MEDICAL CONTRACTS AND ETHICS
Contracts. It can seem like such a difficult topic, right? The pages and pages of legal and business speak. Itâ€™s true that it can be confusing, but understanding how managed care contracts work is important not only for your job in health care, but also for the patients.
Contracts are important in health care because they outline exactly how a relationship will work and both partiesâ€™ expectations. As a medical office billing specialist, itâ€™s important for you to understand how these contracts work so that you know what and how you can bill for services to receive the reimbursement due to the provider.
MCO contracts are legal agreements between the provider, such as the doctor or hospital, and the insurance company or network. These managed care contracts are creating great competition within the healthcare industry, and companies are always changing the contracts to attract more members.
Ethics is extremely important in health care. One of the ways that the healthcare industry stays ethical is by providing a Patientâ€™s Bill of Rights. This ensures that patients are aware of what care to expect and that they know they have the right to access their healthcare information.
The healthcare industry also has a system of checks and balances in place to ensure ethical practices. The National Committee for Quality Assurance (NCQA) puts MCOs through a voluntary credentialing process that helps evaluate providers.
When a physicianâ€™s office contracts with an MCO, the provider becomes part of the MCOâ€™s network. The MCO is then able to create a larger network of providers for the policyholders (also called members or enrollees). For example, if a physician is going to get paid for providing treatment, he or she must sign a contract with the managed care plan. In some cases, if the contract isnâ€™t beneficial or financially rewarding for the physician, he or she wonâ€™t take part in that MCO contract. Depending on where you work and your role, it may be your responsibility to review those contracts to see if theyâ€™ll meet the needs of your physicianâ€™s office. Be sure to give consideration to the different contract definitions in your textbook.
MCO Contracts and Reimbursement
As with most things in a business, most things boil down to money. Health care is no different. The biggest element of a managed care contract is reimbursement for services. The financial element of the MCO contract explains requirements for reimbursement and claims submission.
Common types of reimbursement payments in MCO contracts include
- Fee-for-service. A physician or provider bills for each service or visit instead of on a prepaid basis.
- Per diem. Reimbursement is based on service for that day and paid daily.
- Per case. A predetermined reimbursement rate is provided for each episode of care.
- Capitation. Reimbursement is made based on preestablished payments of services provided to the enrollees for a specific period of time. The managed care plan pays the provider a fixed amount on a per capita, or per person, basis. This is often called PMPM, or per member per month.
Ethics in Managed Care
Merriam-Websterâ€™s Online Dictionary defines ethics as, â€œrules of behavior based on ideas about what is morally good and bad.â€ Ethics is particularly important in health care because weâ€™re dealing with peopleâ€™s lives. Thus, we want to ensure that every step in the care process is performed correctly. One of the ways to ensure that MCOs are behaving in an ethical manner is to create a system of checks and balances whereby the MCO can evaluate providers through a credentialing process that evaluates the following:
- Medical credentials
- Service fees
- Workplace environment
Although not all MCOs are accredited, those that are become voluntarily accredited through a strict process from the National Committee for Quality Assurance (NCQA). The NCQA is a nonprofit organization that was founded in 1990 â€œto improve the quality of health care.â€ The organization is often referred to as the managed care â€œwatchdogâ€ because it assesses and reports on the quality of managed care plans.
The NCQA works to
- Improve health care
- Provide accountability in health care
- Empower customers by providing information
- Provide excellence in customer service
In response to the need for standardized and objective information on the quality of MCOs, the NCQA began accreditingâ€”evaluating and examining policies, procedures, and performance of organizationsâ€”in 1991. The accreditation process for managed care plans is voluntary.
Voluntary accreditation means that organizations arenâ€™t required to receive an accreditation from the NCQA. However, an accreditation from the NCQA has become a gold standard for managed care plans, and often employers wonâ€™t do business with managed care plans that havenâ€™t received the NCQA accreditation.
Medical Office Specialists and Ethics
As you can imagine, being an ethical medical office specialist is one of the most important characteristics that you can have in the industry. Because youâ€™re working with highly confidential information, providers and patients want to know that youâ€™re striving to be honest, lawful, and discreet in handling their information and making decisions.
You can ensure ethical behavior by making sure that patients understand their rights. The Patientâ€™s Bill of Rights was created to make patients aware of their rights with regards to health care. As a medical office specialist, you may be required to review the Bill of Rights with patients and answer any questions they may have. Some patientsâ€™ rights are covered under federal law. For example, patients have a right to get copies of their medical records. Other patientsâ€™ rights are more specific for each state. Be sure to review the different parts of the Patientâ€™s Bill of Rights in your textbook.
On June 22, 2010, President Obama announced new final regulations for the Patientâ€™s Bill of Rights to help put Americans in charge of their own health care. According to the Centers for Medicare and Medicaid Services (CMS), â€œThe Departments of Health and Human Services, Labor and Treasury collaborated on the Patientâ€™s Bill of Rightsâ€”which will help children (and eventually all Americans) with preexisting conditions gain coverage and keep it, protect all Americansâ€™ choice of doctors, and end lifetime limits on the care consumers may receive.â€
In conclusion, contracts are legal agreements that are an important part of managed health care. Not only do they help providers and insurance plans agree and understand services and reimbursement, but they also protect the patient. These contracts are changing the way that providers do business and offer services because they need to work smarter to make more money.
To be successful in this industry, you must understand that managed care is used to control costs and improve services without sacrificing healthcare quality or ethics. To achieve this, the industry has developed national â€œwatchdogâ€ organizations such as the NCQA in order to develop requirements for quality for providers and also provide voluntary accreditation to those meeting the requirements.
As youâ€™ll discover, there are many regulations and laws to consider in the healthcare industry. One of the most talked-about pieces of legislation that will affect you directly is the Health Information Portability and Accountability Act, commonly referred to as HIPAA (pronounced â€œHIP-uhâ€). HIPAA became law on August 21, 1996. HIPAA amended the Employee Retirement Income Security Act to provide new rights to participants and beneficiaries of group health insurance plans.
At first glance, the law seems very complex, and in fact the entire text of the HIPAA legislation is well over 500 pages. However, when broken down into parts that directly affect you, itâ€™s much easier to understand. For the purpose of this course, weâ€™ll be focusing on a few sections of HIPAA.
One of HIPAAâ€™s main goals is to ensure the continuation of health insurance for individuals changing employment. The act provides protection for individuals and beneficiaries in both group health plans and individual insurance policies. Specifically, HIPAA provides the following:
- Protection against plans that limit coverage for preexisting conditions
- Protection from discrimination against employees and dependents based on health status
- Opportunities to enroll in a new plan under certain circumstances
- The right to purchase individual coverage if no group health plan coverage is available
HIPAA also covers the privacy and security of patient information. Under HIPAA, authorization isnâ€™t necessary for the release of protected health information for the purposes of treatment, payment, or healthcare operations (TPO).
The HIPAA Privacy Rule has essentially replaced the need for a specific and separate authorization for release of medical information to the payer to be executed by the patient. This authorization is now covered under the TPO guidelines of the HIPAA Privacy Rule. Patients should execute an Acknowledgement of Privacy Practices at their initial visit with the provider as part of their registration paperwork; this Acknowledgement serves as their general TPO release document. If they wish the insurance carrier to issue payment directly to the provider, then patients still need to execute an Assignment of Benefits to the Physician.
Figure 4.1 in your textbook is fairly standard and is most often included in the patientâ€™s registration paperwork as part of the demographics/insurance registration form or as part of the financial policy documents. But if the portion of this sample document dealing with the Authorization for Release of Medical Information to the Payer were removed from the form, the provider/facility would still be authorized to release patient information to the payer under HIPAA TPO guidelines.
The HIPAA Privacy Rule
The HIPAA Privacy Rule was initially a great source of frustration and misinformation for healthcare organizations, also known as covered entities. At the most basic level, this portion of the law is intended to protect the privacy of a personâ€™s protected health information, or PHI, while improving the portability of the information. Many practices feared they could no longer use sign-in sheets or call out patientsâ€™ names in the waiting room. They also thought they would have to install soundproofing in exam rooms. As HIPAA training spread through the industry, however, healthcare providers realized that changes were necessary and werenâ€™t as extreme as they had first thought.
The Privacy Rule involves mostly administrative changes. Organizations must designate a privacy officer who understands the Privacy Rule, create organizational polices to ensure compliance, train the staff, and handle any patient privacy complaints. Every organization must now have patients sign a form designating that theyâ€™ve been informed of the privacy practices and have been offered a copy of the policy.
Under the HIPAA Privacy Rule, a covered entity must also detail within the employeesâ€™ job descriptions what PHI they can access. For example, some organizations may deem it necessary for billing personnel to have access to the patient superbill, but not the patient chart. This will vary from organization to organization.
For release of PHI, a specific authorization is required that details what information will be released, to whom it will be released, and for how long the authorization is effective. However, a covered entity may release whatever information is necessary for the continued treatment of a patient, to seek payment for a claim or service, and for the continued operation of the entity. No further authorization is necessary from the patient for these TPO releases other than the notification of privacy practices that should have already taken place prior to the visit.
PHI may also be released without patient authorization when complying with state reporting laws, with federal laws, with governmental investigations, with law enforcement, or with court orders, subpoenas, or other sanctioned requests.
Patients also have several new rights under the Privacy Rule. They may request that the use of PHI for treatment, payment, and operations be limited. A covered entity doesnâ€™t have to agree to such a limitation, though. Patients may also designate that confidential communications be performed by alternate means. For example, a patient may request that you communicate with him or her at a specific phone number only or by mail only. Patients also have the right to inspect or receive copies of their medical records and may also submit an amendment to their medical records. Finally, patients have the right to an accounting of disclosures of their PHI. This accounting doesnâ€™t include any releases made for treatment, payment, operations, or any disclosure made under authorization.
Transaction and Code Sets
HIPAA states that all healthcare organizations must use uniform code sets when submitting electronic healthcare claims. Transaction and code sets cover most of whatâ€™s called â€œadministrative simplificationâ€ in HIPAA. This part of the law provides a single set of data that must be used for all claims to all health plans. It requires the use of standardized systems such as ICD-10, CPT, HCPCS, CDT-2, and national drug codes (NDC). Weâ€™ll discuss these standardized coding systems at length later in the course.
The standards also provide a format or structure to send the data electronically. The most common form youâ€™ll hear about is the 837. Basically, this is an electronic format of the CMS/HCFA-1500 that allows for a greater amount of data per claim, including more line items. Most insurance companies now require this format, and most clearinghouses can now transmit in this format. The capability of billing software to create claims in this format may still be limited, and often the data must be converted by an add-on program or at the clearinghouse.
The second form you will hear about is the 835, the claim payment and remittance advice. The 835 is essentially an explanation of benefits form (EOB), with additional information about adjustments. In the future, as adoption becomes more prevalent, it will be possible for this 835 to link with the 837 (CMS-1500), automatically posting payments and reducing errors. Additional forms created by this part of the law are the 270/271 Eligibility Inquiry, 276/277 Claim Status, and 278 Referral and Authorization Request. Adoption of these forms has been slow, but it will reduce confusion between entities and insurance companies.
None of these transaction standards apply to paper claims, because each health plan is still allowed to decide how to use paper claims and what additional information to require. However, many providers are working toward eliminating paper claims entirely.
The HIPAA Security Rule
The Security Rule requires covered entities to provide reasonable administrative, physical, and electronic safeguards to protect the confidentiality, integrity, and availability of protected health information in an electronic format. The standards require covered entities to implement basic safeguards to protect electronic protected health information from unauthorized access, alteration, deletion, and transmission.
Although the Security Rule specifies that the information must be protected, itâ€™s often vague on actual implementation suggestions. This is by design, because lawmakers wished to allow for the use of evolving technology and ideas and to allow covered entities to decide which technologies to use to satisfy the requirements.
The Security Rule requires three security safeguards for compliance:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
Be sure to spend some time reviewing the different safeguards on pages 86â€“87 of your textbook.
Working with HIPAA
Of course, this is only a brief introduction to HIPAA. As you can see, it could easily be a course in itself! We recommend that you look at the law yourself. In addition, every healthcare organization will have both a privacy officer and a security officer who should be willing to answer any compliance or procedural questions you may have. It may seem like a lot of information (it is!), but as billing personnel youâ€™ll deal with protected health information every day, so youâ€™ll become accustomed to the rules and regulations. Because patient healthcare information is confidential, itâ€™s important that you know how to handle it securely.
Verification of Information
Medical practices and healthcare facilities place a high priority on the daily process of verifying that they have correct patient information, demographic information, and insurance information on the patients that they serve. This information is vital to the process of submitting accurate claims to health insurance providers and securing proper payment for the care and services rendered. In your job, you may play an important role in this process.
Demographic/registration information (full legal name, address, Social Security number, date of birth, employer, etc.) must be verified with patients at regular intervals to ensure accuracy. The patientâ€™s current health insurance coverage should also be confirmed on an ongoing basis, because many employers offer their employees a variety of insurance plans and coverage options during their annual open enrollment periods. Keep in mind that in todayâ€™s highly transient society, patients frequently change addresses and employers. These changes result in outdated or incorrect registration and insurance information being maintained in the patientâ€™s paper or computerized medical record.
A patientâ€™s health insurance coverage can easily be verified via telephone, fax, or the insurance companyâ€™s website. Itâ€™s important to obtain complete information on the patientâ€™s type of plan (HMO, POS, PPO, EPO, etc.), the network of participating providers, the scope of benefits provided, the annual deductible, required copayments, and the type of services that require preauthorization. Itâ€™s also crucial to verify if a patient requires a referral (written or verbal) from his or her primary care provider for the appointment with your facility/office. For new patients to your facility, basic demographic and insurance information should be obtained during the scheduling process and then be routed to the billing specialist for the verification process. As stated above, the information on existing patients should be verified and updated by the billing specialist at regular intervals (quarterly, semiannually, etc.). Doing a little extra work upfront to obtain this information will streamline the claims submission and payment process by reducing errors resulting from inaccurate patient data.
The Health Information Technology for Economic and Clinical Health (HITECH) Act promotes the adoption and meaningful use of health information technology, or a set of requirements to move the healthcare industry toward electronic health records (EHRs).
The HITECH Act was enacted as part of the American Recovery and Reinvestment Act of 2009 and signed into law the same year. Healthcare organizations were required to be compliant with the HITECH Act by 2015 or they risked penalties for not demonstrating meaningful use of EHRs.
Healthcare changes over the past few years have created new demand for health information professionals in a variety of settingsâ€”especially in coding, billing, privacy, and security. However, to be professionally marketable, itâ€™s important to extend your knowledge and experience beyond schooling and get involved in professional organizations and also possibly receive a certification to demonstrate dedication and competency.
To be successful in this industry, you must also demonstrate a complete understanding that managed care is used to control costs and improve services. To achieve this, national â€œwatchdogâ€ organizations such as the NCQA have developed requirements for providers and also provide voluntary accreditation to those meeting the requirements.
HIPAA plays an important role in many medical careers because professionals deal with PHI on a daily basis. You may be asked to play an important part in ensuring that the organizationâ€™s privacy and security standards and requirements are met.