What is the Overpayment Committee?

April 29, 2021

Did you know that UConn Health has an Overpayment Committee responsible for addressing systemic and substantial overpayments? UConn Health follows established rules and procedures to ensure proper billing for patient care services. Nevertheless, overpayments occasionally occur.

An overpayment occurs when UConn Health receives payment to which it is not entitled.  An overpayment can happen because of incorrect coding, insufficient documentation, medical necessity errors, or processing or other administrative errors. Federal law requires Medicare overpayments be returned within strict timeframes – generally within 60 days of identifying and quantifying the overpayment amount. Failure to timely refund a Medicare overpayment may result in fraud liability or other civil or criminal enforcement action.

As a Medicare provider, UConn Health is required to investigate upon receiving credible information regarding a potential overpayment and in addition, must undertake proactive compliance activities to affirmatively monitor for potential overpayments. Proactive monitoring is especially important given the “known or should have known” standard that applies. What this means is that even without specific knowledge of an actual overpayment, UConn Health may be liable if the government determines we should have known that an overpayment was received.

At UConn Health, isolated overpayments are managed in the ordinary course of business by Clinical Revenue Services.  Systemic or substantial overpayments, on the other hand, are managed by the Overpayment Committee. The Overpayment Committee is made up of individuals representing both John Dempsey Hospital and University Medical Group (UMG) in the departments of Revenue Integrity,  Clinical Revenue Services, Information Technology (IT), Health Information Management (HIM), Healthcare Compliance and Audit and Management Advisory Services. The Committee reviews and analyzes potential overpayment issues that are significant and/or widespread. In such cases, the Committee must exercise reasonable diligence and expeditiously investigate to determine whether an overpayment was received and quantify the amount of any identified overpayment. In the case of a non-systemic or non-substantial overpayment issue, the Committee refers the matter to the appropriate department for processing (e.g., to issue a refund).

If you have knowledge of an actual or suspected overpayment, please contact The Office of Healthcare Compliance and Privacy.  Alternatively, you may report the issue anonymously through the Reportline. For more information on overpayments, you can review UConn Health’s Overpayment Policy. You can also review UConn Health’s Policy on Fraud, Waste and Abuse Prevention and Education.

Save the Date: Ensuring Compliance with HIPAA

March 22, 2021

HIPAA WebExUConn Health WebEx Event: The State of Compliance
Ensuring Compliance with HIPAA
Wednesday, March 31 at Noon

Join UConn Health’s own experts, Alyssa Cunningham
(AVP, Office of Healthcare Compliance and Privacy) and Adam Johnston (Healthcare Privacy Specialist) on Wednesday, March 31 as they discuss topics such as compliance with the Health Information Portability and Accountability Act (HIPAA); the background and purpose of the HIPAA Privacy Rule; common mistakes and tips to ensure compliance; understanding FairWarning; and obligations and requirements of UConn Health workforce members.

Register here.

Potential Compliance Risks with the 2021 E&M Changes

February 16, 2021

E&M Changes 2021For the first time in 25 years, significant changes have been made to the evaluation and management (E&M) coding and billing guidelines. As a result, there are potential compliance risks that providers should keep in mind when coding and billing for E&M services.

It is important to note that the 2021 E&M changes apply only to services provided in the physician office or hospital outpatient setting. All other E&M services, such as those performed in the inpatient setting, are unchanged and continue to follow the 1995/1997 guidelines.

One of the changes is that time may be the basis for selecting the level of E&M service regardless of whether counseling or care coordination occurred. When utilizing time as the basis for determining the E&M level, it is important to remember:

  1. Calculation of time can include both face-to-face time and non-face-to-face time
  2. Time can only include time spent on the same day as the patient encounter
  3. Calculation of time can include time spent:
    • preparing to see the patient – reviewing data and records
    • ordering medications, tests or procedures
    • referring or communicating with other health care professionals
    • documenting in the medical record
    • interpreting test results
    • communicating information to the patient, family or caregiver
    • care coordination
  1. When clinicians jointly perform an E&M service, the time spent can only be counted once
  2. Clinician staff time may not be included in the calculation of time
  3. Calculation of time may not include activities which are separately coded and/or billed
  4. Time spent must be must be supported by the documentation in the medical record

Also, remember, there are a finite number of hours in a day so the combined documented time for all patients seen on a particular day should be reasonable given the fixed number of hours in a day.

Another change is that the history and physical are no longer required elements to support the level of E&M service. However, in the majority of cases they will provide information that informs medical decision making and the appropriate course of treatment. As such, it will continue to be important to document the relevant history and physical information in the medical record.

Lastly, when using medical decision making instead of time as the basis for the E&M level, note that the AMA Documentation Guidelines Table of Risk has been revised to reflect guideline and definition changes. In order to compliantly classify medical decision making, it is important to be familiar with the new guidelines and definitions.

E&M services are the most frequently billed health care service and the most frequently audited. This coupled with the 2021 changes, make it important to be aware of the risks when coding and billing for E&M services in order to ensure compliant practices.

Please contact us if you have any questions. We are here to help!

What Happens When a Privacy Violation is Suspected?

The Life Cycle of a Privacy Incident

Internal Investigationlife cycle of privacy incident

When UConn Health’s Office of Healthcare Compliance and Privacy (OHCP) receives notice of a potential privacy incident, they conduct interviews with employee(s), management, human resources and union(s) (if applicable). This is time-consuming and detracts from work and patient care.

Notification to Patients

If an investigation shows that a breach has occurred, the law requires UConn Health to send a detailed notification letter to each patient whose protected health information (PHI) was compromised. This can significantly erode our patients’ trust in UConn Health.

Disciplinary Action

Privacy violations may result in disciplinary action up to and including termination from your position at UConn Health.

Notification to Regulators

UConn Health must notify the federal government, and in some cases the Connecticut Office of the Attorney General and other regulators (including in other states) about the breach.

Government Investigation

Reporting a breach may result in a lengthy government investigation that requires significant time and resources to manage and places our practices under a government microscope.

Fines and Negative Publicity

Not only do privacy breaches expose UConn Health to potential fines; they attract media attention and may cause reputational harm.

Education and Guidance

OHCP offers education and guidance to individuals and departments that have privacy-related questions or concerns. Invite us to your next staff or department meeting for a privacy refresher or question-and-answer session!

Let’s Partner in Privacy!

Please contact us immediately if you suspect or know about a privacy issue or incident.   The sooner we know, the more helpful we can be.

Changes to Open Payments: 5 New Provider Types Added

January 19, 2021

Open Payments is an online program and public website that provides information about financial relationships between drug and medical device manufacturers and healthcare providers.

Drug and device companies must report certain payments or other transfers of value they make to physicians and teaching hospitals, including:

  • Consulting fees
  • Speaking fees
  • Honoraria
  • Payments for research activities
  • Ownership or investment interests
  • Meals and travel/lodging

The Centers for Medicare and Medicaid Services (CMS) then posts the reported data online.

Effective January 1, 2021, drug and device manufacturers must also report payments or other transfers of value they make to the following additional provider types:

  • Physician assistants
  • Nurse practitioners
  • Clinical nurse specialists
  • Certified registered nurse anesthetists and Anesthesiologist assistants
  • Certified nurse-midwives

Healthcare providers themselves are not required to report data to Open Payments. However, it behooves them to review and, if necessary, dispute payments reported about them.

Open Payments is one tool used by UConn Health’s Clinical Conflict of Interest Committee to identify relationships between clinicians and industry that may give rise to financial conflicts of interest.

For questions about Open Payments or the Clinical Conflict of Interest Committee, contact Alyssa Cunningham or Gus Fernandez-Wolff.

Celebrate Data Privacy Day!

January 28, 2021 is Data Privacy Day, a global effort to raise awareness and promote privacy and data protection best practices.

At UConn Health, data privacy is everyone’s responsibility! Our patients trust that we will protect their personal information, and each of us plays a role in maintaining that trust and upholding UConn Health’s strong commitment to privacy.

In honor of Data Privacy Day and every day, please remember:

Pause Your "Send"

Before you press “Send,” double check that the email addresses you are sending to are the right ones. Sending protected health information (PHI) or other confidential data to the wrong email recipient could result in a data breach and puts our patients’ privacy and UConn Health at risk. Be aware of Outlook autocompleting email addresses – always confirm that auto-complete has selected the right recipient.

Don't Make It Personal

Do not download PHI or other confidential data on personal devices. UConn Health devices use specific security measures and technology, which typically are not in place on personal devices.

No Snooping

Employees are not permitted to access patient records for non-work related reasons. This includes a family member or co-worker’s record, even when the family member/co-worker asks you to view their record. If accessing a patient’s record is not necessary for you to do your job, don’t do it!

Double Check That AVS

When handing the After Visit Summary - or any other document containing PHI - to a patient, take a moment to confirm that you have the right document for the right patient.

Share the Bare Minimum

Whether working in the office or from home, PHI should be shared on a “need to know” basis only. When your work requires the sharing of PHI ~ whether with colleagues or external parties ~ provide only the minimum amount of PHI necessary to accomplish the purpose (as stated in UConn Health’s Minimum Necessary Policy).

It’s essential that we exercise good privacy practices. Our office is here to help! Please reach out to us with any of your privacy questions or concerns. You can email us at or you can contact a team member directly.

Public Health Emergency and Telemedicine Update

August 11, 2020

telamedOn July 25, 2020, Health and Human Services Secretary Azar extended the Public Health Emergency (PHE) until October 23, 2020. As a result, several of the Centers for Medicare and Medicaid (CMS) temporary coverage and payment policies established under the PHE will continue Some of the continuing policies are: a twenty percent add-on payment for COVID-19 inpatients; mandatory coverage of COVID-19 testing without beneficiary cost sharing, and continued relaxation of the telehealth guidelines.

Closer to home, on July 31, 2020, Connecticut Governor Lamont signed into law Bill No. 6001 making additional modifications to the existing telehealth guidelines. The new law expands the clinicians authorized to provide telehealth services to include dentists and genetic counselors. In addition, the law allows out-of-state providers to provide telehealth services in Connecticut without a Connecticut license as long as certain criteria are met. The law also requires providers to limit reimbursement from uninsured patients receiving telehealth services to the Medicare reimbursement amount.

The provisions enacted under the new law are in effect until March 15, 2021 and apply to in-network providers of fully insured plans and providers enrolled in the Connecticut Medical Assistance Program. View more information on the provisions of the law.

University Training Policy

policy_training_universityAs recipients of Federal funding, the University is required to provide all employees and graduate assistants (collectively “employees”) and affiliated parties with training on the elements of the University’s compliance program and the University’s expectations that all will act in accordance with applicable laws, policies, and standards.

All faculty, staff, graduate assistants, and affiliates on all campuses, including UConn Health are required to receive compliance training, which may differ in type of training or frequency based on their role and responsibility.

Specific training requirements are determined based on an employee’s job function in conjunction with other University and UConn Health policies, laws and regulations. In addition, there may be requirements for employees to attest to having received training and understanding obligations and responsibilities.

Employees may be required to complete specialized and/or additional compliance-related training as needed for their positions or in an effort to maintain the institutions compliance with applicable laws and policies, whether those trainings are provided by the Office of University Compliance or another University office or entity with compliance-related responsibilities.

Review the policy.