The costly mistakes of not prioritizing patient information in health records and prioritizing compliance
It’s easy to view compliance as a necessary evil rather than a valuable asset. Most practices consider compliance with patient information laws a burdensome obligation, overlooking that being compliant is good for your business.
It takes time, effort and energy that most of us would instead put toward building and growing our practices. Yet, compliance can mean the difference between paying fines or not, being in business or not, and literally the difference between life and death (Wentworth, 2018).
HIPAA requires health care providers and their staff to keep a patient’s personal health information private unless the patient gives consent to release the information. HIPAA specifies 18 types of patient info (aside from their names) that must remain private. Sharing any one of those 18 — accidentally or otherwise — is a violation of HIPAA (99 MGMT, 2017).
Unfortunately, Walgreens learned this the hard way after receiving a $1.4 million fine when one of its pharmacists shared confidential medical patient information about a customer who had once dated her husband. The hefty fine was due to the leak of patient health information and Walgreens’ failure to train employees on private health information security properly (Ross, 2014).
Approximately 90% of physicians use at least one social media site for personal use. Over 65% use social media for professional purposes (Ventola, 2014). HIPAA violation penalties are the same whether they happen online or offline. For example, on Aug. 8, 2012, the OCR received a complaint alleging that a physical therapy clinic had disclosed numerous individuals’ protected health information (PHI) when it posted patient testimonials, including full names and full-face photographic images, to the clinic website without obtaining valid, HIPAA-compliant authorizations. The clinic paid $25,000 to settle violations of disclosing patient information on social media (Monegain, 2016).
Patient information and outdated software
A health care facility failed to update outdated software and paid $150,000 to HHS. Following the investigation by HHS’ Office for Civil Rights, officials discovered the facility had adopted HIPAA security policies and procedures.
Still, they were not followed by the organization’s employees for seven years, from 2005-12. Specifically, the organization neglected to update IT resources with system patches and updated software (Torrieri, 2014).
A chiropractor was called before the board for a review of her medical records. The board found that she provided unnecessary services that were not justified by documentation including, but not limited to, no complaints or objective findings for areas treated and no times for timed services.
As a result, her license was suspended for two years. She must enroll in and successfully complete the PBY Education-enhanced Edition, must enroll in and pass all sections of EBAS, and must attend no less than eight units of one-on-one continuing education in proper documentation by a board-approved provider, which will not be used for annual CE requirements for renewal.
“Dr. M” must arrange for an independent monitor to conduct quarterly reviews of her standard of care, billing practices and health care documentation. A written report from the monitor must be submitted to the board quarterly.
A doctor agreed to pay $79,919 to resolve allegations that he violated the False Claims Act by improperly billing Medicare and Medicaid for chiropractic adjustments after providing free electrical stimulation to beneficiaries.
This doctor was not charging any patient or payer for electrical stimulation. The government alleged that this conduct violated the anti-kickback statute and, in turn, the False Claims Act. The claims were submitted between Jan. 1, 2012, and Sept. 30, 2016 (Mehaffey, 2018).
On April 18, 2016, a chiropractic office contracted with a consulting company that assists chiropractors in developing additional sources of revenue. The company recommended that the chiropractor hire nurse practitioners and a medical director so her practice could bill private and public health care providers for services that a chiropractor alone could not.
The consulting company also advised the chiropractor to begin using an electronic acupuncture device and billing Medicare. In its complaint, the U.S. Attorney’s Office said the chiropractor had collected $1,434,798.45 in Medicare reimbursements by submitting false claims for the surgical implantation of neurostimulators and pulse generators while using an acupuncture device. The clinic agreed to pay $4,304,692.35 in triple damages while the chiropractor will pay $700,000 in civil penalties (DOJ, 2020).
Avoid fines, protect your license
It’s easy to view compliance as a necessary evil rather than a critical part of your clinic’s protection and success. Only 12% of organizations consider themselves very highly prepared for a compliance audit (MedBridge, 2017). While larger health care organizations can justify a full-time compliance officer, outsourcing may be the best way for small offices to establish and maintain compliance programs for patient information.
When I started in practice, the most significant risk I faced was a potential malpractice suit. Now 36 years later, the biggest threat to a practice is an audit. Becoming more compliant boosts your bottom line by helping you avoid big fines and penalties, helps cut back on billing and coding errors, and reduces insurance denials for improper documentation. Your license is your livelihood. There is no time like the present to be compliant. After all, your family, employees and patients depend on you to do the right things, for the right reasons, in the right ways.
RAY FOXWORTH, DC, FICC, MCS-P, is a certified Medical Compliance Specialist and president of ChiroHealthUSA. A practicing chiropractor, he remains “in the trenches” facing challenges with billing, coding, documentation and compliance. He has served as president of the Mississippi Chiropractic Association, is a former staff chiropractor at the G.V. Sonny Montgomery VA Medical Center and is a Fellow of the International College of Chiropractic. For more info go to chirohealthusa.com.