1 / 50

When Breadcrumbs Are Not Enough

When Breadcrumbs Are Not Enough. Medicaid Inspector General James C. Cox New York State Health Information Managers Association June 12, 2012 Rochester, New York. THANKS. Health Information Technology Management For being Medicaid-funded health care professionals

sunee
Télécharger la présentation

When Breadcrumbs Are Not Enough

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. When Breadcrumbs Are Not Enough Medicaid Inspector General James C. Cox New York State Health Information Managers Association June 12, 2012 Rochester, New York

  2. THANKS • Health Information Technology Management • For being Medicaid-funded health care professionals • For working on program integrity

  3. Background • Medicaid Inspector General: James C. Cox • Former Regional Inspector General for the HHS Office of the Inspector General • Two decades of Medicaid auditing experience • Auditor by trade

  4. Agenda • Introduction to OMIG • The Big Question • Wrap Up

  5. INTRODUCTION TO OMIG

  6. Introduction to OMIG • Established in 2006 as an independent program integrity entity within the Department of Health (DOH). • Our mission: To enhance the integrity of the New York State Medicaid program by preventing and detecting fraudulent, abusive and wasteful practices in the Medicaid program and recovering improperly expended Medicaid funds while promoting high-quality patient care.

  7. Introduction to OMIG (continued) OMIG consists of seven core components: • Division of Medicaid Audit • Division of Medicaid Investigations • Division of Technology and Business Automation • Division of Administration • Office of Counsel • Bureau of Compliance • Office of Agency Coordination and Communications

  8. Business Line Teams OMIG is organized into Business Line Teams (BLTs): • Managed Care • Medical Services in an Educational Setting • Home and Community Care Services • Hospital and Outpatient Clinic Services • Mental Health, Chemical Dependence, and Developmental Disabilities Services • Pharmacy and Durable Medical Equipment • Physicians, Dentists, and Laboratories • Residential Health Care Facilities • Transportation

  9. The Message Comes From the Top • Great leadership: • Governor Andrew M. Cuomo • Medicaid Inspector General Jim C. Cox • Advanced Tools: • Cutting-edge data analysis and visualization tools • Industry leading practices: • Transparency • Compliance • Data mining • Investigations • Audits • Cost-saving activities • Terrific staff • Partnerships with the program integrity community in New York and beyond • That includes you! Governor Cuomo

  10. THE BIG QUESTION: DOES H.I.T. ENHANCE PROGRAM INTEGRITY?

  11. What IS H.I.T.? I am sure you all know what HIT is – information technology that is health-related. It can be a great timesaver – if implemented correctly.

  12. What Is Integrity? • Webster’s II New College Dictionary defines integrity as: • Firm adherence to a code or standard of values: probity • The state of being unimpaired: soundness • The quality or condition of being undivided: completeness

  13. Does H.I.T Enhance Program Integrity? To answer the question – let’s look at one of the classics of information technology and learn a little from it…

  14. Records Are Important • You know the story – • Two kids walking through the forest • Want to make sure they do not get lost

  15. Records Help Us Stay on the Path… • They leave a trail of breadcrumbs. • That’s supposed to help them find their way home. • Pretty simple.

  16. …Unless They Are Not There • A bird comes along and eats the breadcrumbs. • Hansel and Gretel have a pretty traumatic experience. • In the end, they barely escape back to their family.

  17. The part of the story you don’t know • The story you just heard is the second and third act of the Hansel and Gretel story. • Most folks don’t know about act one. • Act one paints a picture of a different Hansel.

  18. Better Records = Better Results • In act one – Hansel goes into the forest and lays down a trail of white stones that he collected before the trip. • Guess what: • The bird doesn’t eat the stones. • Hansel gets back home without a problem!

  19. Why Breadcrumbs? • When he goes into the forest in act two he lays down a trail of breadcrumbs. Why? • He was prevented from gathering the stones like the first time. • He was unprepared. • He was in a rush. • He was confronted with adversity.

  20. Lessons for the Real World • Unprepared. Rushed. Done under adverse conditions. • For folks who have had trouble with HIT implementations – does any of this sound familiar?

  21. OMIG is Looking for Good Records • Let me tell you another story – this one’s from real life. • This one involves three transportation companies.

  22. Three Transportation Companies • Three different transportation companies were audited and the records from the three companies looked identical. • Turned out they all used the same vendor for their electronic recordkeeping system

  23. Company #1 • Upon auditing them, we realized they had no paper records – just records in an archaic database. • Reason: They hired Ellen* as an employee who built a custom database. • They disposed of all paper records after the information was entered. *- more on Ellen in a minute.

  24. Company #2 • Heard about Ellen’s system from company #1. They hired Ellen as a consultant to install the system for them as well. • They destroyed their records as well.

  25. Company #3 • Heard about how much success companies #1 and #2 were having and decided to adopt the Ellen database. • They hired Ellen as a consultant – and then destroyed their records.

  26. So What’s Wrong With All This? • Ellen, it turns out, was not an IT professional. She operated out of company #1’s dispatch area. • She did the best she could, but she built the system with no controls. Records could be altered at any time – for any reason. • Only she knew how it operated. Only she knew how to fix it.

  27. What’s the Effect? • All three companies made a series of bad choices. But as things broke down there was a cascading effect. • Worst of all, all backup documentation was destroyed, which, to an auditor’s eye, means services cannot be verified. • This opens up an organization to a lot of potential adverse consequences.

  28. Stones in the Path: Finding Your Way Home • How to prevent an Ellen event: • Keep complete medical records • Signatures (physical or electronic) • Excluded providers • Medical necessity • “Cloned” notes • Computer security • Defense mechanisms • HIPAA and other privacy concerns • Other agencies involved in program integrity

  29. Guidestone #1: Complete Medical Records • Records must reflect care plan • Records must match coding and submitted billing • Records must be contemporaneous, up-to-date, and not recreated in any form • Records must be signed (more on that later) and dated after each section is completed

  30. Records that Won’t Get Pecked Away • Be Prepared: • Recordset locks • Strong controls • Access restricted on a need-to-know basis • Backup, backup, backup • Base it on standards. Not Ellen.

  31. The Right Kind of Records • Get it right. Don’t rush: • Plan, plan, and plan again • Manage your implementation • Strong IT project management is a best practice • Design for success and stick to your guns

  32. Records That Are Supported and Flexible • Buy-in from management • Standards-based systems • Make sure information is transferrable from one platform to another. • Be realistic about conditions, not idealistic.

  33. Guidestone #2: Signatures • Signatures may be handwritten or electronic. • If electronic, must be password-protected • Electronic signature does not consist of just a typed-in name • Electronic signature must “freeze” that section of record – no changes are allowed unless a separate addendum is completed • Each signature must also include a date

  34. Guidestone #2: Signatures (continued) • Not acceptable: signature stamps, “dictated but not read,” unsigned records • Unsigned orders not recognized • No provider may sign for another provider • Records must be signed as soon as possible

  35. Guidestone #3: Checking Exclusions • Providers who have been excluded from Medicaid or Medicare may not bill, order, or prescribe for patients covered by Medicaid or Medicare. • If excluded providers perform services for Medicaid or Medicare recipients, they will not be paid. • All potential employees must be checked against state and federal lists for exclusions.

  36. Guidestone #4: Charting Medical Necessity • Medical necessity requires the judgment of skilled medical professionals. • A physician’s assessment and determination may not be challenged if the judgment is clearly documented in the medical record (see stones #1, 2, and 3). • CMS indicates that medical documentation must “contain sufficient, accurate information” to support the diagnoses and justify treatment and procedures, among other criteria.

  37. Guidestone #5: Stopping “Cloned” Notes • Caution: The movement toward electronic health records (EHRs) has led to a new problem: copied and templated documentation, referred to as “cloned” notes. • These notes lose their uniqueness when so much of the information appears to be the same from patient to patient. • Government and commercial payers are looking at this issue and, in some instances, refusing to pay for services when it appears that documentation is the same for every note for the same patient.

  38. Guidestone #6: Information Security • Information Week reported on May 23, 2012 that two state Medicaid agencies experienced major data breaches in less than a month. • The weak link: employees. • South Carolina: 228,435 Medicaid beneficiaries compromised. • Utah: 780,000 Medicaid records stolen; approximately 280,000 of those had their Social Security numbers compromised. • Massachusetts Hospital Association paid $750,000 settlement for 2010 data breach of information for 800,000 individuals (eWeek.com, May 30, 2012)

  39. Information Security (continued) • Health care organizations moving toward the use of cloud-based applications accessed over the Internet: • Recent Harris interactive survey revealed that almost 60 percent of CIOs in health care systems with EHRs and health information exchange said they planned to invest in cloud-based open systems.” • Cloud-based systems can be valuable—as long as security is in place.

  40. Information Security (continued) • Standard Web browsers contain security gaps • Keep anti-virus protection up-to-date • Install all security patches • Back up materials • Limit the aggregation of data—strike an appropriate balance between employees’ need to use data and a security policy • Marketers are spying on Internet users, especially social media sites (e.g., Facebook, Twitter, YouTube)

  41. Guidestone #7: Defense Mechanisms • What are your policies and procedures? • What is your compliance program as it relates to health information technology? • Who is your compliance officer? • What would you do in the event of a breach at your facility or organization? • Who’s chipping away at your stones?

  42. Guidestone #8: HIPAA and Privacy • Health Insurance Portability and Accountability Act: Is this just a phrase that you take for granted? • Focus on: • Individual control • Transparency • Respect for context • Security • Access and accuracy • Focused collection • Accountability

  43. So The Answer to the Question Is… • Yes, there is integrity in Health IT, but only if you are prepared, working within a plan and in control. • After more than 20 years of auditing health organizations I can tell you these rules apply both inside and outside of Health IT.

  44. THE WRAP UP

  45. We Need You • You are on the frontlines of an amazing transformation. • You are building a new world. • You are creating new systems never before seen.

  46. HIT Leaders Are the First Defense • Youareprofessionals with important choices. • Integrity will only be built-in if you build it. • Management and maintenance will only happen if you are a part of it. • We don’t want breadcrumbs, after all. We want a path we can trust. We all want solid records.

  47. We Want to Hear from YOU • Join our listserv; receive information about upcoming events (sign-up information on OMIG home page) • Follow us on Twitter: NYSOMIG • Linked In • Dedicated e-mail address: information@omig.ny.gov • Audit reports, positive reports and protocols • Excluded provider list • And much more on http://www.omig.ny.gov • Talk to us…we want to hear what you have to say.

  48. Thank You • Thanks for taking program integrity seriously. • Thanks for listening. • Thanks for participating in Medicaid. • Thanks for working with us to improve program integrity.

  49. Contact Information James C. Cox Medicaid Inspector General New York State Office of the Medicaid Inspector General 800 North Pearl Street Albany, NY 12204 518-473-3782

More Related