Peer 1: Medicaid and Information Blocking
Part 1: Critical Analysis of the Law
Medicaid is a joint federal-state plan with funding from the federal government and state implementation.
Evaluate the role of state waivers in Medicaid. Compare and contrast two chosen different types of waivers. What are the state consequences of not meeting waiver requirements?
The purpose of state waivers is to describe how that state administers its Medicaid and CHIP programs. It gives an assurance that a state will abide by Federal rules and may claim Federal matching funds for its program activities. The state plan sets out groups of individuals to be covered, services to be provided, methodologies for providers to be reimbursed and the administrative activities that are underway in the state (Mediciade.gov, n.d)
HCBS 1915 waiver- targets individuals who need LTSS called home and community-based services. This waiver includes fee for service programs meaning physicians are paid for each service a patient receives. This is all contingent based on criteria set by the state and level needed. Compared to 1915 (i) HCBS waiver which provides services to individuals under 150% of the FPL. Under this law states can set additional requirements to get services unlike those already set by the state in HCBS 1915 waiver. In addition, the individual doesnt have to live in the facility (CMS.gov, n.d)
- States that violate the terms of a waiver could forfeit federal funding, come under intense inspection from congressional oversight agencies, and struggle to get exemptions in the future.
How could these waivers impact a long-term care organization?
- Most elderly people prefer to age at home or in their communities. Long-term care benefits through waivers help to prevent and / or delay the need for nursing home care. Services and support provided via HCBS waivers is commonly complimented by unpaid care assistance from family members or other loved ones. Assistance through HCBS waivers takes some of the pressure from family caregivers. It not only gives them a break from caregiving, but can also allow them to continue to work outside of the home and provides peace of mind knowing that their loved one is safe, supervised, and receiving needed care assistance (American counsel of aging, 2021)
Discuss the COSO framework for internal controls and evaluate how it could be used to meet Medicaid waiver requirements. Be specific and demonstrate understanding of the risks and how the compliance tool can be used specifically to control the risks.
- The COSO framework addresses subjects such as access control, system integrity, clinical documentation, coding, and billing procedures; all to help healthcare businesses comply with the Affordable Care Act of 2010, and to protect patient data while health records (EHR) (Reciprocity, 2020). Risks come in myriad forms. Implementing a system that prevents external access to servers can reduce the risk that a hacker will gain access to systems from outside the environment. Improving the technical environment of healthcare providers can redirect resources from maintaining control environments to allow the administration to focus on its primary objectives. COSO would help Evaluate and strengthen the existing internal control structure, including operational functions, procedures, and systems (Reciprocity, 2020).
- Part 2: Strategic Compliance with the Law
- You work for a small managed care organization (MCO) “Splendid Healthcare” that owns a hospital and two provider clinics in. Your MCO just received notice that it will be subject to an HHS OIG evaluation of your electronic health information (EHI) practices because there was a complaint that your organization was engaged in information blocking because you did not release information to the state Medicaid office when they requested it. Honestly, your technology is out of date and you can’t transfer encrypted EHI to meet the state’s request.
Name and describe and give the code section that gives Medicaid have the right to access your EHI. Name and describe and give the code section that gives the HHS OIG have the right to access your medical records to evaluate information blocking. (Give the legal source of the right)
Interoperability and patient access finale rule (CMS-9115-F) (CMS.gov, n.d) this rule was implemented to drive interoperability and patient access to health information by liberating patient data using CMS authority to regulate multi payer agencies for patients.
- The code that gives HHS OIG the right to access medical records Is ONC interoperability and information blocking final regulation which is a provision of the 21st century curse act under section 4004 (42 u.s.c. 300 jj-52) (CMS.gov, n.d.) this is focused on advancing interoperability and supporting the access, exchange and use of electronic health information while addressing occurrences of information blocking (HIMSS, 2020).
Discuss information blocking. What could you do to bring your EHI up to date so that you don’t face an information blocking complaint in the future? Describe the steps you would take to update your EHI system.
- Information blocking is a practice by an “actor” that is likely to interfere with the access, exchange, or use of electronic health information (EHI), except as required by law or specified in an information blocking exception. The Cures Act applied the law to healthcare providers, health IT developers of certified health IT, and health information exchanges (HIEs)/health information networks (HINs) (HealthIT, 2022)
To not have future complaints I would review and maintenance the compliance program in place already. Making sure its still tailored to our organizations size, resources, and culture (AMA, 2021). I would conduct regular training on information block topics to appropriate staff. I would consult with vendors included in the compliance program as well since they are involved in the access, exchange, and use of EHI (AMA, 2021).
- Steps would include:
Ask for information from my HER vendor on their preparations for complying with the info block rules.
- Consider whether and how my HER will support data segmentation.
Evaluate whether my existing policies regarding an individual right to access ephi reflect the HIPPA privacy rule and the ONC finale rule.
Adopt a new policy regarding denial of access to prevent harm such as death or bodily harm.
Review my organizations approach to staff training.
Discuss information blocking exceptions. Does your organization fall within any of the information blocking exceptions? Why or why not? If it does, how would you communicate your views on this to the HHS OIG?
- At a high level, the final rule prohibits health providers, technology vendors, health information exchanges, and health information networks from preventing the exchange, use, or access of electronic health information (EHI). Embedded within the rules are eight exceptions that empower providers to deny EHI requests without being tagged as information blockers. As a result, provider organizations need well-defined processes to evaluate and review requests; maintain documentation for compliance purposes; and determine how denials are consistently tailored to one or more of the information blocking exceptions (Slivochka & Warner, 2021).
I do not believe my organization falls within the exceptions since we lack adequate technology to supply them with the information they are requesting. It could possibly fall into Health IT performance but that would entail us having issues with an already adequate system.
- AMA (2021). How do I comply with info blocking and where do I start. How do I comply with info blocking and where do I start? Part 2 | AMA (ama-assn.org)
American counsel of aging (2021, December 22). Home and community-based services (HCBS) via Medicaid wavers assist seniors in aging at home. Medicaid planning assistance. Medicaid Waivers & How They Help Seniors Live at Home (medicaidplanningassistance.org)
CMS.gov (n.d.) Policies and technology for interoperability and burden reduction. Policies and Technology for Interoperability and Burden Reduction | CMS
- CMS.gov (n.d.) State Medicaid plans and waivers. State Medicaid Plans and Waivers | CMS
HealthIT.gov (2022, August 19). Information blocking. Information Blocking | HealthIT.gov
- HIMSS (2020, March 19). Finale CMS interoperability regulation: What you need to know. Final CMS Interoperability Regulation: What You Need to Know | HIMSS
- Peer 2:
- ACA and Billing Problems
- 1.The Affordable Care Act (ACA) is a comprehensive health care reform law that was enacted in March 2010 to make affordable health insurance available to more people, expand the Medicaid program, and to support innovative medical care delivery methods designed to lower the costs of health care in general (“Affordable Care Act (ACA),” 2022). Employers must offer health insurance that is affordable and provides minimum value to 95% of their full-time employees and their dependents up to the end of the month in which they turn age 26 or be subject to penalties under the employer mandate in the Affordable Care Act. This applies to employers with 50 or more full-time employees, and/or full-time equivalents (FTEs). Employees who work 30 or more hours per week are considered full-time (“Identifying full-time employees,” 2021).
- A large managed care organization could be described as a single organization which is responsible for managing the finances, insurance, delivery, and payment to provide health care services and includes managed care plans which is a type of health insurance. Due to the contracts large managed care organizations have with health care providers and medical facilities, they are able to provide care for members at a lower cost. Large employers are required under the Affordable Care Act to file a report. These reports should include a certification to prove if the employers provide their full-time employees (and their dependents) the opportunity to enroll in minimum essential coverage under an eligible employer-sponsored plan, the length of any waiting period for such coverage, the particular month which coverage was provided, the monthly premium for the lowest cost option in each of the enrollment categories under the plan, the share of employer from the total allowed costs of benefits provided under the plan, and classifying information about the employer and full-time employees.
- There are several requirements for health insurance plans under the Affordable Care Act which includes coverage of preventive care, preexisting conditions in adult and children; restrictions on lifetime and annual coverage limits; and more. It is therefore vital for large employers to follow the set regulations, or they will be facing several penalties for failing to provide health care coverage to their employees. Noncompliance will lead to penalties for specific employers. Under ACA, penalties for non-compliance include:
- An applicable large employer (ALE) that does not offer coverage or that offers coverage to fewer than 95% of its full-time employees (and their dependents) during the calendar year may owe a penalty equal to the number of full-time employees employed for the year (minus up to 30) multiplied by $2,500, if at least one full-time employee receives a premium tax credit (Showalter, 2020). The penalty for an ALE that offers coverage for some months but not other months during the calendar year is calculated separately for each month for which coverage was not offered.
- Employers offering coverage that is not affordable of does not provide minimum value: An applicable large employer (ALE) that offers coverage to at least 95% of its full-time employees and their dependents but has one or more full-time employees who receive a premium tax credit, the penalty is calculated separately for each month. The amount of the penalty for the month equals the number of full-time employees who receive a premium tax credit for that month multiplied by 1/12 of $3,750 however, the penalty is the lesser of the amount calculated or the amount that would be owed if the employer did not offer coverage (Showalter, 2020).
2. The Committee of Sponsoring Organization (COSO) model defines internal control as a process effected by an entitys board of directors, management and other personnel designed to provide reasonable assurance of the achievement of objectives in the following categories including operational effectiveness and efficiency, financial reporting reliability and lastly, applicable laws and regulations compliance (“Committee of Sponsoring Organization,” 2022). For an effective internal control system, there are components that can be useful in ACA employer mandate requirements to support the achievement of an entitys mission, strategies, and related objectives. These components include Control Activities, Information and Communication, and Monitoring.
In order for these components to work, it is essential to establish the foundation for sound internal control within the company through directed leadership, shared values and culture that emphasizes accountability for control. These guidelines for the control activities and other mechanisms are proactively designed to address and alleviate the significant risks. Information essential to identifying risks and meeting business goals is communicated through established channels across the organization. The entire system of internal control is constantly monitored, and problems are addressed in a timely manner.
- PART 2
1. Insurance Inc has the right to access medical records to find any inaccurate information provided while purchasing the policy. The employees may dishonestly or unknowingly provide incorrect information and the insurer may also exclude certain information which caused the error. The insurance company may also need access to medical records to determine whether the illness is a pre-existing condition or not. If the condition is pre-existing, you become unqualified for the benefits according to the policy.
- 2. Interoperability is crucial in healthcare. It may be defined as the ability for systems to communicate and operate together. Many healthcare organizations are onboarding not only electronic health records and clinical tools, but also practice management suites that assist with billing and compliance. Interoperability rules were developed to improve patient access to electronic health information and allow patients to access healthcare information at no cost and to establish conditions and maintenance of certification requirements for health IT software developers.
- I would honor the medical request by writing a consent for the confidentiality of the information presented and for legal requirements in case of any unlawful use of the records. Consumer-mediated record-sharing format will be an effective and secure format to share the records with the insurance company because this format gives the organization the ability to permit the insurer to access the records every time the information is needed.
3. I would make certain that the medical records of employees are updated by adding all the new medical records of the employee to the previous records. The medical records of new employees will be recorded properly and in a timely manner. According to the insurance policy, there will be continuous checking of the records to ensure that the provided information is accurate. The EHR billing codes will be updated regularly to ensure that future bills for the influenza vaccine are automatically billed correctly.
Affordable Care Act (ACA). (2022). Get 2022 health coverage. Health Insurance Marketplace® | HealthCare.gov. https://www.healthcare.gov/glossary/affordable-care-act/
Committee of Sponsoring Organization. (2022, April 27). Home. https://www.coso.org/SitePages/Home.aspx
Identifying full-time employees. (2021, November 23). Internal Revenue Service | An official website of the United States government. https://www.irs.gov/affordable-care-act/employers/identifying-full-time-employees
Stuart Showalter (2020). The Law of Healthcare Administration, Ninth Edition. Vol. Ninth edition. Chicago, Illinois: Health Administration Press. https://search-ebscohost-com.ezproxy.umgc.edu/login.aspx?direct=true&db=nlebk&AN=2361947&site=eds-live&scope=site.