Author Archives: Kelly Grahovac

Signatures from representatives still needed for H.R. 3730

Kay Koch, OTR/L,ATP

The holiday season is upon us and while this may not be on your holiday wish list many people who use complex rehab wheelchairs would like it to be. HR 3730 has still not gotten the signatures needed to exempt Complex Rehab Manual Wheelchair Accessories from Competitive Bidding. Introduced in the house in September 2017, this bill amends title XVIII (Medicare) of the Social Security Act to prohibit the application of Medicare competitive acquisition rates to complex, rehabilitative, manual wheelchairs and accessories. (A competitive bidding program has replaced the use of established fee schedule amounts to determine payments under Medicare for certain durable medical equipment such as wheelchairs.) Will you contact your representative to wish them a happy holiday season and ask them to sign on?

It is important to recognize the label “accessories” is a Medicare policy term that does not properly convey that Complex Rehab wheelchair accessories are “critical components” such as seat/back  pressure relieving cushions, positioning devices, recline/tilt systems, and specialty controls.  These critical components are what allows the Complex Rehab wheelchair to be individually configured to meet the unique medical and functional needs of the person with a disability.  The negative consequences of the current situation are not limited to just Medicare beneficiaries.  They extend to children and adults with disabilities covered by Medicaid and other health insurances plans, since most payers follow  Medicare  policies.

Congressional action is required to provide equal access.

CMS has elected to group heterogeneous products under a single HCPCS billing code and as a  result, the same code includes both Standard wheelchair accessories and Complex Rehab wheelchair accessories. Complex Rehab wheelchair accessories are different technologically, designed to meet a unique clinical  need, and are costlier to provide than Standard products. CMS is taking information obtained through  the competitive bidding of accessories used on standard wheelchairs and inappropriately applying that  pricing to Complex Rehab accessories that were not part of the CBP ( Competitive Bid Program).

Congressional action is needed. This is a lingering issue that was not addressed in CMS’  June 23, 2017 policy correction.  Accordingly, Congressional action is needed to stop CMS’ inappropriate  application of CBP pricing and ensure equal access for Medicare beneficiaries and others with significant  disabilities who rely on individually configured Complex Rehab manual wheelchairs.    Representatives Zeldin and Larson, along with 41 original cosponsors, introduced H.R. 3730 on  September 11, 2017 to replace the previous broader bill (H.R. 1361) and focus just on accessories used with Complex Rehab manual wheelchairs.  This legislation must be passed as soon as possible. As of Dec 1, 2017, there are 24 Republican and 29 Democrat co-sponsors.

Please write or call your representative to ask for their support for this new legislation and to emphasize the importance of protecting patient access, not just to accessories used with complex rehab power wheelchairs, but also access to those used on complex rehab manual wheelchairs. Regardless of injury, illness, disability, or chronic condition, all Medicare beneficiaries should be eligible for the same access to medically necessary mobility devices, services, and accessories. Anything less can have serious consequences for beneficiaries. Urge Congress to pass H.R. 3730 to ensure that accessories used with CRT manual wheelchairs are protected. With the links below it will take less than 5 minutes of your time.

Please check this link here and contact your representative to either thank them for their support or ask for their support of this important legislation.

Thank you to  www.  for the updates, new information and the following links:

Co-sponsors :

Access2CRT.ORG  for a link to email your representative :

Understanding the HIPAA Training Requirements

Do you understand the HIPAA training requirements? If you don’t, you’re not alone. HIPAA regulations concerning training can become a little vague and some people are unsure what they’re required to have training on or what it even entails. To help, we’re breaking down some of the confusion when it comes to HIPAA training requirements.

Who needs to be trained? Within the HIPAA Privacy Rule, it states training should be to “implement a security awareness and training program for all members of the workforce”. Meaning everyone on staff should receive regular, and adequate training.

What do they need training on? There are so many rules and regulations when it comes to HIPAA, so it’s important to remember that employees need a wide range of training, including but not limited to, the proper handling of Personal Health Information, seeing and reporting suspicious activity and/or any possible violations, what constitutes a violation and how to protect yourself and company from breaches, etc.

What’s the purpose of training? The overall goal of training is to provide a basis of the HIPAA Privacy and Security Rules. Since roles vary within a company, training should be tailored to their involvement with PHI or ePHI.

What do you do after training? After training has been provided, it’s critical that it’s documented. When you use HIPAAwise – The van Halem Group Solution, you can regularly document trainings for easy checks if you were to be audited. Within the documentation, the training material should be included, along with the frequency and who received the training.

To learn more about how HIPAAwise can help you with developing training modules or documenting the trainings, visit the website here. For more information about training, visit the U.S. Department of Health and Human Services website here.

OIG Hospice Report

Written by Lisa Eick RN

CMS recently re-published an article regarding the OIG report from September 2016 that found more than one third of Hospice election statements and certification of terminal illness documents were found to be non-compliant. The sample included only General Inpatient stays (GIP), however the article is a great reminder for all Hospice providers to monitor these documents to ensure they include all required elements. The takeaways from the OIG report include:

Election Statements      

Periodically review the election statements to ensure all required elements are included in the statement. This is of particular importance for agencies who have made changes to the election statement to meet compliance requirements. It is not uncommon, for old forms to find their way out of the filing cabinet (electronic or otherwise). As a reminder the following are the election statement requirements.

Election Statements must include the following:

  • The name of the Hospice providing care to the patient.
  • An acknowledgement that the patient (or authorized representative) has been provided a detailed explanation of hospice care. This must include a clear description of the nature of hospice care and treatment as palliative and not curative in nature.
  • An acknowledgement that certain other Medicare services are waived (not covered) while on hospice care.
  • Election date: Must not be prior to the date of election. May be the first day of hospice care or later.
  • Designated attending physician must be clearly identified by full name, office address or the National Provided Identifier (NPI).
  • An acknowledgement the attending physician was their choice.
  • The signature of the patient (or authorized representative.

An election statement missing any one of the required criteria is incomplete and may result in a Medicare denial.


Physician Certifications

Develop a system of routine audits of physician certification forms to ensure all required elements are completed and meet Medicare requirements for a compliant certification. By developing systems and processes for auditing the physician certification forms, agencies may identify areas of weakness and opportunities for educating providers on the Medicare requirements. As a reminder the following are the requirements for the physician certification form.

  • Written certification must include
    • A statement that the patient has a life expectancy of 6 months or less if the terminal illness
    • A narrative from the certifying physician which includes clinical documentation that supports the patient has a terminal diagnosis.
      • The narrative can be part of the certification form or an addendum.
      • If part of the form it must be located above the physician signature.
      • If an addendum the physician must sign following the narrative.
      • Must include an attestation statement above the physician signature and date stating he/she completed the narrative based on review of the clinical findings in the patient medical record or upon examination of the patient.
      • Benefit period dates.
      • Recertification for the third benefit period must include a narrative explaining the findings of a face to face visit that continues to support a life expectancy of less than six months. The narrative must include the date of the visit and an attestation that he/she performed the visit. If the visit was done by a nurse practitioner the must be an attestation the results of the visit were provided to the physician.
    • Signature requirements
      • Handwritten signature, must have a hand written date
      • Electronic signatures and date
      • Stamped signature are not acceptable.
      • The initial benefit period – the certification must be signed by the hospice medical director and the patient’s primary care provider if there is one.
      • Subsequent benefit periods may be signed by the hospice medical director


Source: Medicare-Learning-Network-MLN/MLNMattersArticles/Downloads/SE1628.pdf accessed 10/30/17

Quick Facts about the HITECH and Omnibus Rule

Have you heard the terms HITECH and Omnibus Rule tossed around, but you aren’t entirely sure what they are? You aren’t alone. Here are fast facts about the HITECH and Omnibus Rule.

What are they?

HITECH: This is a provision to the American Recovery and Reinvestment Act of 2009, which provided incentives to physicians and healthcare providers to move to electronic health records.

Omnibus Rule: This was created by The U.S. Department of Health and Human Services as a response to the HITECH rule. It is comprised of four rules concerning updated privacy protections, new patient rights to their health information and gave the government authority to enforce the HIPAA regulations.

How it Works with HIPAA:

HITECH: Even though HITECH and HIPAA aren’t directly related, HITECH states it can’t compromise HIPAA privacy laws. It also requires providers must perform a risk assessment. HITECH established the data breaches notification rules, along with establishing the rule making sure business associates are just as accountable for data breaches as providers are.

Omnibus Rule: Made up of four rules regarding HIPAA:

  1. Final updates were made to the HIPAA Privacy, Security and Enforcement Rules.
  2. Changes to the enforcement rule to incorporate a penalty structure created by the HITECH Act.
  3. There were changes made regarding Breach Notifications, also under HITECH.
  4. Modifications were made to the HIPAA Privacy Rule to prohibit health plans from using genetic information for insurance underwriting.

Bottom Line:

HITECH: HITECH established compliance requirements for business associates while also providing clarity to the public about how security and breaches were to be handled by businesses and other entities.

Omnibus Rule: The Omnibus rule was created to better support HIPAA regulation as technology changes and evolves, especially as the HITECH Act encouraged providers to move to EHR. This rule also covers entities and business associates to abide by HIPAA rules and be accountable to those rules.

If you have questions concerning HITECH or the Omnibus Rule and how they relate to your business, contact us today.

Codes Changed to E1399 for Cures Act Adjustments

CGS and Noridian DME MAC jurisdictions are processing thousands of claims on a daily basis in accordance with MLN Matters Article MM9968. The jurisdictions reported that they are on track to have all adjustments processed by November 15.

Suppliers with oxygen claims covered under these mass adjustments may see miscellaneous code “E1399CC” on some Medicare Remittance Advice statements. Due to system limitations, the code E1399 is being used when previous oxygen CMNs have been deleted and are no longer on file due to a new CMN superseding the previous CMN. HCPCS code E1399 was used since it will not impact current or future oxygen claims. The “CC” modifier also signifies that the HCPCS was changed during processing.

Further, both CGS and Noridian DME MAC jurisdictions have published that in order to process the wheelchair accessories claims adjusted by the Cures Act, in some cases, the DME MAC jurisdictions may need to change the submitted HCPCS code to E1399 with a “cc” modifier. This step is needed to pay the correct amount. There are various billing and modifier rules that cannot be accommodated with the limitation of four modifiers for pricing and system edits on the submitted wheelchair accessory HCPCS. The best solution is to change the HCPCS to E1399 with a “cc” modifier.

RAC Issues: Approved and Proposed

On November 13, 2017, CMS began posting a list of review topics that have been proposed, but not yet approved, for RACs to review. These topics will be listed, on a monthly basis, on the Provider Resources page. So far there is only one topic proposed for RAC review affecting DMEPOS suppliers, listed below.

Respiratory Assistive Devices: Meeting Requirements to be considered Reasonable and Necessary

Description: Review for reasonable and necessary requirements, including but not limited to the following:

  • treating practitioner had a face-to-face examination with the beneficiary in the six (6) months prior to the date of the written order for the specified items of DME
  • a completed, signed and dated 5-Element Order for Respiratory Assist Device dated on or before the delivery date of the item
  • the 5-Element Order contains ALL of the following:
    • Beneficiary’s name
    • Item of DME ordered – this may be general – e.g., “hospital bed” – or may be more specific
    • Signature of the prescribing practitioner
    • Prescribing practitioner’s National Practitioner Identifier (NPI)
    • The date of the order
    • proof of delivery, such as a delivery slip, which is signed and dated (on or before the date of service and on or after the initial order date) by the beneficiary or his/her designee

The proof of delivery documentation contains the following elements:

  1. Beneficiary’s name;
  2. Delivery address;
  3. Sufficiently detailed description to identify the item(s) being delivered (i.e. brand name, model number, narrative description);
  4. Delivery service’s package identification number, supplier invoice, or alternative method that links the supplier’s delivery documents with the delivery service’s records;
  5. Quantity delivered; and
  6. Date delivered

State(s)/MAC regions where reviews will occur: All states

Review type: Complex review

Provider type: DME Supplier

Affected code(s):

  • E0470 – Respiratory Assist Device, bi-level pressure capability, without backup rate feature, used with noninvasive interface, e.g., nasal or facial mask (intermittent assist device with continuous positive airway pressure device)
  • E0471 – Respiratory Assist Device, bi-level pressure capability, with back-up rate feature, used with noninvasive interface, e.g., nasal or facial mask (intermittent assist device with continuous positive airway pressure device)

Applicable policy references:

  • 42 C.F.R. sections 405.980 (b) & (c) and section 405.986
  • CMS, IOM Publication 100-02, Medicare Benefit Policy Manual, Chapter 15, Sections 110
  • CMS, IOM Publication 100-08, Medicare Program Integrity Manual, Chapter 4, Section 4.26
  • CMS, IOM Publication 100-08, Medicare Program Integrity Manual, Chapter 5, Section 5.2.4 – 5.2.8, 5.7, 5.8, and 5.9
  • Related LCDs and Policy Articles

Currently CMS has approved the following issues for the RAC to review:

Automated Date Posted
CPAP without OSA Diagnosis 9/8/2017
Nebulizers 2/2/2017
Hospital beds with mattresses billed with Group I or Group II support surfaces 4/12/2017
Group 3 PWC Underpayments 5/17/2017
DME while beneficiary is in an inpatient stay 2/16/2017
Spring Powered Devices Billed for >1 in a 6 Month Period 1/5/2017
CPM Billed without Total Knee Replacement 2/2/2017
Glucose Monitor 1/5/2017
Multiple DME Rentals in one month 3/31/2017
Complex Date Posted
PAP Devices for the treatment of OSA 9/19/2017
Spinal Orthoses 8/2/2017
Chest Wall Oscillation Devices 2/8/17
Tracheotomy suction catheters, suction pumps, catheters and other supplies 2/8/2017
AFO/KAFO 7/7/2017
Negative Pressure Wound Therapy Pumps 4/28/2017
PMDs not subject to PA Demonstration 6/6/2017
Nebulizers 4/14/2017
Osteogenesis stimulators 2/14/2017
Group 2 Support Surfaces 2/15/2017
Blood Glucose Monitors with Integrated Voice Synthesizer 5/12/2017
Enteral Nutrition Therapy 5/11/2017

Approved issues can be found on Performant Recovery’s website, here.

If you receive a RAC audit, The van Halem Group can help! Contact us to find out more information!

Four Common HIPAA Violations and How to Avoid Them

With $23 million in fines issued, 2016 was a year of unprecedented amounts of HIPAA violations. It also doesn’t look like the Office of Civil Rights is slowing down on issuing these fines for 2017, either. Learn about four common HIPAA violations many people overlook and how you can avoid them.


Mishandling Medical Records

If you’re still keeping patient records on paper, you run the risk of having them exposed. Don’t leave medical records in exam rooms or at the billing desk. They should be filed and locked away to prevent records from falling into the wrong hands.

Some practices or medical groups have disposed of medical records improperly. Proper steps should be taken to prevent this violation. Consider working with a secure document shredding company. To learn about proper disposal methods for protected health information, visit The U.S. Department of Health and Human Services website here.


Social Media

Social media has become a way of life for most of us. When it comes to HIPAA there are some precautions that must be taken. Never post a photo of a patient without written consent. Without the proper consent, you’re compromising the patient protection. Ensure all employees are aware of the HIPAA policies in place to prevent from sharing any PHI. This is one of the best ways to prevent a legal pitfall.


Employees Disclosing Information

Watercooler talk about patients should always be avoided. Employees should be mindful of where they’re discussing topics about patients and who they’re discussing it with. Keep work conversations with friends and family to a minimum and avoid sharing PHI with them.

Common in smaller towns, asking about a friend to a medical professional is considered a breach as well. If in this situation, it’s important to have a canned response explaining how you can’t disclose any information about a patient.


Accessing Patient Information on Home Computers

Sometimes you have to take your work home with you. Whether you’re updating patient notes or records, your computer should never be left alone or without password protection. Having PHI exposed to family members or having it shared to the wrong online channels can lead to significant fines.

If you must leave your computer or device unattended, store it somewhere it cannot be seen to prevent theft. Practices have faced heavy fines from having devices with PHI stolen or accessed by the wrong people.

What is a HIPAA Risk Assessment?

In 2003, the original HIPAA Privacy Rule was issued, and the requirement to have a HIPAA Risk Assessment was put in place. However, many entities did not comply. Since the Office of Civil rights is issuing fines and cracking down more than ever before, it’s a great time to learn what a HIPAA Risk Assessment is and how you can create one for your company.

What’s the purpose of a Risk Assessment?

The U.S. Department of Health & Human Services intends a risk assessment to identify potential risks, vulnerabilities, availability and integrity of Patient Health Information that an organization creates, maintains, receives and transmits.

By identifying these potential risks, you can work to mitigate the potential for breaches of PHI and prevent fines for your organization. Developing this assessment is beneficial to help determine just how secure and where improvements need to be made within your organization.

What Happens if I Don’t Have a Risk Assessment?

Like other HIPAA violations, you will be fined for not identifying these potential risks. A breach no longer has to occur for you to be fined; it’s the potential of a breach happening where fines are also being issued. The Office of Civil Rights is auditing all organizations that deal with PHI and if you’re not assessing where these risks are within your organization you can expect a fine.

*What Needs to Be Included in My Risk Assessment?

  1. Identify where your PHI is stored, transmitted and received.
  2. Identify and document threats and vulnerabilities.
  3. Assess your current security measures.
  4. Determine the likelihood of a threat occurrence.
  5. Determine the potential impact of a threat occurring.
  6. Determine the level of risk.
  7. Identify your security measures and finalize documentation.
  8. Take action.

While risk assessments can vary from every organization, these can help you get started with your assessment.

How Often Should I Update My Risk Assessment?

While there’s currently no guidelines on how often these assessments should occur, they should be conducted at the minimum of once a year. As technology evolves, so do the threats to it, so taking the time to assess the threat of the changes can pay off in the long run.

If you’re looking for assistance in creating your HIPAA Risk Assessment, HIPAAwise, – The van Halem Group Solution can help you with becoming compliant. Contact us here to learn more or start your month-long free trial.

*For more information on how the OCR defines threats, vulnerabilities and risks, visit their website here.

Signature Requirements: Important things to remember

By: Christina Colegrove RN, BSN – Clinical Consultant

The Medicare Program Integrity Manual requires that services provided/ordered are authenticated by the author.  This can be in the form of a handwritten or electronic signature.  Signature stamps are not acceptable. Please see some other important points related to signatures below.

Handwritten Signatures

  • Illegible signatures: MACs, ZPICs, SMRC, and CERT will consider evidence in a signature log, attestation statement, or other documentation submitted to determine the medical record entry author’s identity
  • Signatures missing from an order: MACs, SMRC, and CERT will disregard the order in the review of the claim.
  • Signature missing from medical documentation: MACs, SMRC, and CERT will accept a signature attestation completed by the author of the medical record entry


Signature Log

  • Signature logs list the typed/printed name of the author associated with initials/illegible signature
  • Signature logs can be on the actual page with the author’s initials/illegible signature or on a separate document
  • Although not required, it is recommended that the providers’ credentials be included in the log


Signature Attestation Statement

  • Attestations must contain sufficient information which identifies the beneficiary and they must be signed and dated by the author of the medical record entry
  • Noridian and CGS both have Signature Attestation Statement forms which are available for use

Electronic Signatures

  • There should be notation that these signatures were electronically signed
  • Electronic systems have a potential for misuse/abuse with alternate signature methods (i.e. the system/software need to be protected against modification)
  • The PIM encourages providers to check with their attorneys/malpractice insurers regarding the use of alternative signature methods

It is also important to note that Medicare considers a physician’s signature to include credentials and a date to be valid. Make sure that you are reviewing your orders to ensure they are correct prior to submitting your claims.

Prepare for the future – New Social Security Number Removal Initiative

By: Nancy Conant, Clinical Consultant

Are you aware the Medicare Access and CHIP Reauthorization Act (MACRA) of 2015 mandates the removal of the SSN-based HICN from Medicare cards?  This is a huge undertaking as CMS has identified approximately 90 different stakeholder entities that receive, store, use, or provide the HICN today.  The reason for this Act is to address the threat of beneficiary medical identity theft for people on Medicare.  In April 2018, Medicare will begin to mail new Medicare cards with the MBI # randomly by geographic regions.  CMS processes and systems are being updated to accept and return MBIs by April 2018.  A transition period is expected to run April 2018 through April 2019 where either/both the HICN or MBI can be submitted to Medicare.

Stakeholders, in turn, are expected to adjust their systems to submit or exchange MBIs starting April 1, 2018.  This means all stakeholder systems must be ready to process the MBI cards as of April 2018.  By now, system revisions in your offices/facilities have been considered and you have a timeline in place to implement the changes into your business practices and processes.

Medicare is committed to assist you to get ready for the new cards and MBIs.  Outreach and training is available to help you to be ready by April 2018:

  • Go to Medicare’s website and sign-up for the weekly MLN Connects® newsletter.
  • Attend Medicare’s quarterly calls to get more information. Medicare will let you know when calls are scheduled in the MLN Connects newsletter.
  • Verify all of your Medicare patients’ addresses. Make sure the addresses you have on file are not different than the Medicare address you use on electronic eligibility transactions. If different, ask your patients to contact Social Security and update their Medicare records.
  • Work with Medicare to help your Medicare patients adjust to their new Medicare cards. This fall Medicare will have helpful information about the new Medicare cards you can display in your facilities. Hang posters in your offices about the Medicare card changes to help spread the word.
  • Most importantly, test the system changes and work with the billing office staff to be sure the office/facility is ready to use the new MBI format.

As of January 2020, HICNs will no longer be used as beneficiary identifiers. Beneficiaries who receive their new MBI cards are encouraged to start using them immediately, people new to Medicare will be assigned a MBI card during the transition period.