St. Joseph Regional Medical Center of South Bend, IN, has announced a pay freeze for employees as it prepares to open a new $355 million facility later this year. St. Joseph representatives said that it also was making an 8% reduction in executive pay and cutting the hours of some departments. No layoffs were announced. Officials said it has faced a growing number of uninsured patients and that Medicare and Medicaid payments have not kept pace with expenses.
Despite Massachusetts' 2006 health insurance overhaul, healthcare costs are devouring more than 10% of thousands of residents' income, according to a new study from Families USA, a nonprofit organization that lobbies for affordable care. The study found that more than 1 million Massachusetts residents are in families that will spend more than 10% of their pretax income on healthcare this year, even though the vast majority of them have health insurance.
Sen. Arlen Specter said his switch to the Democratic Party doesn't mean he will automatically vote for legislation to overhaul healthcare. Specter, who left the Republican Party, has bolstered Democrats' hopes of passing legislation to overhaul healthcare. His switch moves Democrats closer the 60 votes needed to stop a Republican filibuster.
A television commercial for the Akron Children's Hospital in Ohio presents Austin, who is 14 and bald from chemotherapy. The commercial is emblematic of a new approach to advertising by hospitals—an industry that, despite the recession, is not slashing ad spending. The campaign, by the Marcus Thomas agency in Cleveland and running on about 20 cable channels and network stations in Ohio, is entirely unscripted. Other spots feature more patients and their young siblings, who talk about how their families are coping.
The Federal Trade Commission (FTC) pushed back its compliance date Thursday on the "Red Flags Rule" from May 1 until August 1, giving healthcare facilities considered to be "creditors" three extra months to implement an identity theft prevention program.
But that does not mean healthcare entities should delay implementing a program–especially when you're dealing with the FTC, an organization known for harsh punishment and corrective measures.
"Don't forget, this is a much different agency than [Office for Civil Rights] and CMS, the enforcement agencies for HIPAA, and if they do show up, the consequences will likely be severe," says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
The Red Flags Rule aims to keep the FTC away. It forces any organization considered to be a "creditor" to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.
That regulation falls under the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which defines "creditors" as agencies that regularly extend or renew credit–or arranges for others to do so–and includes all entities that regularly permit deferred payments for goods or services.
Originally, the compliance date for Red Flags was November 1, 2008, but the FTC delayed it until May 1, and now August 1.
Major financial institutions like banks and non-state regulated credit unions did not get a break from the original November 1 compliance date.
"I think the FTC was trying to give people enough time to here about it, embrace it, and move forward with it," says Suzanne Miller, PhD, senior partner at Compliance and Audit Group, Orlando, FL, a consulting firm. "But, do I think that by allowing them until August 1 will cause more to get on board? No. We are in a financial crisis here, and people don't care. If there aren't police or a big stick, people don't care."
So what should your healthcare organization do? For starters, your front end patient access team needs to be in the loop, since they take credit information. Your billing and accounting team and anyone who gets their hands on a patient's bill and credit information should also be involved. Not to mention your compliance and HIPAA officers.
Experts told Healthleaders Media to conduct an organizational audit, develop the identity theft program with approval from your board of directors, monitor the program, and train everyone.
Tanya Forsheit, co-head of the Privacy and Data Security Practice Group at law firm Proskauer Rose LLP in Los Angeles, says healthcare entities should determine whether they are covered, start work on a program to detect and respond to identify theft signs, and develop a written program and consult with counsel to determine what makes sense in that regard. They should also review regular practices for how to deal with patient identification, how to respond to law enforcement requests, and how to deal with medical records that might be at risk of identify theft.
"It may be that they already do a number of things that are in line with compliance and then it's just a question of putting something in writing to memorialize the program and making sure people in the practice or the hospital are trained and understand what this means," says Forsheit.
And realize there is a major financial risk associated with non-compliance–not to mention financial and potentially physical harm to your patients. Identity theft could compromise patient care.
"Look at the state laws," Miller says. "Massachusetts has one coming out that will bring you to your knees if you don't do it. If healthcare providers would understand what their risk is…because today they don't think there is a financial risk to non-compliance. If they realized that all of this really goes together, and if they have a breach of any kind that could be attributed to identity theft or fraud, then the penalties and the fines could put them out of business."
John Commins of Healthleaders Media contributed to this report.
Medicare fraud and abuse prevention and detection efforts are about the get tougher because of the new Zone Program Integrity Contractors (ZPIC), who began work in some regions on February 1.
CMS developed ZPICs to fix flaws in the current Medicare program integrity system, which protects the Medicare program by preventing and detecting fraud and abuse. Under the existing system, Medicare Drug Integrity Contractors (MEDIC) fight fraud and abuse in Medicare Part D, while Program Safeguard Contractors (PSC) are responsible for such efforts in either Medicare Parts A and B, durable medical equipment (DME), or home health and hospice, depending on the geographic region.
"The existing program integrity system is extremely fragmented, with multiple contractors investigating different types of Medicare fraud in a given state," says William Mahon, consultant at Mahon Consulting Group in Great Falls, VA, and past president and CEO of the National Healthcare Anti-Fraud Association. "Ultimately, the efficiency of the existing system is limited by is fragmented and complex nature."
CMS hopes to unify the system with ZPICs, who will eventually take on the work of PSCs and MEDICs.
The new program divides the country into seven jurisdictions, and in each jurisdiction one ZPIC will be responsible for program integrity oversight and functions for all Medicare-related claims. Because ZPICs will investigate cases of Medicare fraud involving all healthcare providers in a geographic region, they will have the ability to detect cross-billing and relationships among healthcare providers, which will lead to increased scrutiny of providers working across lines of business.
ZPICs will also compare data from Medicare and Medicaid claims to identify fraudulent activities between the programs, a process known as Medi-Medi data matching.
"For example, ZPICs will compare Medicare and Medicaid claims filed for dually-eligible beneficiaries to ensure the two programs are not paying for the same services," Mahon says. "The contractors will also look at the amount of services providers bill to Medicare and Medicaid to identify so-called 'time bandits,' whose services billed to both programs add up to seemingly impossible volumes of work."
ZPICS will perform the same types of investigations as PSCs, known as benefit integrity (BI) reviews, based on billing abnormalities identified by data analysis or allegations of fraud and abuse. ZPICs will conduct data analysis to determine normal practice patterns and then look for abnormalities, such as spikes in billing.
All BI reviews may not uncover fraudulent activities but can still result in significant overpayments because the documentation was missing or inappropriate. Some spikes in billing are completely legitimate, but, without appropriate documentation, a facility may be forced to return payments to Medicare.
"You never know when you will be audited, so facilities must be prepared to support the services they provide at all times," says Wayne van Halem, AHFI, CFE, president and CEO of The vanHalem Group, LLC, in Atlanta.
SNFs should be happy to know that ZPICs should simplify fraud and abuse investigations, especially for providers with multiple facilities.
"Previously, a benefit integrity review done on one facility could be completely different than one performed on another facility not far away," van Halem says.
Because ZPIC jurisdictions are large and the contractors are responsible for Medicare program integrity across all lines of business, there will be more consistency in the investigation process.
ZPICs are scheduled to transition in three cycles. The first cycle was scheduled to transition ZPICs for zones four, five, and seven, on February 1. Although the ZPICs for zones four and seven began work on this date, the transition for the zone five ZPIC was delayed because an unsuccessful bidder protested the award. CMS is months behind schedule in awarding contracts for the remaining zones and has yet to release transition dates for the second and third cycles.
Despite delayed implementation efforts, SNFs should understand how these new contractors expand the scope of fraud prevention and detection efforts and prepare for increased scrutiny of relationships between Medicare providers.