Ambulatory surgical centers (ASCs) are among the many healthcare operations targeted for close oversight in the 2016 Work Plan from the Office of Inspector General (OIG) of the Department of Health and Human Services.
The focus on ASCs is new to the Work Plan this year, notes Bart Walker, JD, a partner with McGuireWoods in Charlotte, NC. The Work Plan indicates that OIG will focus on oversight of the state agencies that handle Medicare surveys and ASC accreditation organizations, with the agency expressing concern with the infrequency of Medicare certification surveys of ASC facilities. Although most private accreditation organizations traditionally required unannounced surveys every three years, OIG has found that many ASCs have gone for five years, and some for even longer, between surveys. The Work Plan also expresses concern about the lack of public information on the quality of ASCs, Walker notes.
Among the most noteworthy parts of the plan is the OIG’s emphasis on the Health Insurance Portability and Accountability Act (HIPAA) at all facilities, Walker says. This year OIG will have a heightened focus on the HIPAA Security Rule (45 CFR Part 160 and Subparts A and C of Part 164), which delineates how covered entities must protect data.
The HIPAA material is actionable for managers, “particularly where it concerns secure devices and network with those devices,” Walker says. Contingency planning is another focus that managers should examine, he says. “There are some specific requirements in the rule that require providers to have contingency plans in place and conduct audits of their security system,” Walker says.
Walker explains that the Work Plan calls for increased scrutiny of protections of electronic protected health information (ePHI) with respect to “networked medical devices.” The Work Plan also calls for regulators to determine the “extent to which hospitals comply with contingency planning requirements” of HIPAA regarding their use of electronic health records (EHR) systems. More specifically, OIG will examine whether the Food and Drug Administration (FDA) is providing sufficient oversight of networked medical devices in hospitals, Walker says. (The Work Plan is available online at http://tinyurl.com/ohc962j.)
The Work Plan also notes a focus on HIPAA EHR contingency plans. It emphasizes that “the HIPAA Security Rule requires covered entities to have a contingency plan that establishes policies and procedures for responding to an emergency or other occurrence that damages systems that contain protected health information.” Walker expects that will lead to OIG using government- and industry-recommended practices to gauge a healthcare organization’s performance with regard to contingency plans.
“Provider-based facilities” also are targeted in the Work Plan. Those are facilities that are operated and reimbursed as if they were part of the affiliated hospital.
The provider-based facilities increase Medicare beneficiary coinsurance liability and increase costs to the program, the Work Plan notes. “That has long been a bone of contention between hospitals and other providers, because those facilities are able to collect a higher rate from Medicare, and that makes them stronger economically when it comes to competing with other facilities,” Walker says. “Increasingly in recent years, hospitals have been accumulating other assets that are not within the hospital but treating them as provider-based. They’re not doing anything wrong because the rules are there, and if you comply with the provider-based rules, you’re eligible for provider-based reimbursement.”
OIG has scrutinized these provider-based arrangements for at least two years because of this discrepancy in reimbursement based only on who owns the facility, Walker says. That scrutiny will increase this year as a result of the Bipartisan Budget Act of 2015, which, with some exceptions, excludes off-campus facilities from receiving enhanced reimbursement starting Jan. 1, 2017. As provider-based facilities prepare for the loss of revenue and competitive edge, OIG plans to closely monitor how they try to compensate.
Walker cautions that the OIG’s interest in compliance will not wane this year just because the enhanced reimbursement will end soon. Hospitals operating provider-based facilities should ensure that they comply with provider-based rules and not let their guard down, he says.
“A lot of hospitals and health systems will have a look at their strategies and determine whether those facilities remain economically viable,” Walker says. “This change had been considered in past budget legislation, but actually ending the enhanced reimbursement this soon was not on anyone’s radar. It pretty much came out of the blue. Now hospitals are suddenly faced with a loss of revenue or lobbying for some other way to bill for these services that is site-neutral. That’s always been the holy grail of Medicare reform.”