Risky business, or tempest in a teapot?

Some days, it appears we compliance and coding folks are like the boy who cried wolf.  We see shadows around every corner.  We emulate Captain Kirk, shouting, “Red Alert! Shields up!”  (Done mixing my metaphors now, I promise.)  The mainstream press doesn’t help with headlines of fraud accusations and sensational stories of government regulations.  In the past three days, the New York Times had headline stories about a hospital chain encouraging physicians to admit patients who did not qualify for admission and an OIG report about investigating physicians who bill Medicare a lot of money each year.  A lot of money.

 How does a practice assess its real risk?

 Think: big.  The OIG report identified 2% of physicians responsible for more than 25% of Medicare Part B revenue.  It identified 303 physicians in the country who each received more than $3 million in Part B Medicare payments in one year.  These were 55% Internists, 12% Radiation Oncologists and 11% Ophthalmologists.  I don’t think the Internists generated $3 million from moving their 99213s to 99214s, do you?  Although the report doesn’t say what services were provided, I’m going to guess diagnostics or DME played a part.  When I read about health care professionals or business types who have paid large fines or gone to jail, there is often this large component involved.  The lab that bought insurance numbers and billed for thousands of lab tests on patients who were never seen.   Sheer size is a risk factor.   I don’t mean a group of 100 has higher risk than a group of ten.  I mean, if one physician generates revenue that is 100 fold higher than might be expected, that’s a risk.

 Think: different. As in, “is my billing pattern different from the norm?”  That is hard to know. The government and payers have all the data: they are playing with a full deck of cards and all we have is the ace of spades and two of hearts.  Check your E/M profile against the norm. (email me betsy.nicoletti@gmail.com) and look at your use of modifiers. (frankcohengroup.com)  Look at MGMA RVU data to see if your total RVUs are significantly higher than the norm. Compare data internally.  Avoid reporting all one level of service in any category,  “all my admissions are threes, all my follow ups are twos, and all my consults are fours.”  High volume combined with unusual profile is a risk factor.

 Think: it’s too good to be true.   That diagnostic tool the sales rep tells you will make you a fortune: take a good look at coverage rules and medical necessity. 

 Think:  when you hire, can she whistle?  When I present to a group, I often ask, “Do any of the doctors here have your spouse working in the practice?   Yes?  Don’t get a divorce.”  But, whistleblower suits can be a threat to anyone.  The hospital in the NYTimes article I mentioned is being brought my multiple whistleblowers. When you are interviewing a new staff member, be alert for an attitude that the person knew more than their previous supervisor and protected the doctor from “wearing stripes” and now plans to bring their watch dog skills to you.  It’s not that I don’t want you to find and correct your own errors. That process of auditing, in which you voluntarily review your coding, correct errors, issue refunds for overpayments and educate yourself and practice is critical and should be done by every practice.  But, I want the person doing it to be on your side, helping you detect errors, research the rules, refund overpayments and correct problems.     I’m not saying co-conspirator!  I’m saying the person who works with you in the complex area of coding and compliance should be on your team.

 The only way to reduce your coding risk to zero is to stop seeing patients.  But, physicians are used to managing risk in their medical decisions.  Managing coding risk means learning about the codes and rules for the services you provide, hiring dedicated, smart staff and paying for coding education and conducting regular audits, internally or externally.  

Cloning: I read the news today, oh boy.

Certain medical stories are irresistible to the popular press: ICD-10 external cause codes that are ridiculous (W61.43XD, pecked by a turkey, subsequent encounter) or medical practices using their electronic health records in a way that increases their revenue.  A recent headline was eye-catching, as headlines are meant to be, “Report finds more flaws in digitizing patient files.”  The New York Times reported on January 8, 2014 that the Office of Inspector General (OIG) found Medicare and its contractors weren’t doing enough to prevent fraud caused by using an electronic health record.  It makes for good copy, doesn’t it?  (OIE-01-11-00571, CMS and its Contractors have Adopted Few program Integrity Practices to Address Vulnerabilities in EHRs, January 2014).   It followed a December report about safeguards in hospital EHRs.  (OIE-01-11-00570, Not all Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology). Taken together, physician practices and hospitals are given fair warning about government concerns. 

 The December report about safeguards is a report that IT staff, practice managers and medical directors should review.  It relates to audit functions within the EHR (don’t go to sleep on me here.)  It also had a bombshell about E/M services.  The report found a lack of safeguards and issued recommendations about tracking alterations or changes to documentation. It recommended that EHRs track method of input, including copy/paste, direct entry, or import for any update. It states that EHR systems should have user authorization and access controls that positively identify by NPI the author of entries and restrict unauthorized access by user ID and passwords.  There were other recommendations related to data transfer standards. 

 This same report recommended that EHR technology not prompt a user to add documentation for E/M coding, but be able to alert a user to “inconsistencies between documentation and coding.”  There are two parts to this.  First, the program shouldn’t prompt the user to encourage higher codes. “Just add family history, and the visit is a 99204.”  The second suggests, however, that the program could warn a clinician who is coding a service at a higher level than documented.

 The January report (CMS and its Contractors Have Adopted Few Program Integrity Practices to Address Vulnerabilities in EHRs) directly discusses using copy and paste and over-documentation.  Quoting from the OIG report:

 Copy-Pasting. Copy-pasting, also known as cloning, enables users to select information from one source and replicate it in another location.  When doctors, nurses, or other clinicians copy-paste information but fail to update it or ensure accuracy, inaccurate information may enter the patient’s medical record and inappropriate charges may be billed to patients and third-party health care payers. Furthermore, inappropriate copy-pasting could facilitate attempts to inflate claims and duplicate or create fraudulent claims.

Over-documentation. Over-documentation is the practice of inserting false or irrelevant documentation to create the appearance of support for billing higher level services. Some EHR technologies auto-populate fields when using templates built into the system. Other systems generate extensive documentation on the basis of a single click of a checkbox, which if not appropriately edited by the provider may be inaccurate. Such features can produce information suggesting the practitioner performed more comprehensive services than were actually rendered.

The Documentation Guidelines that we use to audit E/M services were written in 1995 and 1997, long before most groups were using an electronic health record.  But, they are still in place today and are the guidance that we have about what parts of a previous visit can be reviewed, updated and used in a current visit and count towards today’s documentation.  Here is what they say,

A ROS and/or a PFSH obtained during an earlier encounter does not need to be re-recorded if there is evidence that the physician reviewed and updated the previous information. This may occur when a physician updates his or her own record or in an institutional setting or group practice where many physicians use a common record. The review and update may be documented by:

  • describing any new ROS and/or PFSH information or noting there has been no change in the information; and
  • noting the date and location of the earlier ROS and/or PFSH.

Auditors and payers will allow the ROS and past medical, family and social history from a previous visit to be included as part of the current visit as long as the physician notes any new changes or that there were no changes.  It doesn’t say that the clinician doesn’t have to redo the work, only that the work doesn’t all have to be re-documented.  In a handwritten or a dictated note, that was huge time saver.   The HPI, exam, assessment and plan are not allowed to be copied, reviewed and a notation, “No changes required” made according to the Documentation Guidelines.

In a paper record, it makes perfect sense.  But what about in an electronic world?  Most programs allow a clinician to carry forward all or part of a note, and edit it.  Most auditors don’t credit the HPI that is copied from a previous note, because according to the Documentation Guidelines, The HPI is a chronological description of the development of the patient’s present illness from the first sign and/or symptom or from the previous encounter to the present. It includes the following elements: • location,
• quality,
• severity,
• duration,
• timing,
• context,
• modifying factors, and
• associated signs and symptoms.  We interpret that to mean a description of the patient’s current symptoms, not past medical history.  Since the Guidelines specifically state that the ROS and PFSH may be carried forward but not the HPI, auditors expect the HPI to change from visit to visit.  And often, reading an HPI that was copied is confusing about the time frame and inaccurate.

But clinicians see things a little differently.  The start of the history section is often a succinct summary of the patient’s condition, which is helpful to carry forward from visit to visit. “HPI: Pleasant 58-year-old with a past medical history of coronary artery disease, previous acute coronary syndrome. He had bypass surgery. His last cardiac catheterization was June 2011. At that time bypass grafts were patent. The third obtuse marginal demonstrated 80 percent stenosis in the proximal third. The RCA demonstrated 100 percent proximal stenosis. The mid RCA was supplied by collaterals.  There was diffuse coronary disease. Ejection fraction was 55 percent. There was no intervention at that point in time. In November he developed recurrent chest pain. He ruled out for myocardial infarction and was discharged on metoprolol as well as imdur and he is no longer on Benicar.” The physician certainly doesn’t want to re-type that, and yet does want it at the start of the visit, as a reminder for future visits and for other care providers.  This seems reasonable to me, but then the physician needs to add “Since last seen, he reports….” And describe the patient’s symptoms, if any, or the status of the patient’s condition since the last visit.

What about the exam and assessment and plan?  The Guidelines don’t allow for copying those sections.  Providers tell me that opening up the previous note and copying the exam into today’s visit reminds them of abnormal findings.  The provider then edits the exam.  Use extreme caution with this until we receive CMS guidance.  It runs the risk of falling into the category of both cloning and over-documentation.  I read too many notes in which I am surprised the level of exam that was documented for a follow up or minor problem. (A comprehensive, eight-organ system exam for a cast change on an 8 year old, for example.)  As for the assessment and plan, if the physician is following the patient for the same problems, and addresses each of them at the visit, then the list won’t change. And it’s possible that the status of these won’t change or the treatment plan.  The clinician needs to be sure to only include in the list those problems addressed that day and scrupulously update the status of them.  Again, the Guidelines themselves written in a pre-EHR era do not allow for using and updating a previous assessment and plan. 

When I meet with physicians, they often complain that they can’t trust the information in EHR notes from another provider.  The first duty in documenting a service is to the integrity and accuracy of the medical record.  But, keep in mind that the payer isn’t paying you twice for the same work.  Some notes are copied wholesale from a previous visit with minimal changes.  It makes it difficult to validate the medical necessity for the service and to know what happened at the subsequent visit. 

There is more than a little irony in the situation.  First, CMS all but insists that physicians use an EHR.  But then CMS seems to say, “Don’t use this tool in a way that is too convenient or that saves you any time.”  Until we receive CMS guidance, and working within the constraints of the EHR, document in a manner will help you and other clinicians to treat the patient.