We asked respondents to AHCC’s 2021 Home Care Coding & Compliance Industry Survey about their biggest compliance concerns. Here’s a preview of some of the results, along with some comments from AHCC board member, Sharon Harder, President, C3 Advisors, LLC:
Q: In 2020, We asked “Which areas in your agency pose the biggest HIPAA risk for exposing protected health information?” and respondents picked the following top concerns:
- Texting related to patient care (34%)
- Using a cell phone coordinating patient care (26%)
- Recent uptick in cyberattacks compromising cloud services/EMR/other (20%)
- Phishing schemes (20%)
In 2021, the list is:
- Using a cell phone coordinating patient care (34%)
- Texting related to patient care (33%)
- Recent uptick in cyberattacks compromising cloud services/EMR/other (20%)
- Phishing schemes (18%)
Concerns about texting rose in the ranking and there were minor drops in the other concerns. But overall, it looks like agencies are still struggling with the same issues. What do they need to do to get a better handle on these issues?
A: I’m not surprised at all that texting related to patient care issues remains a top concern. On the one hand, texting is an accepted and, at this point, ubiquitous way of communicating in real time. On the other, without a secure texting application, the reality is that confidential information is being shared without the level of security and privacy that HIPAA rules require.
Many of the EMRs and other available apps have secure messaging capabilities, and I would recommend that agency leaders investigate and use them as the concern is one that should not be overlooked or minimized.
With respect to the other issues, all of which are valid, the overarching concern should be protecting patient privacy. One way that things can get way out of hand quickly is data compromises that come about from cyberattacks or ransomware. Home health and hospice providers are not immune, and we should all be endeavoring to make sure that our systems are secure and that our staff are continuously aware of how their communications can lead to unwanted system intrusions and data breaches.
Staff should be counseled to not ever e-mail patient data or information and likewise they should remain vigilant about opening email from unknown sources to avoid unwanted cyberattacks. Continual staff education and monitoring is key here.
Q: Survey respondents identified these everyday compliance issues as their biggest issues in 2020:
- Documentation ─ meeting standards, maintaining a routine auditing, and monitoring function, obtaining timely documentation (68%)
- Case management/Care coordination (44%)
- Training and education (34%)
- Billing, including timeliness, supporting documentation, F2F, etc (33%)
In 2021, the list was slightly different:
- Documentation ─ meeting standards, maintaining a routine auditing and monitoring function, obtaining timely documentation (59%)
- OASIS accuracy (43%)
- Case management/Care coordination (40%)
- Training and education (34%)
Elsewhere in the survey, we asked about documentation improvement and 52% of respondents said they have an established documentation improvement plan. With the CDI program number so high, why do you think documentation remains the chief compliance concern?
A: It is a known fact that medical reviewers are looking for lack of medical necessity as a way of denying claims. This is a wide and somewhat amorphous topic, but clearly documentation errors and omissions open a record to criticism.
What we see most often in our reviews is documentation that is quickly, and often carelessly, written without attention to the basic requirements. Every clinician, irrespective of the discipline, should be creating a visit narrative that speaks to how the patient was found that day, the specific services that were delivered (in the form of skilled teaching or hands-on care details), the patient’s response to the care provided and the continuing plans for subsequent visits at a minimum.
Great documentation doesn’t happen by accident. It takes skill and attention to detail and, as an industry, we should be sure to allow enough time for our clinicians to attend to the necessary details in creating visit notes that can withstand outside scrutiny.
Q: In 2020, Respondents identified their top three compliance risks related to keeping patients and staff safe during the pandemic as:
- PPE availability (37%)
- Social distancing in the office (31%)
- Ensuring compliance with symptom/temperature screening for staff (23%)
In 2021,
- Ensuring compliance with symptom/temperature screening for staff (27%)
- PPE availability (24%)
- Social distancing in the office (24%)
PPE has become more available, so it’s good to see this drop in rank. Yet, respondents still had the same top three concerns. What lessons have we learned as an industry that might help us lessen these concerns in the future?
A: I think the main lesson learned is that we need to always be prepared for unexpected events that will have the effect of imposing additional, lasting compliance imperatives. The lack of PPE in 2020 and our inability to easily secure sufficient supply inventories created difficulty for many agencies. While that part of the storm has abated, the need to have adequate mask, gown, face coverings and other protective equipment inventory that enhances infection control will linger long after the pandemic is over.