheral angiopathy E11.51
With gangrene E11.52
Polyneuropathy E11.42
Renal complication NEC E11.29
Renal tubular degeneration E11.29
Retinopathy E11.319
With macular edema E11.311
Resolved following treatment E11.37
Nonproliferative E11.329
With macular edema E11.321
Mild E11.329
With macular edema E11.321
Moderate E11.339
With macular edema E11.331
Severe E11.349
With macular edema E11.341
Proliferative E11.359
With
Combined traction retinal detachment and rhegmatogenous retinal detachment E11.354
Macular edema E11.351
Stable proliferative diabetic retinopathy E11.355
Traction retinal detachment involving the macula E11.352
Traction retinal detachment not involving the macula E11.353
Skin complication NEC E11.628
Skin ulcer NEC E11.622
As you can see this list is quite extensive! So many conditions to remember! It may be in the interest of a Coder to have this list handy when
coding since it is quite a lot to commit to memory. Coders will want to be accurate in their work and be sure to link the condition when
diabetes is documented.
Page 5 C O M P L I A N C E C O N N E C T I O N S
Mary Chelucci, RHIA, CCS, has been in HIM for over 30 years. Mary is currently working as a Project Manager for RMC.
Prior to RMC, she has worked as a Coder, Trauma Registrar, Medical Records Supervisor and Medical Records Coordinator for
acute care hospitals and one outpatient clinic. Mary is an AHIMA approved ICD-10-CM and ICD-10-PCS Train the Trainer,
and has been with RMC since December of 2013.
“...with Diabetes” Continued...
Page 6 C O M P L I A N C E C O N N E C T I O N S
Yep. You read that right. Totally free.
Visit our website: www.rmcinc.org to submit your questions today!
Our new website features a “Coding Questions” button. Submit your question, and one of our
RMC coding experts will reply.
*Also - don’t forget to follow RMC on Facebook, LinkedIn and Twitter. We post coding tips, reminders and updates weekly!
REIMBURSEMENT MANAGEMENT CONSULTANTS, INC. Offering Comprehensive Compliance Review & Coding Services. Nationwide.
Hospital Reviews
Clinic Reviews
Specialized Reviews
Coding Support
Compliance Programs
Education & Training
Contact us today for more information: 800-538-5007
Page 7 C O M P L I A N C E C O N N E C T I O N S
Camille Walker: [email protected] or Kristin Gibson: [email protected]