December 12, 2016

Are Recovery Auditors Committing Fraud by Violating this Basic HIPAA Rule?

By
One question that comes up again and again in the healthcare industry is this: “Why do insurance providers deny based on a diagnosis not being listed in the final discharge summary?”

In short, they should not be doing this at all. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), full compliance must be maintained, including with the code set requirements. Furthermore, compliance must exist with these rules and all conventions, guidelines, and official guidance.  

Per the current ICD-10 guidelines: “The UHDDS (Uniform Hospital Discharge Data Set) definitions are used by hospitals to report inpatient data elements in a standardized manner. These data elements and their definitions can be found in the July 31, 1985 Federal Register (Vol. 50, No, 147), pp. 31038-40.”  

The UHDDS requires reporting of “other diagnoses, (which) are designated and defined as all conditions that coexist at the time of admission, that develop subsequently, or that affect the treatment received and/or the length of stay.”

Note that it does not say “what was in the discharge summary.” It says “all.” These “other” diagnoses have been further defined according to five criteria, which include evaluation by a treating physician, diagnostic testing, therapeutic intervention, increased length of stay, or increased nursing services. The truth is that almost any diagnosis of a condition a patient truly has is going to meet the first piece of criteria. Perhaps beyond the understanding of the lawyers, judges, and auditors, the vast majority of medical decision-making is going to be impacted by other medical diagnoses. 

Some of the questions physicians routinely ask include: how is this diagnosis impacting my labs? Do I need to further adjust the medication, considering this other diagnosis? Will this other diagnosis mask yet another diagnosis or create a false positive finding? Is this other diagnosis going to exacerbate the chief condition or create an unsafe discharge plan? Is this other diagnosis going to shorten the patient’s life expectancy or worsen the prognosis? Is this other diagnosis going to make my normal treatment plan more complicated, or even render it completely unsafe/unnecessary? These considerations meet the clinical criteria of impacting medical decision-making, and thus they meet the criteria of clinical evaluation.

The problem is, physicians are people, and it is both impractical and unreasonable to expect any person to write down every single thought they have while at work every single day. While any clinician can understand that these diagnoses actually do meet reporting criteria, according to the definition listed above, such comprehension appears to be beyond the capacity and training of both recovery and commercial auditors. The ridiculous and unrealistic idea that physicians even could document every bit of their thought process should also not go unnoticed.

So what we have is a new definition based on resource consumption. The impetus for this comes from the Medicare conditions of participation stating that any care must be “reasonable and necessary,” otherwise payment will be denied.  

First, let’s address the fact that we have these two completely contradictory standards coming from the same source. The most widely heard and fear-mongering criticism of government-controlled anything is that government-administered programs are bloated, inefficient, bureaucratic, and impossible to comply with. Case in point: if the administration and many members of Congress want progress toward more government-administered programs, do you think they could possibly be bothered to update a 32-year-old UHDDS definition and maybe remove blatant contradictions from their policies? They certainly are not doing themselves any favors when defending against critics here.  

Now, let’s address the “reasonable and necessary” standard. From a patient’s standpoint, any lab drawn, medication given, or therapy provided for a medical condition I have is going to be deemed “reasonable and necessary.” Don’t believe me? Let a bad outcome for failure to provide those services result in a legal case, and see how fast those services and the treatment of the diagnosis becomes “reasonable and necessary” in court.

Nonetheless, if resources utilized for the treatment of a secondary diagnosis are viewed as minimal, or the indicators a treating physician utilized in his or her decision-making are deemed “mild” or “non diagnostic” or “non-specific” by a third-party reviewer in a remote location who has neither evaluated or seen the patient (nor is even a doctor), the condition will likely be denied as reportable. 

Here is where I call attention to just how far off from the original HIPAA-required UHDDS definitions we have gone. Most can’t even look up the original rules, let alone follow them. None of these criteria as stated in the official guidance is being followed in the way it was originally worded.

I suppose if “reasonable and necessary” were further expanded to include criteria such as “might not die today” or “a decent chance a bad outcome won’t occur from skipping this” or “in cases where difficult diagnoses make it easier for us to second-guess the physician,” then under those definitions, yes, we are in compliance. But those are not the definitions. “Reasonable and necessary” to me means whatever it takes to adequately monitor and treat my condition. Ask anyone on the street and they will probably say something similar. 

“Reasonable and necessary” is not part of the official reporting criteria, but rather it is more of a payment matter. This is why those who create auditing policies are quick to list a disclaimer that both the care and the diagnosis is the purview of the treating physician(s). Only the payment determination is under scrutiny. Nonetheless, payment is made based on a reporting definition that assumes that all of these conditions are being reported (in fact, those definitions require such reporting). If the patient clinically has a condition (not “if the diagnosis meets an arbitrary cost-reporting threshold”), it should be reported according to the official language. 

The way the diagnosis-related group (DRG) system is set up, valid diagnoses should also be payable. Remember, the DRG system is an average resource utilization reimbursement system. DRGs are not customized further based on the specific charges or the patient’s unique circumstances (outliers notwithstanding). Not allowing these conditions to be reported is in itself a violation of the original intent of the payment system.

At the end of the day, I could connect all of these dots and make a really good logical argument that the vast majority of these audit efforts are in violation of these various reporting and billing requirements. In conclusion, to that premise, I would argue that the entire audit model currently in place is built on a house of cards composed of violations of HIPAA reporting requirements, and are therefore fraud, according to the Centers for Medicare & Medicaid Services’ (CMS’s) own definitions of fraud.

“Clickbait” headlines and brash conclusions aside, I think we can all agree that at a minimum, it is time for CMS to update these definitions, eliminate contradictory policies, and provide further clarification in their guidance.
Allen R. Frady, RN, BSN, CCS, CCDS, AHIMA Approved ICD-10-CM/PCS Trainer

With 20 years in healthcare, Allen R. Frady provides clients assistance in the areas of documentation, program implementation and compliance. His background includes critical care nursing, coding, auditing, utilization review, and documentation improvement.