At UConn Health, patient medical information is stored in Epic, and patient dental information is stored in axiUm. If your job requires access to Epic or axiUm, you must have a job-related need to access patient information in those systems. This includes using the “Patient Lookup” feature in Epic and axiUm. Searching for a patient by name or other identifier in Patient Lookup without a job-related need is snooping. Snooping, including the use of Patient Lookup without a job-related need, may result in disciplinary action. Although Patient Lookup does not open a patient’s chart, a search in Patient Lookup reveals several patient identifiers (e.g., name, date of birth, medical record number, legal sex and address). This is Protected Health Information (PHI) and should only be accessed when necessary for job-related purposes.
Searching for a patient by name or other identifier in Patient Lookup without a job-related need is snooping. Although Patient Lookup does not open the patient chart, it is part of the electronic health record and displays PHI. Please use Patient Lookup only when your job requires it.
Did you know that UConn Health conducts “exclusion checks” on its employees, contractors, vendors, students, residents, fellows and volunteers to ensure compliance with Federal law?
“Exclusion checking” is UConn Health’s process of verifying that a current or potential employee, contractor, vendor, student, resident, fellow or volunteer has not been excluded or debarred by any Federal agency and certain state agencies. Typically the government excludes or debars individuals who have been convicted of Medicare or Medicaid fraud or a similar offense.
Federal law generally prohibits UConn Health from employing or contracting with excluded persons. To ensure that we are screening appropriately, our office may reach out to you for additional information about an individual, such as date of birth or previous address.
Violations of these federal requirements may result in civil monetary penalties (“CMP”). By screening our new and current employees, contractors, vendors, students, residents, fellows and volunteers for exclusion, we avoid CMP liability and ensure compliance with federal law.
For more information about exclusion checking at UConn Health, check out the FAQs.
On May 10, 2021, Governor Lamont signed into law Public Act 21-9 which extends until June 30, 2023 certain telehealth provisions that were originally enacted through executive order as a result of the COVID-19 pandemic.
Some of the major provisions of the law are that it:
- Continues to allow a broad range of providers to deliver services via telehealth including among others: physicians, physician assistants, advanced practice registered nurses, psychologists, marital and family counselors, licensed clinical social workers, pharmacists, and dentists as long as the providers are in network or enrolled in the Connecticut medical assistance program.
- Allows audio-only telehealth for providers who are in network and/or enrolled in the Connecticut medical assistance program.
- Requires telehealth providers to obtain and document in the medical record, patient consent to receiving services via a telehealth platform. Patient consent is required to be obtained at the patient’s initial telehealth encounter.
- Requires telehealth providers to document in a patient’s medical record if a patient revokes consent to receive services via a telehealth platform.
- Places parameters around when schedule I, II or III controlled substances may be prescribed through telehealth.
- Prohibits providers from charging a facility fee for a telehealth service.
- Prohibits providers from delivering services via telehealth until the provider has determined that the patient’s insurance covers the telehealth services.
- Prohibits health insurance carriers from reducing the in person reimbursement rate when service delivered via telehealth.
If you have questions regarding the telehealth law, please contact us.
Did you know that UConn Health has an Overpayment Committee responsible for addressing systemic and substantial overpayments? UConn Health follows established rules and procedures to ensure proper billing for patient care services. Nevertheless, overpayments occasionally occur.
An overpayment occurs when UConn Health receives payment to which it is not entitled. An overpayment can happen because of incorrect coding, insufficient documentation, medical necessity errors, or processing or other administrative errors. Federal law requires Medicare overpayments be returned within strict timeframes – generally within 60 days of identifying and quantifying the overpayment amount. Failure to timely refund a Medicare overpayment may result in fraud liability or other civil or criminal enforcement action.
As a Medicare provider, UConn Health is required to investigate upon receiving credible information regarding a potential overpayment and in addition, must undertake proactive compliance activities to affirmatively monitor for potential overpayments. Proactive monitoring is especially important given the “known or should have known” standard that applies. What this means is that even without specific knowledge of an actual overpayment, UConn Health may be liable if the government determines we should have known that an overpayment was received.
At UConn Health, isolated overpayments are managed in the ordinary course of business by Clinical Revenue Services. Systemic or substantial overpayments, on the other hand, are managed by the Overpayment Committee. The Overpayment Committee is made up of individuals representing both John Dempsey Hospital and University Medical Group (UMG) in the departments of Revenue Integrity, Clinical Revenue Services, Information Technology (IT), Health Information Management (HIM), Healthcare Compliance and Audit and Management Advisory Services. The Committee reviews and analyzes potential overpayment issues that are significant and/or widespread. In such cases, the Committee must exercise reasonable diligence and expeditiously investigate to determine whether an overpayment was received and quantify the amount of any identified overpayment. In the case of a non-systemic or non-substantial overpayment issue, the Committee refers the matter to the appropriate department for processing (e.g., to issue a refund).
If you have knowledge of an actual or suspected overpayment, please contact The Office of Healthcare Compliance and Privacy. Alternatively, you may report the issue anonymously through the Reportline. For more information on overpayments, you can review UConn Health’s Overpayment Policy. You can also review UConn Health’s Policy on Fraud, Waste and Abuse Prevention and Education.
You can also download this one page document of the dos and don’ts of accessing a family member’s medical record.
UConn Health WebEx Event: The State of Compliance
Ensuring Compliance with HIPAA
Wednesday, March 31 at Noon
Join UConn Health’s own experts, Alyssa Cunningham
(AVP, Office of Healthcare Compliance and Privacy) and Adam Johnston (Healthcare Privacy Specialist) on Wednesday, March 31 as they discuss topics such as compliance with the Health Information Portability and Accountability Act (HIPAA); the background and purpose of the HIPAA Privacy Rule; common mistakes and tips to ensure compliance; understanding FairWarning; and obligations and requirements of UConn Health workforce members.
For the first time in 25 years, significant changes have been made to the evaluation and management (E&M) coding and billing guidelines. As a result, there are potential compliance risks that providers should keep in mind when coding and billing for E&M services.
It is important to note that the 2021 E&M changes apply only to services provided in the physician office or hospital outpatient setting. All other E&M services, such as those performed in the inpatient setting, are unchanged and continue to follow the 1995/1997 guidelines.
One of the changes is that time may be the basis for selecting the level of E&M service regardless of whether counseling or care coordination occurred. When utilizing time as the basis for determining the E&M level, it is important to remember:
- Calculation of time can include both face-to-face time and non-face-to-face time
- Time can only include time spent on the same day as the patient encounter
- Calculation of time can include time spent:
- preparing to see the patient – reviewing data and records
- ordering medications, tests or procedures
- referring or communicating with other health care professionals
- documenting in the medical record
- interpreting test results
- communicating information to the patient, family or caregiver
- care coordination
- When clinicians jointly perform an E&M service, the time spent can only be counted once
- Clinician staff time may not be included in the calculation of time
- Calculation of time may not include activities which are separately coded and/or billed
- Time spent must be must be supported by the documentation in the medical record
Also, remember, there are a finite number of hours in a day so the combined documented time for all patients seen on a particular day should be reasonable given the fixed number of hours in a day.
Another change is that the history and physical are no longer required elements to support the level of E&M service. However, in the majority of cases they will provide information that informs medical decision making and the appropriate course of treatment. As such, it will continue to be important to document the relevant history and physical information in the medical record.
Lastly, when using medical decision making instead of time as the basis for the E&M level, note that the AMA Documentation Guidelines Table of Risk has been revised to reflect guideline and definition changes. In order to compliantly classify medical decision making, it is important to be familiar with the new guidelines and definitions.
E&M services are the most frequently billed health care service and the most frequently audited. This coupled with the 2021 changes, make it important to be aware of the risks when coding and billing for E&M services in order to ensure compliant practices.
Please contact us if you have any questions. We are here to help!
The Life Cycle of a Privacy Incident
When UConn Health’s Office of Healthcare Compliance and Privacy (OHCP) receives notice of a potential privacy incident, they conduct interviews with employee(s), management, human resources and union(s) (if applicable). This is time-consuming and detracts from work and patient care.
Notification to Patients
If an investigation shows that a breach has occurred, the law requires UConn Health to send a detailed notification letter to each patient whose protected health information (PHI) was compromised. This can significantly erode our patients’ trust in UConn Health.
Privacy violations may result in disciplinary action up to and including termination from your position at UConn Health.
Notification to Regulators
UConn Health must notify the federal government, and in some cases the Connecticut Office of the Attorney General and other regulators (including in other states) about the breach.
Reporting a breach may result in a lengthy government investigation that requires significant time and resources to manage and places our practices under a government microscope.
Fines and Negative Publicity
Not only do privacy breaches expose UConn Health to potential fines; they attract media attention and may cause reputational harm.
Education and Guidance
OHCP offers education and guidance to individuals and departments that have privacy-related questions or concerns. Invite us to your next staff or department meeting for a privacy refresher or question-and-answer session!
Let’s Partner in Privacy!
Please contact us immediately if you suspect or know about a privacy issue or incident. The sooner we know, the more helpful we can be.
Open Payments is an online program and public website that provides information about financial relationships between drug and medical device manufacturers and healthcare providers.
Drug and device companies must report certain payments or other transfers of value they make to physicians and teaching hospitals, including:
- Consulting fees
- Speaking fees
- Payments for research activities
- Ownership or investment interests
- Meals and travel/lodging
The Centers for Medicare and Medicaid Services (CMS) then posts the reported data online.
Effective January 1, 2021, drug and device manufacturers must also report payments or other transfers of value they make to the following additional provider types:
- Physician assistants
- Nurse practitioners
- Clinical nurse specialists
- Certified registered nurse anesthetists and Anesthesiologist assistants
- Certified nurse-midwives
Healthcare providers themselves are not required to report data to Open Payments. However, it behooves them to review and, if necessary, dispute payments reported about them.
Open Payments is one tool used by UConn Health’s Clinical Conflict of Interest Committee to identify relationships between clinicians and industry that may give rise to financial conflicts of interest.
For questions about Open Payments or the Clinical Conflict of Interest Committee, contact Alyssa Cunningham or Gus Fernandez-Wolff.