On January 21, 2021, OCR published a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. OCR says, the goal is to “support individuals’ engagement in their health care, remove barriers to coordinated care, and decrease regulatory burdens on the health care industry, while continuing to protect individuals’ health information privacy interests.” New regulations under consideration are centered around how substance abuse and mental health information records are protected. In addition, the HITECH Act called for an increase in penalties for non-compliance with the HIPAA.
In this article we will address the most recent changes to HIPAA and discuss which rules may have an impact on 2022 and beyond.
2020 CARES Act
2020 CARES Act aligned 42 CFR Confidentiality of Substance Use Disorder Patient Records (Part 2) regulations more closely with HIPAA as well. The CARES Act improves 42 CFR Part 2 regulations by expanding the ability of healthcare providers to share the records of individuals with substance abuse disorder, but also tightens the requirements in the event of a breach of confidentiality.
In short, rather than having to obtain a consent form for the SUD patient, and state the specific parties of whom information will be shared, patients can now give broad consent. It’s been suggested that HHS is considering changes to 42 CFR Part 2 regulations in 2022 to “to protect the privacy of substance abuse disorder patients who seek treatment at federally assisted programs to improve the level of care that can be provided.”
2021 HIPAA Safe Harbor Law
The HIPAA Safe Harbor Bill now instructs HHS to take into account the cybersecurity best practices that a HIPAA-regulated entity has adopted in the 12 months preceding any data breach.
“The bill also requires the HHS to decrease the length and extent of any audits in response to those breaches if industry security best practices have been implemented” says HHS.
21st Century Cures Act
The Cures Act called for the HHS to create a new Rule that would improve the flow of healthcare data between providers, patients, and developers of Health IT. Implementing reasonable and necessary activities that do not constitute information blocking, the implementation of these provisions will advance interoperability and support the access, exchange, and use of electronic health information.
Final Rule Expected on Proposed Changes to the HIPAA Privacy Rule
According to HHS, “the proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the Opioid and COVID-19 public health emergencies; and reducing administrative burdens on HIPAA covered health care providers and health plans, while continuing to protect individuals’ health information privacy interests.”
The proposed new HIPAA regulations announced by OCR in December 2020 are as follows:
- Allowing patients to inspect their PHI in person and take notes or photographs of their PHI.
- Changing the maximum time to provide access to PHI from 30 days to 15 days.
- Requests by individuals to transfer ePHI to a third party will be limited to the ePHI maintained in an EHR.
- Individuals will be permitted to request their PHI be transferred to a personal health application.
- States when individuals should be provided with ePHI at no cost.
- Covered entities will be required to inform individuals that they have the right to obtain or direct copies of their PHI to a third party when a summary of PHI is offered instead of a copy.
- Healthcare providers and health plans will be required to respond to certain records requests from other covered health care providers and health plans, in cases when an individual directs those entities to do so under the HIPAA Right of Access.
…to name a few.
At Live Compliance, we make checking off your compliance requirements extremely simple.
- Reliable and Effective Compliance
- Completely online, our role-based courses make training easy for remote or in-office employees.
- Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.
- Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real time.
- Electronic, prepared document sending and signing to employees and business associates.
Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email Support@LiveCompliance.com or visit www.LiveCompliance.com
While the No Surprises Act aims to address many issues involved in the patient price transparency process, a lot of attention will be put on out-of-networks charges. Many of the provisions will address how patients will be relieved of surprise medical bills from services that were rendered by providers outside of their insurance networks, and providers are wanting to know how to prepare for potential changes in their revenue. We detail how CMS has planned to address out-of-network payment disputes for emergency situations, as well as situations when services were non-emergent.
Emergency Out-of-Network Services
Providers will begin to see differences in reimbursements for emergency out-of-network claims. These will be paid using a ‘Qualified Payment Amount’. Payers are instructed to use different methods to determine the payment amounts, which will vary by the location of the service.
Providers will need to be prepared to review these claims to see that they were paid appropriately or if there is a need to dispute the claim. If a dispute is in order, CMS provides a portal to initiate a dispute. Dispute resolution follows a strict timeline that goes as follows:
- Submit Claim
- After claim submission the health plan has up to 30 days to pay or deny
- Negotiate Payment
- Next, payers and providers have 30 days of claim payment or denial to negotiate
- Initiate Dispute
- Providers then have within 4 days of end of negotiations to initiate a dispute using the CMS Portal
- Select Arbitrator
- If no agreement come from the negotiations, one will be selected by CMS within 3 days
- Submit Dispute
- Within 10 days of arbitrator selection, provider and payers submit documentation and offer for reimbursement
- Arbitrator Decision
- The arbitrator then decides which offer to be paid within 30 days of the dispute
- Final Payment
- And final payment will be made within 30 days of the arbitrator decision
Non-Emergency Out-of-Network Services
The No Surprises Act prescribes that out-of-network patients will receive good faith estimates prior to receiving services at medical facilities. The act covers self-pay and uninsured patients, but may also include patients whose health plan does not cover the services to be provided, as well as patients who have benefits but are opting not to use them. Patients who receive a bill for services that differs from the estimate by more than $400 will have up to 120 days from receiving the bill to dispute the charges. Additional rulemaking will be forthcoming to define how provider and payer systems should interact to provide cost information for the estimate.
Keep abreast with updated regulations and the key points of the No Surprises Act (NSA) that could impact your revenue cycle by visiting TriZetto Provider Solutions’ designated landing page. Subscribe to NSA news updates and explore solutions that equip you to have informed conversations about financial responsibility and eligibility.
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.
Denial management has been a thorn in the side of provider RCM teams forever. And unfortunately, despite expanded EHR use and claim coding improvements, denial rates have continued to rise into the pandemic; from 9% in 2016 to 10.8% mid-pandemic in 2020.
Cost To Rework Claims
To make matters worse, the average cost of reworking denials ranges from $25-$118 per claim. As a result, over 60% of denials are never resubmitted! Here’s why:
- Lack of A/R Specific Software: Payer and EHR variability has forced A/R into manual workflows
- Staff Cost: Cost to retain skilled A/R follow up staff
Keys To Optimizing Denial Management
The good news is, modern software tools are easier to build and here to help provider billing teams. Historically, only large hospitals and payers had access to the most advanced technology, but that’s changing rapidly. Here are a few A/R follow up areas where modern software can help.
Auto-Triage of Claims
The current standard for all billing teams is to assess each claim one-by-one. Typically, it’s an “ERA by ERA” assessment that often requires further digging to really determine the correct action. However, payer claim decisions are pattern-based. With modern tools that combine these patterns with your preferred triaging, the software can triage claims in batches. This both removes the repetitive process of claim triage and optimizes the proper action decision.
100% Digital Appeals
Even after choosing to appeal a claim or send a medical record, the process of building an appeal letter, filling out a payer form, and then submitting it back to the various payers is extremely time consuming. Some teams report that it takes 35 minutes per claim!
Finding the right language to best appeal the denial is challenging on its own. What worked and what didn’t work — and why? Billing agents are often left to themselves to figure this out. From there, actually submitting the appeal via postal mail, fax, or payer portal is both time consuming, costly, and often requires a different team to touch the appeal.
Having a solution that turns this entire build and submission into a single, digital process for all denial types and payers is the only way to solve this major pain.
Team Performance Tracking
Without a digital A/R follow tool, described above, billing team managers are left to track their team’s performance through the use of onerous spreadsheets and difficult to assess reports. Managers rely on their team members to train each other and report back any difficulties they might be experiencing. This leads to real gaps in performance assessment and, ultimately, the ability to help their teams succeed.
Having a digital A/R solution fixes that. The need for a real-time dashboard that provides these KPIs, along with real-time alerts related to individual agent performance, is the way forward.
Real-Time Denial Trends AND Alerts
Finally, as mentioned earlier, denials happen in patterns. The challenge is, those patterns vary by payer, provider, region, and specialty. And they change over time too! So, these patterns are difficult to track manually. Each pattern change has immediate downstream effects that can lead all the way back to the providers themselves, with annoying code corrections and medical records requests.
A modern A/R solution that is dedicated to sharing these patterns via a real-time dashboard is the key. Not just a static dashboard with denial statistics, but in-app and email alerts that indicate an important change in a pattern. That aspect is especially important, because all billing agents are extremely busy and are bogged down by task after task. A smart platform that informs you of the most important information without any effort from you is required.
This is an exciting time for provider billing teams. At DocVocate, our team is passionate about helping provider billing teams. We’ve spent considerable time thoughtfully building our platform, Appealio, just for you. New tools are on the way to help!
If you found this helpful and would like to discuss further, please feel free to reach out to us at firstname.lastname@example.org.