Blog Archives

Another NCTracks Debacle? Enter NC HealthConnex – A Whole New Computer System To Potentially Screw Up

North Carolina is mandating that health care providers link with all other health care providers. HIPAA be damned! Just another hoop to jump through in order to get paid by Medicaid – as if it isn’t hard enough!

If you do not comply and link your health care practice to NC HealthConnex by June 1, 2019, you could lose your Medicaid contract.

“As North Carolina moves into data-driven, value-based health care, the NC HIEA is working to modernize the state-designated health information exchange, now called NC HealthConnex.” About NC HealthConnex website.

NC HIEA = NC Health Information Exchange Authority (NC HIEA) and created by N.C. Gen. Stat. § 90-414.7. “North Carolina Health Information Exchange Authority.”

North Carolina state law mandates that all health care providers who receive any State funds, which would include Medicaid, HealthChoice and the State Health Plan, must connect and submit patient demographic and clinical data to NC HealthConnex by June 1, 2019. The process could take 12 to 18 months. So you better get going. Move it or lose it, literally. If you do not comply, you can lose your license to participate in state-funded programs, including Medicaid.

If you go to the NC Health Information Exchange Authority (NC HIEA) website article, entitled, “NC HealthConnex Participant Base Continues to Grow,” you will see the following:

Screen Shot 2018-11-29 at 3.21.53 PM

I highlighted the Session Law that, according to the above, requires that health care providers who receive state funds must connect to NC HealthConnex. See above. However, when you actually read Session Law 2017-57, it is untrue that Session Law 2017-57 mandates that health care providers who receive state funds must connect to NC HealthConnex.

If you follow the citation by NC HIEA (above), you will see that buried in Session Law 2017-57, the 2017 Appropriations Bill, is a clause that states:

“SECTION 11A.8.(e)  Of the funds appropriated in this act to the Department of Health and Human Services, Division of Central Management and Support, Office of Rural Health, for the Community Health Grant Program, the sum of up to one hundred fifty thousand dollars ($150,000) in recurring funds for each fiscal year of the 2017‑2019 fiscal biennium shall be used to match federal funds to provide to safety net providers eligible to participate in the Community Health Grant Program, through the Rural Health Technology Team, ongoing training and technical assistance with respect to health information technology, the adoption of electronic health records, and the establishment of connectivity to the State’s health information exchange network known as NC HealthConnex.”

As you can plainly read, this clause only allots funds to provide training and assistance to providers eligible to participate in the Community Health Grant Program. The above clause certainly does not mandate that Healthcare providers who receive state funds connect to NC HealthConnex.

Session Law 2017-57, only mandates $150,000 for training and assistance for HealthConnex.

So what is the legal statute that mandates health care providers who receive state funds must connect to NC HealthConnex?

Ok, bear with me. Here’s where it gets complex.

A law was passed in 2015, which created the North Carolina Health Information Exchange Authority (NC HIEA). NC HIEA is a sub agency of the North Carolina Department of Information Technology (NC DIT) Government Data Analytic Center. NC HIEA operates the NC HealthConnex. The State CIO maintains the responsibility if the NC HealthConnex.

Supposedly, that 2015 law mandates that health care providers who receive state funds must connect to NC HealthConnex…

I read it. You can click on the link here. This subsection is the only section that I would deem apropos to health care providers accepting State funding:

“In consultation with the Advisory Board, develop a strategic plan for achieving statewide participation in the HIE Network by all hospitals and health care providers licensed in this State.”

What part of the above clause states that health care providers are MANDATED to participate? So, please, if any of my readers actually know which law mandates provider participation, please forward to me. Because my question is – Is participation REALLY mandated? Will providers seriously lose their reimbursement rights for services rendered for failing to participate in NC HealthConnex?? Because I see multiple violations of federal law with this requirement, including HIPAA and due process.

HealthConnex can link your practice to it if you use the following EHR programs:

  • Ace Health Solutions
  • Allscripts
  • Amazing Charts/Harris Healthcare Company
  • Aprima
  • Athena Health
  • AYM Technologies
  • Casehandler
  • Centricity
  • Cerner
  • CureMD
  • DAS Health/Aprima
  • eClinicalWorks
  • eMD
  • eMed Solutions, LLC
  • EPIC
  • Evident- Thrive
  • Greenway
  • ICANotes Behavioral Health EHR
  • ICAN Solutions, Inc
  • Integrity/Checkpoint
  • Kaleidacare
  • Lauris Online
  • McKesson Practice Partners
  • Medical Transcription Billing Corporation
  • Medinformatix
  • Meditab Software, Inc.
  • Meditech
  • Mediware-Alphaflex
  • MTBC
  • MicroMD
  • Netsmart
  • NextGen
  • Office Ally
  • Office Practicum
  • Oncelogix Sharenote
  • Patagonia Health
  • Physician’s Computer Company (PCC)
  • PIMSY
  • Practice Fusion Cloud
  • Praxis
  • PrognoCIS
  • PsyTech Solutions, Inc.
  • Qualifacts – Carelogic
  • Radysans
  • Reli Med Solutions
  • SET-Works
  • SRS
  • The Echo Group
  • Therap
  • Trimed Tech
  • Valant
  • Waiting Room Solutions

The law also requires:

  • Hospitals as defined by G.S. 131E-176(13), physicians licensed to practice under Article 1 of Chapter 90 of the General Statutes, physician assistants as defined in 21 NCAC 32S .0201, and nurse practitioners as defined in 21 NCAC 36 .0801 who provide Medicaid services and who have an electronic health record system shall connect by June 1, 2018.
  • All other providers of Medicaid and state-funded services shall connect by June 1, 2019. See changes in 2018 Session Law below.
  • Prepaid Health Plans (PHPs), as defined in S.L. 2015-245, will be required to connect to the HIE per their contracts with the NC Division of Health Benefits (DHB). Clarifies that PHPs are required to submit encounter and claims data by the commencement of the contract with NC DHB.
  • Clarifies that Local Management Entities/Managed Care Organizations (LMEs/MCOs) are required to submit encounter and claims data by June 1, 2020.

New from the 2018 Legislative Short Session, NCSL 2018-41: 

  • Dentists and ambulatory surgical centers are required to submit clinical and demographic data by June 1, 2021.
  • Pharmacies are required to submit claims data pertaining to State services once per day by June 1, 2021, using pharmacy industry standardized formats.

To meet the state’s mandate, a Medicaid provider is “connected” when its clinical and demographic information pertaining to services paid for by Medicaid and other State-funded health care funds are being sent to NC HealthConnex, at least twice daily—either through a direct connection or via a hub (i.e., a larger system with which it participates, another regional HIE with which it participates or an EHR vendor). Participation agreements signed with the designated entity would need to list all affiliate connections.

Let’s just wait and see how this computer system turns out. Hopefully we don’t have a second rendition of NCTracks. We all know how well that turned out. See blog and blog.

Medicaid participation continues to get more and more complicated. Remember the day when you could write a service note with a pen? That was so much cheaper than investing in computers and software. When did it get so expensive to provide health care to the most needy?

EHR Programs’ Two, Haunting Risks: Liability and Audits – Scared Yet?

Happy Halloween!!

pennywise

What is scarier than Pennywise, Annabelle, and Jigsaw combined? Getting sued for an EHR program mistake and getting audited for EHR eligibility when the money is already spent (most likely, on the EHR programs).

Without question, EHR programs have many amazing qualities. These programs save practices time and money and allow them to communicate instantly with insurers, hospitals, and referring physicians. Medical history has never been so easy to get, which can improve quality of care.

However, recently, there have been a few audits of EHR programs that have caused some bloodcurdling concerns and of which providers need to be aware of creepy cobwebs with the EHR programs and the incentive programs.

  1. According to multiple studies, EHR has been linked to patient injuries, which can result in medical malpractice issues; and
  2. In an audit by OIG, CMS was found to have inappropriately paid $729.4 million (12 percent of the total) in incentive payments to providers who did not meet meaningful use requirements, which means that CMS may be auditing providers who accepted the EHR incentive payments in the near future.

Since the implementation of the Health Information Technology for Economic and Clinical Health Act, which rewards providers with incentive payments to utilize electronic health record (EHR) computer programs, EHR use has skyrocketed. Providers who accept Medicare are even more incentivized to implement EHR programs because not using EHR programs lead to penalties.

I.    Possible Liability Due to EHR Programs

A recent study by the The Doctors’ Company (TDC) found that the use of EHR has contributed to a number of patient injuries over the last 10 years. The study highlights why it is so important to have processes in place for back-up, cross-checking, and auditing the documentation in your EHRs.

Without question, the federal government pushed for physicians and hospitals to implement EHR programs quickly. Now 80% of physician practices use EHR programs. 90% of hospitals use EHR programs. But the federal government did not create EHR standards when it mandated the use of the programs. This resulted in vastly inconsistent EHR programs. These programs, for the most part, were not created by health care workers. The people who know whether the EHR programs work in real life – the providers – haven’t transformed the EHR programs into better programs based on reality. The programs are “take it or leave it” models created in a vacuum. This only makes sense because providers don’t write computer code, and the EHR technology is extremely esoteric. A revision to an EHR program probably takes an act of wizardry. Revitalizing the current EHR programs to be better suited to real life could take years.

There are always unanticipated consequences when new technology is implemented – didn’t we all learn this from the NCTracks implementation debacle? Now that was gruesome!

TDC study found that EHR programs may place more liability on the provider-users than pre-electronic databases.

The study states the following:

“In our study of 66 EHR-related claims from July 2014 through December 2016, we found that 50 percent of these claims were caused by system factors such as failure of drug or clinical decision support alerts and 58 percent of claims were caused by user factors such as copying and pasting progress notes.

This study was an update to our first analysis of EHR-related claims, a review of 97 claims that closed from January 2007 through June 2014.”

Another study published by the Journal of Patient Health studied more than 300,000 cases. Although it found that less than 1% of the total (248 cases) involved technology mistakes, more than 80% of those suits alleged harms of medium to intense severity. The researchers stressed that the 248 claims represented the “tip of an iceberg” because the vast majority of EHR-related cases, even those involving serious harm, never generate lawsuits.

Of those 248 claims that may have been the result of EHR-related mistakes, 31% were medication errors. For example, a transcription error in entering the data from a handwritten note. Diagnostic errors contributed to 28% of the claims. Inability to access records in an emergency setting accounted for another 31%. But systems aren’t entirely to blame. User error — such as data entry and copy-and-paste mistakes and alert fatigue — is also a big problem, showing up in 58% of the claims reviewed. Boo!

Tips:

  • Avoid copying and pasting; beware of templates.
  • Do not just assume the EHR technology is correct. Cross check.
  • Self audit

II.    Possible Audit Exposure for Accepting EHR Incentive Payments

Not only do providers need to be careful in using the EHR technology, but if you did attest to Medicare or Medicaid EHR incentive programs, you may be audited.

In June 2017, the Office of Inspector General (OIG) audited CMS and its EHR incentive program. OIG found that “CMS did not always make EHR incentive payments to EPs [eligible professionals] in accordance with Federal requirements. On the basis of [OIG’s] sample results, [OIG] estimated that CMS inappropriately paid $729.4 million (12 percent of the total) in incentive payments to EPs who did not meet meaningful use requirements. These errors occurred because sampled EPs did not maintain support for their attestations. Furthermore, CMS conducted minimal documentation reviews, leaving the self-attestations of the EHR program vulnerable to abuse and misuse of Federal funds.”

OIG also found that CMS made EHR incentive payments totaling $2.3 million that were not in accordance with the program-year payment requirements when EPs switched between Medicare and Medicaid incentive programs.

OIG recommended that CMS review provider incentive payments to determine which providers did not meet meaningful use requirements and recover the estimated $729,424,395.

What this means for you (if you attested to EHR incentive payments) –

Be prepared for an audit.

If you are a physician practice, make sure that you have the legally adequate assignment contracts allowing you to collect incentive payments on behalf of your physicians. A general employment contract will , generally, not suffice.

Double check that your EHR program was deemed certified. Do not just take the salesperson’s word for it. You can check whether your EHR program is certified here.

If you accepted Medicaid EHR incentive payments be sure that you met all eligibility requirements and that you have the documentation to prove it. Same with Medicare. These two programs had different eligibility qualifications.

Following these tips can save you from a spine-tingling trick from Pennywise!

we all float

EHR: What’s In YOUR Contract? Legal Issues You Need to Know.

Electronic health records or EHR have metamorphosed health care. Choosing a vendor can be daunting and the prices fluctuate greatly. As a provider, you probably determine your EHR platform on which vendor’s program creates the best service notes… or which creates the most foolproof way of tracking time… or which program is the cheapest.

But…what’s in YOUR contract can be legally deadly.

Regardless how you choose your EHR vendor, you need to keep the following legal issues in mind when it comes to EHR and the law:

Regulatory and Clinical Coverage Policy Compliance

Most likely, your EHR vendor does not have a legal degree. Yet, you are buying a product and assuming that the EHR program complies with applicable regulations, rules, and clinical coverage policies – whichever are applicable to your type of service. Well, guess what? These regulations, rules, and clinical coverage policies are not stagnant. They are amended, revised, and re-written more than my chickens lay eggs, but a little less often, because my chickens lay eggs every day.

Think about it – The Division of Medical Assistance (DMA) publishes a monthly Medicaid Bulletin. Every month DMA provides more insight, more explanations, more rules that providers will be held accountable to follow.

Does your EHR program update every month?

You need to review your contract and determine whether the vendor is responsible for regulatory compliance or whether you are. If you are, should you put so much faith in the EHR program?

Document Accessibility

You are required to maintain your records (depending on your type of service) anywhere from 5-10 years. Let’s say that you sign a four year contract with EHR Vendor X. The four years expires, and you hire a new EHR vendor. You are audited. But Vendor X does not allow you access to the records because you no longer have a contract with them – not their problem!

You need to ensure that your EHR contract allows you access to your documents (because they are your documents) even in the event of the contract expiring or getting terminated. The excuse that “I don’t have access to that” does not equal a legal defense.

Indemnification

This is otherwise known as the “Blame Game.” If there is a problem with regulatory compliance, as in, the EHR records do not follow the regulations, then you need to know whether the EHR vendor will take responsibility and pay, or help pay, for attorneys’ fees to defend yourself.

Like it or not, the EHR vendor does not undergo audits by the state and federal government. The EHR vendor does not undergo post and pre-payment reviews for regulatory compliance. You do. It is your NPI number that is held accountable for regulatory compliance.

You need to check whether there is an indemnification clause in the EHR contract. In other words, if you are accused of an overpayment because of a mistake on the part of the vendor, will the vendor cover your defense? My guess is that there is no indemnification clause.

HIPAA Compliance

HIPAA laws require that you minimize the access to private health information (PHI) and prevent dissemination. With hard copies, this was easy. You could just lock up the documents. With EHR, it becomes trickier. Obviously, you have access to the PHI as the provider. But who can access your EHR on the vendor-side? Assuming that the vendor has an IT team in case of computer issues, you have to consider to what exactly does that team have access.

I recently attended a legal continuing education class on data breach and HIPAA compliance for health care. One of the speakers was a Special Agent with the FBI. This gentleman prosecutes data breaches for a living. He said that hackers will pay over $500 per private medical document. Health care companies experienced a 72% increase in cyberattacks between 2013 and 2014. Stolen health care information is 10 times more valuable than your credit card information.

Zombie Apocalypse

Obviously, I am exaggerating here. I do not believe that The Walking Dead is real and in our future. But here is my point – You are held accountable for maintaining your medical records, even in the face of an act of God or terrorism.

Example: It was 1996. Provider Dentist did not have EHR; he had hard copies. Hurricane Fran flooded Provider Dentist’s office, ruining all medical records. When Provider Dentist was audited, the government did not accept the whole “there was a hurricane” excuse. Dentist was liable for sever penalties and recoupments.

Fast forward to 2017 and EHR – Think a mass computer shutdown won’t happen? Just ask Delta about its August 2016 computer shutdown that took four days and cancelled over 2000 flights. Or Medstar Health, which operates 10 hospitals and more than 250 outpatient facilities, when in March 2016, a computer virus shut down its emails and…you guessed it…its EHR database.

So, what’s in YOUR contract?