While the healthcare industry plays “wait and see” with regard to what a Trump Administration means for the regulatory landscape of the last eight years, the events of this past year offer a few hints as to what we might expect in 2017.
Two major pieces of legislation passed this year highlight the need of health information management (HIM) professionals to be more engaged with physicians and health systems than ever. The Medicare Access and CHIP Reauthorization Act (MACRA) will keep clinical documentation improvement (CDI) specialists busy with quality reporting requirements, and the recently passed 21st Century Cures Act has implications for privacy and security specialists and HIM professionals across the board. Of course, information governance (IG) will continue to be fertile ground for challenges and even successes in the coming year.
Privacy and Security
Nobody can claim they weren’t warned. Cybercrime went mainstream in 2016, impacting everyone from medium-sized providers to White House candidates. So far, there’s very little evidence suggesting hacking and ransomware events are going away—to the contrary, they’re expected to continue, experts say.
CynergisTek CEO Mac McMillan recently told Healthcare Info Security that he believes “this trend will intensify into next year as the cybercriminal world evolves its ability to monetize the information stolen from the healthcare sector,” because protected health information (PHI) is so lucrative.
Deanna Peterson, MHA, RHIA, CHPS, vice president, health consulting services of First Class Solutions, agrees.
“Access to everything a criminal would need to steal a patient’s identity is potentially only a few clicks away,” Peterson said. “I think there are still many organizations that though they may realize there is a risk for a cyber attack, do not have the resources to properly secure electronic PHI.”
Another reason security experts are concerned is because too many providers are cutting back on the very resources needed to fight cybercrime. Paterson says that in the face of declining reimbursement, providers such as nursing homes are assigning privacy responsibilities to already overburdened administrators.
“It can be argued that a small nursing home may not need a dedicated privacy officer. However, it can also be argued that most administrators do not have the time to keep up with privacy while juggling their other administrator responsibilities,” Patterson adds.
Barb Beckett, RHIT, CHPS, system Privacy officer, Saint Luke’s Health System, says administrators may well be well-suited to take on these rolls, but “when the compliance officer is over both areas, it can lead to less time dedicated to privacy and the opportunity to have a less effective program in place, decreased monitoring ability, heightened chances for non-compliance with regulations.”
The 21st Century Cures Act will require the incoming Health and Human Services (HHS) Department Secretary as well the Office for Civil Rights (OCR) to release additional guidance regarding the effect of changes made to the regulations governing the confidentiality of alcohol and drug abuse patient records found at 42 CFR Part 2.
“Depending on what is put in the final rule, it could have rippling effects across the healthcare industry for those that work with substance abuse data and may not be currently impacted by 42 CFR Part 2,” Peterson said.
Coding and CDI
This past year was supposed to be one in which the industry would sink or swim under the weight of thousands of new ICD-10-CM/PCS codes. Now that a year has passed coding experts say that productivity rates for diagnosis coding are returning to pre-ICD-10 levels. However, Angie Comfort, RHIA, CDIP, CCS, a senior director of HIM practice excellence at AHIMA, says productivity is still down in outpatient procedure coding. That should continue to improve, though.
Despite this struggle, Patty Buttner, RHIA, CDIP, CHDA, CCS, director of HIM practice excellence at AHIMA, says the increased specificity of the data that outpatient coding produces outweighs the challenges.
“The data collected since the implementation of ICD-10 provides greater detail, which in turn can be analyzed in a number of ways providing extremely usual information regarding population health, effectiveness of treatment and much more,” Buttner said.
This will be doubly important as CDI specialists help providers comply with MACRA, which places the focus on several areas such as care coordination, engaging the beneficiary and their families in their healthcare.
“MACRA will increase the need for CDI and HIM roles as well in the ambulatory and physician office healthcare settings. CDI and HIM can assist providers in the capture and documentation of accurate and complete healthcare information provided to patients,” Buttner said.
According to the MACRA final rule, released by Centers for Medicare and Medicaid Services, 2017 will be a transition year, allowing eligible clinicians to “pick their pace” and engage in MACRA at a level at which they feel comfortable,” wrote Dr. Michael Marron-Stearns, MD, CPC, CFPC, in an article for the Journal. CMS will not subject eligible clinicians to negative payment adjustment associated with the 2017 performance year unless they fail to engage in one of four new payment models.
In 2016, AHIMA’s information governance (IG) team was able to demonstrate what exactly it looks like to for a healthcare organization to launch an IG initiative and start seeing results. Since 2015 AHIMA has been working with a small group of organizations that committed to implementing the Information Governance Adoption Model (IGAM). The IGAM levels, which reflect the level to which an organization demonstrates IG proficiency, rest on a scale from 1 to 5, with 5 equaling the highest degree of proficiency. Mid-year, the IG team started publishing early takeaways on the Journal of AHIMA website, and will to continue to profile case studies in print.
Kathy Downing, MA, RHIA, CHP, PMP, senior director of IG at AHIMA, says that organizations currently using IGAM are reaching levels 4 and 5 at an “astonishing” rate.
“There are several organizations that will be ready for IGAM level 4 or IGAM level 5 validations in 2017,” said Downing, who also oversees AHIMA’s IG consulting arm, IGAdvisors.
She added that in 2017, a IGAdvisors is launching a new product that will focus on enterprise record retention policies, as “this is an area where organizations often need assistance to get the IG program moving forward.”
The development of an IG credential has been delayed, but interested HIM professionals can expect to hear more in 2018.