Health care providers do business in a risky regulatory environment, and the regulations are constantly being updated and enforced in fits and starts. Similar to practicing preventative medicine, a provider office should try to monitor changes and tweak their compliance efforts to keep their business healthy. The following are a few quick tips for the month to assist with that process.

• Review HIPAA Updates

In January 2013, the Department of Health and Human Services released its Omnibus Health Insurance Portability and Accountability Act (HIPAA) Rulemaking. The final rules updated issues such as breach analysis and reporting, business associate and subcontractor liability, and what happens when a patient pays in full for services. Health care providers should check their forms and internal policies to see what adjustments might be needed. The HIPAA enforcement agency, the Office For Civil Rights, continues to investigate all complaints it receives as well as audit covered entities for compliance. Because HIPAA shifted from a standards-based law to a penalty-based law in 2009 with the enactment of the Health Information Technology for Economic and Clinical Health Act (HITECH), providers should review the updated rules to avoid inadvertent violations.

• Watch Out For Meaningful Use Audits

For any eligible professional who took advantage of the Stage 1 Medicare and Medicaid Electronic Health Record (EHR) Incentive Program and received funds, be aware that those funds might be subject to refund or be held back if an audit reveals noncompliance with the attestation statements made by the professional when claiming meaningful use eligibility. Letters are circulating among the provider community from an auditor contracted by the Centers for Medicare and Medicaid Services (CMS). CMS has indicated that as many as 1 in 20 professionals will be audited. As a result, provider offices should be prepared to respond to audits as they would any other type of outside audit: (a) maintain documentation needed to support eligibility; (b) log time frames in any audit letter received to not miss deadlines and politely request extensions of time if needed; and (c) respond to audits with clear documentation and cold objectivity (i.e., no venom).

• Spot Check EHR Data Entry

Another EHR issue that has gained more attention particularly at the federal level is the general suspicion that EHR systems are being used both purposefully and inadvertently to inflate billings by including erroneous clinical data in records that creates the perception more was done during a patient visit than actually occurred. This is of particular concern with Evaluation and Management Services (E&M Services). The government’s assertion is that such practices are abusive, or worse, fraudulent. Provider offices should work closely with their EHR vendors to make sure any auto-fill functions are appropriate, and review the data entry process to make sure clinical entries are accurate and match what eventually was billed for. As with all new risk areas, providers should be ready to demonstrate they are addressing the issue in good faith and are taking practical cost-effective steps to respond to it.