LBMC

How changes in health-care regs could affect your business

Mark Fulford & Andrew McDonald for LBMC
Physicians and the health-care organizations that have financial relationships with them should prepare for reimbursement changes and data protection.

In the wake of the presidential election, many people are fretting about changes to our health-care system. The president-elect promised to repeal the Affordable Care Act (ACA) and has appointed an orthopedic surgeon to head Health and Human Services. Many are wondering how this will affect their health-care organizations. While we don’t have a crystal ball to answer that question, we do know that several important health-care reimbursement changes took effect on Jan. 1.

For many years, physicians and the health-care organizations that had financial relationships with them found themselves subjected to potential deep cuts via the old reimbursement methodology only to see someone ride in on a white horse and save the day at year’s end. Today, we face a much more complex system that will consolidate prior reimbursement and incentive plans of old with new models and reporting requirements.

Further, hospitals, physicians and post-acute providers are being asked to look beyond their “silo” and share in various reimbursement models that attempt to force all providers to coordinate care across the vast continuum of care in our current system. The move from volume to value will also exacerbate the need for enhanced information technology capabilities and security.

The new year should prove to be another exciting year in health care, and here’s what health-care organizations need to know as we start 2017:

MACRA changes
MACRA is the Medicare Access and CHIP Reauthorization Act of 2015, which was finalized on Oct. 14, 2016. It is Medicare’s most recent initiative to directly tie Medicare payments to patient quality outcomes since the Department of Health and Human Services (HHS) began launching quality initiatives in 2001. MACRA’s first performance year began on Jan. 1 and will have a significant impact on all health-care providers’ reimbursement.

As physician practices look to close out 2016 and begin planning for 2017, it’s imperative to have processes in place that capture the opportunity for increased revenue potential under the new MACRA ruling. It’s more important now than ever to take steps to maximize your potential for increased revenue and mitigate your risks of payment decreases.

There will be two incentive-based payment models available to clinicians:

Advanced Alternative Payment Models (APMs): Providers may potentially earn a 5 percent incentive payment based on patient quality outcomes.

Merit-based Incentive Payment System (MIPS): Most providers will be eligible to participate in MIPS in 2017.  MIPS will effectively merge many of the current quality programs that health-care providers are familiar with, including Meaningful Use (MU), Physician Quality Reporting System (PQRS) and the Value-Based Payment Modifier (VBM).  MIPS uses 3 different performance categories to determine the payment adjustment for MIPS.

With advanced planning, a clear understanding and taking appropriate steps, you can mitigate the risk of decreased payments and maximize the opportunity for enhanced revenue. But time is of the essence. Each day that goes by without a clear strategy can result in money being left on the table, so consult an expert today to put the right processes in place.

The IMPACT Act
In the post-acute (PAC) arena, the IMPACT Act, Value-Base Purchasing and Final Rule reporting timelines are critical.

The IMPACT Act requires PAC providers to report standardized assessment data for certain quality measure domains. For skilled nursing facilities (SNFs), inpatient rehabilitation facilities and long-term care hospitals, reporting began on Oct. 1, 2016, for some quality domains with additional quality domains to be added on Oct. 1, 2018. Home health agencies were required to start reporting on Jan. 1 of this year with additional quality domains to be added on Jan. 1, 2019. Failure to report will result in a 2 percent reduction of the market basket rate.

While the new SNF value-based purchasing program does not have an impact on payments until Oct. 1, 2018, data collection has already begun. The data collection timeframe for fiscal year 2018 was Oct. 1, 2016, through December 2016. For fiscal year 2019, the data collection period is Jan. 1, 2017, through June 30, 2017. So your future payments are determined by your performance today.

The Centers for Medicare and Medicaid Services Final Rule for long-term care facilities requires the implementation of policies and procedures addressing the many rule changes mandated by the Final Rule. The regulations included in Phase 1 of the Final Rule needed to be implemented by Nov. 28, 2016. Phase 2 implementation must take place by Nov. 28, 2017, and Phase 3 by Nov. 28, 2018.

Here are the key issues for hospitals to consider for the new year:

CJR bundled payments
Hospitals that were located in areas that became subject to Medicare’s comprehensive joint replacement (CJR) bundled payments on April 1, 2016, will now be subject to a repayment penalty if aggregate cost and quality does not meet the target beginning Jan. 1, 2017. Prior to Dec. 31, 2016, the hospital only had a bonus payment if the aggregate episode cost and quality exceeded the target as established by Medicare.

Cardiac Bundled Payments
Medicare’s final rule for Cardiac Bundled Payments was published Dec. 20, 2016. Similar to bundled payments for joint replacement, this program will begin in the same locations as CJR along with 32 other locations. This program is scheduled to take effect on July 1 and will be in effect until Dec. 31, 2021. Similar to CJR, there will eventually be a bonus or penalty.

Hospital-based departments
As of Jan 1, hospital-based departments that are not near the hospital campus (defined by Medicare as 250 yards from the facility) that were certified on or after Nov. 2, 2015, are no longer eligible for reimbursement by Medicare as a hospital-based department. These services will be reimbursed as a site-neutral location at the lower Part B rate.

Cyber security threats
Health-care data continues to be one of the most sought-after precious resources that attackers are targeting in 2017, and this threat demands more stringent protection practices.

Patients’ private health records now fetch higher black market prices than stolen credit cards. The loss of sensitive information due to unauthorized access to databases through malicious software or loopholes in a network is of grave concern for enterprises. Yet the typical anti-virus and firewall software deployed for the protection of an IT infrastructure is not enough to prevent these breaches.

For healthcare organizations in 2017, segmentation and device management will be vital to creating a secure environment. Critical components to keeping your environment secure include working with experts to ensure that devices are kept updated behind firewalls on separate networks. You should also focus on default device passwords and align information security with physician office devices used at their facilities.

In 2017, you will see health-care organizations and other service providers that handle protected health information not only focus on the importance of maintaining patient privacy but also complying with HIPAA. With the wave of highly publicized cyberattacks on health care information, the IT challenges of data security and compliance have only multiplied, so you may see more organizations taking advantage of the HITRUST Common Security Framework to assist in meeting these challenges, as it is rapidly gaining acceptance in the health-care security ecosystem. While obtaining HITRUST certification is a complex undertaking, the rewards can be large, enabling organizations to address regulatory requirements and business challenges.

Andrew McDonald

Complex compliance and secure environments will prove to be key challenges for health-care organizations in 2017. For more on these and related strategies, you should consult a professional. If you are a health-care organization or a service provider that handles electronic protected health information, download a free HITRUST guide to learn more.

Andrew McDonald is a shareholder and practice leader of LBMC Physician Business Solutions and LBMC Healthcare Consulting where he works with health-care professionals in the areas of compliance, revenue cycle and provider integration service consulting. Contact him at  amcdonald@lbmc.com.

Mark Fulford

Mark Fulford is a shareholder in the risk services division of LBMC where he oversees client projects focused on audit and assessment, HITRUST validation and certification assessments, and HIPAA risk assessments. Contact him at mfulford@lbmc.com.  

This story is provided and presented by LBMC .

Related: More stories from LBMC