Stay a step ahead
Chiropractic care, like any health care field, involves a certain amount of risk. Ensuring that patients have access to the care they need often means managing these risks and using your business sense to help you avoid common compliance pitfalls.
With the number of pitfalls out there, it’s not uncommon for chiropractors to be minimally prepared for compliance challenges in their work. Unfortunately, being unprepared is not a valid excuse. Chiropractors who are unaware of, unfamiliar with or willingly ignorant about compliance aren’t doing themselves any favors.
Keeping clinics protected from outside threats, compliance can provide key guidance and best practices worth following. Without doing whatever you can to reduce risk, you may find hidden compliance problems sneaking up on your practice.
Every year a number of chiropractors find themselves in trouble in a risky practice environment fraught with possible dangers. Here are some of the scariest, most common and most significant errors that occur in chiropractic compliance at clinics throughout the U.S.
On May 24, 2016, hackers secretly installed malware inside the billing software on the computers at Tillamook Chiropractic Clinic in Tillamook, Ore. For almost two and a half years this destructive software ran undetected on Tillamook’s computers — snatching patient data including names, contact information, demographic data, diagnosis information, financial data and other records. As the malware worked behind the scenes, patient information was compromised, resulting in more than 4,000 patient records stolen.
Malware is particularly malicious because it can hide in plain sight. Believing their patient data to be safe and secure, Tillamook staff kept their EHR systems upgraded and made sure all necessary software patches and updates were current. There was even a firewall and anti-malware system installed to prevent hacking.
All of this changed in late 2018 when the clinic conducted an internal audit of their computer security. During the audit it became abundantly clear that their current compliance activities had failed. Someone was stealing valuable patient information that could lead to identity theft and the destruction of their victims’ credit.
The clinic immediately took action. Patients were notified, the malware was removed, and computers were upgraded further to strengthen security. If it weren’t for that recent audit, it’s possible the theft would’ve stayed hidden. Since it’s not uncommon for hacking efforts to be sophisticated enough to evade detection, in some cases even technical support’s assistance doesn’t reveal the work of hackers.
Malware is just one potential compliance problem for chiropractic clinics. Sadly, many other threats are waiting in the background.
Record vulnerability and penalties
Vulnerable patient records aren’t just a chiropractic problem; they’re an issue that’s particularly at risk of attracting the attention of federal authorities. Unauthorized access may also present substantial problems in other areas.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) carries significant penalties for violations of patient records’ privacy and security. Unfortunately, protecting patient records successfully is an increasingly more difficult feat in the digital age.
For a single HIPAA violation the financial impact can total between $100 and $50,000, with fines reaching as high as $1.5 million for multiple occurrences. In 2018 alone, more than $25 million in fines were levied for HIPAA violations, a sharp increase over 2017’s $20 million. Let’s not forget, too, that these instances often coincide with hefty monetary settlements paid due to class action lawsuits and other legal actions taken on behalf of patients. Costs can be significantly higher than the Centers for Medicare & Medicaid Services (CMS) fines for violations.
Beyond monetary costs, there’s also the reputation risk that occurs with HIPAA violations. Large errors sometimes end up becoming very public and can harm a clinic’s record indefinitely. Smaller mistakes aren’t insignificant, either.
Lack of self-auditing and compliance
Protecting your practice starts with comprehensive assessments internally to determine how compliant your clinic is right now.
Ongoing audits provide you with a glimpse of the state of your organization’s compliance. Onsite compliance programs help doctors manage their in-house privacy, HIPAA and security practices as well as Office of Inspector General (OIG) processes.
“Major reasons chiropractors do not have compliance programs in their practices are that chiropractors are self-employed practicing in single-doctor practices, have limited resources and a lack of knowledge of how to set up a proper OIG and HIPAA compliance program,” said Diane M. Barton, DC, MCS-P, CIC, of Medical Compliance Specialists Ltd.
Medicare and insurance reimbursement cuts can have adverse impacts, too, by further reducing the resources practices have available for managing compliance. Often, Barton noted, doctors don’t know they’re not compliant until an external audit or significant breach occurs. Basically, something bad must happen before some clinics will do internal audits or even think about compliance issues. Since audits can highlight weaker areas within a clinical compliance program, they should become an expected part of providing patient care.
Unfortunately, many chiropractors fail to conduct their own audits. They don’t always see these regular checkups as the organizational priority they should be. Because reviewing your own compliance practices has the potential to save your organization a tremendous amount of money, time and heartache, audits are generally a very wise investment of time, indeed.
Kathy Mills Chang, MCS-P, CCPC, CCCA, the founder of KMC University, says a lack of proper auditing is an industry-wide issue.
“You could just Google examples, and there’s so many of them. There’s a ton of horror stories,” she says. “I tell chiropractors all the time that it’s important to do thorough audits.”
Although some chiropractors make billing and coding mistakes, these errors may go unnoticed until an audit or a disgruntled employee decides to turn the practice in. According to Chang, the most common whistleblower at a chiropractic office is a current or former team member who’s disgruntled and has an axe to grind with their employer. Audits can help you catch and manage potential errors before someone else does it for you.
Error rates galore
According to Mark Sanna, DC, president and CEO of Breakthrough Coaching, filing so much error-prone documentation is the main reason the OIG is now scrutinizing the billing and coding activity of chiropractors. Error rates up to 95 percent are leading the OIG to look more carefully at doctors around the country who have high error rates at their clinics.
For these chiropractors, pre-authorization processes are then required by Medicare before patients can receive treatment. Doctors who are required to submit more thorough documentation before adjusting their patients must submit their recommended treatment plans for approval.
“At its most recent meeting, the Chiropractic Summit, an organization composed of the leadership of 38 national and state organizations, bringing down chiropractic’s error rate was designated the profession’s highest priority,” Sanna says. “If chiropractors cannot correctly document the single service allowed under Medicare, it is unlikely that legislators will be inclined to increase the services allowed.”
Avoiding fraud charges
“The simple answer is, coding that doesn’t match documentation can be deemed fraudulent,” Chang says. “In 35 years serving this profession, however, I find that the majority of errors are not from DCs trying to game the system, but rather not taking the time to learn what a code means.”
Getting the right coding education, Chang believes, can make a tremendous difference for chiropractors. Eliminating the coding mistakes ultimately boils down to learning how to code correctly the first time around. And if you’re not coding correctly, you could be missing out on revenue your practice is otherwise entitled to.
Leaving money on the table
If you don’t code properly, you’re likely missing out on higher reimbursements. That’s a huge mistake for chiropractors who are trying to build their businesses and grow revenue. Similarly, it’s also possible to run into trouble offering free services or cut-rate care — not just because you miss out on payment. Keep in mind that liability issues are still there, even if you aren’t paid for offering care.
In many instances, reimbursement rates have fallen as it is for chiropractic treatments. Although you shouldn’t artificially inflate the value of your services, it’s important that you don’t underprice your work, either.
“Most doctors of chiropractic only understand, in a small part, what is required of them from a regulatory perspective,” says Scott Munsterman, DC, FICC, CEO of Best Practices Academy.
Since chiropractors are responsible for following the same rules and regulations as large medical practices and hospitals, it’s important to have a full compliance plan for and be prepared to implement the best practices their clinics need.
Chiropractors aren’t the only health care providers who need to be concerned about these issues. But they are solely responsible for the compliance of their practice. As you start developing your own compliance program, it’s essential to do your research and seek out the right expertise if needed. Diligent compliance procedures will save you money, time and needless heartache. It’s worth the investment.
Kaitlin Morrison is an author and freelance writer based near Seattle, Wash. She specializes in writing about health care and technology. You can read more of her work at kaitlinmorrison.com.