Image
Chiropractic documentation gap analysis

Recognize what’s missing to master your reimbursement and collections!

This Documentation Gap Analysis allows us to evaluate the significant components of your current Documentation program. It should take less than 5 minutes to complete.

Take The Billing GAP Analysis
Telemedicine

Need more guided help? Work with a KMC coach 1-on-1

Sometimes you need more than a self-service, on-demand program and need an expert to analyze your issues, train the corrections, and help you implement the changes, so they stick

Learn More
Dr Alan Sokoloff 1

New Course Available!

This course explains the significant role chiropractic care can play in the sports industry and how a DC can succeed as a Sports Chiropractor. Start your steps to success here!

Learn More
OIG

There's no need to fear the OIG. We've got your back!

The most effective chiropractic OIG compliance programs are scaled according to the size of the practice!

Learn More

Your compliance questions answered

Q: Patients come in and ask for discounts because they don’t have insurance coverage. I have been trying to help them out in the past. Will this get me into trouble?

A: Often it is because we have tried to help someone out that we find ourselves in trouble. If a patient does not have insurance coverage, they are responsible for paying your full fee schedule unless they qualify for your financial hardship policy. In a situation where a patient has little to no insurance coverage, often the best solution is to use a Discount Medical Plan Organization like ChiroHealthUSA. This allows you to set up a discounted fee schedule, and once your patient joins ChiroHealthUSA, they would have access to that discounted schedule.

Q: I want to treat other chiropractors or family members for free. Is this OK?

A: Anytime you provide services for less than your actual fee schedule amount, there must either be a contractual fee schedule in place or a specific policy from your compliance program to support the discount. When providing services for other chiropractors, your professional courtesy policy would apply. Certain third party payers have rules when it comes to treating family members. You must abide by those carriers’ rules. Otherwise you would default your professional courtesy policy for family members as well.

Q: How often do I need to train my employees on HIPAA?

A: A brand-new employee should be completely trained on HIPAA Privacy and Security before they ever answer the phone or view a patient record. Once trained, an employee should receive the HIPAA privacy and security training at least annually.

Q: Can I give a time of service discount to my patients?

A: The Office of Inspector General has set a precedent by allowing a 5 to 15% discount when services are paid upfront at the time of service. However, when a third-party payer is involved, this discount must also be passed on to a third-party payer. Because this is often done incorrectly, it could be an unnecessary source of risk in your practice.

Q: I keep hearing about Security Risk Assessment or Risk Analysis. Is this a requirement? If so, what is it?

A: A security risk assessment or analysis is required by the Department of Health and Human Services. It is a detailed internal evaluation of all the multiple systems that you may use to store or exchange electronic protected health information. This analysis requires you to evaluate and document the level of risk for each device or application used for patients’ health information purposes. It also requires you to document steps you have taken to correct any weaknesses or vulnerabilities that you discovered.

Q: I still do billing on paper. Do I need to be HIPAA compliant?

A: Regardless of whether you do your billing on paper or with electronic claims, you are responsible for your patients’ confidential health information and therefore must have an up to date HIPAA compliance program active in your office. We recommend that you reach out to a KMC University Specialist to complete a HIPAA Risk Assessment in order to determine what areas need consideration or improvement when it comes to HIPAA Compliance.

Q: Do I need to have cleaning people sign a Business Associate Agreement?

A: HHS doesn't consider cleaning people to be business associates since they aren't accessing, using, inputting, transmitting, or doing anything with ePHI. Signing a Business Associate Agreement doesn't make much sense.

However, you're responsible for ensuring that appropriate safeguards are met to ensure ePHI is not accessible (cabinets locked, unnecessary identifying info shredded, computers shut down or logged out of, etc).

If you want to protect yourself thoroughly, you might want to draw up a short contract with your janitorial service stating that the practice has made reasonable effort to safeguard protected patient information including computers, laptops, tablets, copiers, scanners, fax machines, etc.), but that in the event something is visible to cleaning staff, the review or disclosure of that is prohibited and sanctions will be assessed (such sanctions to include dismissing the janitorial service, and, in the event of an extreme data breach, possibly bringing in authorities).

Q: We received an unsolicited quote from our insurance company for data breach liability coverage. Do we need this?

A: HIPAA requires that you have a policy and procedure in place for how you will handle data breach notification (i.e., telling patients) if necessary. This could open you to lawsuits or unexpected expenses. Start by checking with your malpractice carrier to be certain breach coverage is included in your policy. If not, you may want to investigate. Since we're not attorneys, we can't give legal advice - but liability coverage is a good business choice.

Q: After receiving patient complaints, I found my billing CA has processed several EOBs incorrectly. I looked further, and I'm afraid this may be a bigger problem than I thought. Is this cause for termination?

A: Let's start with a few questions:

Was your billing CA properly trained to do the job that is expected of her?
How was she trained; webinars, via your policy and procedures in your office compliance program, by the person leaving the position?
Did your billing CA sign off on the training so you know that she received it properly?


Ask yourself if you performed your job properly, as the business owner, by doing periodic audits or having your office manager provide you with the results of audits he/she performed regarding team members' job duties.

What we're saying is that if the office has a broken system, our best recommendation is to get that fixed first, and then see how your billing CA performs with clear training and instruction. If she has received proper training and this is the first time she has been “audited,” it may simply deserve a conversation or a ‘write-up” with an allotted amount of time to improve. That is certainly your decision to make. Refer to your policy on proper handling of reimbursements. If you find that the office could use a tune-up to get your policies and compliance in place, give us a call!

Q: What can I give away or discount to my Medicare patients?

A: Coupons, exam specials, or other similar discounts should not exceed $15 individually or $75 annually per patient. Most likely, your exam is not going to fall into this $10 range, and if it does, we have a lot more to work on!

More information: http://oig.hhs.gov/fraud/docs/alertsandbulletins/SABGiftsandInducements.pdf

Q: I am becoming concerned about my staff’s use of smartphones in the office. On break they snap pictures of each other sometimes and post to Facebook, etc. I fear that some PHI may inadvertently be in the picture at some point. Am I being a worry wart?

A: Not at all. As the owner of your practice, you are ultimately responsible for any PHI disclosure in your office. You can add a policy to your employee manual that states that no smartphones may be used in the office, or at least that no pictures can be taken. State in your policy that the reason for this is to protect patient privacy, for which you are responsible. Do a quick training and have your staff sign off that they understand the new policy. Insist that phones be put away when at work and you should be able to practice with less fear of repercussions of PHI exposure.

Q: I've noticed more patients refusing to sign the acknowledgment of receipt of Patient Privacy Practices. Can I get in trouble for not having this in the patient chart? Does this have to be signed before treatment?

A: HIPAA does not require that notice of privacy practices be signed, but don’t take that to mean you can ignore this policy! HIPAA does require that the patient receive the notice and that you make a meaningful effort to get the acknowledgment signed. To cover yourself, if a patient refuses to sign, note the date, time, and reason - if given. This will show that the effort was made.

Q: Does the HIPAA Privacy Rule cut off all communication between us as a covered entity and the families and friends of our patients?

A: No, as long as the patient does not object to these communications. With the Privacy Rule you are permitted to share necessary information with family, friends, or anyone else a patient has identified as involved in his/her care. You are also permitted to share the appropriate information even when the patient is incapacitated (if doing so is in the best interest of the patient).

Q: We currently extend a birthday gift of $25 off out-of-pocket fees for a birthday visit. If that is the only discount we offer, one time/year, is that legal?

A: Gifting discounts to patients, especially Medicare/Medicaid (federally funded) patients, is considered an inducement. Federal guidelines allow you to give any item or service to a Medicare patient that does not exceed a value of $15 with a $75 annual limit per Medicare patient. You should check with your state regulatory board about gifting as well. Many states have also ruled such gifts as inducements.

Q: When do I need authorization from the patient before I can market to him/her?

A: The HIPAA Privacy Rule requires an authorization for uses or disclosures of protected health information for all marketing communications, except in two circumstances:

1) When the communication occurs in a face-to-face encounter between the covered entity and the individual; or
2) The communication involves a promotional gift of nominal value.

If the marketing communication involves direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is involved.

Q: How am I supposed to present the Notice of Privacy Practices (NPP) to my patients? I heard it's OK to make them ask for it.

Patients should usually receive notice at their first appointment. In an emergency, you could provide notice as soon as possible after the emergency. The notice must also be posted in a clear and easy to find location where patients are able to see it, and a copy must be provided to anyone who asks for one. If you attempt to provide the notice and the patient declines to accept it, be sure you have the acknowledgment of receipt signed for their file. If you have a website, the NPP also must be posted there.

Image Image

Kathy has always been a great resource. Would recommend KMC University very highly!

Richard Buchanan
Image Image