ICD-10: Post-Implementation Challenges and Issues

The fact that the 2015 transition to ICD-10 was not as dramatic a problem as some healthcare providers worried it would be does not mean the system is not without its challenges. Considering a Medicare Part B-related one-year grace period that went into effect late in 2015, some businesses and practices may just now be starting to feel the impact of wrinkles that still need to be ironed out.

Under ICD-10, the number of available diagnostic codes used in billing jumped more than fivefold, up to about 69,000. Because of this, clinical documentation—always vital—has become even more critically important, especially in relation to navigating denials and other reimbursement challenges. While mistakes always happen, especially in times of transition and learning new systems, organizations can do much to accelerate resolutions and mitigate the risk of negative outcomes by having a clear documentation policy in place and routinely auditing their teams and practices to ensure proper procedures are being followed. Being able to quickly find properly documented and filed information is key to handling issues as they arise.

The fact that computer systems will continue for some time to have a need to access both the previous ICD-9 codes and the current ICD-10 codes further complicates the issue, as does the ever-present reality of emerging diseases that necessitate further scrutiny and the ongoing evolution of even fledgling systems. The mosquito-borne Zika virus has been a prime example of this in 2016.

For help in establishing or tightening policies in place to ensure the earliest days of ICD-10 implementation continue to run as smoothly as possible, and that emerging challenges are addressed quickly, contact Professional Medical Management Services at promedcomply.com or call (856) 840-5570.

Dr. Varsha Shah

Navigating BYOD in the Healthcare System

Just about everyone has a personal device these days. The prevalence of lightweight and portable laptops, tablets, and smartphones means unprecedented power to access information and communicate with others is quite literally everywhere. While many organizations have compliance safeguards in place, such as HIPAA privacy rules, an emerging field has created the need for another sort of plan to ensure that risks are mitigated.

Known as “BYOD”—for Bring Your Own Device—this strategy encourages members of healthcare teams to perform their duties in a part or entirely on their personal devices, allowing them to access data and work with applications in the mode and platform most comfortable to them. While there are many advantages to this system, including improved employee productivity and satisfaction, as well as some cost savings, it does raise many questions related to data and network security, as well as regulatory actions.

Any organization’s BYOD policy should be designed with those concerns in mind, taking a variety of potential problems into account, including the installation of malware, unauthorized users accessing sensitive data, the accidental or intentional destruction of important data, and the unknown risks that develop is a network-connected or accessible device is stolen, giving virtually anyone access. Leaders should also consider how best to monitor devices for inappropriate use.

In a typical computer system, risk management and control is centralized, but a network of personal devices is necessarily decentralized, encompassing a variety of brands, device types, access points, and users.

A BYOD program can be a useful tool in a modern organization, but policy should be very clear about who is eligible for the program, what types of activities are permitted and not permitted, what security safeguards are in place and must be adhered to, what steps need to be followed in the event of theft or a suspected data breach, and—very importantly—what degree of control and access the organization expects to exercise over employees’ personal devices, as well as what sort of support and compensation is in place for necessary maintenance and upkeep.

A written and signed agreement including all of this information and more is key to mitigating risk.

To learn more about navigating the challenges and risks of a BYOD program, visit Professional Medical Management Services at promedcomply.com or call (856) 840-5570.

Dr. Varsha Shah

Social Media and HIPAA Compliance

Social media is a great way to communicate with the public in regard to outbreaks and epidemics, new inventions in the medical field, or improving disease processes and collaborating with the colleagues in the industry. However, if a social media post made by a member of the communicating organization’s workforce includes a patient’s protected health information, this jeopardizes HIPAA compliance by violating privacy rules that govern permissible uses and disclosure. The action subjects the organization and the individual who caused the breach to risk, as the event is reportable as a violation.

 

Here are some examples of social media posting that may violate HIPAA compliance:

• a medical student posting a picture of a placenta along with the patient’s name

• a nurse posting a picture of a birthday cake for a colleague, with a patient’s charts visible in the background

• a doctor posting an interaction with a patient, and including the organization’s name in the small town hospital

 

While social media is widespread and changing the nature of the entire world’s communication habits and privacy standards, there are several steps a healthcare organization can take to minimize risk.

 

1) Develop a social media policy and clear procedures that every employee must follow

2) Educate your organization’s workforce in regard to the established social media policy

3) Develop a plan for dealing with reportable events

4) Hold annual HIPAA compliance training sessions with a focus on social media

5) Regularly monitor social media related to your organization, as well as the staff for compliance

 

To learn more, visit Professional Medical Management Services at promedcomply.com or call (856) 840-5570.

Dr. Varsha Shah