Last Updated Jul 2012
We’ve all been there—that horrible, gut-wrenching moment when you realize you’ve lost something; left it behind. When you know that it’s more than just misplaced, hidden beneath your car seat. It’s gone. Whether it’s your cell phone or your favorite umbrella, losing stuff just sucks.
But what happens when it’s data—identifiable information? What do you do if you lose a patient’s treatment and medical history—private, personal health information (PHI) that you promised to protect as part of the Health Insurance Portability and Accountability Act (HIPAA) Health Information Privacy rule?
If it hasn’t happened already, consider yourself lucky because if you’re shuffling stacks of paper around town, back and forth from the office, multiple clinics, or even around your practice, chances are you will one day find that something has gone missing.
A few weeks ago we discussed on WebPT the benefits of cloud computing on healthcare compliance and in it cited Software Advice’s analysis on the US Department of Health and Human Services (HHS) 2011 HIPAA security violation report. Key findings?
- 6,800 paper records were supposedly mailed but never received.
- An impostor posing as a recycling-service employee stole over 1,300 individuals’ records and films.
- A former employee stole a laptop that contained personal health records of over 50,000 patients.
Clearly, there’s a case for going digital to stay compliant and keeping your valuable documents stored in one safe place (that isn’t in a file folder, on a server in someone’s garage, or on an easy-to-steal laptop).
Here’s a little basic background on HIPAA and Medicare compliance requirements as well as info on how a cloud-based electronic medical record (EMR) system can help you stay compliant.
HIPAA
In 1996, US Congress established the Health Insurance Portability and Accountability Act. The specific privacy laws that protect a patient’s health information fall under Title II: Preventing Health Care Fraud and Abuse.
Under this act, all healthcare providers, insurers, and their business associates may only collect, share, or use a patient’s protected health information (PHI) in approved methods and only for the explicit purpose of furthering patient care.
According to SearchHealthIT, PHI refers to any demographic info, medical history, test and laboratory results, insurance information, and any other data health professionals collect to identify individual patients and determine their appropriate care.
Why the Cloud?
Most cloud-based EMR software systems provide unique user IDs and passwords for each clinic member, allowing you (the clinic owner) to control the access to your patients’ private information. And with secure data houses—like WebPT’s IO Data Center in Phoenix, which boasts a defensible perimeter, digital video surveillance, biometric screening, and 24x7xForever guard staff—there is practically no threat of a physica
l or hacker-caused security breach.
Medicare
Medicare is a US social insurance program that guarantees access to health insurance for individuals age 65 and older; people with disabilities; or those with end-stage renal disease. Medicare Part B is medical insurance that helps pay for outpatient services including physical and occupational therapy.
According to the APTA, as Medicare audit and assessment efforts intensify, the rehab community will be under increasing pressure to stay compliant with coverage, payment, coding, documentation, and billing requirements. The APTA provides several resources on their website, including a how-to guide on performing a practice self audit.
The Centers for Medicare & Medicaid Services (CMS) developed documentation requirements to help the Comprehensive Error Rate Testing Program (CERT) “eliminate improper payments in the Medicare Program to maintain the Medicare trust funds and protect patients.”
Some of the major errors identified through this initiative involved:
- Missing/incomplete plan of care/treatment
- Missing physician/non-physician practitioner (NPP) signature and dates
- Missing total time for procedures and modalities
- Missing certification and recertification
In addition to documentation, the CMS also put into place a program designed to improve the quality of reporting in the healthcare industry as a whole, the Physician Quality Reporting System (PQRS). Previously known as PQRI, this now permanent program mandates that physical therapists, occupational therapists, and qualified speech-language therapists meet the criteria for satisfactory reporting despite the word “physician” in the title.
Why the Cloud?
Many cloud-based EMR software systems allow you to manage and organize your documentation to better meet Medicare requirements and ensure appropriate reimbursement. By using web-based physical therapy software designed to help you stay compliant, you can go completely paperless so if an audit actually happens, all your documentation would be neat, organized, and easily accessible—no shuffling through file folders or scrambling to compile (and read) faded handwritten daily notes.
Of course, not all cloud-based EMR software is created equal. WebPT is one of only two physical therapy EMR systems approved by CMS as a Certified Registry for PQRS. So with us, staying compliant is easy. Simply answer a few extra questions during documentation, and WebPT collects and stores the data based on the specific measures you choose. Our system then compiles the data for electronic submission and delivers it at the end of your claim period. No muss, no fuss for you.
In addition to submitting PQRS claims automatically, WebPT also helps you ensure healthcare compliance with 2013 eligible measures; Medicare Plan of Care tracking reports and alerts; and certification and recertification reminders, which we’ve built right into the WebPT system.
Beast of a topic, I know. But we got through it. We all get that HIPAA and Medicare compliance is serious business. That doesn’t mean you should let the weight of healthcare compliance fall entirely on your shoulders. Your cloud-based EMR software should handle the brunt of the load. That’s what we’re here for—peace of mind.
To learn more about WebPT and our compliance certifications, visit webpt.com/why/compliant.
About the Author: Erica Cohen is a copywriter for WebPT—a healthcare technology company located in Phoenix, Arizona. WebPT is the leading cloud-based EMR designed specifically for the rehab community.
For follow-up questions or additional information about WebPT, please contact [email protected]
WebPT believes in empowering the rehab community to achieve greatness in therapy practice, so we created a web-based EMR software and comprehensive practice management services.