Computer-Assisted Coding Reality Check - Journal Of AHIMA |

JUNE 2019

Computer-Assisted Coding Reality Check

19_June.indd 1 5/28/19 10:51 AM

JOURNAL AHIMAOF

Welcome TO THE DIGITAL EDITION OF THE

Codes That Keep You On Your ToesThis slideshow takes a look at five common coding problems

seen by AHIMA’s Code-Check experts.

CONSULTING & OUTSOURCING GUIDE

AHIMA

2019 | RESOURCE GUIDE

WelcomeDigital_June19.indd 1 5/28/19 10:41 AM

Iffifihfirfi’sfifififififihifigfifiurfifiusfifimfirsfiallfihavfifiififififimmfifififiifi’sfifihfifilfifikfififfifififififififififififiwhfifififihfiyfikfifiwfifihfiy’rfifiassigfiifigfifihfifirighfifififififisfiusifigfifihfifiTruCfifififiEfififififirfifi

Afififiyfiufifiafififfifilfifihisfifififififififififififififififi

TruCfififi’sfirfififiwfifififiRfisfiarfihfiPafififiafifisfiasfiafifiigifialfiassisfiafifififiprfisfififiifigfirfilfivafififiififfirmafiifififiafififirfisfiurfifisfiafififihfifipfiifififififfifififiifigfifiThfifirfisulfifiisfiafisfirfiamlififififi

wfirkflfifiwfifihafifiallfiwsfiyfiufifififiassigfifififififisfimfirfifiquifiklyfiafififiafifiurafifilyfi

RfiafiyfififififiisfifivfirfifihfifiTruCfifififiEfififififirfifiifffirfifififi?fiVifiwfiafififimfifiafififisfififihfiwfiifisfikfifiwlfifigfi-basfififiapprfiafihfiafififiififiuifiivfifififisigfifilfiafisfifififibfifififirfifififiifigfifiufififimfisfi

Iffifihfirfi’sfifififififihifigfifiurfifiusfifimfirsfiallfihavfifiififififimmfifififiifi’sfifihfifilfifikfififfifififififififififififiwhfifififihfiyfikfifiwfifihfiy’rfifiassigfiifigfifihfifirighfifififififisfiusifigfifihfifiTruCfifififiEfififififirfifi

Afififiyfiufifiafififfifilfifihisfifififififififififififififififi

WWW.TRUCODE.COM/DEMO

19_June.indd 2 5/28/19 10:51 AM

19_June.indd 1 5/28/19 10:51 AM

Contents June 2019

10

Computer-Assisted Coding Reality CheckBy Mary Butler

Cover

Features

14 Revolutionary Payment Changes Prompt Skilled Nursing Facilities to Eye CDI ProgramsBy Lisa A. Eramo, MA

18 Third-Party Data Disclosure Risk Management for Healthcare OrganizationsBy April Carlson, MBA, HCISSP, CFE; Daniel Goldman, JD; Burke Milnes, MPA; Kimberly Otte, JD; and Morgan Schacht, JD

24 How an AHIMA Credential is BornExtensive vetting process produces ‘gold standard’ CDIP, other credentialsBy Mary Butler

Departments

5 President’s MessageCAC is Like the Driverless Car—Both Need the Human Touch

6 Bulletin Board

9 Inside LookOnce More, Coding at the Crossroads

44 Calendar

45 Keep Informed

46 Volunteer Leaders

56 AddendumPaper Workaround Defeats EHRs’ Purpose

pg. 14The Patient-Driven Payment Model (PDPM)—under which skilled nursing facilities are paid based primarily on each patient’s unique medical com-plexity—requires detailed clinical documentation.

19_June.indd 2 5/28/19 10:52 AM

Contents June 2019 Vol. 90, no. 6

Working Smart

26 Curiosity Killed the CareerBy Nancy Davis, MS, RHIA, CHPS

28 Data Normalization: Help for Quality Measures ReportingBy Cheryl Mason, MSHI

30 Avoid Pain After a Breach—Read the Fine PrintBy Joe Gillespie, MS, RHIA, CHPS, and Susan Lucci, RHIA, CHPS, CHDS, AHDI-F

32 Tips for Getting the Most Out of Computer-Assisted CodingBy Daniel Land, RHIA, CCS

Practice Brief

34 Using CC/MCC Capture Rates as a Key Performance Indicator

Coding Notes

38 Coding Respiratory FailureBy Monica Leisch, RHIA, CDIP, CCS

40 Managing and Analyzing EHR Pharmacy Data in the Hospital SettingBy Shannon H. Houser, PhD, MPH, RHIA, FAHIMA; Jodie Wagner, CPhT; and Christopher O. Holland, RPH

AHIMA members may earn continuing education credits by successfully completing the following quizzes at https://my.ahima.org/store

Quizzes

13 “Computer-Assisted Coding Reality Check”Domain: Technology

17 “Revolutionary Payment Changes Prompt Skilled Nursing Facilities to Eye CDI Programs”Domain: External Forces

42 “Managing and Analyzing EHR Pharmacy Data in the Hospital Setting”Domain: Clinical Data Management

http://journal.ahima.org

Getting a Handle on Your Health Information As data volume continues to grow, how can patients get the most out of their personal health information?

Under the DomeThis web-exclusive column highlights public policy initiatives that impact the HIM profession, includ-ing news on AHIMA’s national and affiliated state advocacy initiatives, and more.

Slideshow: Codes that Keep You On Your ToesThis slideshow takes a look at five common coding problems seen by AHIMA’s Code-Check experts.

19_June.indd 3 5/28/19 10:52 AM

4 / Journal of AHIMA June 19

Journal of AHIMA (ISSN 1060-5487) is published monthly, except for the combined issues of July/August and November/December, by the American Health Information Management Association, 233 North Michigan Avenue, 21st Floor, Chicago, IL 60601-5800. Subscription Rates: Included in AHIMA membership dues is a subscription to the Journal. The annual member subscription rate is $22.00 for active and graduate members, and $10.00 for student members. Subscription for nonmembers is $100 (domestic), $110 (Canada), $120 (all other outside the U.S.). Postmaster: Send address changes to Journal of AHIMA, AHIMA, 233 North Michigan Avenue, 21st Floor, Chicago, IL 60601-5800. Notification of address change must be made six weeks in advance, including old and new address with zip code. Periodical’s postage is paid in Chicago, IL, and additional mailing offices.

Notice of PolicyEditorial—views expressed in articles contributed to the Journal of AHIMA are those of the author(s) and do not necessarily reflect the policies and opinions of the Association, editorial review board, or staff. Articles are not to be construed as endorsing any particular product or service. Advertising—products, services, and educational institutions advertised in the Journal do not imply endorsement by the Association.

Copyright © 2019 American Health Information Management Association ® Reg. US Pat. Off.

ADVERTISING REPRESENTATIVESMCI USA

Jeff RhodesPhone: (410) [email protected]

AHIMA OFFICE233 N. Michigan Ave., 21st FloorChicago, IL 60601-5800(312) 233-1100; Fax: (312) 233-1090

AHIMA ONLINE: www.ahima.orgJOURNAL OF AHIMA: [email protected]

JOURNAL OF AHIMA MISSIONThe Journal of AHIMA serves as a professional development tool for health information managers. It keeps its readers current on issues that affect the practice of health information management. Furthermore, the Journal contributes to the field by publishing work that disseminates best practices and presents new knowledge. Articles are grounded in experience or applied research, and they represent the diversity of health information management roles and healthcare settings. Finally, the Journal contains news on the work of the American Health Information Management Association.

EDUCATIONAL PROGRAMSThe Commission on Accreditation for Health Informatics and Information Management Education (www.cahiim.org) accredits degree-granting programs at the associate, baccalaureate, and master’s degree levels. For more information on HIM career pathways and CAHIIM accreditation, visit www.ahima.org/careers.

AHIMA CEO Wylecia Wiggs Harris, PhD, CAE

EDITOR-IN-CHIEF Chris Dimick

ASSISTANT EDITOR/WEB EDITOR Sarah Sheber

ASSOCIATE EDITOR Mary Butler

CONTRIBUTING EDITORS Sue Bowman, MJ, RHIA, CCS, FAHIMA Patricia Buttner, RHIA, CDIP, CCS, CHDA, CPHI Tammy Combs, RN, MSN, CCS, CCDS, CDIP Julie Dooling, MSHI, RHIA, CHDA, FAHIMA Melanie Endicott, MBA/HCM, RHIA, CHDA, CCS, CCS-P, CDIP, FAHIMA Jewelle Hicks Lesley Kadlec, MA, RHIA Donna Rugg, RHIT, CCS, CCS-P, CDIP, CICA Gina Sanvik, MS, RHIA Robyn Stambaugh, MS, RHIA Maria Ward, MEd, RHIT, CCS, CCS-P

ART DIRECTOR Graham Simpson

EDITORIAL ADVISORY BOARD Linda Belli, RHIA Gerry Berenholz, MPH, RHIA Carol A. Campbell, DBA, RHIA, FAHIMA Rose T. Dunn, MBA, RHIA, CPA, CHPS, FACHE, FAHIMA Diane A. Kriewall, RHIA Glenda Lyle, RHIA Daniel J. Pothen, MS, RHIA Tricia Truscott, MBA, RHIA, CHP Carolyn R. Valo, MS, RHIT, FAHIMA

19_June.indd 4 5/28/19 10:52 AM

Journal of AHIMA June 19 / 5

President’s Message

I HAVE NOT coded a medical record in many years, but I love coding. I love to use the codes to examine all aspects of coding processes and disease-re-lated research. In the past, I worked on a team that examined the comput-er-assisted coding (CAC) software to enhance antifraud activities in 2005; examined code capture differences in the ICD-9-CM and the ICD-10-CM systems; interviewed physicians about their outlook on ICD-10-CM/PCS and its effect on their practice; and worked on developing a predictive model to de-termine coding productivity when given a specific length of stay and case mix index. Working on this research was fun and rewarding.

Some skeptics might say that once CAC and machine learning are per-fected, the need for human beings in coding will be gone and no further research will be required. I disagree. Yes, we have had extensive advances in CAC—especially since 2005. But human coders will still be needed to analyze, decipher, and use their exper-tise to make correct code decisions based on the recommendations by CAC systems. Coding is a very com-plex profession and requires extensive knowledge in anatomy and physiol-ogy, pathophysiology, clinical indica-tors, medical terminology, pharmacol-ogy, the format and organization of the electronic health record (EHR), and clinical documentation integrity.

CAC reminds me of driverless car tech-nology. As much as I love coding, driving is a different story. I would love to have a driverless car. But I think it will take a long time before the driverless car is per-fected—especially until it is perfected to the point where it isn’t even necessary for a human to be in the driver seat at all, and I can happily sit or recline in the

back seat while the car moves perfectly along the highway, always maintaining the correct speed, knowing when to slow down, when to change lanes, when to use the turn signal, and when to hit the brakes.

Coders, keep on coding well. We need to be the real intelligence behind artificial intelligence. And that means we can continue to research all the many aspects of coding systems and the systems’ ability to capture the cor-rect codes as well as coding produc-tivity and quality. Yes, CAC technology will get better and better and become a tool that the coder will continue to use to assist them in their coding de-cisions. However, in order to enhance coding quality, the coder will be need-ed to ascertain that the correct code is assigned, that it coincides with provider documentation, and that the sequencing aligns with Uniform Hospi-tal Discharge Data Set guidelines. Of course, machine learning tools such as CAC will be used to assist with the coding process—but it will be quite difficult to fully replace an excellent coder with machine learning.

And while CAC will not fully replace human coders, I do hope that the driv-erless car is in the future. I’m looking forward to kicking back, sipping a soft drink, and enjoying the landscape as I do not drive by. ¢

Valerie Watzlaf (Valerie.Watzlaf@ahimaboard.

org) is vice chair of education and associate pro-

fessor at University of Pittsburgh.

CAC is Like the Driverless Car— Both Need the Human Touch

By Valerie Watzlaf, PhD, MPH, RHIA, FAHIMA

We need to be the real intelligence behind artificial intelligence.

19_June.indd 5 5/28/19 10:52 AM

6 / Journal of AHIMA June 19

Bulletin Board what’s happening in healthcare

GAO Report Demonstrates Critical Security Infrastructure Weaknesses at HHSThe US Department of Health and Hu-man Services (HHS) has fallen short in complying with four crucial health IT security recommendations advised by the Government Accountability Office (GAO), according to a new report.

In a letter to HHS Secretary Alex Azar, the GAO outlined their previous recom-mendations to which the agency says HHS has failed to respond, putting its cybersecurity infrastructure, public health alert network infrastructure, and electronic health record (EHR) perfor-mance improvement measurement sys-tems all at risk, according to the GAO.

As per earlier recommendations

made by the GAO to the Centers for Medicare and Medicaid Services (CMS) regarding EHR performance measures, the GAO says HHS pro-vided it with a variety of publicly avail-able reports. However, in reviewing those materials, GAO writes that it did not see evidence that HHS had devel-oped outcome-oriented performance measures that align with the intended outcomes of the EHR programs.

“The nation’s critical infrastructure provides the essential services—in-cluding health care—that underpin American society. The infrastructure relies extensively on computerized

systems and electronic data to support its missions,” the report stated. “How-ever, serious cybersecurity threats to the infrastructure continue to grow and represent a significant national secu-rity challenge. Additionally, recent data breaches have highlighted the impor-tance of ensuring the security of health information, including Medicare ben-eficiary data. Such data are created, stored, and used by a wide variety of entities, such as health care providers, insurance companies, financial institu-tions, researchers, and others.”

The GAO offered suggestions for improving these weaknesses.

Amazon Announces Alexa is HIPAA-CompliantIn early April, Amazon’s Health and Wellness unit announced several invi-tation-only collaborations with select healthcare organizations using Ama-zon’s voice-activated assistant Alexa—a device that is now HIPAA-compliant.

Alexa is newly able to store, transmit, and encrypt protected health informa-tion (PHI), which gives it the ability to do more than just respond to simple user questions through conveniently placed speakers. Alexa Skills Kit will help healthcare organizations and consumers schedule same-day ap-pointments, track wellness incentives, manage prescriptions, receive post-surgery instructions, monitor medica-tion adherence, optimize clinical trials, and more, Engadget reported.

“Amazon Alexa is currently provid-ing a HIPAA eligible environment to select skill developers as part of an invite-only program in the U.S. In the future, we expect to enable additional developers to access this capabil-ity to build healthcare skills, allowing

more customers to access healthcare services more conveniently using voice,” wrote Rachel Jiang, head of Alexa Health and Wellness for Ama-zon, in a blog post.

However, some health IT experts are concerned that companies who want to work with the device aren’t looking before they’re leaping.

“Many healthcare IT departments use other industry standards or have created their own standards for data privacy and security,” Nathan Treloar, the president of a tech company that develops conversational artificial in-telligence tools for Alexa and other vir-tual assistants, told Health Data Man-agement. “In their eyes, completely securing a voice application may go well beyond ensuring that a service provider will sign a HIPAA business associate agreement. Issues like user authentication, data privacy in shared spaces, network and device hacking, and secure system integration should all be addressed.” ¢

Standards Could Help Patient MatchingStandardized demographic data could help improve patient matching across multiple providers, according to a study published in the Journal of the American Medical Informatics Association.

Research led by experts at Indiana University and supported by The Pew Charitable Trusts found that standard-izing addresses by using the United States Postal Service’s format had the potential to improve match rates by up to three percent, according to Pew. When a standardized format is used for both addresses and last names, match rates increased as much as eight percent.

While standardizing addresses showed improved match rates, the researchers did not note a significant difference in match rates when standardization was employed for telephone numbers, birth dates, and Social Security numbers. Researchers used tens of thousands of real-world records previously matched through human review for the study so that they could confirm when standard-ization improved matching success. ¢

19_June.indd 6 5/28/19 10:52 AM

Journal of AHIMA June 19 / 7

“We recommended in March 2018 that the Administrator of the Centers for Medicare and Medicaid Services develop processes and procedures to ensure that qualified entities and researchers have implemented infor-mation security controls effectively throughout their agreements with CMS. CMS will be engaging a contractor to review the current data security frame-work and make recommendations on specific controls and implementation requirements that would be appropri-ate for those entities. To fully implement this recommendation, CMS needs to develop appropriate processes and procedures for implementing these controls,” the report notes.

In February 2018, the GAO sug-gested that HHS could work with the Department of Agriculture to improve critical infrastructure protection. This involves consulting with industry sec-tor partners to develop methods for determining the level and type of cy-bersecurity framework adoption by entities in their respective sectors.

In addition to security lapses, the GAO also addressed CMS failures re-lated to diagnostic coding differences between Medicare Advantage and Medicare Fee-for-Service, includ-ing better accounting for beneficiary characteristics and more refined data in determining Medicare Advantage payments. ¢

Report: Healthcare Sector Remains Popular Cyberattack TargetThe healthcare industry continues to hold the distinction of leading all indus-tries in cybersecurity breaches, laying claim to a quarter of the incidents re-ported in 2018, according to the Data Security Incident Response Report from BakerHostetler. Health information was the second most at-risk type of data in cybersecurity incidents, with Social Security numbers the most at risk. Other insights from the report include identifying phishing attacks as the leading cause of breaches across all industries, next steps for hackers after they gain access to a system, and that an average of 36 days elapsed between the initial breach and detection for healthcare organizations. ¢

Source: BakerHostetler. “2019 Data Security Incident Response Report.” http://e.bakerlaw.com/rv/ff00498db267a11ce4182d53934889997a36f6d4/p=8213342.

Pharma company Bristol-Myers Squibb has agreed to use machine learning technology from Concerto HealthAI for several of its health applications.

The University of Texas MD Anderson Cancer Center has filed a federal com-plaint alleging that the $4.3 million HIPAA penalty imposed by the De-partment of Health and Human Services’ Office for Civil Rights was unlawful.

The AHIMA Foundation has received a $12,000 donation from the Walter Reed Society to support the Foundation’s Veterans Scholarship program. ¢

OFFICE FOR CIVIL RIGHTS SPRING CYBERSECURITY NEWSLETTER

www.hhs.gov/hipaa/for-profession-als/security/guidance/cybersecurity-newsletter-spring-2019/index.html

The Office for Civil Rights alerts the healthcare sector to advanced persistent threats (APTs) and zero-day exploits that pose an increasing cy-bersecurity risk to providers’ networks and health information. The dangers of APTs lie in their persistence as they seek out vulnerabilities to exploit, and post a risk to healthcare on several fronts, from medical research data to genetic data and beyond. ¢

CLICK LIST

IN BRIEF

TOOLS

NEW SEVENTH EDITION OF CCA EXAM PREPARATION BOOK RELEASED

https://my.ahima.org/store/product?id=65726

This new title from AHIMA Press pro-vides ICD-10-CM, ICD-10-PCS, and CPT practice for those preparing to take the Certified Coding Association (CCA) certification exam. This edition of the book contains 2019 ICD-10 and CPT codes to correspond to the exam launching May 1, 2019. ¢

Cybercriminals’ Next Steps After Gaining Access

0% 25% 50% 75% 100%

8% Secure a wire transfer to their account

12% Install ransomware

34% Access an Office 365 account

Roam network for available data30%

19_June.indd 7 5/28/19 10:52 AM

KEYNOTE SPEAKERSAddressing the Opioid Epidemic and the Burden of Chronic Diseases with:

Patrice A. Harris, MD, MAPresident-elect of American Medical Association (AMA)

David O. Barbe, MD, MHAPast President of American Medical Association (AMA)

438.19

ahima.org/conference | #AHIMA19

Register before July 15 ,AND SAVE UP

TO $100!

JOIN 4,500 HEALTHCARE LEADERS AND PROFESSIONALSAT THE PREMIER HEALTH DATA AND INFORMATION EVENTFOR EDUCATION AND NETWORKING.

• Build knowledge around the best strategies and solutions

• Meet with leaders empowered for change and foster lasting connections

• Explore career opportunities in the career center

• Meet with 100+ vendors in the exhibit hall

• Target learning needs through interactive sessions, roundtables, panels, town halls, and site visits covering topics like:

– Revenue Cycle

– Coding

– Continuum of Care

– Disruptive Technologies

– Optimizing CDI Program

– Performance Improvement

– Innovation and Emerging Issues

formerly AHIMA Convention & Exhibit

19_June.indd 8 5/28/19 10:52 AM

Journal of AHIMA June 19 / 9

Inside Look

THE PHRASE “INTERESTING times” sug-gests both opportunity and anxiety. These are especially “interesting times” for those of us in coding.

On the one hand, one research orga-nization recently forecast that the global medical coding market will register a compound annual growth rate of nearly 9.9 percent between 2019 and 2024.1

On the other hand, Partners Healthcare predicted major changes to be wrought by the advent of artificial intelligence, reducing the complexity of the coding process in the name of reducing administrative burden.2

It’s impossible to say what the future will hold, but we need to keep our eye on the ball. This is why a rededication to coding seems appropriate for AHIMA at a crucial time for this part of the profession.

This year, AHIMA staff and volunteers are envisioning a future in which AHIMA is the leading voice for both inpatient and outpatient coding. Our goal is to drive the discussions in the marketplace while also considering disruptive technologies such as artificial intelligence and computer-as-sisted coding (CAC). We are also doing in-depth market analysis to ensure that our products and resources will help propel coding professionals into the future.

We’ve heard that better benchmarking data is needed, too. So this year, AHIMA is conducting a landmark coding produc-tivity study that will encompass not only inpatient and outpatient coding, but the impact of other tasks that coders may be doing as part of their jobs as well. Our goal is to present results during AHIMA’s Health Data and Information Conference in September.

Speaking of disruptive technologies: in this issue, “Computer-Assisted Coding Reality Check” by Mary Butler re-evaluates the promises CAC initially offered, including improving coding accuracy and documen-tation quality, providing a positive return on

investment, and making intelligent deci-sions based on documentation.

The shift to the Patient-Driven Pay-ment Model is opening the door for clini-cal documentation improvement (CDI) in skilled nursing facilities. In “Revolutionary Payment Changes Prompt Skilled Nurs-ing Facilities to Eye CDI Programs,” Lisa Eramo talks to professionals in skilled nursing facilities about why they are im-plementing CDI programs and about op-portunities for HIM professionals.

Healthcare organizations can find them-selves weighing competing priorities to keep data protected while supporting in-novation. Authors from the Mayo Clinic developed a streamlined and robust re-view process to share large sets of data while minimizing risk, described in “Third-Party Data Disclosure Risk Management for Healthcare Organizations.”

Finally, in “How an AHIMA Credential is Born,” Mary Butler relates a story that isn’t told very often—the many steps that go into creating a credential using scien-tific process and vetting by an independent third party. Using the CDIP credential as an example, the article details the long journey from job task analysis to exam. ¢

Notes 1. Research and Markets. “Medical

Coding Market – Growth, Trends, and Forecast (2019 - 2024).” March 14, 2019. www.businesswire.com/news/home/20190314005614/en/Worldwide-Medical-Coding-Market-Analysis-Forecast-Report.

2. Partners Healthcare. “Top 12 Disrup-tive Healthcare AI Technologies An-nounced.” Press release. April 10, 2019. www.globenewswire.com/news-release/2019/04/10/1802229/0/en/TOP-12-DISRUPTIVE-HEALTH-CARE-AI-TECHNOLOGIES-AN-NOUNCED.html.

Once More, Coding at the CrossroadsBy Wylecia Wiggs Harris, PhD, CAE, chief executive officer

19_June.indd 9 5/28/19 10:52 AM

Computer-Assisted CodingReality Check

By Mary Butler

10 / Journal of AHIMA June 19

19_June.indd 10 5/28/19 10:52 AM

Journal of AHIMA June 19 / 11

AS TEXT MESSAGING has come to replace telephone calls as the primary means of interpersonal communication, apps such as SwiftKey have popped up to help those with less than nim-ble thumbs. SwiftKey and other “intelligent keyboards” quickly learn a user’s writing and typing style. They operate in the back-ground of a smartphone and take note of frequently used ex-pressions, punctuation, emojis, and slang in a user’s text mes-sages, emails, and social media posts. Before long, they’re able to predict what a user is trying to say and autosuggests enough words that it drastically reduces the time it takes to type out a message.

While these apps are arguably helpful and “intelligent,” they do require a human’s touch to succeed—and they aren’t with-out drawbacks. Before a user realizes it, “chicken noodle soup” can be autocorrected to “Chuck Norris soup.” The internet is full of enough #autocorrectfails that savvy users know to slow down a bit to avoid embarrassing typos. Human beings understand that texts sent to bosses and colleagues require more care than a quick note to friends or significant others.

Computer-assisted coding (CAC) occupies a similar func-tion in the lives of coding and health information management (HIM) professionals. CAC software uses natural language pro-cessing (NLP) to extract and translate transcribed free-text data or computer-generated discrete data into information for billing and coding purposes. Over time, the software picks up on a cod-ing professional’s frequently used codes—especially when used in a specialty hospital—and quickly becomes more precise, learning from instances when a coding professional overrides the CAC’s suggested code with one that’s more accurate.

Like apps that make texting faster, CAC’s success is contingent on the reasoning, knowledge, and editing skills of the human beings who use it. Before ICD-10-CM/PCS went live in 2015, CAC was hailed by many in the industry as a miraculous tool for preventing massive coding slowdowns that some predicted the new code set would unleash.

Since that time, however, reality has set in and tempered the expectations of coding professionals and the many CAC ven-dors that promised life-changing results. With the ICD-10 tran-sition in the rear-view mirror, it’s time to re-evaluate the follow-ing promises CAC initially offered: that it would improve coding accuracy and documentation quality; that it would increase productivity; that it would reduce the need for coders and tran-sition others into coding auditors; that it would provide a posi-tive return on investment; and that CAC could make intelligent, human-free decisions based on documentation.

Expectations Meet RealityIn the nearly four years since ICD-10 has been in place, there has been no evidence to suggest that CAC will be replacing the need for coding professionals any time soon. But that’s not to say it’s been completely unhelpful. In fact, CAC has helped providers in expected ways. In 2013, the AHIMA Foundation worked on a study with the Cleveland Clinic, with funding from CAC vendor 3M, to predict how the use of CAC technology would impact ac-curacy and productivity with ICD-10.1

The AHIMA Foundation was able to validate that the time it

took the study’s coding professionals to code inpatient records using CAC was significantly shorter than those coding profes-sionals who didn’t use the technology, resulting in a 22 percent reduction in time per record.  Additionally, it found that Cleve-land Clinic was able to reduce the time it took to code without decreasing quality as measured by recall and precision for both procedures and diagnoses. 

For Monica Pinette, MBA, RHIA, CDIP, CCS, CPC, now the assistant vice president of HIM at UConn Health, the AHIMA Foundation’s findings weren’t all that different from what she found when she was preparing for the ICD-10 transition with CAC at a previous employer, St. Francis Hospital and Medical Center in Hartford, CT. While at St. Francis, Pinette led her cod-ing team through extensive training with CAC prior to the ICD-10 transition in 2015 with the expectation that the new code set would slow them down, especially when coding procedures.

Pinette says the industry standard for the number of charts coded, per hour, was 2.5 records using ICD-10. However, her coding staff was easily able to code three or four charts per hour with CAC. “Even though we had the implementation of ICD-10 and it was predicted we’d slow down, CAC helped us avoid pro-ductivity losses. Coders were able to exceed their expectations,” Pinette says.

The CAC software also helped coding professionals familiarize themselves with the new code set more quickly. “With CAC it would actually highlight procedure codes and diagnosis codes and slate them for you. Then, coders could use the CAC’s evi-denced-based feature where you could go back and validate the procedures and diagnosis codes [suggested by the CAC engine]. And in a way it kind of helped to teach the coders by seeing those codes over and over again,” Pinette says.

Her facility used CAC for both outpatient and inpatient coding but says it was the most beneficial on the inpatient side because inpatient coding professionals have the additional challenge of assigning PCS codes and choosing DRGs.

Working with LimitationsLike many people, Pinette says her coding professionals were concerned, at first, that CAC would be so useful that it would replace them, but it quickly became clear to them this wouldn’t be the case.

“I think people with less knowledge of coding operations think ‘Oh, CAC does the coding for you’ but that’s not true at all. It does take human intervention because not every code that is given by the CAC is necessarily correct or needed for coding accuracy and ensuring the bill goes out on the claim appropri-ately. It does take human intervention and analysis on the out-patient side to look at edits and things like that in addition to using the CAC feature,” Pinette says.

Deanna Klure, RHIT, CCS, CDIP, director, coding education, nosology, CAC/clinical documentation improvement (CDI) business applications at Kaiser Permanente, stresses that it’s important that coding professionals and their managers re-member that CAC is just a tool—a very effective one—but a tool that’s as fallible as the humans that use it.

For example, on a given chart the CAC may autosuggest 10

Computer-Assisted Coding Reality Check

19_June.indd 11 5/28/19 10:52 AM

12 / Journal of AHIMA June 19

codes and the user may accept only eight because the other two are irrelevant. Perhaps the doctor dictated that the patient does not have pneumonia, but the CAC missed the word “not” and autosuggested pneumonia anyway. The user has to use the CAC’s “evidence-based” feature to determine why pneumonia is suggested before they can accept or override it.

“Sometimes what providers will do, they’ll make a template and it will have check boxes ‘yes’ ‘no’ ‘yes’ ‘no’ and the NLP can’t read the checkbox,” Klure says.

The longer a coding professional uses CAC, the more accurate the NLP engine becomes, but the technology still has a long way to go before artificial intelligence (AI) can replace a trained coding professional or become obsolete. Sarah Goodman, MBA, CHCAF, COC, CCP, FCS, president, CEO, and principal consultant for SLG Consulting, believes AI has actually enhanced CAC as it becomes more integrated. But she also thinks that automated coding and AI-assisted audits are likely the wave of the future.

Klure agrees. “I don’t think it’ll [CAC] ever be obsolete [due to AI]. I do think there’s something it can get really good at but it also depends on templating. Some procedures, we call them candy, are just easy coding,” Klure says, using GI-related charts as an example. “You’re using five of the same ICD-10-CM codes and CPT codes a lot and it becomes very easy. If you can stan-dardize the templates you can get much more precision. If the templates were standardized and readable in the CAC engine and NLP engine, certain procedures could be autosuggested at a high degree of precision.”

But even if providers really took the time to develop templates to improve precision, it would require massive industry-wide collaboration to get templates, CAC vendors, and electronic health record (EHR) system vendors to a place where CAC could replace people, Klure says.

There are some places, however, where CAC hasn’t been as seamless to incorporate as it has been for Klure and Pinette.

Robin Andrews, M.Ed, RHIA, CCS, director of HIM, coding, and CDI at Steward Health Care, has been an HIM professional for 43 years. She uses her facility’s CAC on surgical charts and feels that CAC has negatively impacted her productivity. In An-drews’ experience there was a huge disconnect in the way the CAC was advertised to her facility and how it actually performs.

“I personally was under the impression that it was like mag-ic—that you could just turn it on and it would read the docu-ment and find the codes and you’d go on your merry way. I’ve been working with CAC for three to five years now and it’s hard to build because it’s not always picking up the accuracy of the diagnosis,” Andrews says. “And if it sees things like abbrevia-tions it’s going to put a code on the abbreviation but it could be just a title. It also doesn’t get to the finer details of a code. Now this CAC system will plop codes right beside words or diagno-ses. And personally I don’t trust that it’s going to be as accurate as I can make it be because of my skillset.”

Andrews may not be alone in her assessment that CAC hasn’t resulted in the experience some feel they were prom-ised. Some EHRs are not configured in a way that makes CAC easy to use. Older EHRs have had to incorporate lots of PDFs that are harder for CAC engines to read. And some providers

have EHRs, encoders, and CACs from three different vendors that may not interface well together, resulting in a less than efficient CAC interface—and providers that made a big in-vestment with a CAC vendor may be unwilling to look for one that works better.

Indeed, a report by KLAS Research2 found that providers who document with a hybrid of electronic and paper systems have seen that the return on investment for CAC is not as high as they’d like it to be—likewise, the more electronic a provider is the more successful the CAC tends to be. KLAS advises provid-ers to help members of their organization understand that the process of implementing CAC could be long and they need to be committed to robust training and onboarding.

CAC and the FutureMarket research and vendors themselves anticipate a growing market for CAC products. In 2018, the global CAC market was valued at $2.8 billion—and it is expected to reach $5.1 billion by 2023, according to a report from WinterGreen Research.3 They noted that a smooth transition to ICD-10 has helped an increas-ing number of providers decide to invest in software that can maximize the data created by the new code set.

Heather Gladden, CCS, CAC product specialist at Dolbey, says that prior to ICD-10 there was a huge upswing in the number of providers looking at CAC systems, which paused around the time ICD-10 was implemented. But she says now that many pro-viders have realized they have a handle on ICD-10, interest is growing again.

“We’ve seen a huge uptick in people looking at CAC, over the last year and a half and also because of adoption of EMRs [EHRs],” Gladden says. “They had EMRs early on and now some organizations are switching out their EMRs. We saw a lot of or-ganizations say ‘We’re in the middle of upgrading our EMRs and working on value-based purchasing (VBP),’ so they were working on quality measures. In the last year we’ve seen a lot of people looking.”

As providers become more comfortable with CAC systems, they’re finding the software helps organizations improve the quality of their coded data, which in turn helps them improve their case mix index, decrease payment denials, shorten ac-counts receivable days, participate in VBP and bundled pay-ment initiatives, and even identify patients that are at risk for readmissions, according to Gladden. Having more accurate and reliable data also helps organizations when and if they need to defend their data against auditors. She says she has also seen organizations looking into CAC not just for coding, but also for a collaborative workspace for clinical documentation improve-ment, quality, ancillary departments, and internal auditors. CAC can also empower coding teams, whether they are coding the patient chart concurrently, or at the time of discharge, pro-viding them with a comprehensive workspace and the tools to enable coding professionals to complete work in less time with more accuracy.

CAC also helps organizations improve the quality of their coded data. It can even help providers track hospital-acquired infections, patient safety indicators, and 30-day admits, accord-

Computer-Assisted Coding Reality Check

19_June.indd 12 5/28/19 10:52 AM

Journal of AHIMA June 19 / 13

ing to Kristi Fahy, RHIA, who is an account executive at DVS, a premier partner of Dolbey. She says providers who aren’t using CAC are leaving money on the table. “Pay-for-performance and quality based on VBP… all those initiatives have to have good coding otherwise they’re not going to get reimbursed appropri-ately,” Fahy says.

She notes that one Dolbey client with nine hospitals went from coding 20 inpatient charts per hour to 30 charts per hour with CAC. They had similar improvement in emergency depart-ment coding, which improved from 100 charts per hour to 175 charts per hour with CAC.

“The data is really there to show that productivity. The same site had an external auditor come in and the auditors confirmed that the quality had really improved with the codes,” Fahy says.

Asked if facilities with CAC are better off than facilities with-out, SLG Consulting’s Goodman says it depends on how well CAC is implemented and monitored by credentialed coders.

“The reality is that while CAC is excellent at analyzing key words and suggesting codes, human intervention is still nec-essary, and as with any successful implementation, it always comes down to three things: people, process, and technology,” Goodman says. “If these are integrated appropriately, then CAC can work effectively.” ¢

Notes 1. Dougherty, Michelle; Sandra Seabold; and Susan E.

White. “Study Reveals Hard Facts on CAC.” Journal of AHI-MA 84, no. 7 (July 2013): 54-56. http://library.ahima.org/doc?oid=106668.

2. KLAS Research. “Computer-Assisted Coding 2016: Who Is Delivering Promised Value in ICD-10?” August 16, 2016. https://klasresearch.com/report/computer-assisted-cod-ing-2016/1111.

3. WinterGreen Research. “Computer Assisted Coding: Mar-ket Shares, Strategy, and Forecasts, Worldwide, 2017 to 2023.” March 13, 2017. www.wintergreenresearch.com/computer-assisted-coding.

Mary Butler ([email protected]) is associate editor at the Journal of

AHIMA.

Journal of AHIMA Continuing Education QuizQuiz ID: Q1919006 | EXPIRATION DATE: JUNE 1, 2020HIM Domain Area: TechnologyArticle—“Computer-Assisted Coding Reality Check”

Review Quiz Questions and Take the Quiz Based on this Article Online at https://my.ahima.org/store

Note: AHIMA CE quizzes have moved to an online-only format.

Computer-Assisted Coding Reality Check

19_June.indd 13 5/28/19 10:52 AM

14 / Journal of AHIMA June 19

Revolutionary Payment Changes Prompt Skilled Nursing Facilities to Eye CDI ProgramsBy Lisa A. Eramo, MA

19_June.indd 14 5/28/19 10:52 AM

Journal of AHIMA June 19 / 15

WHILE CLINICAL DOCUMENTATION hasn’t exactly been a strength in many of today’s financially strapped skilled nursing facilities (SNFs), this may soon change as SNFs shift to a new payment methodology—the Patient-Driven Payment Model (PDPM)—in which these facilities are paid based primarily on each patient’s unique medical complexity. The biggest change? Level of assistance with activities of daily living (ADL) and num-ber (and type) of therapy minutes per week have minimal im-pact on reimbursement under the PDPM. Specificity of ICD-10-CM diagnosis codes is what matters most, and those codes are based entirely on clinical documentation. This is leading many SNFs to turn to clinical documentation improvement (CDI) pro-grams in order to rehab their documentation in advance of the upcoming reimbursement changes.

“We definitely see an opportunity to increase our focus on documentation now that SNFs are going to a diagnosis-related payment methodology,” says Monica Baggio Tormey, BS, RHIA, CHP, CHC, CHRC, chief compliance officer and director of HIM/privacy officer at Spaulding Rehab Network, who plans to launch a formal CDI program in its 123-bed SNF this fall.

Spaulding implemented a CDI program in its long-term care hospital (LTCH) in 2011 and a similar program in its inpatient rehab facilities (IRF) in 2015 primarily to ensure that documen-tation reflects patient acuity and drives accurate reimburse-ment. Baggio Tormey sees the PDPM as an opportunity to ac-complish these same goals in the SNF realm.

However, as with all SNFs, Spaulding must address many chal-lenges before it can proceed with formalizing a CDI program. For example, who will perform the CDI function, and what ad-ditional training is necessary? How will individuals in the CDI role pose and track queries to physicians? On what areas of doc-umentation should a SNF CDI program focus?

Experts say the shift to PDPM is garnering attention from SNF administrators, many of whom want to ensure that the docu-mentation recorded by the interdisciplinary team is consistent with the MDS assessment to support accurate coding. A pri-mary concern is that payers will scrutinize diagnosis codes and potentially deny SNF services once PDPM goes into effect. The Centers for Medicare and Medicaid Services provided the fol-lowing reason for moving to the PDPM:

“Under RUG-IV, most patients are classified into a therapy pay-

ment group, which uses primarily the volume of therapy services

provided to the patient as the basis for payment classification. This

creates an incentive for SNF providers to furnish therapy to SNF

patients regardless of the patient’s unique characteristics, goals, or

needs. PDPM eliminates this incentive and improves the overall

accuracy and appropriateness of SNF payments by classifying pa-

tients into payment groups based on specific, data-driven patient

characteristics, while simultaneously reducing administrative

burden on SNF providers.”

“CDI will potentially explode into the SNFs because they’re going to need this knowledge. There’s certainly an opportunity for these programs,” says Deanna Peterson, MHA, RHIA, CHPS, LNHA, vice president of health consulting services at First Class Solutions, LLC, based in in Maryland Heights, MO. None of her

SNF clients have formal CDI programs, but they’ve already ex-pressed interest in how to prepare documentation-wise for the monumental shift to PDPM.

Seven High-Impact Areas of CDI in SNFsUnder PDPM, the stakes are high. Documentation to support ICD-10-CM diagnosis codes, medical necessity, and more is of the utmost importance. Seven areas in which CDI can have an impact are:

1. Clarify specificity of all diagnoses, including the primary diagnosis (why the resident is receiving skilled services) and any comorbidities that exist on admission and/or de-velop throughout the duration of the resident’s stay.

2. Develop query templates, query tracking tools, CDI tip sheets, physician education materials, and more.

3. Ensure that nursing documentation supports medical ne-cessity of 24/7 skilled nursing care as well as all informa-tion reported on the MDS assessment.

4. Identify any major surgical procedures that occurred dur-ing the inpatient hospital stay that immediately preceded the SNF admission.

5. Obtain copies of physician progress notes, which can be omitted from the transfer/admission process.

6. Obtain copies of the complete hospital record, especially the hospital discharge summary, operative report (when relevant), and interfacility transfer report. These records can also be omitted during the transfer/admission pro-cess, though in many cases a unit clerk would help assist the CDI specialist with obtaining both physician progress notes and the complete hospital record.

7. Work with acute care hospitals to clarify the date of the preceding hospital admission.

Overcoming CDI Challenges in SNFsWidespread adoption of CDI in today’s SNFs would represent a significant departure from the status quo. Although SNFs gener-ally provide some nursing education regarding documentation requirements, these efforts don’t typically extend to physicians, and there isn’t usually a formal (and compliant) process for querying providers, Peterson says.

To date, there are many reasons why CDI programs haven’t

Three Best Practices for CDI in SNFs

1. Define SNF-specific CDI program goals and met-rics. Acute care goals and metrics may not translate directly to SNF programs because of the unique-ness of the workflow and MDS assessment that drives payment.

2. Foster collaboration between coders (or individuals performing the coding function), those serving in the role of CDI specialist (or individuals trained to obtain documentation specificity), and MDS coordinators.

3. Obtain buy-in from SNF medical directors who can take the lead on physician communications.

Skilled Nursing Facilities Eye CDI Programs

19_June.indd 15 5/28/19 10:52 AM

16 / Journal of AHIMA June 19

extended into the SNF setting. First, many SNFs don’t currently employ certified HIM professionals, nor is HIM typically a dedi-cated role or department, says Carol Young, a recently retired HIM professional who has extensive experience working in skilled nursing facilities and helped AHIMA develop SNF CDI tip sheets. Young says the quality of medical record documenta-tion is usually a low priority because staff tasked with managing records are also responsible for feeding residents, coordinating transportation and supplies, creating staff schedules, and more.

Another challenge is that physicians aren’t employed directly by the SNF. “This requires a very different engagement strategy than on the acute care side,” says Staci LePage, RHIT, senior con-sultant at Anderson Health Information Systems in Santa Ana, CA. Medical directors must play a key role in raising physician awareness and explaining the purpose of the queries, she adds.

SNFs also frequently rely on documentation that’s outside of their four walls—particularly the hospital record and physician progress notes. The hospital record, for example, could drive the entire SNF payment if the physician doesn’t see the resident by the eighth day of the SNF stay (the day when the MDS assess-ment is due), Peterson says.

“Hospitals are just beginning to give SNFs access to their sys-tems,” LePage says. “Some hospitals were reluctant to do this unless they had a good relationship with the SNF and sent them a lot of patients.”

Likewise, physician progress notes help SNFs identify specif-ic diagnoses and comorbidities that affect payment under the PDPM. However, physicians frequently document these notes in the hospital electronic health record (EHR) system or their own EHR. Copies may not be available to the SNF, making it dif-ficult for SNF providers to obtain a complete clinical picture of each resident and thus bill correctly.

A final challenge for SNFs looking to implement CDI programs is that some SNFs don’t have an EHR. This means CDI in these organizations is likely a manual and time-consuming process, Baggio Tormey says. “If you don’t have an electronic medical record, this change for SNFs is going to result in some facilities having financial challenges,” she says. “There’s a lot of pressure to figure out how they’re going to survive in this very new world. Therapy isn’t the primary driver of revenue anymore.”

Emerging Opportunities for HIM Professionals As SNF administrators consider the feasibility of CDI programs, they must first address the question of who will perform the CDI function. Spaulding Rehab Network hopes that MDS coordina-tors can take on some of the tasks. “MDS nurses work so closely with attending physicians. They already have that relationship established. Adding CDI to these conversations shouldn’t be a heavy lift at all,” Baggio Tormey says.

Others agree. “The MDS nurse interviews the resident to com-plete the MDS assessment, and they really know what’s going on with the resident and what treatment they’re receiving,” Pe-terson says. “They’re in an ideal position to be able to identify documentation opportunities.”

Changes under PDPM also reduce the number of assessments that MDS coordinators are required to perform. This could allow

them to invest time into CDI instead, LePage says. That’s what Baggio Tormey hopes will happen. If it ends up being too much for the SNF’s MDS coordinators to handle, she plans to recruit a CDI professional to serve in a dedicated CDI specialist role.

Experts agree that regardless of who serves in the role of CDI spe-cialist, this individual must work in tandem with a certified coder. “PDPM is pushing everyone down the path of having a certified coder assigning codes. Your acuity—and now your revenue—all ties into ICD-10 diagnosis codes,” says Baggio Tormey, adding that Spaulding uses a centralized team of certified post-acute coders who code all SNF services. Peterson agrees. “Even the facilities that can’t afford to invest in a certified coder right now may start to look for one just because there’s such a risk,” she says.

Large post-acute care networks are already beginning to cre-ate formal HIM departments, and smaller facilities likely won’t be too far behind, Peterson says. “There absolutely is a need for dedicated HIM personnel in long-term care. Facilities have been reluctant to invest in these roles unless they have a reason, and I think that PDPM is that reason,” she adds.

Experts agree that if larger SNFs begin to recruit HIM profes-sionals to serve in a dedicated CDI capacity, these individuals will likely report to corporate-level HIM directors or chief finan-cial officers. In smaller facilities, HIM may report to the SNF ad-ministrator or director of nursing.

Developing a Physician Query WorkflowPhysicians should have access to the SNF’s EHR so they can clarify diagnoses on admission when they write and sign or-ders, says Rhonda Anderson, RHIA, QCP, president at Anderson Health Information Services. Worst case scenario is that the fa-cility uses a paper-based method to query physicians (i.e., cre-

Five Facts About the PDPM

CHECK OUT THESE important facts about the new pay-ment model that will revolutionize the way in which SNFs are reimbursed.

1. Takes effect October 1, 2019.2. Replaces the current case-mix classification system,

the Resource Utilization Group, Version IV (RUG-IV).3. Determines payment through a combination of six pay-

ment components, five of which are case-mix adjusted. The case-mix adjusted components include speech therapy, occupational therapy, physical therapy, nonther-apy ancillary services, and nursing. The non-case-mix adjusted component covers utilization of SNF resources that do not vary according to patient characteristics.

4. Prioritizes clinically-relevant factors (i.e., individual resi-dent conditions as represented by ICD-10-CM diagnosis codes) to determine base rates and case-mix indices.

5. Includes an optional Interim Payment Assessment (IPA) that allows providers to report a change in a resi-dent’s PDPM classification.

To learn more about PDPM, visit www.cms.gov/Medicare/Medicare-Fee-for-Service-Payment/SNFPPS/PDPM.html.

Skilled Nursing Facilities Eye CDI Programs

19_June.indd 16 5/28/19 10:52 AM

Journal of AHIMA June 19 / 17

ating physical mailboxes into which queries are placed or faxing queries to physician offices).

Here’s how Spaulding Rehab Network plans to address the CDI workflow. Certified coders review all documentation to assign one or more diagnosis codes on admission. Coders then work with MDS nurses to obtain any necessary specificity. When ap-propriate, MDS nurses send physician queries through an inter-nal inbox in the EHR. Once physicians answer the query the re-sponse becomes part of the patient’s record, and coders update the diagnosis code when needed. All of this happens within the first five days of the resident’s stay, Baggio Tormey says.

This is the opposite of CDI workflow in most acute care hospi-tals, where a CDI specialist uses an encoder to assign a working DRG that’s subsequently validated by a coder. Because coders reporting SNF services play such an important role in terms of assigning the initial diagnosis, they must receive in-depth train-ing on the PDPM, something that Spaulding plans to provide this summer, she adds.

Demonstrating Return on InvestmentThere are many ways in which CDI specialists can have an im-pact in SNFs, most importantly by ensuring that documentation supports the MDS assessment that’s used to determine pay-ment. For example, they can identify and address documenta-tion discrepancies like in the following scenario: MDS says the resident needs extensive assist with two staff members for toi-

leting and bed mobility, but the nursing narrative says the resi-dent is independent in terms of ADLs.

Another area of impact is capturing all comorbid conditions that directly affect payment and ensuring documentation sup-ports code assignment. “If a SNF is going to even consider a formal CDI program, they’re going to have to see a return on investment,” Peterson says. “More than any other provider set-ting, skilled nursing facilities are dealing with very minimal re-sources. Their reimbursement structure is not as profitable as it is in the acute care world.” ¢

Lisa Eramo ([email protected]) is a freelance writer and editor in

Cranston, RI, who specializes in healthcare regulatory topics, HIM, and

coding.

Journal of AHIMA Continuing Education QuizQuiz ID: Q1929006 | EXPIRATION DATE: JUNE 1, 2020HIM Domain Area: External ForcesArticle—“Revolutionary Payment Changes Prompt Skilled Nursing Facilities to Eye CDI Programs”

Review Quiz Questions and Take the Quiz Based on this Article Online at https://my.ahima.org/store

Note: AHIMA CE quizzes have moved to an online-only format.

Skilled Nursing Facilities Eye CDI Programs

Perry Johnson & Associates, Inc. has over 30

years of history and innovations in healthcare

technology.

• CODING & AUDITING •

• DICTATION & TRANSCRIPTION •

• VIRTUAL SCRIBE • DATA MINING •

• TELERADIOLOGY •

PJ&A understands the demand that the present

day market forces onto health service providers

to be vigilant with cost containment while

maintaining superior quality standards. Our

expertise in the Health IT industry enables us to

help you meet those demands while maintaining

profitability. CONTACT US:

Phone: (800) 803 - 6330

Email: [email protected]

Website: www.pjats.com

19_June.indd 17 5/28/19 10:52 AM

Third-Party Data Disclosure Risk Management for

Healthcare OrganizationsBy April Carlson, MBA, HCISSP, CFE; Daniel Goldman, JD; Burke Milnes, MPA; Kimberly Otte, JD; and Morgan Schacht, JD

HOPING TO BALANCE the competing demands to share in-formation while also protecting it, Mayo Clinic has developed a process to review disclosures of data that is risk-based, stan-dardized, and cross-disciplinary.

The challenges facing the American healthcare delivery sys-tem are glaringly apparent to everyone—costs are too high, access to healthcare services is too limited, and the quality of medical care is lacking when compared to other developed na-tions. While lawmakers continue to debate the public policy so-lutions to this vast problem, Mayo Clinic has explored its own solutions for improving these issues by rethinking the tradition-al means of delivering medical care and trying to improve care through new, innovative means that utilize the latest technol-ogy. Examples include:

� Telemedicine technology to reach patients in underserved

areas of the country. � Predictive algorithms that will indicate which patients

are most likely to benefit from individualized care coor-dination services.

� Analysis of aggregate protected health information (PHI) to determine if a change made to a procedure improved the hospital’s infection rates.

� Encouraging patients to report their own medical informa-tion—such as blood pressure, blood sugar levels, weight, symptoms, etc.—in a manner that will allow the healthcare provider to remotely monitor the patient’s daily condition.

� Use of new technology to accelerate research efforts in de-veloping new life-saving treatments.

� Creation of online patient accounts and health informa-tion exchanges to increase accessibility of medical re-

18 / Journal of AHIMA June 19

19_June.indd 18 5/28/19 10:52 AM

Journal of AHIMA June 19 / 19

cords for patients and their other healthcare providers.

While Mayo Clinic is dedicated to pursuing these solutions and ideas, institutional leadership quickly realized that these more innovative means of providing and managing care pose some significant challenges.

Challenges to AddressMayo Clinic realized that the institution has an abundance of highly talented medical professionals and administrative staff who specialize in healthcare, but it did not have the internal expertise to develop or replicate the rapidly changing techno-logical innovations that were occurring outside of the hospital walls. This motivated Mayo Clinic to approach external technol-ogy companies and other specialists (“third parties”) that could provide the technology solutions needed to meet the goals of improving cost, quality, and access. As clinical departments at Mayo Clinic began to rethink their care delivery strategies, the volume of requests to engage external technology solutions in-creased dramatically and became nearly unmanageable.

In the midst of this increased demand for external technology solutions and services, Mayo Clinic was ramping up its infor-mation security efforts in response to the increasing number of significant cyberattacks and breaches occurring in the health-care industry. The transition from paper medical records to electronic health records was an incredible advancement from a clinical care perspective, but it also made enormous amounts of health information more accessible—and vulnerable—than ever. Hackers are motivated to target patient data because it generally has a higher resale value on the dark web than other types of personal information.1 A successful hacker can steal the identity of millions of patients or encrypt a hospital’s servers to block access to medical records until a ransom is paid.

Managing Competing ObjectivesMayo Clinic was faced with competing objectives: leverage PHI to decrease costs, improve quality, and increase access to care while also enhancing the protection and security of that same data. From an information security perspective, allowing third parties to receive, store, and/or access PHI posed greater risks. Yet, many of the technology initiatives that Mayo Clinic wanted to pursue would have been too costly and inefficient to develop without the assistance of a third party with the necessary tech-nological expertise.

There are many risk-related questions that arise when examin-ing requests to disclose data. For example, what types of informa-tion security assurances and safeguards should be required for the third parties who have access to PHI? Should a large, well-established third party receive the same degree of scrutiny as a small start-up company with a cutting-edge technology product to sell? How does a healthcare system manage and coordinate the enormous volume of requests to share PHI with third parties? How should a healthcare system manage subcontractors, off-shoring, and non-standard contract terms? How does an institu-

tion protect ownership of their data and the intellectual property value it holds when it’s de-identified? Will other types of identifi-able data held by Mayo Clinic, such as the personally identifiable information (PII) in its role as an employer and academic institu-tion, undergo the same level of review as PHI?

Developing a Risk-Based Framework Mayo Clinic leadership recognized that large-scale data trans-fers of sensitive PHI and PII needed sufficient oversight and governance on an ongoing basis and as a result established a Data Disclosure Oversight Committee (DDOC). The organiza-tion has a long history of utilizing multi-disciplinary teams in clinical practice areas. Aligning with this tradition, the commit-tee membership is strategically comprised of a multi-disciplin-ary team of experts bringing their perspective and expertise to the table. The committee includes representation from the clini-cal practice, privacy, legal, risk, information security, IT, supply chain, and business development departments to help ensure that a broad range of risks are considered during reviews. The cross-disciplinary membership is essential for expertise and to serve as a check and balance for the proponent who often is mo-tivated by a narrower agenda. Internal policies were established requiring DDOC review of external transfers of PHI and PII dur-ing both the initiation of new third-party contracts as well as during contract renewal phases.

The committee prioritized deploying a balanced approach to supporting business and practice priorities while helping to carry out sufficient governance and oversight of external data transfers to third parties. They agreed that risks associated with data transfer requests warrant examination, risk mitigation, and, in certain circumstances, formalized risk acceptance. Early in its inception, the committee acknowledged the importance of leveraging a risk-based approach for reviewing data transfer requests and emphasized the importance of leveraging risk-based principles for vendor management. As the review process evolved and matured, DDOC identified common risk catego-ries that consistently surface in data transfer requests. A stra-tegic priority was placed on documenting these common risk categories to develop a corresponding risk scoring framework to consistently calculate risk using a standard set of principles. The risk scoring criteria promotes a more standardized review and consistent measurement of associated risks.

Standardized Data Disclosure Risk Scoring Criteria Figure 1 on page 20 illustrates the standard risk scoring crite-ria developed by the Mayo Clinic’s DDOC that is utilized within the Data Disclosure Program. The overall risk scoring equation possesses a combination of vendor-specific and project-specific risk categories. The weight given to each of the risk scoring sub-categories was assigned based on committee dialogue, consen-sus, and documented risk mitigation priorities.

Data Volume and Data SensitivityHeavy emphasis is placed on the volume of individually iden-

Third-Party Data Disclosure Risk Management

19_June.indd 19 5/28/19 10:52 AM

20 / Journal of AHIMA June 19

Figure 1: Mayo Clinic Data Disclosure Oversight Committee Risk Scoring Criteria

Risk Rank Risk Scope Risk Score Weight

ValueWeighted

Risk Score

Data Sensitivity Point ValueLow (demographic only) 1Medium (demographic + general medical) 2High (demographic + sensitive medical) 3Critical (demographic + financial and/or SSN) 4Number of Unique Records stored/accessed for life of Agreement Point Value1 - 499 1500 - 100,000 2>100,000 - 1,000,000 3>1,000,000 4Age of Vendor Point Value>20 years (established) 15-20 years 2<5 year (new) 3Size of Vendor Point Value>10,000 (large) 1500-10,000 (medium) 2<500 (small) 3Purpose of Disclosure Point ValueIRB/Public Health/Registry/Association 1TPO/Employee Benefits/Research/Quality 2Marketing/Fundraising/For Profit 4Data Storage by Vendor Location Point ValueN/A 0Cloud-Managed Storage 1US Vendor-Managed Storage 2Foreign-Managed Storage 4Public Breaches by Vendor in Past 5 years Point ValueNo 0Yes 4Vendor Use of Subcontractors Point ValueNo 0Yes 3Data Access by Vendor Location Point ValueN/A 0US Only Remote Vendor Access 1Includes White-Listed Country Foreign Remote Access 2Includes Other Country Foreign Remote Access 4Highest Level of Vendor System Access Point ValueN/A 0User (Test data only) 1User (Production data) 2Administrator, Super User, write access 3Number of Vendor Employees With Access to Data Point Value1 to 5 16 to 20 2>20 3Vendor Access/Data Transfer Frequency Point ValueYearly/Product Support Only (Incidental) 1Weekly/Monthly (Periodic) 2Daily+ (Routine) 3Cyber Liability Insurance Coverage Point ValueYes 0No 3

OVERALL RISK SCORE 0

0

6 0

76-91 = Low * 92-109 = Medium * 110-Above = High Note: Risk factors flagged in RED may require additional review and documentation

4 0

2 0

7 Vendor 5

2

8 0

7 0

6 Project

6

0

4 0

10 Project

9 Project

8 Project

5 Project

0

1 0

2

13 Vendor

11 Project

12 Project

0

RISK FACTOR

1 Project

2 Project

0

6 0

3 Vendor

4 Vendor

6

Third-Party Data Disclosure Risk Management

19_June.indd 20 5/28/19 10:53 AM

Journal of AHIMA June 19 / 21

tifiable records to be disclosed as well as the sensitivity level of the data. Data sensitivity risk calculations are rooted in the potential patient, employee, reputational, legal, and financial impact associated with certain types of data being breached. For example, a breach of names and Social Security numbers is scored as higher risk than patient names and demographic medical information such as medical record numbers because of the anticipated patient impact, financial costs, and reputa-tional impact incurred by a data breach with higher sensitiv-ity. Sensitive medical data categories such as substance abuse records, HIV and pregnancy records, or behavioral health records score as higher risk than names and medical record numbers alone.

Vendor-Specific Risk Profiling Some risk categories focus specifically on the vendor versus the project. For example, one factor in the risk score is how long a vendor has been doing business, as this often corre-lates with the maturity of its information security program as well as its ability to indemnify for financial damages associ-ated with a large-scale data breach. Following similar logic, the size of the vendor is also calculated in the risk score equa-tion, recognizing that most large companies devote signifi-cant resources to build strong information security programs and practices. Additionally, the risk score calculation factors whether a company under review has experienced a signifi-cant breach within the past five years. This scoring criteria promotes transparency around past breach occurrences and may serve as a catalyst to obtain additional information as evidence of mitigating controls that have been implemented as a result of the breach.

Data Storage by Vendor Location Proposed vendor storage type also factors into the risk score cal-culation. The emergence of vendors that provide cloud storage services was initially considered higher risk. But as the commit-tee began to better understand the stronger information security controls and validated security testing by third-party auditors, it changed the risk profile of reputable cloud storage providers to be lower risk. Additionally, vendor storage clouds that remain in the United States are scored as lower risk than an offshore ven-dor storage location due to the uncertainty regarding regulatory and vendor controls in place in non-US countries.

Use of Subcontractors While a vendor may possess a strong information security pro-gram, their subcontractors may have less rigorous information security practices and controls. The extent to which a vendor subcontracts out services that involve the storage or processing of data presents additional risk considerations and is therefore factored into the overall data disclosure risk equation. If a ven-dor discloses that some of the data will be transferred to or ac-cessed by subcontractors as part of the proposed arrangement, this is factored into the overall risk score. The disclosure of data to subcontractors may warrant a more detailed review depend-ing on the overall risk score calculation.

Data Access by Vendor Location and Levels of System Access The risk scoring criteria also accounts for whether the vendor will hold remote access to Mayo Clinic systems and, if so, from where the remote access will occur. The committee developed guidelines surrounding proposed offshore access and/or stor-age by location and has documented “white-listed” countries based on information available from corruption and cyberse-curity rankings. Countries that are not on the white list require committee review and approval, and they may be approved as a one-off or added to the white list based on the committee’s rec-ommendation. Also factored into the risk equation is the provi-sioning level of remote access.

The risk scoring criteria also examines what type of data the vendor would have access to remotely. Will a vendor be given access to only test data or does the pending contract propose access to production data? Or, a higher risk, does a particular proposal require the vendor to obtain administrative rights to access internal systems as part of the project?

Number of Employees with Access, Data Transfer Frequency, Cyber Liability Insurance Risk scoring also takes into account how many third-party em-ployees will have access to the data, how often the transfers will be occurring, and whether the vendor possesses cyber liability insurance coverage.

Operationalizing Standard Data Transfer Requirements As the data disclosure review process has matured, standard processing guidelines for staff have been created to process re-quests according to risk calculations. The calculated risk score defines what type of review path a request will take. Moderate risk requests require certain third-party information security evaluations be reviewed before the transfer of data can com-mence. High-risk requests require a more in-depth examina-tion of information security controls through completion of ad-ditional documentation and submission of information security audit reports completed by independent third parties.

The committee has also recognized that contractual assurances are an important part of vendor risk management. Accordingly, the committee requires that vendors execute appropriate agree-ments including language that not only ensures compliance with regulatory requirements but also industry-standard process and information security controls. Deviations from these institutional requirements must be reviewed and approved by the committee. Expedited approval processes were developed for requests that conform to standard requirements. The operational process is in-tentionally designed to surface only the highest-risk requests for full committee review, discussion, and approval.

Risk Mitigation through the Review Process Data disclosure reviews mitigate data privacy and security risks in a number of ways. DDOC staff continually provide guidance to requestors throughout the entire process. Part of the review process centers upon ensuring that the business case to transfer the data is strong and that only the minimum amount of data necessary to meet business or practice needs is

Third-Party Data Disclosure Risk Management

19_June.indd 21 5/28/19 10:53 AM

22 / Journal of AHIMA June 19

transferred to the third party. DDOC staff suggest best practic-es or other options that make the request lower risk, and thus such requests are more likely to be approved by the commit-tee. As a result, the initial request that is submitted to DDOC often looks significantly different than the request that is ulti-mately approved.

DDOC advises sending the minimum amount of data ele-ments necessary to meet business objectives and challeng-es proponents submitting requests to examine what type of data needs to be disclosed. One example involved a pro-posal to send facial images, behavioral health records, and MRNs to a third party as part of a data sharing arrangement to engage in industry benchmarking. When asked for the business case on why these types of data elements would be required for surgical benchmarking, confirmation was received that these data elements would not be needed by the third party.

DDOC reviews routinely minimize the type of data ele-ments sent to a particular business associate. Other examples of where the committee provides value involve leading effec-tive enforcement of institutional information security stan-dards before data can be sent. Some proposed high-risk data transfers are postponed until the vendor can provide sufficient security assurances and attestations from third-party audit firms. During other reviews, it may be discovered that vendors are unwilling to meet minimum contractual data protection standards and therefore business proponents are advised to explore alternative options with other third parties that are able to agree to institutional data protection contractual provi-sions. Once a request has been approved, the vendor is added to a “dashboard” through the use of a vended solution. This dashboard enables DDOC to effectively monitor approved vendors for events that may significantly affect the risk profile of an approved vendor such as bankruptcies, data breaches, and/or acquisitions.

Integrating the DDOC Process with a Broader Technology Assurance Process After the Data Disclosure Program was fully established and opera-tional, colleagues in IT and information security diligently worked to establish a more streamlined and robust review of information technology-related requests. A process was created to help ensure technology- and data-related requests are able to meet techni-cal data protection and IT architectural standards that promote implementing strong information security controls as well as IT system congruence. This process, known as the Security, Privacy, Architecture, and Data (SPAD) assurance process, is intended to be a single entry point to obtain necessary data disclosure, informa-tion technology, and information security reviews of a particular request to disclose data. This process helps to ensure sufficient technical expertise is devoted to reviewing a third party’s ability to meet Mayo Clinic data privacy and information security standards. The data disclosure review process was strategically integrated with this broader review process to help promote efficiency and streamlined reviews of data sharing requests.

Developing an effective framework to prudently manage the risks associated with data sharing will be more critical than ever before as healthcare organizations continue to manage divergent priorities—sharing large sets of patient data in ways that fuel inno-vation while also keeping patient privacy and information security at the forefront. ¢

Note 1. Francis, Ryan. “Healthcare records for sale on Dark Web.”

CSO. April 24, 2017. www.csoonline.com/article/3189869/healthcare-records-for-sale-on-dark-web.html.

April Carlson ([email protected]) is privacy officer/data protection

officer, Daniel Goldman is legal counsel, Burke Milnes is Arizona compli-

ance and privacy officer, Kimberly Otte is chief risk officer, and Morgan

Schacht is contract manager at Mayo Clinic.

Third-Party Data Disclosure Risk Management

THE BESTPRODUCTIVITY

SOFTWARE SPEED UP YOUR TEXT INPUT

• Create customized glossaries in an instant.

• Type a few letters and Instant Text suggests.

• Continue phrases without typing.

Call 1 800 355 5251 Instant Text 7 Prowww.instanttext.com

Make your clinical documentation and data entry

TIMELY - ACCURATE - RELIABLE and give doctors more time for patient care.

19_June.indd 22 5/28/19 10:53 AM

www.ahacentraloffice.org

YOUR PARTNER IN CODING EDUCATION

AND RESOURCES

• Online access for AHA Coding

Clinic® for ICD-10-CM and ICD-10-PCS

and AHA Coding Clinic® for HCPCS –

www.CodingClinicAdvisor.com

• ICD-10-CM and ICD-10-PCS

Coding Handbook 2019

• Free coding advice service

through AHA Coding Clinic® Advisor –

www.CodingClinicAdvisor.com

• ICD-10-CM, ICD-10-PCS and HCPCS

reference materials, webinars

and more...

19_June.indd 23 5/28/19 10:53 AM

24 / Journal of AHIMA June 19

WHEN YOU SEE a list of letters after a health information man-agement (HIM) professional’s last name, it’s sometimes too easy to take for granted all the long, hard hours that went into earning and creating those acronyms. For both the credential earner and the certification creator (AHIMA), a certification is an investment.

It can take three to five years to launch a certification in the mar-ketplace, depending on how quickly change is happening in the industry. For example, with the clinical documentation improve-ment practitioner (CDIP) credential, CDI experts convene to make annual changes to the exam and constantly re-evaluate the skills and knowledge that they think credential holders should have.

Certification creation is a story that isn’t told very often, ac-cording to Terrence Wright, AHIMA’s director of certification, but is important to understand so that credential holders know just what they are getting with that list of letters. AHIMA’s certification process is considered the “gold standard” based on several fac-tors—one of which is the fact that AHIMA credentials are created using a scientific process. AHIMA works with the Commission on Certification for Health Informatics and Information Management (CCHIIM), which helps ensure that the appropriate processes are used to develop exams. Additionally, AHIMA’s CCS, CCA, RHIA, and RHIT credentials are accredited by the National Commission of Certifying Agencies (NCCA). According to Desla Mancilla, DHA, RHIA, vice president of academic affairs at AHIMA, NCCA accred-itation for credential development “is like getting a gold seal that tells the industry that all appropriate exam development activities

took place.” Even though only four AHIMA credentials are NCCA-accredited, AHIMA still applies the same level of rigor required by the NCCA to every credential it develops.

The CDIP credential is designed to demonstrate competence and efficiency in medical record review, coding principles, reim-bursement methodologies, regulatory compliance, management of CDI program metrics, and record management. With this un-derstanding in mind, AHIMA developed a high-quality exam to ascertain a candidate’s ability to perform the necessary duties.

Lifecycle of the CDIPBefore there could be a CDI credential, a job task analysis—which involves a three-step process—was undertaken by a pan-el of subject matter experts in CDI, Wright explains. The job task analysis first outlined the duties related to working as a CDI spe-cialist, and the knowledge, skills, and abilities needed to com-petently perform them. Through guided discussion, the group of experts created a list of content domains in which measurable tasks were placed. These tasks informed the survey that was de-veloped and disseminated during the second phase of the job task analysis process—which was to send that survey to subject matter experts and practicing CDI specialists. That survey group was able to add knowledge, skills, and abilities that might be missing from the job task analysis, Wright says.

Next, the survey group sent their feedback to the initial job task analysis team who held a meeting to create recommen-

How an AHIMA Credential is BornEXTENSIVE VETTING PROCESS PRODUCES ‘GOLD STANDARD’ CDIP, OTHER CREDENTIALSBy Mary Butler

19_June.indd 24 5/28/19 10:53 AM

Journal of AHIMA June 19 / 25

dations for the development of the credentialing exam. That test plan document becomes a blueprint for what appears on an exam. These recommendations were taken under consider-ation by CCHIIM, an AHIMA commission dedicated to ensur-ing the competency of professionals practicing health infor-mation and informatics, and was then voted on. The document CCHIIM voted on became the new CDIP exam blueprint. All of the reports, studies, and surveys were then made public on AHIMA’s website (www.ahima.org/certification/cdip).

“The difference between AHIMA’s process and what I’ve seen with some of our competitors is that we openly make all of our reports attached to these processes available to the public,” Wright says. “It’s important to do that…When somebody has a question about why AHIMA has a survey in the certification area, we can always point back to this knowledge base.”

CDIP Credentialing ExamTo ensure the exam is measuring topics that it is designed to measure, the exam blueprint (found on the AHIMA website) is used in all aspects of exam development. Item writers and re-viewers are recruited from professionals currently working in the field. These subject matter experts meet as groups to devel-op and review items. All items used to determine competence are pre-tested before being used as operational items.

“It always surprises people in the credentialing world, but we do ongoing development so we have this constant review go-ing on behind the scenes on [exam] items. We have different workshops where item writers sit and look at items all day, and they’re usually dog tired when it’s over,” Wright says. “Then we update our forms [exams] annually or as needed.”

AHIMA works with Pearson Vue to administer the exams in testing sites located around the world. The AHIMA website also contains information concerning application processes, testing fee structure, and registration at Pearson testing centers. Having a website that fully conveys information related to the exam offers candidates the ability to be fully informed during the entire testing process, which helps relieve stress as candidates prepare to sit for important exams. Simply earning the CDIP credential is not a one-and-done endeavor. Credential holders must continue to recertify on a two-year cycle. To maintain just the CDIP, credential holders must earn 30 continuing education units over a two-year period.

Value of the CDIP CredentialAccording to Wright, individuals who sit for the exam already are considered to be leaders in their field and experts in proper clini-cal documentation, as evidenced by the fact that so many physi-cians and individuals who already hold several other professional credentials take the exam. AHIMA credentials carry more weight throughout the industry in part, says Wright, because it is so transparent about what goes into the credential’s creation.

“There’s a right way and a wrong way to develop exams if you want to be scientifically rigorous and be defensible legally. AHIMA makes sure the letter of the law is followed… It’s one of the positives of working here [at AHIMA],” Wright says. “I know in the end that if I have to defend the exam, I have a lot of evidence to stand on.”

Challenges can come in the form of people who fail the exam and

attempt to make the case that they failed because the exam was poorly written. This is a big reason that all of the materials that in-formed the exam’s creation are publicly available—which is simply not the case with other non-AHIMA credentials. Full details on the CDIP exam domains are available at www.ahima.org/certification.

Anny Yuen, RHIA, CCS, CCDS, CDIP, co-chair of AHIMA’s Clinical Documentation Improvement Practice Council, first sat for the CDIP exam approximately six years ago.

“I personally thought it would at least make myself and my career more marketable… show that I really do know what I’m doing,” Yuen says. “I take pride in what AHIMA has done. I’ve been very active in trying to change traditional CDI programs to accept the HIM professional’s knowledge and demonstrate the importance of the CDIP credential in the industry.”

Yuen’s practice council co-chair, Chinedum Mogbo, MD, MS, RHIA, CDIP, CCS, manager of CDI at Tenet Healthcare, was a practicing physician in Nigeria before she came to the United States but chose not to continue practicing medicine. The CDIP was the first HIM credential she acquired in addition to the CCS, in part because AHIMA provided the flexibility to sit for the exam because of her prior medical background. Like Yuen, she sat for the exam about six years ago, and also like Yuen vol-unteered to do item writing for the CDIP exam. Mogbo says the credential has “opened more doors” for her.

“When you apply for jobs, you want to be able to have a credential that says, ‘Hey, not only do I have this clinical background, but I also know the nuances around clinical documentation and integ-rity and how to practice it.’” Mogbo says. “It kind of gives weight to whatever you’re doing. It’s a good credential to have—it gives you more bargaining power and it launched my career in the CDI world. It gave me that edge.” ¢

Mary Butler ([email protected]) is associate editor at the Journal of

AHIMA.

VISIT THE JOURNAL of AHIMA website to view a slideshow that takes a step-by-step look at how AHI-MA’s credentials are creat-ed and discusses why they are the “gold standard” for the industry: https://jour-nal.ahima.org/2019/05/01/blueprint-for-excellence-how-ahima-builds-its-gold-standard-credentials/.

Slideshow: Blueprint for Excellence

How an AHIMA Credential is Born

Read Morewww.ahima.org/certificationVisit the AHIMA website’s certification section to learn more

about how the CDIP and other AHIMA credentials are created and the value credentials bring to HIM professionals.

19_June.indd 25 5/28/19 10:53 AM

26 / Journal of AHIMA June 19

WWHILE SERVING AS a system privacy officer for a Wisconsin-based healthcare system, the author of this article met regu-larly with the organization’s president to review privacy and security compliance. This time was spent reviewing breaches that members of the workforce were directly responsible for, as well as the consequences for Health Insurance Portability and Accountability Act (HIPAA) sanctions that resulted from their actions. At one point, the president thoughtfully commented that “curiosity not only kills the cat, it can also kill the career.”

This profound summation reflected the professional and personal impact of a workforce member’s decision to ignore internal policies as well as state and federal privacy and secu-rity regulations. This reflection quickly inspired a new series of HIPAA awareness training and tools, which were rolled out with the eye-catching title “Curiosity Killed the Career.” Subsequent modifications to HIPAA affirmed the need for ongoing training.

Privacy Laws and Potential Fines The HIPAA Privacy Rule became effective in 2003, and was fol-lowed by the HIPAA Security Rule in 2005. The HIPAA Privacy and Security Rules dramatically changed the way healthcare organizations create, manage, safeguard, retain, and destroy confidential protected health information (PHI). They re-quired healthcare organizations to have processes in place to apply appropriate sanctions to workforce members who fail to comply with HIPAA and internal policies.

As the HIPAA Privacy Rule evolved, greater emphasis was di-rected toward unauthorized access, use, and disclosure of pa-tients’ PHI—or breaches, as they are commonly known. Fur-ther revisions occurred in 2009 with the Health Information Technology for Economic and Clinical Health (HITECH) Act

and the 2013 HIPAA Final Omnibus Rule. Together, these rules expanded direct accountabilities to the level of the individual workforce member. As a result, no longer did the healthcare organization have to bear sole responsibility for the acts of a rogue workforce member.

The Department of Justice assigns criminal penalties for in-dividuals who knowingly or maliciously misuse patient PHI. The penalties are structured as follows:

� Covered entities/individuals that “knowingly” obtain or disclose PHI can face a fine of up to $50,000, as well as im-prisonment up to one year.

� Covered entities/individuals who commit offenses under false pretenses face penalties of up to a $100,000 fine, with up to five years in prison.

� Finally, offenses committed with the intent to sell, trans-fer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm can face fines of $250,000 and imprisonment up to 10 years.1

Personal Risk Key Part of HIPAA Regardless of established administrative, physical, and tech-nical safeguards, a healthcare organization cannot always control the actions of the rogue workforce member. Until HIPAA directed compliance responsibilities to the individu-al level, the healthcare organization was often left standing alone as the responsible party for a HIPAA breach. Once it be-came clear that an individual workforce member could suffer personal consequences as a result of their failure to safeguard PHI, it raised the stakes considerably.

In 2009, Huping Zhou of Los Angeles, CA was sentenced to

Working Smart a professional practice forum

Curiosity Killed the CareerBy Nancy Davis, MS, RHIA, CHPS

19_June.indd 26 5/28/19 10:53 AM

Journal of AHIMA June 19 / 27

four months in prison and a $2,000 fine after pleading guilty to unauthorized access of confidential medical records.2 In 2018, Jeffrey Luke of Collierville, TN, pleaded guilty to downloading the PHI of 300 patients on his computer and was sentenced to 30 days in jail, three years of supervised release, and ordered to pay $14,941 in restitution.3 From 2009 through the present, the healthcare industry has seen continued criminal penalties assigned to healthcare workers who have violated HIPAA. It is highly unlikely that any of these individuals will ever work in healthcare again.

Privacy and security officers are wise to leverage these fines, penalties, and criminal cases when creating training, educa-tion, and awareness tools for workforce members on the need to safeguard the privacy and security of PHI. It is critical that workforce members are aware that failure to adhere to pri-vacy and security policies puts them at great personal risk for sanctions. At the organizational level, HIPAA sanctions can include:

� Counseling � Retraining � Corrective action � Suspension � Termination � Loss of unemployment benefits

On a broader scale, HIPAA breaches can also include report-ing breach activity to the following organizations, which may levy greater sanctions:

� Local, state, and federal law enforcement agencies � Office for Civil Rights � State attorney general

HIPAA breaches can also be reported to the workforce member’s professional licensing or certification board and ethics committees. Reports to licensing boards become pub-lic records and are often the basis for future employment background checks. Professional organizations such as AHI-MA certifies its members and has in place a code of ethics setting forth ethical obligations of practice. Members who fail to adhere to the code may be subject to review by the or-ganization’s ethics committee and could lose AHIMA certi-fication as a result of the violation. Many leadership positions in health information management (HIM) require AHIMA certification. To lose this would greatly jeopardize employ-

ment in the field. Clearly, there is much at risk for licensed or certified workforce members.

Finally, workforce members can be sued by their victims in private lawsuits. Invasion of privacy is a willful tort that consti-tutes a legal injury, and damages for mental suffering are recov-erable without the necessity of showing actual physical injury.

In addition to formal internal and external HIPAA sanctions, the workforce member may lose their personal reputation in the community. Relationships with family members and friends can be severed by HIPAA breaches when the actions of the workforce member are disclosed to the victims of their be-havior. In healthcare organizations where an electronic health record (EHR) system may be shared, termination for inappro-priate EHR access, use, or disclosure at one organization may very well close the door to employment at other participating organizations. In working with a system such as this, it is not unusual for an individual who has been terminated from one organization to find that they are not eligible to work at anoth-er organization using the same EHR system because they are on the “no-access” list.

While every effort should be made to promote the safeguard-ing of patient privacy and security on a positive note, there should also be consideration of the personal and profession-al risks associated with failure to do so. Workforce members need to be aware that “curiosity can kill the career” and they have much at stake in order to preserve their personal and pro-fessional well-being. ¢

Notes 1. US Department of Health and Human Services. 45

CFR SS 164.530(e)(1). HIPAA Privacy Rule Administra-tive Requirements. www.govinfo.gov/content/pkg/CFR-2012-t it le45-vol1/pdf/CFR-2012-t it le45-vol1-sec164-530.pdf.

2. Dimick, Chris. “Californian Sentenced to Prison for HIPAA Violations.” Journal of AHIMA. April 29, 2010. http://journal.ahima.org/2010/04/29/californian-sen-tenced-to-prison-for-hipaa-violation/.

3. “Jail Terms for HIPAA Violations by Employees.” HIPAA Journal. March 22, 2018. www.hipaajournal.com/jail-terms-for-hipaa-violations-by-employees/.

Nancy Davis ([email protected]) is the director of compliance

and safety at Door County Medical Center, based in Sturgeon Bay, WI.

Once it became clear that an individual workforce member could suffer personal consequences as a result of their failure to safeguard PHI, it raised the stakes considerably.

19_June.indd 27 5/28/19 10:53 AM

28 / Journal of AHIMA June 19

B

Data Normalization: Help for Quality Measures ReportingBy Cheryl Mason, MSHI

BY NOW, MOST health information management (HIM) pro-fessionals are familiar with national quality measures and the role they play in value-based care. Accuracy in reporting is para-mount as the Centers for Medicare and Medicaid Services (CMS) continues to elevate the relationship between these calculations and a healthcare organization’s bottom line and reputation.

Now in its third year, the Medicare Access and CHIP Reauthori-zation Act (MACRA) provides a framework for accountability and transparency. The goal is to drive improvement in the quality of care given to Medicare recipients, promote interoperability, drive performance improvement initiatives, and assess the cost of care. For Merit-Based Incentive Payment System (MIPS) participants, the framework is designed around four categories of reporting re-quirements: quality (45 percent), promoting interoperability (25 percent), process improvement (15 percent), and cost contain-ment (15 percent). These measurement activities help stakehold-ers quantify processes, outcomes, and patient satisfaction as the industry strives for improved population health, better patient experiences, and lower costs. Organizations that are opting for alternative payment models (APMs) take on more risk and have a slightly different framework. In either case, having accurate data is essential to successfully reporting to CMS.

Because data for quality measures reporting is collected in a variety of ways, such as insurance claims, electronic health records (EHRs), and registries, healthcare organizations must have systems in place that ensure complete and accurate aggre-gation of information. Yet, the reality is that many organizations struggle with the basics of data management and find they are running up against an unseen challenge: data silos.

Information needed for accurate quality measures reporting often remains “locked” within EHRs and other disparate systems

due to inconsistent technology and documentation requirements. Some of the data required for quality reporting is not codified to any standard and is documented using local vernacular or simply found only in unstructured text. Consequently, providers and pay-ers often fail to accurately aggregate the data needed for a given quality measure and risk reimbursement losses or reputational consequences due to the appearance of lower care quality.

The solution to this conundrum is a “single source of truth” that ensures data coming from disparate systems is normalized to an industry standard for meaningful sharing. Despite broader indus-try efforts to address clean information sharing through technol-ogy, standards, and even incentives, barriers still exist. As industry initiatives continue to prioritize the shift to patient-centered care, it becomes more urgent that providers deploy systems that ensure data collection and sharing is accurate, timely, and consistent. Providers must leverage data normalization strategies that clean and map disparate patient information to achieve this end.

Quality Measures BasicsPatient cohorts—a group of patients sharing specific charac-teristics—form the basis of quality measures. For instance, a heart failure cohort may include such patient characteristics as ejection fraction values, lab tests such as B-type natriuretic peptide, or problem list entries. Healthcare organizations need a method of codifying vast volumes of patient data to accurate-ly identify and extract patients with these characteristics.

Accurate data aggregation is no easy feat for the average healthcare organization. Consider, for example, the complexi-ties of identifying all patients for a single and relatively straight-forward measure: MIPS measure 021, “Perioperative Care: Se-lection of Prophyactic Antibiotic – First OR Second-Generation

Working Smart a professional practice forum

19_June.indd 28 5/28/19 10:53 AM

Working Smart a professional practice forum

Journal of AHIMA June 19 / 29

Cephalosporin.” More specifically, this is a process measure in the domain of patient safety which measures patients aged 18 years and over that are undergoing certain procedures that have an indication for a first- or second-generation cephalosporin antibiotic, who had one ordered for antimicrobial prophylaxis.

The numerator of this metric measures the number of surgical patients that have had a first- or second-generation cephalospo-rin for antimicrobial prophylaxis ordered. As such, a healthcare organization must have a way to identify surgical patients by the antibiotics they are taking within the timeframe listed.

In the denominator, the metric requires all surgical patients 18 years of age and older undergoing procedures with the indica-tions for a first- or second-generation cephalosporin prophylac-tic antibiotic. In addition, healthcare organizations must be able to factor in exclusions that include:

� Patients enrolled in clinical trials � Patients with physician/advanced practice nurse/physi-

cian assistant (physician/APN/PA)–documented infection prior to surgical procedure of interest

� Patients taking antibiotics more than 24 hours prior to sur-gery except colon surgery patients

� Other medical reasons (G9196)

This measure can be reported through claims data or certified registries. The claims data must contain a specific G code (G9197) that indicates the patient has had an appropriate order written. In many cases, this requires a manual assignment of the G code by a certified coding professional. In order to automate this pro-cess and reduce errors from human intervention, it is important to identify the presence of the appropriate order at the appropri-ate time or evidence of the patient taking antibiotics more than 24 hours prior to surgery. This information must be captured in a structured way and then translated into the appropriate G code to be captured in the patient claim data.

In the medical record, medication data can be captured data us-ing proprietary drug databases such as Medi-Span or FDB. It could also be captured using RxNorm or NDC codes. The question be-comes: how do you identify the medication order, understand if it fits the description of first- or second- generation cephalosporin, and ensure that G9197 is entered on the patient claim?

Additionally, healthcare organizations often struggle to effi-ciently identify qualitative information such as evidence of prior infection. While much of the data found within the EHR are cap-tured through the use of industry standards such as ICD-10 and SNOMED CT, this information is often located in free text. Note that the requirement is for a clinician to document prior infec-tion. This information might (or might not) be included in a prob-lem list that may or may not be codified to SNOMED.

The Free Text Challenge: What Can Be MissedMany data governance strategies lack an effective way to extract unstructured patient data. One study found that when only struc-tured EHR data was used to derive quality measures, practice performance was undercut when compared to a manual review

of electronic charts that included unstructured patient narrative.1 There are many examples where providers and payers can

miss patient reporting opportunities. For example, MIPS mea-sure 005 (NQF 0081) considers the use of angiotensin convert-ing enzyme (ACE) inhibitor or angiotensin receptor blocking (ARB) therapy for patients with documented ejection fractions of less than 40 percent. The quantified ejection fraction is rarely documented in a structured form, and the inability to find this data will skew the measure reporting.

Quality measure PQRS 116 (NQF 58) is another example, where providers risk lower performance scores when free text is not factored into the measurement. Used to measure pa-tients who inappropriately receive antibiotics for acute bron-chitis, the metric includes exclusion criteria for patients who have a secondary condition, such as cystic fibrosis or HIV. Of-ten, documentation demonstrating the secondary diagnoses is found in free text as opposed to structured areas of the EHR.

Health insurers reporting quality measures through the Healthcare Effectiveness Data and Information Set (HEDIS) program also want to ensure they are accurately identifying all inclusion and exclusion criteria in free text to obtain the highest CMS star ratings and reimbursement. This requires access to clinical data found in EHRs as well as free text notes.

Improving the OutlookMany reasons exist for defining patient cohorts beyond quality measures reporting. The success of any of these efforts rests with a healthcare organization’s ability to accurately and completely identify all patients with the pre-defined attributes within a cohort.

Data normalization strategies help healthcare organizations overcome these challenges. Otherwise, providers and payers have no way of identifying patients who fit pre-determined cri-teria without manually combing charts. Technology is an im-portant consideration, and the right platform can address both structured and unstructured patient data, ensuring patients are not excluded from patient cohort analytics. Advanced so-lutions exist that automate and streamline the complexities of data normalization by addressing the following:

� Content—establish a single source of truth for all terminol-ogy-related maps, value sets, and code sets

� Applications—enable interoperability and increase the quality of analytics

� Web-based APIs—integrate reference data into existing data warehouses or analytics platforms ¢

Note 1. Parsons, Amanda et al. “Validity of electronic health record-

derived quality measurement for performance monitoring.” Journal of the American Medical Informatics Association 19, no. 4 (July-August 2012): 601-609. www.ncbi.nlm.nih.gov/pmc/articles/PMC3384112/.

Cheryl Mason ([email protected]) is director of clinical in-

formatics consulting at Wolters Kluwer, Health Language.

19_June.indd 29 5/28/19 10:53 AM

30 / Journal of AHIMA June 19

T

Avoid Pain After a Breach— Read the Fine PrintBy Joe Gillespie, MS, RHIA, CHPS, and Susan Lucci, RHIA, CHPS, CHDS, AHDI-F

THE ANTHEM BLUE Cross breach made the cybersecurity data breach headlines across the nation in 2015. As the single largest email phishing attack up until that time, impacting nearly 80 million patients, this breach essentially changed the privacy and security world as we knew it. No longer was cybercrime something that happened only in retail stores in-volving credit cards. The bad guys had figured out where to find massive amounts of valuable data—and they knew ex-actly how to get it.

While credit cards are a common target, when a credit card is compromised the owner of the card typically can contact the bank, take care of the charges, and get a new card relative-ly quickly. The individual impact is generally short-lived and the inconvenience is pretty easily remedied, in the majority of cases, within a few days. A breach of protected health informa-tion (PHI), which most often includes personally identifiable information (PII), is far more intrusive and can last as long as the criminals choose to “keep” the information.

In the Anthem case, through a long and exhaustive inves-tigation, it was determined the breach started with a single click by an employee who thought they were opening a le-gitimate email. Initial unauthorized access started on De-cember 2, 2014, and continued until the date of discovery on January 27, 2015.

Once the investigation and reporting process was started, it took the US Department of Health and Human Services’ (HHS)Office for Civil Rights (OCR) until 2018 to conclude their inves-tigation and enter into a settlement agreement with Anthem. OCR alleged the following HIPAA Security Rule violations:1

� Failure to conduct security risk analysis—45 C.F.R. § 164.308(u)(1)(ii)(A)

� Failure to review records of information system activ-ity—45 C.F.R. § 164.308(a)(1)(ii)(D)

� Failure to detect security incident which leads to a breach—45 C.F.R. § 164.308 (a)(6)(ii)

� Failure to implement technical policies and procedures pertaining to systems that maintain ePHI, allowing only authorized individuals to access that ePHI—45 C.F.R. § 164.312(a)

� Failure to prevent unauthorized access of ePHI main-tained in a data warehouse—45 C.F.R. § 164.502(a)

Beyond the OCR FineAs with most large breaches, the settlement agreement includ-ed a corrective action plan (CAP) with Anthem. The settlement amount was a whopping $16 million, the largest ever, and the CAP will likely take approximately two years or longer to com-plete. As severe as this may be, this was not the end of the fi-nancial pain for Anthem.

The costs to Anthem go far beyond the $16 million OCR set-tlement agreement. Anthem paid $2.5 million to retain expert consultants to investigate the breach, $115 million to improve security within the organization as the result of a class action lawsuit,2 $31 million to provide individual notification along with notification to the general public, and an additional $112 million for 24 months of credit monitoring for the 19.1 million individuals who were able to demonstrate that their personal information was stored in the data center that was hacked.

Reading the Fine PrintThe irony in looking back at this massive breach is that An-them took the time to invest in HITRUST Certification in 2013.3

Working Smart a professional practice forum

19_June.indd 30 5/28/19 10:53 AM

Working Smart a professional practice forum

Journal of AHIMA June 19 / 31

Certainly, to their credit, the organization wanted to demon-strate their commitment to protecting their members’ data. But when it comes to assurances and insurance in general, one must read the fine print. An article titled “Did Anthem’s Securi-ty Certification Have Value?” by Marianne McGee, published on BankInfoSecurity.com, questioned the HITRUST common security framework (CSF) certification process. HITRUST re-sponded that their certification process is based on a defined scope and the system breached was not in scope of their CSF certification.

Similarly, purchasing cyber liability insurance without properly complying with all aspects of the requirements or scope of that particular policy will not cover all that’s needed in the case of a security incident. If the organization has failed to complete detailed tasks specifically called out in the fine print in order to validate the policy, claims against the policy may not be paid. Stated another way, if the cyber policy says that an organization must train employees in HIPAA privacy and security awareness, and that’s not done, the insurance company is likely to not pay the claim. Or, if they do pay, and later determine that the organization was not adhering to its own policies and requirements of the HIPAA Privacy Rule and HIPAA Security Rule, they could demand a refund for claim dollars paid.

An instance of a claim that was paid and later a counter-claim asked through legal action for reimbursement happened in California where the healthcare organization had the insur-ance but no coverage. The important factor in this case comes as no surprise—at the end of the day, risk analyses and risk mitigation plans are an organization’s most important secu-rity documents.4

The HIPAA Security Rule requires a risk analysis be com-pleted on all systems and assets where PHI potentially resides. This is never a one-and-done process. Risk analyses must be performed annually and for all owned facilities. It is essential that biomedical devices are not overlooked. Recently, HHS has published guidance surrounding the vulnerabilities that may exist with these critical care systems.5

The Anthem breach was insider-oriented—one employ-ee, one email. Insurance and certifications cannot protect healthcare organizations from all breach events. One of the best protections and investments an organization can make is in ongoing quality cybersecurity education for its workforce. It is equally important to ensure that business associates are keeping up with the changes in cybersecurity awareness. Specific education surrounding the pervasiveness of phish-ing attacks should be a high-priority item on every privacy of-ficer’s to-do list.

On the security side of the house, security professionals should find out when the last comprehensive security risk analysis was completed and updated. This is a task that should be completed and updated annually, without exception. The failure to do this was the foundational basis for the denial in the cyber liability denial claim mentioned above.

Keep the Workforce VigilantA thorough, well-planned training program for the workforce includes information on phishing attacks, what they look like, how to report them, and how seriously they can affect an orga-nization. This is an imperative for 2019. Conducting an active phishing campaign can help keep the workforce vigilant and avoid the problems experienced by Anthem and so many other organizations.

There is no certification for HIPAA compliance and even with the best policies, training, and vigilance, security inci-dents can and will continue to happen. What health informa-tion management professionals can do is keep the workforce well-informed on the pervasiveness and creative nature of cybercriminal activity as it may be the best defense in this ongoing battle. Next, conduct a robust risk analysis process and update it methodically every single year. Risk profiles change every year as new equipment and systems are pur-chased and as new settings and upgrades are incorporated into existing systems. Finally, keep policies updated and review incidents with the privacy and security committee to ensure that a proactive stance is being taken to prevent new incidents from occurring in the same way they did be-fore. Start now to minimize the risks of a privacy or security breach in 2019. ¢

Notes 1. “$16 Million Anthem HIPAA Breach Settlement Takes

OCR HIPAA Penalties Past $100 Million Mark.” HIPAA Journal. October 16, 2018. www.hipaajournal.com/16-million-anthem-hipaa-breach-settlement-takes-ocr-hi-paa-penalties-past-100-million-mark/.

2. “Court Approves Anthem $115 Million Data Breach Set-tlement.” HIPAA Journal. August 20, 2018. www.hipaa-journal.com/court-approves-anthem-115-million-data-breach-settlement/.

3. Anthem. “Health Information Trust Alliance Desig-nates WellPoint Common Security Framework Certi-fied Status.” Press release. September 30, 2013. https://ir.antheminc.com/news-releases/news-release-de-tails/health-information-trust-alliance-designates-wellpoint-common?ID=1859782&c=130104&p=irol-newsArticle.

4. Mitby, John. C. “Cyber Liability Insurance: Consider—But Be Careful as Insurance Company May Deny A Claim.” Hurley Burish S.C. Attorneys blog. https://hurleyburish.com/cyber-liability-insurance-consider-but-be-careful-as-insurance-company-may-deny-a-claim/.

5. US Food and Drug Administration. “Medical Devices: Cybersecurity.” www.fda.gov/medicaldevices/digital-health/ucm373213.htm.

Joe Gillespie ([email protected]) is senior privacy/security

consultant, and Susan Lucci ([email protected]) is senior

privacy/security consultant and privacy officer at tw-Security.

19_June.indd 31 5/28/19 10:53 AM

32 / Journal of AHIMA June 19

M

Tips for Getting the Most Out of Computer-Assisted CodingBy Daniel Land, RHIA, CCS

MARSHALL MCLUHAN, THE Canadian philosopher who pre-dicted the World Wide Web nearly 30 years before its invention, said that “we shape our tools and thereafter our tools shape us.”1 It is important to keep this in mind in any discussion of com-puter-assisted coding (CAC), since this ever-evolving tool is not completely self-sustaining or self-operating.

CAC was not designed to make truly meaningful decisions about the context of the health record and does not replace the need for human logic and intelligent decision-making. Rather, coding professionals—the ultimate drivers of codes reported—are re-sponsible for applying official coding guidance, following coding conventions, ensuring compliance with regulations, and utilizing common sense while reviewing CAC’s auto-suggested codes.

A partnership exists between coding professionals and CAC in that optimal usage of the technology allows CAC to learn and improve over time. In turn, coding professionals can benefit from CAC’s mapping logic. For example, CAC may suggest the correct ICD-10-PCS code for a procedure that would otherwise pose an indexing challenge. The process of validating auto-sug-gested codes helps to continually refine coding professionals’ knowledge and critical thinking skills. This article shares tips from coding experts on how to best interact with CAC in order to improve coding efficiency and accuracy while helping to build a better product for the future.

A Brief Overview of CACCAC is a software tool designed to assist with documentation and code assignment by reviewing the patient record and suggesting codes. While these suggested codes are automatically generated, they require validation from a human coding professional based on the documentation. The process of validation allows the cod-

ing professional to identify inconsistencies or gaps in documen-tation related to the totality of the patient record.

CAC can be structured via natural language processing (NLP) or structured input. NLP uses artificial intelligence to identify terms in a text-based document and converts them into medical codes. Structured input is based on menu items chosen via a template that is then blended into the medical record. The provider selects a diagnosis from the menu and then it is translated into code by the software.

CAC was designed to increase coding efficiency, productivity, and consistency for healthcare organizations. Although CAC software has greatly improved over the past few years, it is still far from being perfected and has the potential to increase cod-ing errors and claims denials if not built and used properly. For example, accepting CAC-generated codes without careful vali-dation could lead to erroneously reported MCCs and CCs and incorrectly assigned DRGs.

CAC Tips Awareness of the following tips can help coding professionals use CAC to their advantage while ensuring revenue integrity and data quality:

� Providers often use different verbiage to describe the same diagnosis or procedure that may not always match the CAC’s NLP mapping. This can result in incorrect auto-suggested diagnosis and procedure codes. Careful valida-tion of auto-suggested codes is necessary to prevent in-correct code assignment.

� NLP will identify every instance of a word in the set pa-rameters of a search. For example, the term “diabetes” can yield an auto-suggested code for diabetes type II, un-

Working Smart a professional practice forum

19_June.indd 32 5/28/19 10:53 AM

Working Smart a professional practice forum

Journal of AHIMA June 19 / 33

complicated—despite the fact that the patient may have documented complications such as chronic kidney dis-ease (CKD) or neuropathy. All non-applicable/redundant auto-suggested codes must be edited or deleted.

� CAC is unable to identify documentation inconsistencies in a patient’s record and may erroneously auto-suggest codes for items that further require clarification for the purposes of clinical truth and revenue integrity. For ex-ample, CAC may auto-suggest a code for a historically acute condition that is now resolved and no longer perti-nent to the current encounter.

� Attention to detail will prevent application of incorrect codes due to mapping inconsistencies. For example, a CAC product was known to apply the code for novel in-fluenza A to influenza A. Close review of codes assigned while using the patient record as a whole is suggested.

� Pay close attention to the validity of CAC-generated codes. CAC may suggest codes that are based on words within X-ray and lab reports which cannot be coded without pro-vider corroboration on inpatient cases.

� Ensure auto-suggested codes that are based on cloned documentation are relevant and reportable. A cloned progress note may document “pneumonia,” but further examination determined that this condition occurred on a previous admission, is now resolved, and should not be reported as an acute condition for this encounter.

� Remember that coded data has a long and influential life span, and its importance goes beyond today’s reimburse-ment. Not only is correct coding essential to a healthy rev-enue cycle, it is key to healthcare initiatives such as quality outcomes, risk adjustment, predictive analytics, popula-tion health, medical research, institutional longevity, and provider/hospital ratings. Codes follow patients for a long time, so correct use of CAC is essential.

� Refer back to CAC training materials periodically to ensure understanding of the nuances and mechanics of the prod-uct. Consult with a trusted colleague, manager, or CAC ven-dor when in doubt about how to use the product optimally. For example, coding professionals can confuse the methods of accepting and declining codes. By referring back to the CAC training materials this problem can be resolved quickly.

CAC Doesn’t Replace, But AssistsPeople should always keep in mind that CAC is there to as-sist—not replace—the coding professional and that CAC and any coding is only as good as the documentation on which it is based. Coders who work with CAC are afforded the opportunity to hone their critical thinking skills by the process of validating (auditing) CAC-suggested coding data.

As with traditional coding, the full patient record must be read in order to contextualize the CAC-identified verbiage. It is in-cumbent upon the coding professional to never blindly accept CAC’s suggestions, but—rather—validate them. CAC is an ever-evolving tool that is also fallible. The degree of effective human interaction with CAC varies directly with the quality of the fi-

nal coded product. Ideally, all CAC-generated codes should be validated for accuracy. Some HIM professionals report that the thought processes required to work with CAC have inspired them to career-bridge into auditing. ¢

Note 1. Levinson, Paul. Digital McLuhan: A Guide to the Informa-

tion Millennium. New York, NY: Routledge, 1999.

ReferenceGrinder, Deborah. “Perils and Pitfall of Computer-Assisted

Coding in Our ICD-10 World.” ICD10monitor. November 28, 2016. www.icd10monitor.com/perils-and-pitfall-of-computer-assisted-coding-in-our-icd-10-world.

Daniel Land ([email protected]) is director of revenue integ-

rity and compliance review services at MedPartners.

19_June.indd 33 5/28/19 10:53 AM

34 / Journal of AHIMA June 19

Tpractice guidelines for managing health information

PRACTICE BRIEF

THE GOAL OF this Practice Brief is to provide an explanation of the complication/comorbid condition and major complication/comorbid condition (CC/MCC) capture rate, review the calcu-lation, and introduce the uses of this key performance indica-tor (KPI) by different functions of the mid-revenue cycle. This benchmark can be utilized by health information management (HIM), clinical documentation integrity (CDI), compliance, and quality professionals to determine performance status. The benchmark can be used to determine risk as well as initial per-formance improvement opportunities.

Terminology and AcronymsA Diagnosis-Related Group (DRG) is the classification that re-sults from a computer algorithm (grouper) used by the payer that combines ICD-10-CM/PCS codes, present on admission indicators, sex, age, and discharge status. Each DRG has a rela-tive weight which indicates the complexity of the patient’s ad-mission. Each DRG is identified as a surgical or medical DRG.

The CC/MCC capture rate can be calculated using Medicare Severity Diagnosis-Related Groups (MS-DRGs) or All Patient Refined Diagnosis-Related Groups (APR-DRGs). MS-DRGs are utilized by Medicare Fee-for-Service and some commercial payers. APR-DRGs is a reimbursement methodology that is pro-prietary to 3M and is utilized by Medicaid programs, children’s hospitals, and some commercial payers. Users can determine CC/MCC capture rates under APR-DRGs by severity of illness (SOI) or risk of mortality (ROM) levels.

A secondary diagnosis can be identified as a CC or a MCC. A CC increases the length of stay by one patient day 75 percent of the time, according to the Centers for Medicare and Medicaid Ser-vices (CMS). CCs tend to be chronic conditions. MCCs are condi-tions that increase the severity of the patient and are frequently acute conditions. The CCs and MCCs impact the DRG assign-ment as well as the reimbursement. CMS reviews the claims data annually to statistically determine CC/MCC changes. See the sidebar on this page for examples.

ICD-10-PCS codes are categorized as either a DRG operating room procedure or a non-DRG operating room procedure. The DRG operating room procedure codes affect the DRG assign-ment by classifying the case as surgical.

The Major Diagnostic Category (MDC) is a grouping of DRGs with the same organ system or condition. The MDC may be re-ferred to as a service or product line for an organization.

The CC/MCC capture rate is a calculation that identifies the number of DRGs with CC or MCC compared to the total number of DRGs for the time period. The CC/MCC capture rate can be calculated for all DRGs, by MDC, by medical vs. surgical, and more for a specific time period. It is important to differentiate the CC/MCC capture rate from the CC/MCC depth rate. The CC/MCC depth rate is the calculation of the total number of di-agnoses that are CCs and MCCs compared to the total number of reported diagnoses. The CC/MCC depth rate indicates the av-erage number of CC/MCCs that are reported per case.

Calculating the CC/MCC Capture RateThe equation for the CC/MCC capture rate is the total number of cases that have ‘with CC,’ ‘with MCC,’ or ‘with CC/MCC’ in the DRG description divided by the total number of cases, and the result is expressed as a percentage. The overall national Medicare CC/MCC rate has been reported as 63.2 percent for the timeframe of 2014–2017. See the sidebar on page 35 for an example of a CC/MCC capture rate calculation.

To calculate the CC/MCC capture rate in the example in the sidebar on page 36, the user would add the volume from MS-DRGs 456 and 457. The result is 35 patients. All patients in MS-DRGs 456, 457, and 458 would be totaled, which results in 50 patients. The final step is to divide the cases with CC and MCC by the total number of patients, which results in 70 percent. The sidebar illustrates the calculation process.

An Excel spreadsheet tool that can be used to calculate the CC/MCC capture rate for CMS DRGs for fiscal year 2019 is available as Appendix A in the online version of this Practice Brief, available in the AHIMA HIM Body of Knowledge at http://bok.ahima.org.

Using CC/MCC Capture Rates as a Key Performance Indicator

Complication/Comorbid Condition

Major Complication/ Comorbid Condition

Chronic Systolic Congestive Heart Failure

Acute Systolic Congestive Heart Failure

Chronic Respiratory Failure Acute Respiratory Failure

Transient Ischemic Attack Stroke

CC vs. MCC Examples

19_June.indd 34 5/28/19 10:53 AM

Journal of AHIMA June 19 / 35

Practice Brief

Relevance for HIM ProfessionalsMonitoring CC/MCC capture rates is a key element in driving a facility’s coding operation toward operational goals and compli-ance. No two coding departments are alike, and in some depart-ment models coders are divided by specialty or payer—which can lead to potential gaps or variations in coding outcomes. Im-plementing regular audits is the ideal way to provide oversight on the facility’s coding health and to identify educational and process improvement opportunities.

Recommended monitoring activities include: � Review CC/MCC code selections for both medical and

surgical MS-DRGs on a pre-bill basis. The CC/MCC codes are often targets for denials by payers and government pro-grams alike. Ensuring accuracy ahead of time can minimize the burden for the department to process high volumes of denials. Financial reporting, case mix index reporting, and other clinical areas would all benefit from more accurate coding prior to billing.

� Investigate cases where there is a single reporting of a CC or MCC in a given time period as this can indicate a coding error or a provider documentation opportunity.

� Investigate a sudden spike or unusually high volume of MS-DRGs with CC/MCCs as this can be an indicator for an in-creased denial risk and can impact mortality index report-ing. This trend could also indicate inappropriate coding or clinical documentation.

� Investigate outliers in the average length of stay (ALOS) where inconsistencies can identify coding and documenta-tion opportunities.

� Review the Program for Evaluating Payment Patterns Elec-tronic Reports (PEPPER) to identify variations amongst similar facilities and populations. The target goal is to rank between the 20 percent and the 80 percent mark, as facili-ties that fall in the above 80 percent category could be at risk for upcoding and facilities that fall in the below 20 per-cent category could be at risk for downcoding.

Relevance for CDI ProfessionalsThe CC/MCC capture rate can be used as a measure for fo-cused DRG inclusion by clinical documentation integrity/improvement teams. As a low percentage in the Medicare pa-tient population, it may prove to be an area of opportunity for refining documentation of and capturing co-morbid condi-tions and complications. For example, suppose the national CC/MCC capture rate based on recent CMS Inpatient Utiliza-tion and Payment Public Use File data for Medicare patients for heart failure and shock DRGs 291-293 is 90 percent, and your hospital’s CC/MCC capture rate for the same DRG triplet is 45 percent (half the rate of the national average). Although only an example, this finding could mean that CCs or MCCs for heart failure patients are not being documented sufficiently to meet the coding requirements for final coding assignment. Conversely, a CC/MCC capture rate much higher than the national, state, or organization’s own historical data average

without any known reason(s) for the inflated percentage could be suggestive of a compliance concern in clinical documenta-tion. Whether the measure is above or below the comparative rate, using the CC/MCC capture rate as a tool for CDI program activity is an effective method for suggesting further analysis and review of DRG pairs and triplets.

Relevance for Quality ProfessionalsClinical areas monitor diagnosis capture to drive programs fo-cused on hospital-acquired conditions (HACs) and SOI/ROM. Business units monitor coded data to evaluate financial models of reimbursement and statistics to drive staffing and funding. A few key considerations for CC/MCC impact in clinical and qual-ity areas include:

1. Value-based purchasing (VBP), where the sequencing of a diagnosis code focused on the CC/MCC to drive the MS-DRG capture for reimbursement could simultaneously place the case in cohorts designed for VBP models. This data could have other negative impacts to the facility where a reduction in payment occurs for certain outlined quality measures.

2. Risk Adjustment models, where certain diagnoses often

DRG DRG Description Volume

456 SPINAL FUS EXC CERV W SPINAL CURV/MALIG/INFEC OR EXT FUS W MCC

10

457 SPINAL FUS EXC CERV W SPINAL CURV/MALIG/INFEC OR EXT FUS W CC

25

458 SPINAL FUS EXC CERV W SPINAL CURV/MALIG/INFEC OR EXT FUS W/O CC/MCC

15

Grand Total 50

Example of a CC/MCC Capture Rate Calculation

19_June.indd 35 5/28/19 10:53 AM

36 / Journal of AHIMA June 19

Practice Brief

targeted for CC/MCC capture also map to certain Hierar-chical Condition Categories (HCCs) that can trigger payer validation audits. For example, the diagnosis of severe mal-nutrition is both a MCC and a HCC.

3. The Office of Inspector General (OIG) Workplan targets can touch on a range of areas including a specific diagnosis. In 2016, the OIG conducted an audit on kwashiorkor, a form of severe malnutrition that is rarely seen in the United States. This diagnosis is both a MCC and a HCC, and it has a high error rate.

Mitigating risk while optimizing reporting is a balance that facilities should strive to achieve. Engaging stakeholders in the compliance, coding, CDI, and clinical department func-tions to participate in regular reviews of standard operating procedures (SOPs) will help bring awareness and drive results. Results of compliance monitoring programs should be shared quarterly with the facility’s stakeholders and reviewed at least annually to ensure necessary updates and risk areas are incor-porated into SOPs.

CC/MCC Capture Rate is a Far-Reaching KPIThe CC/MCC capture rate is a KPI for the various functions across the revenue cycle continuum of the facility, including areas rel-evant to the work of HIM, CDI, quality, and compliance profes-sionals. HIM professionals use this indicator to determine coding quality or potential errors. CDI professionals utilize this KPI as a comparison to the national average to identify a potential lack of documentation of CC/MCCs, missing queries, or physician educa-tion needs. The CC/MCC capture rate may be used to determine review strategy for CDI. This KPI determines where a difference can be made for the case mix index for the facility. The facility would want to proactively identify quality issues as well as address coding errors or insufficient/missing clinical documentation by utilizing this KPI. Compliance can use the KPI to determine risk areas and indications of further analysis. A compliance investigation may in-volve all three areas to determine the root cause of a high or low CC/MCC capture rate and to see if the coding and documentation are accurately reflected in the CC/MCC capture rate. Like Goldi-locks, the CC/MCC capture rate should be just right. ¢

ReferencesAmerican Hospital Directory. “Inpatient Definitions

and Methodology.” November 7, 2018. www.ahd.com/definitions/ip_ms-drg.html.

Centers for Medicare and Medicaid Services. “BSA Inpatient Claims PUF.” www.cms.gov/Research-Statistics-Data-and-Systems/Downloadable-Public-Use-Files/BSAPUFS/Inpatient_Claims.html.

Centers for Medicare and Medicaid Services. “FY 2019 IPPS Final Rule and Correction Notice Tables: Table 5—List of Medicare Severity Diagnosis-Related Groups (MS-DRGs), Relative Weighting Factors, and Geometric and Arithmetic Mean Length of State.” www.cms.gov/Medicare/

Medicare-Fee-for-Service-Payment/AcuteInpatientPPS/FY2019-IPPS-Final-Rule-Home-Page-Items/FY2019-IPPS-Final-Rule-Tables.html?DLPage=1&DLEntries=10&DLSort=0&DLSortDir=ascending.

Centers for Medicare and Medicaid Services. “FY 2019 IPPS Final Rule and Correction Notice Tables: Tables 6A-6K and Tables 6P.1c-6P.1f.” www.cms.gov/medicare/medicare-fee-for-ser v ice-pay ment/acuteinpat ient pps/f y 2019-ipps-final-rule-home-page-items/fy2019-ipps-final-rule-tables.html.

Centers for Medicare and Medicaid Services. “Hospital Value-Based Purchasing.” www.cms.gov/Medicare/Qualit y-Initiatives-Patient-Assessment-Instruments/HospitalQualityInits/Hospital-Value-Based-Purchasing-.html.

Office of Inspector General. “Work Plan.” https://oig.hhs.gov/reports-and-publications/workplan/index.asp.

Panacea. “National CC/MCC Capture Rate & Case Mix Index Trend Study.” 2018. www.panaceainc.com/wp-content/uploads/2018/09/PanaceaCCMCCTrendStudy.pdf.

Program for Evaluating Payment Patterns Electronic Report. “Welcome to PEPPER Resources.” https://pepper.cbrpepper.org/.

QualityNet. “Hospital Value-Based Purchasing Overview.” www.qualitynet.org/dcs/ContentServer?c=Page&pagename=QnetPublic%2FPage%2FQnetTier2&cid=1228772039937.

Prepared ByLaurie M. Johnson, MS, RHIA, FAHIMAMelissa Koehler, RHIA, CHDA, CDIP, CCS, CCS-PElena Miller, RHIA, CCS, MPHDonna Rugg, RHIT, CDIP, CCS-P, CICA, CCSMonica M. Watson, RHIA, CPC, CCS, CCS-P, CPMA, CIC, CRC,

CDEO, AAPC Fellow

AcknowledgementsNancy J. Anderson, MS, RHIA, CCSKim Barca, RHIA, CCS, CDIP, CCDSJeff Butler, MBA, RHIAPatty Buttner, MBA/HCM, RHIA, CDIP, CHDA, CPHI, CCS, CICAStephanie Costello, MS, RHIASharilyn Kmech, CHIMPatricia Maccariella-Hafey, RHIA, CDIP, CCS, CCS-P, CIRCCSharon C. McGee, MS, RHIALaurie Peters, RHIA, CCSMargie Stackhouse, RHIA, CPCMary Stanfill, RHIA, CCS, CCS-P, MBI, FAHIMA

Read MoreAppendix Available Onlinehttp://bok.ahima.org

A downloadable Excel spreadsheet tool that can be used to calculate the CC/MCC capture rate for CMS DRGs for fiscal year 2019 is avail-able with Appendix A in the online version of this Practice Brief.

19_June.indd 36 5/28/19 10:53 AM

Ad Space

House37

CLINICAL CODING MEETING

Receive a FREE 2020 edition Code Book with full advanced online Clinical Coding Meeting Registration!

You can’t a­ ord to miss the countless educational and networking

opportunities o­ ered. Meet with peers, gain valuable takeaways, and

bring back unique knowledge and solutions about topics and trends

health information professionals are facing. Plan to join today!

ahima.org/clinicalcoding

* American Health Information Management Association is accredited as a provider of continuing nursing education by the American Nurses Credentialing Center’s Commission on Accreditation.

September 14–15Chicago, IL

Auditing/Compliance • Facility Services • CDI • Revenue Cycle • Professional Services • Innovation

19_June.indd 37 5/28/19 10:55 AM

38 / Journal of AHIMA June 19

CCONSIDER THE FOLLOWING scenario: a patient is admitted through the emergency department (ED) with acute shortness of breath. The ED notes and history and physical document acute respiratory failure. Blood gases show an oxygen level of 75, pCO2 level of 40, and a blood pH of 7.40. The chest X-ray shows infiltrates and the patient is treated with antibiotics and respiratory therapy. The discharge summary gives a final di-agnosis of pneumonia without mention of respiratory failure. Should acute respiratory failure be coded?

This coding scenario is seen frequently in the acute care setting. Respiratory failure in this situation, and when it is present with other conditions, has long caused confusion for coding profes-sionals. ICD-10-CM brought about more specificity to identify variations in the condition, but coding guidance has remained consistent with ICD-9-CM guidelines. Let’s explore the clinical indicators for respiratory failure, examine the current coding guidelines, and look at this and other related coding scenarios.

Respiratory Failure DefinitionRespiratory failure is a life-threatening condition that results from inadequate gas exchange by the respiratory system. It pres-ents with abnormal arterial oxygen and/or carbon dioxide levels and is usually due to an underlying cause. Symptoms of acute respiratory failure include extreme shortness of breath; rapid respiratory rate using accessory muscles of respiration such as intercostal muscle retraction, paradoxical breathing, or cyano-sis; loss of consciousness; increased heart rate; and a decrease of oxygenated blood with blood gas measurements of pO2 less than 60, pCO2 greater than 50, and arterial blood pH less than 7.35. A

pO2 decrease of 15 mm Hg from the patient’s normal pO2 or an arterial blood pH less than 7.35 in a patient with chronic lung dis-ease may be an indicator of respiratory failure. Increased respira-tory rate, abnormal blood gases, and evidence of increased work of breathing are usually included in the definition of respiratory failure in clinical trials. Hypoxemia is when blood oxygen drops, showing a pO2 of less than 8kPa, and hypercapnia is when blood carbon dioxide levels rise, showing a pCO2 of greater than 6.0kPa.

There are two classifications of respiratory failure, Type I and Type II. Type I respiratory failure shows low oxygen and normal or low carbon dioxide levels. Type II shows hypoxemia with hy-percapnia. It is caused by inadequate alveolar ventilation and both oxygen and carbon dioxide are affected. The buildup of car-bon dioxide levels generated by the body cannot be eliminated.

Acute respiratory failure requires close patient monitoring and evaluation with aggressive respiratory therapy and/or me-chanical ventilation. The absence of mechanical ventilation does not preclude the diagnosis of respiratory failure.

Coding Respiratory Failure as Principal DiagnosisIn order to report respiratory failure as the principal diagnosis code, the failure must be present on admission and be the main reason for treatment after study, except in a few limited situa-tions. These situations include:

1. Poisoning causing respiratory failure. When the patient is admitted with respiratory failure due to an intentional drug overdose, or due to drug abuse/dependence, the poi-soning code is listed as the principal diagnosis code.

2. An obstetrics condition causing respiratory failure.

Coding Respiratory FailureBy Monica Leisch, RHIA, CDIP, CCS

Coding Notes

19_June.indd 38 5/28/19 10:55 AM

Journal of AHIMA June 19 / 39

Coding Notes

When an obstetrics condition (during pregnancy, deliv-ery, or postpartum) causes respiratory failure, the obstet-rics complication code is sequenced first and the code for the respiratory failure is second.

3. Human Immunodeficiency Virus (HIV)–related condi-tion. With an HIV-related condition such as pneumonia in HIV causing respiratory failure, the HIV code is listed as the principal diagnosis, with the related condition and respiratory failure listed second.

4. Sepsis with respiratory failure. For sepsis with respira-tory failure, the sepsis is listed as the principal diagnosis, with the underlying disease and respiratory failure listed second. In order to apply this guideline, the sepsis must be present or suspected on admission. If the sepsis develops later during hospitalization, the sepsis is listed as the sec-ondary diagnosis code.

Coding Two or More Conditions that Equally Qualify as Principal DiagnosisWhen respiratory failure is one of two or more conditions that equally qualify as the principal diagnosis code, either can be listed as the principal diagnosis code—except in the situations discussed in the previous section of this article.

This situation is typified when congestive heart failure (CHF) causes acute respiratory failure. The criteria for principal diag-nosis as determined by the circumstances of admission, diag-nostic workup, and/or therapy provided, should dictate which condition is selected as the principal diagnosis code. If both conditions are considered to be equally treated, either can be sequenced as the principal diagnosis code. If in doubt, query the attending physician.

Coding Respiratory Failure with Respiratory ConditionWhen two or more conditions equally qualify as the principal diagnosis code, the same analogy as in the previous section of this article is applied to acute respiratory failure and a re-spiratory condition such as pneumonia, chronic obstructive pulmonary disease with exacerbation, or other respiratory conditions. In a situation in which the patient is emergently admitted with acute respiratory failure and requires intubation and mechanical ventilator support, and it is later determined that the patient has aspiration pneumonia, coding guidelines say that the criteria for principal diagnosis as determined by the circumstances of admission, diagnostic workup, and/or therapy provided should dictate which condition is selected as the principal diagnosis code. In this case, it may be more appropriate to list the acute respiratory failure as the principal diagnosis.

In another example, the patient is admitted with respiratory failure and is found to have a pulmonary embolus, which is treated with a vena cava filter. The pulmonary embolus should be considered as the principal diagnosis code. In this case, the respiratory failure is of secondary importance to the pulmonary embolus, which requires invasive measures.

Coding Respiratory Failure in ICD-10-CMICD-10-CM provides for a distinction between acute respiratory failure and unspecified respiratory failure, and it further allows for the coding of respiratory failure with hypercapnia or hypoxemia. Coding guidelines for principal diagnoses in ICD-10-CM are the same as in ICD-9-CM. More comprehensive instruction is now giv-en in the Centers for Medicare and Medicaid Services’ ICD-10-CM Official Guidelines for Coding and Reporting, including instruc-tion previously only given in the American Hospital Association’s Coding Clinic publication. Coding and clinical documentation improvement specialists must acknowledge that all prior coding instruction given for ICD-9-CM applies to ICD-10-CM, and should thus be very familiar with the prior coding instruction.

Coding ScenariosIn the coding example at the beginning of this article, the pa-tient’s blood gases and blood pH are not consistent with acute respiratory failure, so the physician should be queried. The que-ry should explain the clinical findings and ask for further clarifi-cation of the diagnosis.

In another case, a patient is admitted in acute respiratory failure following a cardiac arrest. The patient’s blood gases show a pCO2 of 78 percent with a blood pH of 7.28. The patient is intubated and placed on mechanical ventilation. The patient’s family decides not to pursue any further measures and wishes to place the patient on comfort care only. The patient expires four days after admission. Is it appropriate to list the acute respiratory failure as the principal diagnosis code? Some would argue that the cardiac arrest was the underlying cause of the respiratory failure and that should be list-ed as the final diagnosis code. The clinical indicators are certainly present for acute respiratory failure. The coding guidance shows that respiratory failure can stand alone as a diagnosis without the necessity of listing the underlying cause first, so it should be accept-able to list the acute respiratory failure as the final diagnosis code.

Build Familiarity with Clinical IndicatorsIt is important to be familiar with the clinical indicators for acute respiratory failure and understand the coding guidance to assign the correct diagnosis codes. Sequencing of the diagnosis codes can affect coding compliance and reimbursement. If coding deci-sions are based on the clinical documentation present, and pre-vailing coding guidelines, then the coded data will be accurate. ¢

ReferencesCenters for Medicare and Medicaid Services. “ICD-10-CM

Official Guidelines for Coding and Reporting, FY 2019.” www.cms.gov/Medicare/Coding/ICD10/Downloads/2019-ICD10-Coding-Guidelines-.pdf.

Virtual Medical Care. “Respiratory failure (types I and II).” June 2018. www.myvmc.com/diseases/respiratory-failure-types-i-and-ii/.

Monica Leisch ([email protected]) is director of compliance/HIM

services at Healthcare Cost Solutions.

19_June.indd 39 5/28/19 10:55 AM

40 / Journal of AHIMA June 19

AAS TECHNOLOGY CONTINUES to evolve in medicine the way medical data are handled has also evolved over time. Pharmacy data are a vital component in the electronic health record (EHR) database and can have a direct impact on care quality and pa-tient safety. From the pharmacy-related information presented by the patient during office visits up to the information entered by the provider and sent to the pharmacy, pharmacy data play an important role in providing quality healthcare to patients. This article provides an overview of EHR pharmacy data, the work-flow and special features, and the challenges of maintaining high quality and accurate pharmacy data in the hospital setting.

Use of Pharmacy DataPharmacy data are an important component of clinical data used for direct patient care, including the right medicine for the right patient, at the right time, at the right dose. Thus, it has significant impact on quality of care and patient safety. Phar-macy data are also used for non-direct patient care, such as supporting immunization registries to track patient vaccination information, prescription drug monitoring programs to track controlled substance prescriptions, and health information ex-change databases tracking and sharing patient information be-tween different healthcare providers. Pharmacy data, as a Big Data concept, also supports research to track trends and the ef-fectiveness of drugs—for example, using data to monitor a flu vaccine and to identify whether it is a good match for the com-mon influenza strains circulating in a specific season.

There are many different users who benefit from the safe use of drugs and maintenance of EHR pharmacy data. Patients are

central users, along with ad hoc users in the management of medications such as clinical pharmacists, physicians, nurses, and additional members of the healthcare team. Other users—such as researchers, policy makers, and quality improvement managers—use pharmacy data for non-direct patient care. In addition, pharmacy data analysts, data managers, and health IT technicians also interact with EHR pharmacy data. Health in-formation and informatics management (HIIM) professionals who work in the hospital setting are also playing a key role in managing and analyzing EHR pharmacy data.

Types of EHR Pharmacy DataPatient allergy and medication history are two major types of EHR pharmacy data. They are critical to patient safety and data quality.

Patient allergy data are documented during an office visit. When the patient first arrives, the allergy information is entered into the electronic tablet by the patient at check-in, or into the EHR system by clinical staff. The EHR system has pre-built med-ication allergy interaction information to allow for allergy inter-action checking to occur when new patient medication orders are entered into the system.

Medication history data are addressed during a regular office visit. This is the list of medications that the patient is currently on or has previously been on. The list of available medications, the amount of the medication, the frequency that the medications are to be taken, and the route of administration are all chosen from pre-built lists in the EHR system. Some of the EHR platforms also allow for external medication history to be reviewed by the clinical staff. External medication history is information pulled

Managing and Analyzing EHR Pharmacy Data in the Hospital SettingBy Shannon H. Houser, PhD, MPH, RHIA, FAHIMA; Jodie Wagner, CPhT; and Christopher O. Holland, RPH

Coding Notes

19_June.indd 40 5/28/19 10:55 AM

Journal of AHIMA June 19 / 41

Coding Notes

Figure 1: Workflow of EHR Pharmacy Data

Normal order

/ Normal order entered -

by provider �

Allergy checking

I

Normal order

Result checking

----Normal orde�·----1

Normal order

Office clinic order or hospital order?

Clinic Hospital

Normal order or prescription order?

Medication name

Dosing information

Unit of measure

Frequency

Route of administration

Duration information

Refill information

Drug interaction checking

, .Clinical decision support (CDS)

Dose range checking

EHR alerts

Order is signed by provider

�

Prescription order

�

- Prescription order - entered by provider

Duplicate therapy checking

I

�rescription order-

Drug availability

No

Is this prescription going to be sent electronically?

Yes

Pharmacy is selected

Prescription order

Yes

Is this prescription going to be sent electronically?

No

Available pharmacies that allow electronic

prescriptions

Ready for administration

Hospital pharmacy review

Send to retail pharmacy

electronically

Paper prescription is printed

19_June.indd 41 5/28/19 10:55 AM

42 / Journal of AHIMA June 19

Coding Notes

into the EHR from outside sources such as retail pharmacies. Re-viewing the external medication history can help with the quality of the information entered into the EHR in cases where the pa-tient may not know the exact name of the medications they take.

Workflow and Management of EHR Pharmacy Data A new medication goes through multiple steps before it be-comes useful in the EHR system. It involves the processes of decision-making, data entry, clinical decision support, and ver-ifications (see Figure 1 on page 41).

Medication orders can be either given in the physician’s office or in the hospital, or filled at a retail pharmacy. Once the patient has seen the provider, new medication orders might be entered into the EHR system for medications to be given while the pa-tient is in the office.

Providers enter the medication order by checking the infor-mation from pre-built lists in EHR databases. This informa-tion includes the medication name, dosing information, unit of measure, frequency, route of administration, duration in-formation, and refill information (if it is a prescription order). The maintenance and updates of these databases is normally done by systems analysts. The documentation of the medica-tion administration can be entered into the system manually or through a barcode scanning process where the National Drug Code (NDC) is checked in the system.

The medication order then flows through the EHR into the clin-ical decision support process. In order to help prevent a medi-cation error from occurring, allergy checking, drug interaction checking, and duplicate therapy checking are completed. The data required to support the clinical decision support checking is maintained in the system databases by the systems analysts.

For the purpose of ensuring patient safety and preventing de-lays in patient care, alerts are built into the EHR by the system analysts. Examples of the alerts include result checking, where the EHR checks lab values when ordering medications in order to ensure the medication is appropriate and safe, dose range checking when an order outside of the maximum range occurs based upon defined criteria such as patient age or weight, and drug availability alerts for notifying the provider that the or-dered medication may not be available from the pharmacy.

The prescription order can be sent electronically (e-prescribing) to a pharmacy directly from the point of care. Available pharma-cies, insurance formulary information, and patient medication updates are maintained in the EHR system. E-prescribing is re-placing handwritten pharmacy orders to improve data accuracy, increase patient safety, and increase quality of care.

Challenges of Managing EHR Pharmacy DataMaintaining quality and pertinent pharmacy data are often challenged by many factors, such as skilled personnel needed, time constraints, regulation compliance, and protecting confi-dentiality of patient health information.

Making sure the pharmacy data are up to date and maintained has its challenges. Keeping the pharmacy knowledge database updated requires skilled staff like pharmacists and pharmacy tech-nicians as well as non-pharmacy personnel such as data analysts.

The pharmacy staff are ensuring that newly added information to the database is correct and relevant for the practice. Once the phar-macy staff has validated this block of information, the data analyst is given permission to bring in the updated pharmacy information to the database. This process requires personnel with a high-level working knowledge of both pharmacies and systems.

The aforementioned process can also be very time-consum-ing. Due to the rapid changes in critical drug information (drug-drug interactions, drug-allergy alerts, etc.), it is essential to keep the pharmacy database up to date. After validation, these data are usually, without exception, placed in a testing environment for pharmacy staff to test its effect on the system. This can reveal defects within the information or validate its usability. If defects are detected during testing, the information must be augmented or withdrawn to ensure no ill effects on system stability. If no de-fects are seen during testing, the information can then be placed into an active working environment (sometimes called produc-tion). The process of moving this information from the research phase to the active working environment can take weeks, and by then sometimes new information is already available to be imported—therefore, this is an iterative process.

This pharmacy information is regulated by the US Food and Drug Administration (FDA), a branch of the US Department of Health and Human Services. The FDA provides guidance and regulations on the usability of pharmacy information within the EHR. This is usually the responsibility of the EHR vendor to ensure these regulations are being followed, but it would serve users well to verify with the EHR provider to ensure compliance. Due to the electronic nature of EHRs and the fact that more information is available online than ever before, maintaining patient information confidentiality and securing the pharmacy database is also a challenge.

EHR pharmacy data are growing constantly and are never static except when a user chooses to make use of it at a specific point. It is essential that all health information management and provider professionals involved in the process consider this to be a living database, and regularly make contributions to sustaining it. ¢

Shannon H. Houser ([email protected]) is an associate professor, Depart-

ment of Health Services Administration/Health Informatics Program,

Jodie Wagner ([email protected]) is a MSHI graduate student and clin-

ical systems analyst III, and Christopher O. Holland (cholland@uabmc.

edu) is a MSHI graduate student and systems analysts III at the University

of Alabama at Birmingham.

Journal of AHIMA Continuing Education QuizQuiz ID: Q1939006 | EXPIRATION DATE: JUNE 1, 2020HIM Domain Area: Clinical Data ManagementArticle—“Managing and Analyzing EHR Pharmacy Data in the Hospital Setting”

Review Quiz Questions and Take the Quiz Based on this Article Online at https://my.ahima.org/store

Note: AHIMA CE quizzes have moved to an online-only format.

19_June.indd 42 5/28/19 10:55 AM

Visit store.ahima.org today!492.19

ONE CITY, TWO WAYS TO ADVANCE YOUR CAREER CHICAGO, IL

2019 CDI Summit: Advancing the Documentation JourneyJuly 14–15 | CEUs: 13The premier clinical documentation event explores the challenges presented by today’s complex healthcare environment. Gain the most up-to-date information and learn how to:

• Identify CDI strategies beyond inpatient setting• Evaluate CDI program success by identifying critical performance

measurements• List challenges that impact CDI teams and assess effective solutions• Discuss ways to advance CDI through advancing technology• Critique the various ways CDI impacts quality measures

Move your CDI program forward with the knowledge gained at the CDI Summit!Visit ahima.org/cdisummit for more information.

And while you’re here… Extend Your Stay for the CDI Train the Trainer Program!July 16–18 | CEUs: 18AHIMA’s extensive three-day, in-person workshop prepares advanced-level CDI professionals to train others in industry best practices through AHIMA’s gold-standard curriculum. Candidates learn how to train colleagues using proven adult learning principles, which include an opportunity to do a live teaching demonstration for valuable feedback.

19_June.indd 43 5/28/19 10:55 AM

44 / Journal of AHIMA June 19

SUNDAY MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY SATURDAY

1

2 3 4 5 6 7CSA MEETING: DELAWARE, Dover, DE

8CSA MEETING: CALIFORNIA, Indian Wells, CA

9 10 11

AHIMA Foundation Webinar: Apprenticeships: An Effective Workforce Planning Model for Employers

12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

30

Calendar

AHIMA Annual Conference

2020 Atlanta, GAOctober 13-17

PMS 7625 and black

CSA MEETING:NEW YORK, Syracuse, NY

CSA MEETINGS:CALIFORNIA, Indian Wells, CAMASSACHUSETTS, Falmouth, MA

CSA MEETING:KENTUCKY, Richmond, KY

CSA MEETING:TEXAS, Galveston, TX

CSA MEETING: MAINE, Augusta, ME

CSA MEETING: PUERTO RICO, San Juan, PR

CSA MEETINGS:NEW JERSEY, Atlantic City, NJMISSISSIPPI, Jackson, MS

Crack the Codes: Advanced Coding Workshops, Chicago, IL

19_June.indd 44 5/28/19 10:55 AM

Keep Informed Resources and News from AHIMA

Sharing AHIMA’s Mission and Vision for the Future of the Organization and ProfessionAHIMA has introduced new mission and vision statements, designed to be bold, transformative, and inspirational.

� AHIMA’s Mission: Empowering people to im-pact health

� AHIMA’s Vision: A world where trusted infor-mation transforms health and healthcare by connecting people, systems, and ideas

The organization’s leadership believe these state-ments will enhance the value of the health informa-tion management (HIM) profession and position the association as a leader in the future healthcare ecosystem.

Meet AHIMA’s C-Suite in the April Issue of Advantage The latest issue of AHIMA’s member newsletter, AHIMA Advantage, introduces the members of the new AHIMA leadership team and their roles. The issue also includes information to help interested professionals learn more about the CDI credential, as well as how to keep up with new coding guide-lines. Read the issue at www.ahimaadvantage-dig-ital.com/ahimaadvantage/april_2019.

Earn CEUs While You Read with Continuing Education QuizzesOnline continuing education quizzes offer AHIMA customers the opportunity to convert their reading into CEUs. Based on articles from the Journal of AHIMA or CodeWrite e-newsletter, each quiz has 10 multiple choice questions and earns customers one CEU when successfully completed. Quizzes are only $20 for members. Recent Journal articles with CE quizzes include “Teaching Tune-Up” and “Denial Prevention: Understanding Common Cul-prits and How to Avoid Them.” To view a current list of available quizzes in the AHIMA store, visit https://my.ahima.org/search/journal%20and%20quizzes.

JULY12–13 CSA Leadership Symposium, Chicago, IL

14–15 Clinical Documentation Improvement (CDI) Summit, Chicago, IL

16–18 CDI Trainer Workshop, Chicago, IL

27 VLab Curriculum Integration for Novices, Atlanta, GA

27 VLab Curriculum Integration for Experts, Atlanta, GA

27–31 Assembly on Education/Faculty Development Institute, Atlanta, GA

28–31 CSA Meeting: Florida, Lake Buena Vista, FL

31 Educator Workshop: Preparing for 2018 HIM Curricula Transition, Atlanta, GA

UPCOMING INSTITUTES, SEMINARS, WORKSHOPS, AND WEBINARSAugust 16 CSA Meeting: Connecticut, TBD

September 14

The Journey to Your Future: Strategic Planning for Academic Programs, Chicago, IL

September 14–15

Privacy and Security Institute, Chicago, IL

September 14–15

VUCA & Voices Leadership Training, Chicago, IL

September 14–15

Clinical Coding Meeting, Chicago, IL

September 26–27

CSA Meeting: North Dakota, Fargo, ND

Dec. 2–4 Inpatient and Outpatient CDI Academy, Long Beach, CA

Dec. 2–4 Privacy and Security Training with CHPS Exam Prep, Long Beach, CA

Dec. 2–4 ICD-10-CM/PCS Trainer Academy 2.0, Long Beach, CA

Check www.ahima.org/events for the latest schedule of institutes, seminars, and workshops.

A Look AheadUpcoming AHIMA Institutes, Seminars, Workshops, and Webinars

19_June.indd 45 5/28/19 10:55 AM

46 / Journal of AHIMA June 19

AHIMA Volunteer Leaders

AHIMA BOARD OF DIRECTORS President/ChairValerie J. Watzlaf, PhD, MPH, RHIA, FAHIMAVice Department Chair of Education and Associate Professor University of PittsburghPittsburgh, PA(412) [email protected]

President/Chair-electGinna Evans, MBA, RHIA, CPC, CRC, FAHIMACoding Educator, IM Specialties DivisionEmory HealthcareDecatur, GA (770) 845-5730 [email protected]

Past President/ChairDiann H. Smith, MS, RHIA, CHP, FAHIMAVice PresidentTexas Health ResourcesArlington, TX (682) [email protected]

Speaker of the House of DelegatesShawn C. Wells, RHIT, CHDADirector of Health InformationUniversity of Utah HealthSalt Lake City, UT(801) [email protected]

CEO, AHIMAWylecia Wiggs Harris, PhD, CAEChicago, IL (312) [email protected]

TERM ENDS 2019—DIRECTORSJill S. Clark, MBA, RHIA, CHDA, FAHIMASenior Consultant and Knowledge Officer, e4Red Lion, PA(610) [email protected]

Dwan Thomas Flowers, MBA, RHIA, CCS, CDIPHIM Consultant(904) [email protected]

Karen S. Scott, MEd, RHIA, CCS-P, FAHIMASenior Training Specialist/OwnerTruCode/Karen Scott Seminars and ConsultingBartlett, TN(901) [email protected]

TERM ENDS 2020—DIRECTORSTreasurerSeth Jeremy Katz, MPH, RHIA, FAHIMAAssociate Chief Information OfficerTruman Medical Center(913) [email protected]

SecretaryKim D. Theodos, JD, MS, RHIAAssistant ProfessorUniversity of Louisiana at Monroe(318) [email protected]

Melinda A. Wilkins, PhD, RHIA, FAHIMAProfessor and Program Director, Health Informatics and Health Information ManagementArkansas Tech University(479) 970-1434 [email protected]

TERM ENDS 2021—DIRECTORSSharon Easterling, MHA, RHIA, CCS, CDIP, CRC,

FAHIMA PresidentDocBytesCharlotte, NC(704) [email protected]

Jennifer Mueller, MBA, RHIA, FACHE, FAHIMAVice President and Privacy OfficerWisconsin Hospital Association – Information CenterFitchburg, WI (920) [email protected]

Godwin I. Okafor, MSHI, RHIA, FAC-P/PMProgram ManagerUS Department of Veterans Affairs(404) [email protected]

Board AdvisorJohn P. Hoyt, FACHE, FHIMSSExecutive Vice President EmeritusHIMSSChicago, IL(312) [email protected]

2019 CHAIRS OF AHIMA VOLUNTEER GROUPSAdvocacy and Policy Council Seth Johnson, MBA, [email protected]

Daniel Utech, RHIA, [email protected]

AHIMA Grace Award CommitteeSandra Pearson, MHA, RHIA, CHDA, [email protected]

AHIMA Triumph Awards CommitteeRenae Spohn, MBA, RHIA, CPHI, CPHQ, FNAHQ, [email protected]

Annual Convention Program CommitteeSandra Joe, MJ, RHIA, [email protected]

CDI Summit Program CommitteeGenee [email protected]

Lisa Campbell, PhD, RHIA, CDIP, CCS, [email protected]

Clinical Coding Program CommitteeMegan DeVoe, [email protected]

Lance Smith, MPA, RHIT, CCS-P, CHC, COC, [email protected]

Engage Advisory CommitteeYvette [email protected]

Fellowship CommitteeLinda Galocy, MS, RHIA, [email protected]

New Graduate Leadership CommitteeTodd Norden, [email protected]

Nominating CommitteeRalph Morrison, RHIA, [email protected]

Privacy and Security Program CommitteeBeth A. Kost-Woodrow, [email protected]

Tanya Srdanovic, MPA, RHIA, [email protected]

Professional Ethics CommitteeVong Miphouvieng, MHA, RHIA, [email protected]

2018–2019 HOUSE OF DELEGATESSpeaker of the House of DelegatesShawn C. Wells, RHIT, CHDADirector of Health InformationUniversity of Utah HealthSalt Lake City, UT(801) [email protected]

Speaker-elect of the House of DelegatesChristine Williams, RHIAHealth Information Management Document Integrity ManagerUW HealthMadison, [email protected]

Envisioning CollaborativeAurae Beidler, MHA, RHIA, CHPS, [email protected]

Shawn C. Wells, RHIT, CHDADirector of Health InformationUniversity of Utah HealthSalt Lake City, UT(801) [email protected]

House LeadershipBecci Conroy, RHIA, CCS-P, [email protected]

Christine Williams, RHIAHealth Information Management Document Integrity ManagerUW HealthMadison, [email protected]

2019 CHAIRS OF AFFILIATE VOLUNTEER GROUPSAHIMA FoundationDiann H. Smith, MS, RHIA, CHP, FAHIMA (682) [email protected]

Commission on Accreditation for Health Informatics and Information Management EducationStuart M. Speedie, PhD, FACMI(651) 249-1350 [email protected]

Commission on Certification for Health Informatics and Information ManagementKaren Collins Gibson, MSA, RHIA, FAHIMA [email protected]

Council for Excellence in EducationKeith Olenik, MA, RHIA, CHP(816) [email protected]

2019 PRACTICE COUNCIL AND VOLUNTEER CONTACTS Clinical Documentation ImprovementChinedum Mogbo, RHIA, CDIP, CCS, [email protected]

Anny Yuen, RHIA, CCS, CCDS, CDIP [email protected]

Clinical Terminology and ClassificationFaith McNicholas, RHIT, CPC, CPCD, PCS, [email protected]

Mary Stanfill, MS, MBA [email protected]

EHR Documentation IntegrityJami Woebkenberg, MHIM, RHIA, CPHI [email protected]

Lori Richter, MA, RHIA, CHPS, CPHIT, CPEHR [email protected]

Privacy and SecurityDana DeMasters, MN, RN, [email protected]

Wes Morris, CHPS, CIPM, HCISPP [email protected]

19_June.indd 46 5/28/19 10:55 AM

Journal of AHIMA June 19 / 47

AHIMA Volunteer Leaders

Email changes to your listing to [email protected]

COMPONENT STATE ASSOCIATION PRESIDENTSAlabamaLakesha Kinnerson, MPH, RHIA, [email protected]

AlaskaKara Anderson, CCS-P, B.Ed, CPC, [email protected]

ArizonaLisa Hart, MPA, [email protected]

ArkansasSara Daniel, RHIA, [email protected]

CaliforniaMaria Caban Alizondo, MOL, RHIT, [email protected]

ColoradoShandra Duncan, RHIT, [email protected]

ConnecticutJames Donaher, RHIA, CDIP, CCS, [email protected]

DelawareKimberly Seery, RHIT, CHDA, CDIP, CCS, CPC, [email protected]

District of ColumbiaToni Jackman, MS-HIS, MTM, [email protected]

FloridaRae Freeman, RHIA, CHPS, CDIP, [email protected]

GeorgiaKaren Searcy, RHIA, [email protected]

HawaiiLari Anne Kamei, MBA, [email protected]

IdahoJamie Sand, EdD, RHIT, [email protected]

IllinoisTricia Truscott, MBA, RHIA, CHP, [email protected]

IndianaLynette Thom, RHIA, CDIP, [email protected]

IowaJacinda Barth, [email protected]

KansasRichard Ryan, MHS/HCEd, [email protected]

KentuckyDustin Ginn, MA, MHA, [email protected]

LouisianaKristy Courville, MHA, [email protected]

MaineSheri Conley, RHIT, [email protected]

MarylandLinda Williams, [email protected]

MassachusettsBibi Von Malder, RHIT [email protected]

MichiganShawn Armbruster, [email protected]

MinnesotaRyan Johns, RHIA, [email protected]

MississippiLorie Mills, RHIT, [email protected]

MissouriBrenda Fuller, RHIA, [email protected]

MontanaRebecca Conroy, RHIA, CCS-P, [email protected]

NebraskaTina Mazuch, MS, RHIA, CCS [email protected]

NevadaZheila Smith, CDIP, [email protected]

New HampshirePamela Varhol, MS, MBA, RHIA, [email protected]

New JerseyFran DiLorenzo, [email protected]

New MexicoErica Lopez, [email protected]

New YorkJeffery Youngs, [email protected]

North CarolinaMary Gregory, RHIT, CDIP, CCS, CCS-P, [email protected]

North DakotaLaurie Peters, RHIA, [email protected]

OhioKrystal Phillips, RHIA, [email protected]

OklahomaTressa Lyon, [email protected]

OregonCrystal Clack, MA, RHIA, CDIP, [email protected]

PennsylvaniaMargaret Stackhouse, BSB/IS, RHIA, [email protected]

Puerto RicoAmarylis Del Hoyo, [email protected]

Rhode IslandPatti Nenna, RHIT, [email protected]

South CarolinaTeresa Huss, MHS, RHIA, [email protected]

South DakotaJamie Husher, MS, RHIA, [email protected]

TennesseeShannan Swafford, DHA, RHIT, CHDA, [email protected]

TexasPenny Crow, MS, [email protected]

UtahCarolyn Russell, [email protected]

VermontSarah Donaldson, MS, [email protected]

VirginiaKathleen Scott, [email protected]

WashingtonPaula Dascher, [email protected]

West VirginiaVickie Findley, MPA, [email protected]

WisconsinElizabeth Rockendorf, RHIA, CHPS, [email protected]

WyomingSarah Reynolds, [email protected]

19_June.indd 47 5/28/19 10:55 AM

48 / Journal of AHIMA June 19

AHA Central Office ........................................................23

AHIMA .................................................................. 8, 37, 43

First Class Solutions ......................................................33

Healthcare Cost Solutions ............................................. 13

MRO ................................................................. back cover

Perry Johnson & Associates, Inc. .................................. 17

SourceHOV Healthcare, Inc. ................. inside back cover

Textware Solutions-Instant Text ....................................22

TruCode .................................................. inside front cover

YES HIM Consulting .........................................................1

Advertising IndexAHIMA Thanks Its Loyalty Program Members

EXECUTIVE LEVEL

MANAGER LEVEL

The AHIMA Loyalty Program offers organizations the opportu-nity to better align their marketing outreach with AHIMA’s print, content, and information channels while delivering year-long ex-posure to AHIMA’s 103,000+ health information professionals.

To learn more about the AHIMA Loyalty Media Program and position your organization for success, contact:

Jeff Rhodes, 410-584-1940, [email protected] or Allison Zippert, 410-584-1941, [email protected]

19_June.indd 48 5/28/19 10:55 AM

CONSULTING & OUTSOURCING GUIDE

AHIMA

2019 | RESOURCE GUIDE

19_June.indd 49 5/28/19 10:55 AM

> Billing reviews, HIM/medical record, and privacy

consulting for skilled nursing facilities

> Department-wide and function-specific operational

assessments to streamline hospital HIM efficiency

> APC, DRG, and HCC risk-adjusted ICD-10CM/PCS

coding compliance reviews to ensure revenue

integrity

> HIPAA readiness assessments to mitigate risk

> Human subject research compliance services to

help research organizations navigate the minefield

of regulations

> Release of information guidance and software to

manage HIPAA disclosure activities

>Temporary and interim management to fill HIM

staffing gaps

Hung�� for HIM consulting ser�ices?

Our menu will impress you, and our first-class ser�ice will put you at ease.

Let us don the white gloves and take care of things.

Offering an array of

options for hospitals,

physician practices,

and skilled nursing facilities,

including CORTRAK, our HIPAA-compliant

release of information solution:

…and so much more. To see all of our fully customizable services,

visit www.firstclasssolutions.com.

CONTENTS

See our full profile on AHIMA ResourceConnect at resourceconnect.ahima.orgAHIMA ResourceConnect advertisers as of 4/19/19.

Administrative Consultant Service, LLC ...............................55

First Class Solutions ....................50

Healthcare Cost Solutions ...........55

Healthcare Resource Group .........52

Labouré College ..........................53

MRO ...........................................54

Perry Johnson & Associates, Inc. ...........................52

Stat Solutions, Inc. ......................55

Textware Solutions-Instant Text ...55

SEE OUR DISPLAY AD ON PAGE 33.

50 CONSULTING & OUTSOURCING GUIDE / June 201950

19_June.indd 50 5/28/19 10:55 AM

Consultants Use Trainer Program to Sharpen CDI SkillsCHEFS KNOW THAT a dull knife is more dangerous than a sharp one. While a sharp blade can work with speed and precision, a dull blade can easily veer off track and cut indiscriminately—including the chef. The same can be said with consultants and their skills—they are best kept sharp and current, lest they be-come dull and veer a job off course, causing irrepa-rable damage.

AHIMA’s new Clinical Documentation Improvement (CDI) Train the Trainer program serves as a grinding stone for consultants and other CDI professionals, al-lowing them to sharpen their CDI and presentation skills. The program format launched with ICD-10-CM/PCS training, then expanded in late 2018 to of-fer trainer courses in CDI and revenue cycle. The Train the Trainer program is geared toward those looking to create an in-house training program that grows competent staff as well as those who professionally consult in these key healthcare areas. The CDI Train the Trainer is especially enticing for consultants be-cause it allows them to enhance their skills and pro-fessional profiles at a time when CDI skills have never been in higher demand, according to Tammy Combs, RN, MSN, CCS, CCDS, CDIP, director of HIM practice excellence, CDI/nurse planner at AHIMA.

“You want consultants that are experts, who come in and give you guidance on your organization. But how do you really know if they are an expert?” Combs says. “Well, there is the CDIP credential, which is one avenue. But the trainer program takes it another step, so that they are not only recognized as an expert in the subject area, but they are also an expert in CDI training, sharing that information with others. This program really helps consultants stand out.”

The program isn’t for newbies just starting to cook with clinical queries. Participants in the CDI Train the Trainer program must meet eligibility requirements before they can sign up to attend the three-day in-person training workshop at AHIMA’s Chicago, IL headquarters. These requirements—which include having five years of experience in CDI, the CDIP cre-dential, and experience writing or presenting for AHIMA—were put in place to ensure true CDI experts were signing up for the course. These are individuals engaged in the industry and looking to advance it, Combs says.

While popular with consultants, the CDI Train the Trainer program is also a good fit for CDI professionals

working in inpatient or outpatient settings who want to gain additional training that can be shared with staff back in their facilities. A new role emerging in healthcare organizations is a formal CDI trainer, who works to educate health information staff, providers, and others in the organization on proper documenta-tion, Combs says. Professionals in these roles, as well as those in CDI lead or supervisor positions, have also attended Train the Trainer in order to receive addi-tional CDI education and the recognition that comes with the Trainer Badge. This badge is awarded to at-tendees who pass the presentation and exam portion of the program, and can be placed on a resume, web-site, or email signature to signify expertise in CDI.

The program teaches attendees about the seven characteristics of high-quality documentation, walk-ing CDI professionals through each area and homing in on how to apply each characteristic to any given CDI scenario. Attendees learn how to stay compliant while writing a CDI query as well as how to stay compliant while identifying, sending, and applying the results of queries. “We also walk through CDI metrics, so attend-ees are gaining an in-depth knowledge of what those metrics look like from both inpatient and outpatient areas,” Combs says. “With each of these topics they should be well aware of them. We are fine tuning it, we are taking it to the next level, to help them sharpen up their skills in each of these important CDI areas.”

Program participants must also develop and give a presentation to the group at the end of the course, which Combs says helps sharpen consulting and teaching skills. Leadership and communication skills are worked on before the presentations—which Combs says center on CDI best practices and key takeaways learned from the session.

With CDI expanding beyond the inpatient hospital and into physician clinics, home health, and skilled nursing facilities, there is suddenly a large demand for CDI experts to build CDI programs from scratch or help current CDI programs hit key performance indi-cators. Add in that the role of CDI educator is quickly growing in inpatient facilities, and AHIMA felt its train-er program provided the recipe for success for many CDI consultants and professionals. “This is a big driver for this program, to support that growth out there in the CDI industry,” Combs says.

For more information on AHIMA’s Train the Trainer program, visit www.ahima.org/education/traintrainer. ¢

Month 2014 / GUIDE NAME HEREJune 2019 / CONSULTING & OUTSOURCING GUIDE 51

19_June.indd 51 5/28/19 10:55 AM

To learn more about PJ&A solutions, visit our website or call:

(800) 803-6330 www.pjats.com

Accuracy Matters.

30+ years of history and innovations in

healthcare technology expert team of

certified transcriptionists and coders

industry-leading 99.2% QA scores strict

adherence above HIPAA, CMS, and

regional guidelines

Let PJ&A improve your workflow efficiencies

and maximize your reimbursements

Dictation & Transcription

Reporting Virtual Scribing

Coding & Auditing Data Mining Teleradiology

Our HIM Services

“HRG is committed to identifying areas that need improvement and have recognized multiple deficiencies that our prior vendor missed. We wholly appreciate the experience and passion they bring to our partnership.”

Sandi Lehman, CFOHumboldt General Hospital

Winnemucca, NV

Medical Coding

Auditing

Clinical Documentation Improvement

Denial Management

HIM Assessments

Consulting

TOP RATED CODING

RECOGNIZED BY KLAS

800.695.8171 | [email protected]

HEALTHCARE RESOURCE GROUP, INC.

SEE OUR DISPLAY AD ON PAGE 17.

CONSULTING & OUTSOURCING GUIDE / June 201952

19_June.indd 52 5/28/19 10:55 AM

CDIEarn 8 credits

with the first

college-level

CDI program in

the country

Labouré’s Program v. Boot Camp Webinars:

Labouré’s program is different from webinar programs and

boot camps because it is a college credit-bearing program.

Labouré College’s CDI program stands alone in

its structured, group approach to learning a new

healthcare discipline in an online format.

All courses are online and taught by nurses and doctors credentialed in CDI. The program includes weekly assignments, recorded lectures, hands-on practice activities, and discussion groups. Most importantly, the program provides students with an experienced instructor who is available to answer their questions. Students also have the opportunity to learn from fellow classmates with diverse professional backgrounds.

Each of the four courses covers one or more of the six CDI core competency groups. The eight credits of academic coursework represent 120 hours of instruction and approximately 250 hours of reading or written assignments. In total, this program represents approximately 10 weeks of training. This is a significant bonus to healthcare organizations hiring Labouré CDI graduates - they can start immediately on the clinical practice component of their education and training.

Labouré College’s online Clinical Documentation Improvement Certificate is a structured, academic program designed for credentialed healthcare workers identified by ACDIS or AHIMA (RN, RHIA, RHIT, CCS, MD

and DO).

Graduates gain a solid background in CDI and daily processes and are ready to begin their clinical practice in the CDI department immediately – without preparatory training by the healthcare facility.

Quick Facts:

• Start in September, January, or May• Can be completed in two semesters• Earn eight college credits• College accredited by NECHE• Taught by CDI credentialed nurses and doctors • Graduates are fully prepared to begin clinical practice in CDI departments

• Tuition: $2,920 - payment plans are available (because this program qualifies for college credit it is commonly approved for tuition reimbursement by hospitals and healthcare organizations)

For more information: Please visit laboure.edu or contact the Admissions team at (617) 322-3575 or [email protected].

Program Chair, Elise Belanger, RHIA is also available at [email protected].

Courses: 2 credits each

• Record Review and Document Clarification• Clinical Coding Practice • Metrics and Education• Compliance and Leadership

Educating exceptional nurses and

healthcare professionals since 1892

Labouré College · 303 Adams Street · Milton, MA 02186 · (617)322-3575 · laboure.edu

Month 2014 / GUIDE NAME HEREJune 2019 / CONSULTING & OUTSOURCING GUIDE 53

19_June.indd 53 5/28/19 10:55 AM

SEE OUR DISPLAY AD ON THE BACK COVER.

Learn more at www.mrocorp.com

RATED ##1 FOR RELEASE

OF INFORMATION

KLAS CATEGORY LEADER FOR ROI SINCE 2013HIM leaders gain peace of mind and more time back in their day when partnering with MRO, the KLAS-rated ##1 industry leader for Release of Information (ROI) services. MRO’s cutting-edge technologies provide high levels of visibility and control through transparent reporting and compliance tools and sophisticated workflows that offer industry-leading turnaround times. Epic integrations are available.

MRO mitigates breach risk by incorporating multiple quality checks performed by highly trained ROI specialists at client locations and our centralized National Service Center. Plus, our patented IdentiScan®®

application uses optical character recognition technology to drive 99.99% disclosure accuracy.

By deploying our ROI Online®® solution as a centralized platform, healthcare organizations can better manage PHI disclosure, standardize processes and improve compliance throughout the healthcare enterprise.

KLAS Reports: What MRO Clients SayIn addition to being the KLAS-rated ##1 Category Leader for ROI for six consecutive years, MRO is also the leader for overall performance and service quality in the KLAS report “Release of Information 2018: Who Delivers Most Consistently Across Customers?” Three ROI service providers had statistically adequate client bases to be included in the report.

Key highlights from the 2018 ROI report include:

•• On a 100-point scale, MRO’s reported overall performance score was over a 90.

•• MRO’s performance ratings for overall satisfaction, quality of service staff and turnaround time are rated highest among the vendors.

•• MRO is noted as the consistent high performer and well-rounded firm with good communication, good employees and strong delivery of ROI services.

•• 95 percent of MRO’s clients say they would hire our company again, a percentage much higher than the other vendors.

•• MRO has the proven scalability to meet large client needs and implementations.

Quality and Ability to Scale The 2018 ROI report notably features quality as a key theme related to MRO’s services, highlighting “top notch employees and outstanding customer service.” KLAS’s research found that MRO clients appreciate the responsiveness of our customer service and say they can always speak with someone when they need to. Additionally, the report states “MRO has proven the ability to scale and provide quality ROI services to both large and small clients.”

QUALITY AND COMPLIANCEMRO Corp. is very committed to quality and compliance. We feel confident in their leadership, their organizational structure, and their commitment to customer service. Another big thing is their relationship with Epic. We are an Epic shop, so that relationship is very important to us.

-Director, June 2018

INNOVATIVE TECHNOLOGY

AND WORKFLOWS The software that MRO Corp. and other similar companies use is an advantage. They don’t have to do manual final checks to make sure we are releasing the right information to the right people. That provides checks and balances that we don’t usually have. The software is very valuable for keeping us out of trouble.

-Director, June 2018

RESPONSIVE SUPPORTOur work with MRO Corp. is going very well. They are very responsive when we have an issue, so they have great support. They address any issues right away. ROI is complicated with all the requests for information that we get, and MRO Corp. provides great service.

-VP/Other Executive, June 2018

CONSISTENT STAFFINGMRO Corp. provides consistency with their staffing. We have worked with the same people for years. One of those people is outstanding.

-Director, June 2018

EASY IMPLEMENTATIONSOur experience with MRO Corp. has been positive. Our implementation went smoothly, and they have listened to our concerns and addressed our needs.

-VP/Other Executive, June 2018

CONSULTING & OUTSOURCING GUIDE / June 201954

19_June.indd 54 5/28/19 10:55 AM

AHIMA

Discover even more resources, services, and products at resourceconnect.ahima.org

EXPERT

CONSU LTAT I ONRevenue Cycle Management, ICD10 Audits, CDI, Appeals Process, Hospital Chargemaster Review & More

www.acsteam.net

Coding Compliance Audits:Inpatient/Outpatient / Clinic

• Concurrent

• Retrospective

• HCC / Risk Adjustment

• Professional Fee

Remote Coding Support:

• 100% U.S. Based / Ongoing QA

Healthcare Audit Resource Technology

Database Solution for the Ever-Changing

Environment of the External Audit

Optimizing Your Rightful Reimbursements

Healthcare Cost Solutions, Inc.

866.427.7828 / 949.721.2795

www.hcsstat.com

Instant Text is the leading expander compatible with all transcription plat-forms and EHR systems. Give your staff the best productivity tool to produce accurate documentation in record time. Transcription or editing, it can be done in less time.

Visit: www.textware.com Email: [email protected]: 800 355 5251Contact: Marianne Kleen

Textware Solutions58 Lexington Street

Burlington, MA 01803-4005

Stat Solutions, Inc. provides tailoredsolutions for all your HIM needs. We focus our efforts on providing thehighest level of quality credentialed HIMprofessionals along with the finestpersonalized customer service.

Coding Services

Coding Quality Reviews

Interim HIM Management

Clinical Documentation Improvement

For more information please call888-297-7212

[email protected]

SEE OUR DISPLAY AD ON PAGE 13.

SEE OUR DISPLAY AD ON PAGE 22.

Month 2014 / GUIDE NAME HEREJune 2019 / CONSULTING & OUTSOURCING GUIDE 55

19_June.indd 55 5/28/19 10:56 AM

56 / Journal of AHIMA June 19

IN RESEARCH FINDINGS THAT SHOULD surprise very few health information management (HIM) professionals, attending physicians and the colleagues they conduct morning rounds with think electronic health records (EHRs) aren’t well suited for rounding in patient rooms. Their disdain for this now pervasively adopted tool has led them to make handwritten notes on hard copies of patient summaries when they are in patient rooms. However, those handwritten notes may or may not be integrated into the patient’s electronic chart once morning rounds have concluded, according to research published in the journal PLOS.

There’s plenty of research linking physician burnout rates and life-threatening errors in pediatric cases to poor EHR design and workflow, but now researchers are looking at the critical caregiving decisions clinicians are mak-ing when they’re face to face with patients. They found that rounding—and the handoff periods before and after rounding—are prime examples of when clinicians are more likely to use workarounds to convey important clinical information. The study included photos of handwritten notes taken on the spot. Physicians who were studied also mentioned the numerous phone calls and emails they exchange—important information that isn’t always merged into an EHR.

In interviews with clinicians about which workarounds they use and why, researchers wrote that “One resident explained that using handwriting helps process patient information: ‘The information that I have in handwriting, I write down all the morning labs based on what I see on the EHR. I do this by hand because it’s easier for me to pro-cess the information when I’m writing that for myself. Then I also have mostly check boxes that are to-dos. These are tasks that need to be done during the day. Whether it’s talking to a consultant, making sure that this lab or this order is made in the EHR, this medication is started, or follow up on this result.’”

Investigators concluded that in terms of usability and workflow, there is much work to be done before EHRs will become a physician’s preferred method of patient documentation. Vendors should take note.

“Although EHRs can improve healthcare quality and have done so in many ways, our findings show that there are many challenges in the current inpatient environment that need to be addressed if EHRs are to reach their full potential,” the researchers wrote. ¢

Paper Workaround Defeats EHRs’ Purpose

19_June.indd 56 5/28/19 10:56 AM

Need a coding expert?YOU CAN COUNT ON LEXICODE

LEXICODE.COM

800.448.CODE (2633)

14 MILLIONRECORDS CODED IN

2018

REMOTE CODINGINCLUDES QA AND EDUCATION

EDUCATION OPPORTUNITIESDYNAMIC CODING EDUCATION

AUDITORS/CONSULTANTSTO PERFORM AUDITS AND INTERIM

CODING MANAGEMENT

READY TO SCALESHORT AND LONG–TERM CONTRACTS

AVAILABLE

FLEXIBLEONSHORE OR OFFSHORE SOLUTIONS

OR A COMBINATION OF BOTH

ACCURATEHIGHLY EXPERIENCED, CREDENTIALED

CODERS AND CONSULTANTS

1,000PROVIDERS RELY ON

LEXICODE

1,000+CREDENTIALED CODERS

AND CONSULTANTS

19_June.indd 1 5/28/19 10:57 AM

• KLAS RATED #1 FOR ROI • AUTOMATED WORKFLOWS • 99.99% ACCURACY • EPIC INTEGRATIONS •

Reputation is everything. That’s why HIM leaders across the nation’s best health systems trust and rely on MRO’s

KLAS-rated #1 Release of Information services and team of renowned experts. Not only do we have a superior

reputation for personalized service and quality, we also work closely with clients to make sure they do too.

Together, we respond to increasing PHI disclosure volume and compliance demands. Through a combination of

the right people and innovative technology solutions, MRO enables clients to deliver high levels of quality, fast

turnaround times, compliance and enhanced customer service.

Gain peace of mind and more time back in your day by partnering with the team that has a proven track record for

excellence. Greg Ford is just one of the many expert resources you get when partnering with MRO.

“You’re only as good as the company you keep.”

Meet Greg Ford, Senior Director of Requester

Relations and Receivables Administration. He serves as

a dedicated, expert liaison between MRO clients and

payers requesting large volumes of medical records

for audits and reviews including HEDIS and Risk

Adjustment. Through a consultative approach, Greg

and his team work closely with clients to implement

efficient workflows to shore up defenses against

increasing volumes of payer requests.

Learn more: www.mrocorp.com/experts

MANAGED CARE CONTRACTS & PAYER AUDITS

19_June.indd 2 5/28/19 10:57 AM