Balancing on an Edge: State of Primary Care

What is the state of primary care physician practices as a result of COVID-19? The answer is at best not clear, but very likely in a bad place. Primary care faced significant stress even before the pandemic, but months of not seeing patients and continuing to be on the front line of care will only compound stresses. It all adds up to balancing on an edge.

Before getting into some of the current troubles, it may be helpful to understand where primary care stood before the COVID-19 pandemic created a seismic shift in patient interactions. Pre-COVID-19, primary care practices were already concerned about reimbursement levels since specialty medical care traditionally received higher reimbursement. Additionally, the shift to various quality initiatives or value based care meant that varying metrics needed to be met in order to get the same or declining reimbursement in the door. Overall, less money to go around often meant less money available for primary care even though responsibilities were being heaped on the physicians and clinicians who were first to see patients.

The brief description of the pre-COVID-19 landscape identifies a lot of concerns. All of those concerns were just pushed to the side when COVID-19 came about. As patients were justifiably told to stay at home, many primary care practices found that no visits were occurring. Then practices were given the directive to adopt telehealth solutions as reimbursement was finally provided for care delivered through those mediums. Many practices certainly were up to the challenge and did what was needed to continue providing care and access to patients. However, volume was clearly way down and the revenue coming would not be enough to cover all operating expenses.

What is the result? Many primary care practices are in financial danger with no clear end in site. Further, as the healthcare industry (and the rest of the economy and business world) move to reopen, primary care practices will once again be thrust to the frontlines. The frontlines in this instance could mean becoming initial testing sites for suspected COVID-19 patients and otherwise seeing patients at higher risk of various illnesses. Even in the absence of the heightened concern about the issues patients will present with, strict restrictions around reopening will mean patient volumes will remain low. If more resources are needed to operate in this fashion, will there be enough revenue coming in to even support those needs? It is a conundrum that likely no one can answer at this point.

In light of all of those challenges, what can be done? A lot of the debate will come back to parity in reimbursement and continued expansion of telehealth services (which also need to see continued reimbursement). The monetary needs are unavoidable, which means the issue come to how more can be directed to primary care. Such an approach represents a fairly substantial change from prior practice and setup. The backing for such a move has arguably been mounting with the focus on value based care and other quality based reimbursement systems. For example, many of the more successful accountable care organizations are groups of primary care focused practices that can then focus on managing and coordinating care. Should that become more of the norm? It could certainly work for some, but not all.

The expansion of telehealth and more proactive care can also be a game changer. If preventative measures such as remote patient monitoring can be expanded and fit into the continuum of care, it is likely that many clinicians and patients would be interested. Most people do not want to end up with an acute issue, but would prefer to address concerns before an inflection point. Again though, many different modalities of telehealth require some sort of investment or partnering for access to technology and services. Money may not be available overnight, but then again a system better structured to encourage that form of care delivery might play a role in implementation.

On top of expanding how care is delivered, what about the payment mechanisms? Is it truly best for primary care (and others) to be solely reimbursed based on the number of services provided? One of the main complaints about the current per service system is that it results in patients being churned through an office without much time to interact with the physician. The short amount of time with the physician has also been exacerbated over recent years due to the workflow interruptions caused by electronic medical records. A number of suggestions have been made during the course of the pandemic that shifting to more value based care centered models could address these concerns. First, a capitated (or set monthly payment) against which services are provided could insulate primary care to some degree against an inability to see the same number of patients or other disruptions. The monthly payment would come in regardless of what is happening outside. However, to succeed in that sort of system more support is needed in making practices comprehensively informed about patients. It is not an easy overnight switch. However, just because a change is difficult does not mean it should not occur.

All of the pending challenges mean that there are just as many opportunities. Primary care might be balancing on the edge at the moment, but the point of falling can be pushed farther away by moving ahead with reforms and innovations. Bold action will be necessary by every participant in the healthcare industry. Primary care is so often the heart of healthcare, which means it is time to take care implement good care to that vital beating heart.

Posted in Accountable Care Organization, ACO, Business, Healthcare, Healthcare Reform, Physicians, Value Based Care | Tagged , , , , , | Leave a comment

Training and Education: Path to HIPAA Awareness

Much is often said about non-compliance with HIPAA as well as a missing understanding for all that HIPAA does. While those sentiments are all too often true, the question of why that is that case, especially within an organization, is not always sufficiently explored. Nothing can be done about willful ignorance or other deliberate actions to avoid coming to an understanding. However, efforts can be made to put the necessary information into the hands of individuals to do the right thing. That means providing training and education.

What is training under HIPAA? The regulations say the following:

“[Security] Standard: Security Awareness Training: Implement a security awareness and training program for all members of [the entity’s] workforce (including management). 45 C.F.R. 164.308(a)(5)(i)

Implementation of the security training is meant to include periodic security updates. That is all that is contained in the HIPAA Security Rule.

Slightly more detail is provided in the HIPAA Privacy Rule, which states:

(b)(i) Standard: Training. A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required [the Privacy Rule], as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity.

(2) Implementation specifications: Training. (i) A covered entity must provide training that meets the requirements of paragraph (b)(i) of this section, as follows:

(A) To each member of the covered entity’s workforce by no later than the compliance date for the covered entity;

(B) Thereafter, to each new member of the workforce within a reasonable period of time after the person joins the covered entity’s workforce; and

(C) To each member of the covered entity’s workforce whose functions are affected by a material change in the policies or procedures required by [the Privacy Rule], within a reasonable period of time after the material change becomes effective in accordance with paragraph (i) of this section.

Again, not much direction is provided within the text of the Privacy Rule. It is clear that training is needed, but only that members of the workforce need to know about the privacy requirements.

What do the definitions actually mean? It means taking the time to fully explain what HIPAA is, what HIPAA does, why the organization in question needs to comply with HIPAA, how the organization complies with HIPAA, how HIPAA impacts functioning within the organization and more. The description of what training encompasses is intended to be quite broad, though hopefully not so big that it scares people away. However, it is essential to be comprehensive.

In designing the training, it does not need to be stale or bland. An example of a great training was a video-based training that deftly wove together images and text while using a voiceover that had a pleasant tone and was not just going through the paces. Self-directed training can also be made dynamic even without the video component. A key could be for the designer to consider what would keep attention and not just throw together dense slides that make one’s eyes glaze over.

In addition to those considerations, there should also be a regular cadence to training. The best approach is to have training occur at least annually. That way awareness, at least theoretically, does not become overly stale and can be refreshed on a regular basis.

Beyond training, ongoing education can also help to cement understanding and awareness of HIPAA. Examples of education could be highlighting events that have occurred in the news to explain the positives or learn from the negatives. Periodic newsletters or other nuggets of information can also help make retention better since only smaller amounts of information are being conveyed. The baseline for education is to break down the concepts contained in HIPAA to reinforce the training that is also occurring.

Generating good knowledge of HIPAA plays an important role in a solid compliance plan. Training and education should not be viewed as onerous tasks, but opportunities for some fun and engagement. A more positive approach also reflects a better overall culture around HIPAA and take the steps needed to protect the privacy and security of sensitive information.

Posted in Business, Compliance, Healthcare, HIPAA, Regulations | Tagged , , , , , , | Leave a comment

Mitigate Pandemic Risks: Track Government Guidance

The COVID-19 pandemic has brought about numerous changes to the healthcare industry, most notably on the regulatory front. When the pandemic reached emergency levels in the mid-March time period, the order officially declaring a state of emergency was quickly followed by many regulatory waivers, announcements of enforcement discretion, or outright changes to the regulations. Those changes along with the interpretive guidance came out on what felt like a daily or even more frequent basis. The flurry of changes meant that all, whether the government agencies, hospitals, physicians, and others, were all scrambling to figure out what to do.

Telehealth is one area that went from extremely low utilization to the predominant means of delivering healthcare services. The Centers for Medicare and Medicaid Services started that trend by providing reimbursement equal to in-person visits for telehealth along with not paying attention to location or patient relationship requirements, among other areas. Further, the scope of who could provide services by telehealth was expanded over time, some of which came in response to pushes from particular industry groups. While the types of services that can be delivered and the types of clinicians that could bill may have received more general attention, the detail of how to file a claim and how to fill in billing documentation became very complex. At times, guidance could be completely altered from one announcement to another.

The changing ground rules on the reimbursement front are not relegated solely to telehealth. A lot of new services specifically connected to COVID-19 were rolled out, such as testing for the virus and care related to the virus for those infected. The exact billing codes and modifiers changed as new paradigms were established.

On top of the expansion of services, the government also recognized that individuals needing care may not be able to afford out of pockets costs given the cratering that occurred to the economy. To mitigate those impacts, the government permitted a lot of individual financial responsibility to be waived or otherwise not collected. Indiscriminately not collecting patient financial responsibility is a relatively significant departure from the norm, since waiving financial responsibility for all patients or even a decent number without determining need would be viewed as a form of fraud.

Other programs rolled out to benefit physicians were various funding initiatives to direct money to physician groups to make up for the lack of revenue caused by patients not coming in. At times money would just show up in individual physicians’ bank accounts or the accounts of practices. However, none of that money came free of strings. Instead, the money would be followed by lengthy attestation documents that, in brief, had physicians certifying to the government that the funds would be used for the appropriately designated purposes and that operations within the practice fit within the eligibility criteria identified by the government. Submission of the attestation was official and binding confirmation.

As already suggested though, each and every change under went at least a couple of iterations that would all come with its own guidelines for implementation. Given the fast pace of changes, how many practices or individuals could realistically state that each and every claim or attestation was submitted correctly? Likely none. Further, it is possible that a “correct” action one day could be incorrect the next. What can be done in that regard? Document, document, and document some more.

While The federal Department of Health and Human Services does have a single landing page to find all COVID-19 related documents, will that page always be there? Can the desired guidance or announcement be found? If there is skepticism about being able to locate everything resource in the future, how can documentation be achieved? Aside from what should be the standard practice of having appropriate support for claims, it may be advisable to maintain a copy of all guidance, announcements, and other statements that informed why a particular course of action was followed. Having copies of all documentation may be helpful in the event an adverse action is attempted to be taken down the road, even in spite of many statements that no fraud or abuse recoveries will be attempted absent clear indicia of fraud.

Individual maintenance of documents from the government may provide a necessary defense if things go a little haywire. Considering the need for the documentation may also push even more attention to all of the changes since collecting the documents may offer the needed push to dig a little deeper or confirm an understanding. While most are clearly trying to do the right thing and just survive with a practice still intact following the pandemic, preparing for all possible outcomes (even an optimistically unlikely worst case one) can be more fruitful from the start than trying to prove a negative in the future.

Posted in Anti-kickback Statute, Business, CMS, Compliance, Litigation, Physicians, Regulations, Stark Law | Tagged , , , , , , | Leave a comment