Happy New Year!

The new year is typically a time when we make resolutions to improve or maintain positive habits. Whether it’s simply to be a little kinder, or to learn a new skill, resolutions are a great way to take that first step into something better for yourself, and in some cases, your business. 

TyphoonDATA has a few resolutions this year. The first is to continuously improve our processes in day to day operations. The second is to add to our repertoire of automated sources. Finally, our third resolution is to give back to the community in valuable ways.

When you think about how a business should be run we often turn to numbers and statistics. Here at Typhoon, we think above and beyond that. Though we do value numbers and statistics. We also value job satisfaction, communication, and detail-oriented work. Everyone on our team has an important role to play. To improve day to day operations, we encourage our team to share ways in which our processes could be simplified or elevated.  

Automation makes life easy for our customers and for ourselves. It shoulders tasks that are more susceptible to human error. So improving current automation and adding to what we have is a no-brainer. We’ve added a new employee to our technology team late last year, and we have several initiatives to improve our automation and elevate our platform to the next level. 

Giving back to the community is a fairly new initiative for us. We believe acts of kindness not only help others but add to the culture of our company. We ended last year by volunteering at a local nursing home. This brought us together as a team and brought us so much joy. So this year, we’re planning and executing many more service projects all around our community in Orem, Utah.

Happy New Year from TyphoonDATA! We wish you the best in all your resolutions.

Holiday Celebrations with Typhoon Data

Here at Typhoon Data we’ve been getting into the holiday season by celebrating over a three day period, as we couldn’t contain our excitement for the holidays to just one day. On Thursday we had the opportunity to decorate stockings as a company. The stockings turned out great (with exception to my own) and the conversation was even better.

The festivities picked up again the following day by starting with lunch at Tucanos, which allowed us to celebrate the hard work we had put in this year and provide the opportunity to socialize with our coworkers. When lunch drew to a close we were given gifts that were generous and delicious. After all this we were addressed by Questin Francis (Our CEO) to thank us and congratulate the company on the hard work we had been doing all year.

After our lunch we were fortunate to spend a few hours decorating cookies, doing crafts and helping facilitate a Christmas party at Provo Rehabilitation and Nursing for some of the patients that are currently staying there. It was a nice way to spend the rest of the afternoon and celebrate the holidays by getting to know people and help them celebrate their holidays too.

The next Wednesday we had the opportunity to create gingerbread houses as part of the festivities and to get to know those we don’t frequently work with. The end results were creative and unique, one of our employees came up with a lengthy backstory to why their gingerbread spaceship (they took liberties with the resources they were given) should win. All in all, it was a fun activity for all those involved.

Happy Holidays from your friends at Typhoon Data!

The CMS Preclusion List and You

What is the CMS Preclusion List?

The Preclusion List is a list of prescribers and individuals or entities who fall within any of

the following categories:

(1) Are currently revoked from Medicare, are under an active reenrollment bar, and CMS has determined that the underlying conduct that led to the revocation is detrimental to the best interests of the Medicare program; or

(2) Have engaged in behavior for which CMS could have revoked the prescriber, individual or entity to the extent applicable if they had been enrolled in Medicare, and CMS determines that the underlying conduct that would have led to the revocation is detrimental to the best interests of the Medicare program. Such conduct includes, but are not limited to, felony convictions and Office of Inspector General (OIG) exclusions.

Why was it created? 

The CMS-4182 Final Rule was created to make revisions to the Medicare Advantage (MA) program (Part C) and Prescription Drug Benefit Program (Part D) regulations based on our continued experience in the administration of the Part C and Part D programs and to implement certain provisions of the Comprehensive Addiction and Recovery Act and the 21st Century Cures Act.

Will I get access to it?

Did you have access to the Medicare Advantage (MA) program (Part C) and/or Prescription Drug Benefit Program (Part D) in the past? If so, then you can get access to this list by applying to receive access to the EDMI through CMS. Submit your application here

Who is required to search the CMS Preclusion List?

Preclusion List Requirements for Prescribers in Part D and Individuals and Entities in MA, Cost Plans, and PACE

This final rule will rescind current regulatory provisions that require prescribers of Part D drugs and providers of MA services and items to enroll in Medicare in order for the Part D drug or MA service or item to be covered. As a replacement, a Part D plan sponsor will be required to reject, or require its pharmacy benefit manager to reject, a pharmacy claim for a Part D drug if the individual who prescribed the drug is included on the ‘‘preclusion list.’’ Similarly, an MA service or item will not be covered if the provider that furnished the service or item is on the preclusion list. The preclusion list will consist of certain individuals and entities that are currently revoked from the Medicare program under 42 CFR 424.535 and are under an active reenrollment bar, or have engaged in behavior for which CMS could have revoked the individual or entity to the extent applicable if they had been enrolled in Medicare, and CMS determines that the underlying conduct that led, or would have led, to the revocation is detrimental to the best interests of the Medicare program. We believe that this change from an enrollment requirement to a preclusion list requirement will reduce the burden on Part D prescribers and MA providers without compromising our program integrity efforts.

Where can I get more information?

The CMS Preclusion List Homepage

Erin’s two cents:

The CMS preclusion list is not for background screening. It’s available to Part C and Part D prescribers. Its primary purpose is to eliminate the opioid epidemic. The creation of this new list is in response to the Comprehensive Addiction and Recovery Act of 2016 (CARA). There may be excluded providers on this list, however, those exclusions will also still be listed on the OIG. 


The Medicare Exclusion Database (MED) and You

We are often asked if we have the Medicare Exclusion Database (MED) in our system. We do not collect the MED directly from CMS, but we do have this data in our system. The reason for this is because we collect our data from the primary source, as the Office of Inspector General is the primary source, we do not see a need to collect this data from the CMS as well.

We are precise in our collection. We believe in quality over quantity here at Typhoon Data. We don’t see a need in collecting “Everything”. Instead, we collect the pertinent, actionable, and primary source records that can help you and your clients get a full and complete picture on your health care providers. We take pride in our knowledge of these sources.

Last week, we got official and final confirmation that collecting the MED is not necessary.

Exact verbiage from CMS in regards to the MED:

“The Medicare Exclusion Database (MED) is a national database populated with information from the Office of the Inspector General.”

Reviewing Sanctions – What does the word “sanction” really mean?

sanc·tion
ˈsaNG(k)SH(ə)n/
noun
a threatened penalty for disobeying a law or rule.
“a range of sanctions aimed at deterring insider abuse”

Sanction is a term that is often used when referring to databases like ours. I’m often asked “do you have a sanction database?” or “is this a sanction check?”

We do have sanctions in our dataset. For example, Office of Foreign Assets Control (OFAC) has many lists of sanctioned individuals.

However, it’s a common misconception that an entire dataset like ours is a Sanction Database or Sanction search. Sanctions usually refer to Financial Sanctions. Financial Sanctions are restrictive measures imposed on individuals or entities in an effort to curtail their activities and to exert pressure and influence on them.

Our focus at Typhoon Data is to assemble a data set of all Federal and State Exclusions and Board Disciplinary Actions. Many organizations publish critical information for our customers, and we gather all of it, including Opt out affidavits, abuse registries, and imposter lists.

Federal and State Exclusions are Individuals and Entities that are excluded from participation in Medicare, Medicaid and other federal and state healthcare programs.

Termination occurs when the Medicare program, a State Medicaid program, or CHIP has taken an action to revoke a provider’s billing privileges, a provider has exhausted all applicable appeal rights or the timeline for appeal has expired, and there is no expectation on the part of a provider or supplier or the Medicare program, State Medicaid program, or CHIP that the revocation is temporary.

Disciplinary Actions (aka Board Actions) is the language used to describe the types of actions that occur at a board level. These can be minor, like a fine or civil penalty. Or they can be major, like a revocation or suspension of a medical license.

The difference between these? Though these both are targeted to the medical world, Disciplinary Actions cannot occur unless you are licensed, or attempting to become licensed. However, anyone can become excluded. Many times, a severe enough action will result in an exclusion, however this is not always the case.

Our dataset has much more than just these sources. We have a myriad of sources that are going to help give you the complete picture on your provider. We include Medicare Opt-Out’s, Abuse Registries, License Conditions, Imposter Alerts, Federal and State Actions, Press Releases, etc. Often times all of these different types of data fall into one category. Sanctions.

It would appear that the term “sanction” has been adopted to include any or all of the possible actions taken by the Federal government, state governments, or boards. As has been noted the terminology used by the many reporting entities varies greatly including;
Exclusion
Termination
Board Action
Medicare Opt-Out
Abuse Registries
License Condition
Imposter List
Federal and State Action
Press Release

That’s why, when asked if we have a sanction dataset, I’m always careful to ask follow-up questions about what specific sources the customer might want or need. If my customer is unsure of what exactly they need, we try to always stay up to date on the compliance regulations so we can offer them exactly what they need to meet the standards.

Excluded in One Excluded in All

Terminated-copy

Excluded in one, Excluded in all

The Affordable Care Act section 6501 discusses “Termination” of a medical provider under Medicaid if Terminated Under Medicare, CHIP, or Other State Plan.

“Termination occurs when the Medicare program, a State Medicaid program, or CHIP has taken an action to revoke a provider’s billing privileges, a provider has exhausted all applicable appeal rights or the timeline for appeal has expired, and there is no expectation on the part of a provider or supplier or the Medicare program, State Medicaid program, or CHIP that the revocation is temporary. The requirement for termination based upon a termination in another program applies in cases where providers, suppliers, or eligible professionals were terminated or had their billing privileges revoked for cause which may include reasons based on fraud, integrity, or quality.”

We find important clarifying details in an informational bulletin published in May of 2011. One point made by the director of the CPI (Center for Program Integrity) addresses the “for cause” portion of this section. The statement reads “For cause may include, but is not limited to, termination for reasons based upon fraud, integrity, or quality. For cause does not include cases where a State terminates a Medicaid or CHIP provider as a result of a failure to submit claims due to inactivity.” Additionally if a provider voluntarily ends participation in the program this is not considered “for cause” except when the “voluntary” action is taken to avoid sanction. The end of billing privileges does not necessarily result in Termination

Another important clarification from this bulletin is that if a provider is “Terminated” in one state, then all other states must also terminate, and the duration of the termination should follow the terminating State’s law. They provide the following example for clarification; “State A terminates a provider and the length of termination is 3 years. A termination action is triggered in State B with regard to that same provider as a result of the State A termination action. State B’s length of termination is 1 year. The provider is not allowed to re-enroll in State B’s Medicaid program for a 1-year period as opposed to State A’s 3-year bar to re-enrollment.” We usually refer to this as the excluded in one excluded in all scenario.

A couple of other points worth mentioning. It is clarified that there is a difference between termination and exclusion. Termination happens at the state level for the reasons stated above. “Generally, “exclusion” from participation in a federal health care program, including Medicare, Medicaid, and CHIP is a penalty imposed on providers and suppliers by the Department’s Office of Inspector General (HHS-OIG). Individuals and entities may be excluded from participating in federal health care programs for misconduct ranging from fraud convictions to patient abuse to defaulting on health education loans.” While they are technically different situations the end result is the same, a provider’s involuntary departure from the Medicaid program or CHIP. Finally the information should be reported on at least a monthly basis to the HHS-OIG.

Want to review the bulletin? Here’s the link; https://downloads.cms.gov/cmsgov/archived-downloads/CMCSBulletins/downloads/6501-Term.pdf

Let’s Talk about Primary Source Data

What is a Primary Source?

A Primary Source is the original source repository or the source that legally issue licenses, discipline, education, training, or examination. A couple of examples of this in our industry are:

California Board of Registered Nursing
Office of Inspector General, U.S. Department of Health and Human Services (OIG)
Pharmacy Technician Certification Board (PTCB)
Centers for Medicare and Medicaid Services (CMS)

What is a Primary Source Data?

Primary Source Data is the license, certification, or disciplinary data directly from the original source. This means the data we collect is directly from the primary source. This data includes exclusion information, opt-out affidavits, license issuance, and disciplinary records. Another caveat to primary source data is we do not change, adjust, or modify the record found at the primary source.

Why is Primary Source Data Important?

Primary source data is important to your company as a way to confirm that your employee can be authorized to work for your facility.

The OIG has the authority to exclude individuals and entities from participation in federal healthcare programs. Any organization or individual who hires excluded parties may be subject to civil monetary penalties (CMP). To avoid these penalties, the LEIE recommends (as a part of the Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs) that you check their database upon hire, and on an ongoing monthly basis.

Primary Source data is not only important to us, it’s important to accrediting bodies (i.e. The Joint Commission, URAC) and exclusion bodies (i.e. OIG, GSA).

How does the OIG determine who to Exclude

The OIG (Office of Inspector General) has updated their “Criteria for implementing section 1128(b)(7) exclusion authority.”

Here is a link to the OIG write up about the new standards. https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf

 

The OIG has a mission “to protect the integrity of Department of Health & Human Services (HHS) programs as well as the health and welfare of program beneficiaries.”  To fulfil this mission the OIG creates resources to help the health care industry comply with the Nation’s Fraud laws. They also work to educate the public, to protect them from fraud, and to have the public report suspicious activities. The Office of Counsel to the Inspector General (OCIG) is responsible for imposing program exclusions and civil monetary penalties (CMP) on health care providers. The excluded health care providers are included on a list known as the List of Excluded Individuals/Entities (LEIE). This article will summarize the current method the OIG uses in determining the action taken against an individual or entity.  

 

Risk Spectrum

The OIG will be using a scale to determine the action taken, ranging from Exclusion to imposing Integrity Obligations to Release. There are a number of factors included in the risk assessment, which then determine the course of action the OIG will take. The categories included in this evaluation are; The Nature and Circumstance of the Conduct, Conduct During the Investigation, Significant Ameliorative Efforts, and History of Compliance.

 

Factors applied to determine the action taken

These Factors have an impact on the risk assessment, they indicate a higher risk, a lower risk, or can be neutral in determining what action will be taken by the OIG. Here is a quick summary  

  1. Nature and Circumstance of Conduct
    1. If the conduct had an adverse impact on Individuals
    2. Financial loss- the greater the amount of loss or intended loss to the Federal healthcare programs the greater the risk assessment.
    3. Conduct that occurs as part of a pattern, or over a period of time, or is continual or repeated indicates a higher risk
    4. Conduct that is currently ongoing or was continued until the Government began an investigation leads to a higher risk
    5. A lack of criminal sanctions has no impact on the level of risk
    6. Leadership Role- if the individual organized, led or planned the unlawful activity
    7. History of Prior Fraudulent Conduct, including prior judgements or convictions, refusal to enter into a Corporate Integrity Agreement (CIA), having a prior CIA, and failing to cooperate with OIG while under a CIA all indicate higher risk levels
  2. Conduct during Investigation
    1. Overall response to the investigation
      1. Did the individual obstruct or impede the investigation or attempt to do so?
      2. Was anything done to conceal the conduct from the government
      3. The inability for a person to engage in the conduct again for whatever reason has no effect on the risk assessment
      4. While a prompt response to the subpoena has no effect, failure to comply within a reasonable time frame would result in a higher risk assessment.
    2. Internal Investigation
      1. If an internal investigation began prior to the individual or entity learning about the Government’s investigation, and any information gained as a result is shared with the government, risk will be lower.
      2. If the person self-disclosed the conduct prior to the Government’s investigation, this would also result in a lower risk assessment.
    3. Cooperation
      1. If the person cooperates with the Government the risk assessment is lower.
      2. If through the person’s cooperation a criminal, civil, or administrative action is taken against an individual or entity, then risk assessment is lower.
    4. Resolution
      1. Adverse Licensure action increases the risk
      2. A criminal resolution including either a conviction, a Deferred Prosecution Agreement, or a Non-Prosecution Agreement. Any of these actions will increase risk which varies depending on the type of criminal action taken
  3. Significant Ameliorative Efforts
    1. Significant changes in the entity
      1. The entity taking appropriate action against the individual lowers risk.
      2. If the entity has dedicated more resources to insure compliance this will also lower the risk.
      3. If after the conduct has stopped, the entity has been sold to a non-affiliated, independent third party that has a history of compliant participation in Federal healthcare programs, the risk will be lower
      4. If there has been additional training, or a mentor assigned or other mitigating steps have been taken that will also lower the risk assessment.
  4. History of Compliance
    1. If the person has a history of appropriate timely self-disclosure made in good faith the risk will be lower
    2. Having a compliance program in place has no impact on risk level, but not having a compliance program in place that incorporates the U.S. Sentencing Commission Guidelines Manual’s seven elements of an effective compliance program will increase the risk.

 

Summary

This new criteria helps clarify the process for how a health care provider can find themselves excluded by the OIG. If an individual or entity is on the LEIE, then “no payment will be made by any Federal health care program (ie; medicare or medicaid) for items or services furnished, ordered, or prescribed by the excluded individual in any capacity.” The OIG can impose penalties on entities and individuals who bill the Federal government for services while excluded by the OIG. These Civil Monetary Penalties (CMP) can be up to $10,000.00 per occurrence plus treble damages.

At Typhoon Data one of our services is to verify that providers are not on the LEIE. We offer a variety of services to help maintain compliance.

 

If you would like to discuss our solutions, feel free to contact me, David Rees at (800) 780-5901 Ext 705 or email drees@typhoondata.com.

Typhoon Data is Certified by the NCQA

Typhoon Data, a healthcare data solution provider, announced today it has received certification from the National Committee for Quality Assurance (NCQA), a private, non-profit organization dedicated to improving healthcare quality, for the following credentials verifications services;

License to Practice
DEA Registration
Medical Board Sanctions
Ongoing Monitoring
Medicaid/Medicare Sanctions

This credential verifies Typhoon Data’s use of industry best practices and demonstrates its commitment to quality improvement, increased performance measures, and better compliance data. Typhoon Data was built from the ground up applying knowledge gained from years of industry experience to provide the most effective and accurate solution available. Verification services designed to comply with NCQA credentialing standards demonstrates that Typhoon Data has the systems, process and personnel in place to thoroughly and accurately verify providers’ credentials and help health plan clients meet their accreditation goals.

Recognizing the critical nature of the services they provide, Typhoon Data determined that obtaining certification was a key business strategy. Typhoon Data was built with the customer in mind, and offers integration or turnkey solutions, customization, exclusion data, and verification services. Typhoon Data has revolutionized the method for continuously monitoring compliance data. Typhoon Data is positioned to move the industry forward through innovation and by leveraging technology.

As a bootstrapped startup Typhoon Data has worked to establish sound policies and procedures, and to become an expert in credentialing and compliance. The management and operations teams have created systems that ensure complete, accurate, and timely data gathering and verification. Certification includes rigorous on-site evaluations conducted by a team of health care professionals and certified credentialing specialists. A national oversight committee of physicians analyzes the team’s finding and determines certification based on the CVO’s compliance with NCQA standards.

About Typhoon Data

Typhoon Data is transforming the data industry through automation and partnerships. We make it possible to search for license, exclusion, and board action data in a more efficient and cost effective way. Because our processes are based in the future, we have the ability to offer better products than our competitors at a fraction of the price and in a standardized way that brings new meaning to Compliance Monitoring.

We efficiently handle monthly batching or quarterly reviews, we are constantly monitoring, making it possible for you to truly get the complete picture on your health care staff.

About the National Committee for Quality Assurance (NCQA)

NCQA is a private, non-profit organization dedicated to improving healthcare quality. NCQA accredits and certifies a wide range of healthcare organizations. It also recognizes clinicians and practices in key areas of performance. NCQA’s Web site (http://www.ncqa.org) contains information to help consumers, employers and others make more informed health care choices.

For the original version on PRWeb visit: http://www.prweb.com/releases/2017/01/prweb13989788.htm

The HIPAA Audit Program and you

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has begun it’s next phase of audits to confirm that organizations are in line with HIPAA protocol. The 2016 Phase 2 HIPAA Audit Program is looking to strengthen it’s Health Insurance Portability and Accountability Act (HIPAA) enforcement efforts by being more proactive.

For 2016’s Fiscal Year, the budget for OCR’s office increased by $4 million over the year before in anticipation of these audits. They will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards (laid out in Phase 1) and implementation specifications of the Privacy, Security, and Breach Notification Rules.

These audits were mandated by the HITECH Act to conduct periodic random audits to assess entity compliance with HIPAA. These will primarily be desk audits, but some on-site audits can occur. This could be anything from a drop in one-hour audit to a multi-day operational audit.

Let’s look back:

Before phase 2 (the audits) began, they started with phase 1:

“HIPAA established important national standards for the privacy and security of protected health information and the Health Information Technology for Economic and Clinical Health Act (HITECH) established breach notification requirements to provide greater transparency for individuals whose information may be at risk. HITECH requires the HHS Office for Civil Rights (OCR) to conduct periodic audits of covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules. In 2011 and 2012, OCR implemented a pilot audit program to assess the controls and processes implemented by 115 covered entities to comply with HIPAA’s requirements.  OCR also conducted an extensive evaluation of the effectiveness of the pilot program.  Drawing on that experience and the results of the evaluation, OCR is implementing phase two of the program, which will audit both covered entities and business associates. As part of this program, OCR is developing enhanced protocols (sets of instructions) to be used in the next round of audits and pursuing a new strategy to test the efficacy of desk audits in evaluating the compliance efforts of the HIPAA regulated industry. Feedback regarding the protocol can be submitted to OCR at OSOCRAudit@hhs.gov.” – HHS.gov Read More The HIPAA Audit Program and you