Author Archives: Kelly Grahovac

Codes Changed to E1399 for Cures Act Adjustments

CGS and Noridian DME MAC jurisdictions are processing thousands of claims on a daily basis in accordance with MLN Matters Article MM9968. The jurisdictions reported that they are on track to have all adjustments processed by November 15.

Suppliers with oxygen claims covered under these mass adjustments may see miscellaneous code “E1399CC” on some Medicare Remittance Advice statements. Due to system limitations, the code E1399 is being used when previous oxygen CMNs have been deleted and are no longer on file due to a new CMN superseding the previous CMN. HCPCS code E1399 was used since it will not impact current or future oxygen claims. The “CC” modifier also signifies that the HCPCS was changed during processing.

Further, both CGS and Noridian DME MAC jurisdictions have published that in order to process the wheelchair accessories claims adjusted by the Cures Act, in some cases, the DME MAC jurisdictions may need to change the submitted HCPCS code to E1399 with a “cc” modifier. This step is needed to pay the correct amount. There are various billing and modifier rules that cannot be accommodated with the limitation of four modifiers for pricing and system edits on the submitted wheelchair accessory HCPCS. The best solution is to change the HCPCS to E1399 with a “cc” modifier.

RAC Issues: Approved and Proposed

On November 13, 2017, CMS began posting a list of review topics that have been proposed, but not yet approved, for RACs to review. These topics will be listed, on a monthly basis, on the Provider Resources page. So far there is only one topic proposed for RAC review affecting DMEPOS suppliers, listed below.

Respiratory Assistive Devices: Meeting Requirements to be considered Reasonable and Necessary

Description: Review for reasonable and necessary requirements, including but not limited to the following:

  • treating practitioner had a face-to-face examination with the beneficiary in the six (6) months prior to the date of the written order for the specified items of DME
  • a completed, signed and dated 5-Element Order for Respiratory Assist Device dated on or before the delivery date of the item
  • the 5-Element Order contains ALL of the following:
    • Beneficiary’s name
    • Item of DME ordered – this may be general – e.g., “hospital bed” – or may be more specific
    • Signature of the prescribing practitioner
    • Prescribing practitioner’s National Practitioner Identifier (NPI)
    • The date of the order
    • proof of delivery, such as a delivery slip, which is signed and dated (on or before the date of service and on or after the initial order date) by the beneficiary or his/her designee

The proof of delivery documentation contains the following elements:

  1. Beneficiary’s name;
  2. Delivery address;
  3. Sufficiently detailed description to identify the item(s) being delivered (i.e. brand name, model number, narrative description);
  4. Delivery service’s package identification number, supplier invoice, or alternative method that links the supplier’s delivery documents with the delivery service’s records;
  5. Quantity delivered; and
  6. Date delivered

State(s)/MAC regions where reviews will occur: All states

Review type: Complex review

Provider type: DME Supplier

Affected code(s):

  • E0470 – Respiratory Assist Device, bi-level pressure capability, without backup rate feature, used with noninvasive interface, e.g., nasal or facial mask (intermittent assist device with continuous positive airway pressure device)
  • E0471 – Respiratory Assist Device, bi-level pressure capability, with back-up rate feature, used with noninvasive interface, e.g., nasal or facial mask (intermittent assist device with continuous positive airway pressure device)

Applicable policy references:

  • 42 C.F.R. sections 405.980 (b) & (c) and section 405.986
  • CMS, IOM Publication 100-02, Medicare Benefit Policy Manual, Chapter 15, Sections 110
  • CMS, IOM Publication 100-08, Medicare Program Integrity Manual, Chapter 4, Section 4.26
  • CMS, IOM Publication 100-08, Medicare Program Integrity Manual, Chapter 5, Section 5.2.4 – 5.2.8, 5.7, 5.8, and 5.9
  • Related LCDs and Policy Articles

Currently CMS has approved the following issues for the RAC to review:

Automated Date Posted
CPAP without OSA Diagnosis 9/8/2017
Nebulizers 2/2/2017
Hospital beds with mattresses billed with Group I or Group II support surfaces 4/12/2017
Group 3 PWC Underpayments 5/17/2017
DME while beneficiary is in an inpatient stay 2/16/2017
Spring Powered Devices Billed for >1 in a 6 Month Period 1/5/2017
CPM Billed without Total Knee Replacement 2/2/2017
Glucose Monitor 1/5/2017
Multiple DME Rentals in one month 3/31/2017
Complex Date Posted
PAP Devices for the treatment of OSA 9/19/2017
Spinal Orthoses 8/2/2017
Chest Wall Oscillation Devices 2/8/17
Tracheotomy suction catheters, suction pumps, catheters and other supplies 2/8/2017
AFO/KAFO 7/7/2017
Negative Pressure Wound Therapy Pumps 4/28/2017
PMDs not subject to PA Demonstration 6/6/2017
Nebulizers 4/14/2017
Osteogenesis stimulators 2/14/2017
Group 2 Support Surfaces 2/15/2017
Blood Glucose Monitors with Integrated Voice Synthesizer 5/12/2017
Enteral Nutrition Therapy 5/11/2017

Approved issues can be found on Performant Recovery’s website, here.

If you receive a RAC audit, The van Halem Group can help! Contact us to find out more information!

Four Common HIPAA Violations and How to Avoid Them

With $23 million in fines issued, 2016 was a year of unprecedented amounts of HIPAA violations. It also doesn’t look like the Office of Civil Rights is slowing down on issuing these fines for 2017, either. Learn about four common HIPAA violations many people overlook and how you can avoid them.


Mishandling Medical Records

If you’re still keeping patient records on paper, you run the risk of having them exposed. Don’t leave medical records in exam rooms or at the billing desk. They should be filed and locked away to prevent records from falling into the wrong hands.

Some practices or medical groups have disposed of medical records improperly. Proper steps should be taken to prevent this violation. Consider working with a secure document shredding company. To learn about proper disposal methods for protected health information, visit The U.S. Department of Health and Human Services website here.


Social Media

Social media has become a way of life for most of us. When it comes to HIPAA there are some precautions that must be taken. Never post a photo of a patient without written consent. Without the proper consent, you’re compromising the patient protection. Ensure all employees are aware of the HIPAA policies in place to prevent from sharing any PHI. This is one of the best ways to prevent a legal pitfall.


Employees Disclosing Information

Watercooler talk about patients should always be avoided. Employees should be mindful of where they’re discussing topics about patients and who they’re discussing it with. Keep work conversations with friends and family to a minimum and avoid sharing PHI with them.

Common in smaller towns, asking about a friend to a medical professional is considered a breach as well. If in this situation, it’s important to have a canned response explaining how you can’t disclose any information about a patient.


Accessing Patient Information on Home Computers

Sometimes you have to take your work home with you. Whether you’re updating patient notes or records, your computer should never be left alone or without password protection. Having PHI exposed to family members or having it shared to the wrong online channels can lead to significant fines.

If you must leave your computer or device unattended, store it somewhere it cannot be seen to prevent theft. Practices have faced heavy fines from having devices with PHI stolen or accessed by the wrong people.

What is a HIPAA Risk Assessment?

In 2003, the original HIPAA Privacy Rule was issued, and the requirement to have a HIPAA Risk Assessment was put in place. However, many entities did not comply. Since the Office of Civil rights is issuing fines and cracking down more than ever before, it’s a great time to learn what a HIPAA Risk Assessment is and how you can create one for your company.

What’s the purpose of a Risk Assessment?

The U.S. Department of Health & Human Services intends a risk assessment to identify potential risks, vulnerabilities, availability and integrity of Patient Health Information that an organization creates, maintains, receives and transmits.

By identifying these potential risks, you can work to mitigate the potential for breaches of PHI and prevent fines for your organization. Developing this assessment is beneficial to help determine just how secure and where improvements need to be made within your organization.

What Happens if I Don’t Have a Risk Assessment?

Like other HIPAA violations, you will be fined for not identifying these potential risks. A breach no longer has to occur for you to be fined; it’s the potential of a breach happening where fines are also being issued. The Office of Civil Rights is auditing all organizations that deal with PHI and if you’re not assessing where these risks are within your organization you can expect a fine.

*What Needs to Be Included in My Risk Assessment?

  1. Identify where your PHI is stored, transmitted and received.
  2. Identify and document threats and vulnerabilities.
  3. Assess your current security measures.
  4. Determine the likelihood of a threat occurrence.
  5. Determine the potential impact of a threat occurring.
  6. Determine the level of risk.
  7. Identify your security measures and finalize documentation.
  8. Take action.

While risk assessments can vary from every organization, these can help you get started with your assessment.

How Often Should I Update My Risk Assessment?

While there’s currently no guidelines on how often these assessments should occur, they should be conducted at the minimum of once a year. As technology evolves, so do the threats to it, so taking the time to assess the threat of the changes can pay off in the long run.

If you’re looking for assistance in creating your HIPAA Risk Assessment, HIPAAwise, – The van Halem Group Solution can help you with becoming compliant. Contact us here to learn more or start your month-long free trial.

*For more information on how the OCR defines threats, vulnerabilities and risks, visit their website here.

Signature Requirements: Important things to remember

By: Christina Colegrove RN, BSN – Clinical Consultant

The Medicare Program Integrity Manual requires that services provided/ordered are authenticated by the author.  This can be in the form of a handwritten or electronic signature.  Signature stamps are not acceptable. Please see some other important points related to signatures below.

Handwritten Signatures

  • Illegible signatures: MACs, ZPICs, SMRC, and CERT will consider evidence in a signature log, attestation statement, or other documentation submitted to determine the medical record entry author’s identity
  • Signatures missing from an order: MACs, SMRC, and CERT will disregard the order in the review of the claim.
  • Signature missing from medical documentation: MACs, SMRC, and CERT will accept a signature attestation completed by the author of the medical record entry


Signature Log

  • Signature logs list the typed/printed name of the author associated with initials/illegible signature
  • Signature logs can be on the actual page with the author’s initials/illegible signature or on a separate document
  • Although not required, it is recommended that the providers’ credentials be included in the log


Signature Attestation Statement

  • Attestations must contain sufficient information which identifies the beneficiary and they must be signed and dated by the author of the medical record entry
  • Noridian and CGS both have Signature Attestation Statement forms which are available for use

Electronic Signatures

  • There should be notation that these signatures were electronically signed
  • Electronic systems have a potential for misuse/abuse with alternate signature methods (i.e. the system/software need to be protected against modification)
  • The PIM encourages providers to check with their attorneys/malpractice insurers regarding the use of alternative signature methods

It is also important to note that Medicare considers a physician’s signature to include credentials and a date to be valid. Make sure that you are reviewing your orders to ensure they are correct prior to submitting your claims.

Prepare for the future – New Social Security Number Removal Initiative

By: Nancy Conant, Clinical Consultant

Are you aware the Medicare Access and CHIP Reauthorization Act (MACRA) of 2015 mandates the removal of the SSN-based HICN from Medicare cards?  This is a huge undertaking as CMS has identified approximately 90 different stakeholder entities that receive, store, use, or provide the HICN today.  The reason for this Act is to address the threat of beneficiary medical identity theft for people on Medicare.  In April 2018, Medicare will begin to mail new Medicare cards with the MBI # randomly by geographic regions.  CMS processes and systems are being updated to accept and return MBIs by April 2018.  A transition period is expected to run April 2018 through April 2019 where either/both the HICN or MBI can be submitted to Medicare.

Stakeholders, in turn, are expected to adjust their systems to submit or exchange MBIs starting April 1, 2018.  This means all stakeholder systems must be ready to process the MBI cards as of April 2018.  By now, system revisions in your offices/facilities have been considered and you have a timeline in place to implement the changes into your business practices and processes.

Medicare is committed to assist you to get ready for the new cards and MBIs.  Outreach and training is available to help you to be ready by April 2018:

  • Go to Medicare’s website and sign-up for the weekly MLN Connects® newsletter.
  • Attend Medicare’s quarterly calls to get more information. Medicare will let you know when calls are scheduled in the MLN Connects newsletter.
  • Verify all of your Medicare patients’ addresses. Make sure the addresses you have on file are not different than the Medicare address you use on electronic eligibility transactions. If different, ask your patients to contact Social Security and update their Medicare records.
  • Work with Medicare to help your Medicare patients adjust to their new Medicare cards. This fall Medicare will have helpful information about the new Medicare cards you can display in your facilities. Hang posters in your offices about the Medicare card changes to help spread the word.
  • Most importantly, test the system changes and work with the billing office staff to be sure the office/facility is ready to use the new MBI format.

As of January 2020, HICNs will no longer be used as beneficiary identifiers. Beneficiaries who receive their new MBI cards are encouraged to start using them immediately, people new to Medicare will be assigned a MBI card during the transition period.




Who Must Comply with HIPAA Requirements?

Generally, when you hear about HIPAA the discussion is associated with a hospital or a medical group that had a breach or HIPAA violation. What most people don’t know is that HIPAA applies to organizations outside of hospitals and health networks. So who exactly needs to be compliant when it comes to HIPAA?

It can be somewhat vague when you start looking at HIPAA. The US Department of Human Health Services describes those who must be compliant are called “covered entities.” Let’s dig a little deeper and understand what types of organizations are considered to be a covered entity.

Health Plans – Anyone who deals with insurance or medical information for patients.

  • HMOs
  • Medicare
  • Medicaid
  • Human resource employees/employers and schools who handle patient information when the employees are hired and students are enrolled.

Health Care Clearinghouses – These are the organizations that collect any patient information from healthcare entities.

  • Billing/Collection Services
  • Health Management Information Systems

Health Care Providers – These are the entities that come to mind when thinking about HIPAA compliance.

  • Physicians
  • Surgeons
  • Dentists
  • Optometrists
  • Hospitals
  • Clinics
  • Nursing Homes/Care Facilities
  • Pharmacies

Business Associates – This is where most people wouldn’t assume they need to be HIPAA compliant, but if you’re involved in any of the following, you need to ensure you’re in compliance.

  • Data Processors
  • Medical Equipment Companies
  • Consultants
  • Medical Transcription Services
  • External Accountants and Auditors
  • Any third party organization dealing with PHI.


At the end of the day, anyone who accesses or deals with Protected Health Information should be complying with HIPAA regulation. PHI includes:

  • Any conversation with medical professionals about a patient’s care or treatments
  • Any patient billing information
  • Any medical insurance information

If you have any questions about covered entities or whether you or your organization should be HIPAA compliant, please contact us! We can help you determine your needs and get started with compliance.

UPDATE: Targeted Probe and Educate (TPE) Pilot

UPDATED: October 6, 2017

In October 2017, the TPE Pilot is now open to all four DME MAC Jurisdictions. Suppliers will be chosen based on the following criteria:

  1. Items that pose the greatest financial risk to the Medicare Trust Fund – HCPCS with high national error rates, high dollar equipment, etc.
  2. Individual suppliers with high error rates

HCPCS that were currently under widespread prepayment reviews will likely be the first group included in the TPE selection.

Lastly, the goal of the TPE program is to eventually replace all other DME MAC audits, meaning widespread prepayment and documentation reviews will eventually be phased out entirely.


In recent months, the CMS has been touting its new “provider friendly” approach, which is, in part, a way to decrease the ever-mounting appeals backlog. And they have introduced several initiatives to do just that, including limiting the scope of review of Redeterminations and Reconsiderations and adjusting serial claims found favorable in the appeals process. The next item on the list, however, may be positive or negative, depending on what side of the coin you fall on. Let me explain.

The DME MACs have recently began to roll out the Targeted Probe and Educate (TPE) Pilot program. Beginning on July 3, 2017, CMS authorized the DME MACs to conduct the Targeted Probe and Educate (TPE) Pilot review process. This pilot is currently open to Jurisdictions B and D DME MACs. TPE includes up to three rounds of supplier-specific prepayment probe reviews followed by education to improve identified errors. The goal of TPE is to improve the claims payment error rate and reduce the volume of appeals through claim review and education.

Suppliers chosen for the TPE program can expect the following:

  • DME MACs will utilize data analysis to select the suppliers in the probe. The identified suppliers will receive written notification that will include the topic being reviewed, data reasons for the selection and the process of the review.
  • The first-round prepayment probe review will begin following notification to the supplier. The DME MAC will request 20 – 40 claims for audit.
  • Suppliers with a high error rate on their prepayment probe review will receive an offer for one-on-one education relative to the specific errors identified through the probe review.
  • Following education, suppliers are expected to make necessary adjustments/process changes with sufficient improvement. This will be demonstrated through a second round of claim reviews to occur several months later during a second-round probe review. The probe review will again contain 20 – 40 claims for audit.
  • If improvement in the second-round probe review is not sufficient, suppliers will undergo another round of education followed by another probe review.
  • Following three rounds of probe and education, suppliers that do not demonstrate sufficient improvement in their error rate will be referred to CMS for possible further action.
  • Once a supplier has reached an acceptable error rate, the TPE process will end and the DME MAC will notify the supplier of successful completion.

It’s important to note that if selected for review, suppliers are not excluded from other Medical Review activities, such as, automated reviews, other pilot review programs, prior authorization, etc. as directed by CMS or other contractor reviews.

The DME MACs have indicated that if a high error rate persists following the maximum rounds of review and education, they will refer the supplier to CMS for possible further action. What does that include? Referrals to the ZPIC/UPIC for concerns related to potential fraud/abuse and Recovery Auditor (RA) for collaboration of vulnerability and to ensure there is no duplication of reviews.

One thing that is missing from the published articles and TPE letters: The potential for revocation of your Medicare supplier number. The Final Rule, effective December 3, 2014, states in part that, under authority of the ACA, CMS can and will deny or revoke enrollment of entities and individuals that pose a program integrity risk to Medicare for “… providers and suppliers that have a pattern and practice of billing for services that do not meet Medicare requirements.  This is intended to address providers and suppliers that regularly submit improper claims in such a way that it poses a risk to the Medicare program. “We saw contractors start adding this language into overpayment demand letters over the past year, which leads us to believe they would eventually like to use this as a tool to suppliers they feel pose too much of a risk.

Now more than ever, suppliers must be vigilant in the claims they submit to Medicare. Documentation should be reviewed prior to claim submission to ensure the LCD guidelines have been met. It is also necessary to educate your staff – from intake to billers. If you are selected for the TPE program you will be required to present documentation that supports the medical necessity for the equipment provided. Be sure that you have what you need to be considered “compliant” in your billing practices. TPE allows you three chances to “get it right”. Then you could face extrapolations, RAC audits that go back three years, or worse, revocation.

Data analysis will look for high error rates, high reimbursement dollars, and top billers by area. Don’t wait for the DME MAC to send you a letter advising that you are a chosen participant in the TPE pilot. Taking a proactive approach could save your business. The van Halem Group can help. We offer a variety of proactive services that will identify issues, educate your staff, and help you make the necessary corrections going forward. Don’t wait until you get the TPE notification letter.

Complex Rehab Technology and Manual Wheelchair Accessories:Help HR 3730 Get Passed

By – Kay Koch, OTR/L,ATP, RESNA Fellow

Complex Rehab Technology (CRT) includes specialized wheelchairs, seating systems, and other adaptive equipment such as standing devices and gait trainers.  These individually configured products are used by people with high level disabilities such as ALS, cerebral palsy, multiple sclerosis, muscular dystrophy, spinal cord injury, and traumatic brain injury to meet their unique medical needs, reduce their medical complications and costs, and maximize their function, mobility and independence.

Currently, Congress is considering legislation that would protect access to Complex Rehab Technology.  This will replace the previously introduced broader bill, H.R. 1361, written to prohibit CMS from using Competitive Bid pricing for accessories used with either CRT power or CRT manual wheelchairs.

The CRT “power” wheelchair accessories issue was resolved in late June 2017 when CMS announced a policy clarification stating it would not use Competitive Bid pricing for accessories used with Group 3 CRT power wheelchairs. We thank CMS and Congress for that needed action.

Unfortunately, the clarification did not extend to accessories used with CRT “manual” wheelchairs so this follow up legislation is needed. Passage of this new bill would address and fix the current disparity that prevents people who use a CRT manual wheelchair from having the same access to CRT accessories as those using a CRT power wheelchair.

H.R. 3730 is the newest bill introduced to stop CMS’ inappropriate application of Medicare Competitive Bid pricing to CRT ( Complex Rehab Technology) manual wheelchair accessories, which are critical wheelchair components. This legislation was introduced September 8, 2017 by Representatives Lee Zeldin (R-NY) and John Larson (D-CT) to stop CMS from using Competitive Bid pricing for accessories used with CRT manual wheelchairs.  They were joined in this bipartisan action by 41 original cosponsors (19 Republicans and 22 Democrats) and includes excellent representation from the key Congressional Committees.

This bill is needed to resolve the lingering issue of CMS applying competitive bid pricing to accessories used with CRT manual wheelchairs.  Unfortunately, the June policy change by CMS solved the problem for CRT power wheelchairs but did not extend that same correction to CRT manual wheelchair accessories.  People with disabilities who use a CRT manual wheelchair should have the same access to critical wheelchair components as those who use a CRT power wheelchair.

Please contact you representative to either ask them for support of this legislation or thank them for their support. If you work with people who use CRT as them to get involved with asking their representative for support of this legislation.  A Senate companion bill is expected to be introduced shortly, but for now, the focus remains on securing House of Representatives cosponsors.


The following website links provide information on the legislation, and how to contact your representative.

Audit Alert: CPAPs and Spinal Orthoses

On August 2, 2017, Performant Recovery, the National DMEPOS RAC, added Spinal Orthoses to their approved issues list. According to their website, Performant Recovery will perform complex reviews of these claims to determine if coverage criteria outlined in the Local Coverage Determination (LCD) for Spinal Orthoses was met. Performant will review medical documentation provided to determine that services were reasonable and necessary.

Codes included in the audit are: L0452, L0480, L0482, L0484, L0486, L0629, L0632, L0634, L0636, L0638, L0640, A9270.

Per the LCD, a spinal orthosis (L0450 – L0651) is covered when it is ordered for one of the following indications:

  1. To reduce pain by restricting mobility of the trunk; or
  2. To facilitate healing following an injury to the spine or related soft tissues; or
  3. To facilitate healing following a surgical procedure on the spine or related soft tissue; or
  4. To otherwise support weak spinal muscles and/or a deformed spine.

If a spinal orthosis is provided and the coverage criteria are not met, the item will be denied as not medically necessary.


On September 8, 2017, Performant Recovery announced that they added CPAPs billed without a diagnosis of Obstructive Sleep Apnea (OSA) to their approved issues list. According to their website, Performant Recovery will perform automated reviews of these claims to identify improper payments for claims for a CPAP with the missing diagnosis of OSA.

Codes included in the audit are: E0601

Per the LCD, an E0601 device is covered for the treatment of obstructive sleep apnea (OSA) if criteria A – C are met.

A. The beneficiary has a face-to-face clinical evaluation by the treating practitioner prior to the sleep test to assess the beneficiary for obstructive sleep apnea.

B. The beneficiary has a sleep test (as defined below) that meets either of the following criteria (1 or 2):

  1. The apnea-hypopnea index (AHI) or Respiratory Disturbance Index (RDI) is greater than or equal to 15 events per hour with a minimum of 30 events; or,
  2. The AHI or RDI is greater than or equal to 5 and less than or equal to 14 events per hour with a minimum of 10 events and documentation of:
    • Excessive daytime sleepiness, impaired cognition, mood disorders, or insomnia; or,
    • Hypertension, ischemic heart disease, or history of stroke.

C. The beneficiary and/or their caregiver has received instruction from the supplier of the device in the proper use and care of the equipment.

If a claim for an E0601 is submitted and all of the criteria above have not been met, it will be denied as not reasonable and necessary.