Monthly Newsletter

June 2021 Monthly Newsletter

Cybersecurity – Not Just a Function of IT

The risk of a cyber threat happening within your practice or organization is more likely as time passes.  When your patient data is compromised, it can shut down clinical operations and your organization for hours, days or even weeks.  Cybersecurity is not just a function of IT, in fact, there is what we call the cybersecurity trifecta – people, processes and technology, which must thrive for any organization to have an effective privacy and security program. 

A cyber incident can happen at a moment’s notice. How well you can recover from it will depend on how prepared you are in advance. In a crisis, people do not rise to the occasion; they fall to their level of preparation.  The HHS 405(d) task group has grown its reach and continued to pursue its mission of aligning health care industry security approaches.  Whether your organization uses HICP (Health Industry Cybersecurity Practices) or other measures, it is important to know that a bigger, broader approach is needed to protect our health care industry in the United States.  Read more on this topic in an article Cybersecurity is not an IT Issue, written by security expert David Sims, a HIPAA expert serving on the HHS 405(d) Task Group and AIHC Board member. 

David will also be hosting one of the AIHC free summer webinars on Thursday, July 8, 2021 at 12:00 pm ET entitled “HIPAA- the HHS 405d Task Force and HICP.” Registration for the free webinars opens June 7th.

Critical Care Billing Errors Rank High on the CMS Improper Payment Report

Are the claims your office is submitting for critical care really subsequent hospital visits? According to the 2020 Medicare FFS Supplemental Improper Payment Date Report (Report), Critical Care hospital visits, the improper payment rate is approximately 20%!  Critical care is also ranking in the top 5 types of services with upcoding errors for Part B claims. 

According to the Report, the first hour of critical care, code 99291 has an overpayment rate of 19.7%, based on 269 claims and 310 line-items reviewed.  What is the accuracy or error rate for your providers?  Do you know?  Is it time to find out?  First, know the rules – download this educational article “Is it Really Critical Care?” to help your hospitalists, intensivists, coding, billing and CDI professionals learn more about appropriate coding and documentation for codes 99291 and 99292.

$12.2 Million Recovered in Government Audit of ESRD Overpayments

Recovery Audit Contractors (RACs) assist the Centers for Medicare & Medicaid Services (CMS) by performing audits.  RAC audits identified improper monthly capitation payments (MCPs) made to physicians managing Medicare end-stage renal disease (ESRD) patients receiving four or more visits per month.  Specifically, RAC audits identified instances in which more than one physician was paid an MCP during a calendar month for claims for ESRD-related services that were provided to center-based ESRD patients during four or more visits per month at the dialysis center.


The physician who provides the complete assessment, establishes the patient’s plan of care, and provides the ongoing management is the physician who submits the bill for the monthly service.  The RAC audits found that this was not always the case: some of these audits identified claims that were improperly paid, because they reflected more than one MCP being submitted for ESRD-related services provided to the same beneficiary for the same calendar month. Additionally, through data matching, the OIG determined that the risk for overpayments was not limited to MCPs for ESRD-related services in cases when center-based ESRD patients received services during four or more visits per month.

The Office of Inspector General (OIG) released a May 2021 Report entitle “Medicare Made Millions of Dollars in Overpayments for End-Stage Renal Disease Monthly Capitation Payments”.  Upon investigation, it was found that the Centers for Medicare and Medicaid Services (CMS) failed to consistently make Monthly Capitation Payments or MCPs in accordance with Federal requirements.

The OIG audit covered $12.2 million in Medicare MCPs to physicians for 53,608 claims for monthly ESRD related services with dates of service in CY 2016, CY 2017, or CY 2018 that investigators identified as at risk for noncompliance with Federal requirements. Read the full OIG report

OCR: Clinical Lab Pays $25,000 to Settle Potential HIPAA Security Rule Violations

The Office for Civil Rights (OCR), the HIPAA enforcement agency, announced that Peachstate Health Management, LLC, (DBA AEON Clinical Laboratories) has agreed to pay $25, and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.  Peachstate provides diagnostic and laboratory-developed tests, including clinical and genetic testing services.

OCR’s investigation found systemic noncompliance with the HIPAA Security Rule, including failures to conduct an enterprise-wide risk analysis, implement risk management and audit controls, and maintain documentation of HIPAA Security Rule policies and procedures.  “Clinical laboratories, like other covered health care providers, must comply with the HIPAA Security Rule.  The failure to implement basic Security Rule requirements makes HIPAA regulated entities attractive targets for malicious activity, and needlessly risks patients’ electronic health information,” said Robinsue Frohboese, Acting OCR Director. “This settlement reiterates OCR’s commitment to ensuring compliance with rules that protect the privacy and security of protected health information.”  Read the Resolution Agreement with OCR

DOJ Heads Up Action Related to COVID-19 Health Care Fraud Exceeding $143 Million

The Department of Justice (DOJ) states that the multiple health care fraud schemes charged on May 26, 2021 describe theft from American taxpayers through the exploitation of the COVID-19 national emergency.  Some examples of the alleged illegal acts are providers who offered COVID-19 tests to Medicare beneficiaries at senior living facilities, drive-through COVID-19 testing sites, and medical offices to induce the beneficiaries to provide their personal identifying information and a saliva or blood sample. The defendants are alleged to have then misused the information and samples to submit claims to Medicare for unrelated, medically unnecessary, and far more expensive laboratory tests, including cancer genetic testing, allergy testing, and respiratory pathogen panel tests. In some cases, and as alleged, the COVID-19 test results were not provided to the beneficiaries in a timely fashion or were not reliable, risking the further spread of the disease, and the genetic, allergy, and respiratory pathogen testing was medically unnecessary, and, in many cases, the results were not provided to the patients or their actual primary care doctors.

Also announced on the same day, the Center for Program Integrity, Centers for Medicare & Medicaid Services (CPI/CMS) states they took adverse administrative actions against over 50 medical providers for their involvement in health care fraud schemes relating to COVID-19 or abuse of CMS programs that were designed to encourage access to medical care during the pandemic.

A statement by Deput Attorney General Lisa O. Monaco reads “These medical professionals, corporate executives, and others allegedly took advantage of the COVID-19 pandemic to line their own pockets instead of providing needed health care services during this unprecedented time in our country. We are committed to protecting the American people and the critical health care benefits programs created to assist them during this national emergency, and we are determined to hold those who exploit such programs accountable to the fullest extent of the law.”

DOJ Reports $80 Million Health Care Fraud Conspiracy

The final defendant was sentenced on May 27, 2021 in an $80 million health care fraud conspiracy, according to the Department of Justice (DOJ).  According to court documents, a total of eight individuals and their co-conspirators operated a fraud and money laundering organization responsible for executing a series of frauds in Florida and Michigan.

The organization recruited and directed nominee owners to fraudulently purchase home health agencies. The home health agencies had no medical staff and provided no services to any beneficiaries. The group, upon receiving the Medicare money, would funnel that through several layers of shell companies and bank accounts in an effort to launder the money before converting it to cash at ATMs and check cashing stores in Miami.

Once the nominee owners completed their work, the group required them to permanently move to Cuba to avoid detection and live beyond the jurisdiction of the United States.  Alberto Orian Gonzalez-Delgado, 46, of Miami, pleaded guilty to conspiracy to commit health care fraud and wire and is the last remaining defendant in this case to be sentenced.  Read more about this case.

COVID-19 Vaccine Breakthrough Infections

United States, January 1–April 30, 2021

Even though FDA-authorized vaccines are highly effective, breakthrough cases are expected, especially before population immunity reaches sufficient levels to further decrease transmission. Despite the high level of vaccine efficacy, a small percentage of fully vaccinated persons will develop symptomatic or asymptomatic infections with SARS-CoV-2, the virus that causes COVID-19.

However, vaccine breakthrough infections occur in only a small fraction of all vaccinated persons and account for a small percentage of all COVID-19 cases, according to a May 28, 2021 reported released in the Morbidity & Mortality Weekly Report (MMWR) by the Centers for Disease Control (CDC).

As of April 30, 2021, approximately 101 million persons in the United States had been fully vaccinated against COVID-19.  However, during the surveillance period, SARS-CoV-2 transmission continued at high levels in many parts of the country, with approximately 355,000 COVID-19 cases reported nationally during the week of April 24–30, 2021.

A total of 10,262 SARS-CoV-2 vaccine breakthrough infections had been reported from 46 U.S. states and territories as of April 30, 2021. Among these cases:

  • 6,446 (63%) occurred in females; and
  • The median patient age was 58 years (interquartile range = 40–74 years).

Based on preliminary data, 2,725 (27%) vaccine breakthrough infections were asymptomatic, 995 (10%) patients were known to be hospitalized, and 160 (2%) patients died. Among the 995 hospitalized patients, 289 (29%) were asymptomatic or hospitalized for a reason unrelated to COVID-19.

Read more

Free Summer Webinars!




3 Live Training Events


Training Camp

October 6-7, 2021 Tampa, FL


Training Camp

October 20-21, 2021 Nashville, TN


Training Camp

October 26-27, 2021 Las Vegas, NV

How to Earn .25 Continuing Education Unit by reading the Monthly Newsletter

  • Login as a Member
  • Click on My Renewals from your DashBoard
  • Click on "3 Ways to earn FREE CEUs for your next credential renewal"