Add-On Codes: CMS and Payment Policy

With the Appropriate Use Criteria program slated to go into effect in 2023, healthcare providers shoud implement new alerts for prior authorizations.

Healthcare data breaches are nothing new, but their size and frequency are increasing: CVS Health lost over a billion search records when a third party accidentally made an online database publicly accessible in March 2021. A ransomware data breach at prescription management vendor CaptureRx affected over a million patients at 17 healthcare providers in February 2021. More than 3.47 million individuals and at least 10 healthcare organizations were affected by a massive data breach at file transfer company Accellion, which spanned multiple global industries in December 2020.   Further illustrating the risks to healthcare organizations, Scripps Health in San Diego was hit with two class-action lawsuits that assert that the organization should have done more to protect patient data. If upheld, it will set a precedent for healthcare organizations to be held legally responsible for failing to protect data – to the tune of $1000 per patient. The direct monetary cost of fines and lawsuits, however, may ultimately be a secondary concern as damaged reputation is often a more difficult setback to overcome. Patients increasingly approach healthcare as “consumers” and a breach – or a poorly managed breach situation – might prompt them to look elsewhere for care. “Incidents happen every day. However, the real threat lies in how quickly and efficiently an organization can respond. This is what customers will remember. You need to be able to make prompt updates to your website, scale up call center capacity, and have answers ready when consumers need them.” The growing frequency and scale of health information breaches means it’s no longer sufficient to say, “we’re careful with our health data – this won’t happen to us.” Medical identities are extremely valuable, which makes them an attractive target to cybercriminals. In addition, the sudden increase in virtual care and remote working during the pandemic has created new vulnerabilities in data security.   A recent FBI alert that a major ransomware group is targeting the healthcare sector with phishing attacks is a cl reminder that healthcare organizations can’t relax when it comes to cybersecurity. It’s a case of “when, not if” a healthcare organization will have to deal with a breach. Prevention is the goal, but preparation is the smart strategy.   Shifting from data breach prevention to preparedness   During the pandemic, the volume of data being shared within and between healthcare organizations sky-rocketed, as providers offered more virtual care services and workforces became more distributed. While these innovations meant access to healthcare and work could continue safely, the shift to cloud-based data sharing and storage, means the data perimeter is much broader and tougher to secure – if there remains a perimeter at all. Data must be secured at the device- and employee-level now.   While prevention is better than cure, the hard truth for healthcare cybersecurity teams is that they’re increasingly likely to have to deal with a breach. Unfortunately, many organizations don’t have the technology, resources, or time to prevent breaches all the time, at every access point.   Chris Wild, vice president at Experian Health, says:   “We’re seeing an increased frequency of cyber threats across the whole industry. Hardly a week goes by that we don’t hear of a health system under attack from hackers or ransomware. The statistics show us there’s a health data breach nearly every single day, so it’s just a matter of time before it impacts any one provider, pharmacy, payer or physician group.”   Instead of focusing solely on prevention, healthcare organizations need a strategy to prepare for what happens when a breach occurs. If they don’t, they risk a long, public struggle to contain the breach, resulting in brand damage, patient loss, and financial consequences in the form of fines and lost revenue.   Building a data breach response plan   Recovering from a data breach requires a speedy and thorough response. With a plan in place, action can be taken as soon as the dreaded call comes in. Knowing exactly what needs to be done to meet HIPAA notification requirements, helps reassure consumers and regulators alike that every effort is being made to contain the breach. Not only will this help minimize fines, but it will also mitigate against the reputational damage caused by the security breach.   A breach is bad enough but compounding the negative impact of exposed data by failing to provide sufficient support to worried consumers is even worse. Wild says: “Incidents happen every day. However, the real threat lies in how quickly and efficiently an organization can respond. This is what customers will remember. You need to be able to make prompt updates to your website, scale up call center capacity, and have answers ready when consumers need them.”   A robust response plan calls for C-suite engagement, clear success metrics, and regular pressure-testing. Above all, it must be flexible to adapt to whatever size and type of breach occurs.   The best support for the worst-case scenario A data breach response plan isn’t going to prevent the breach itself, but it can help a healthcare organization take the right steps in the aftermath. Having serviced thousands of data breaches over the last 17 years, Experian Health’s Reserved Response™ program is based on real world experience and has evolved as the threats and consequences have increased. In a recent survey, clients using Reserved Response reported 15% fewer data security incidents than those who did not. Furthermore, any incidents that did occur tended to be smaller in scale.   Because the risk and impact of data breaches is trending upwards, this year Experian Health has introduced a new Reserved Response Hub. This digital, self-service tool helps to prepare and test a data breach plan, including: the new and improved 2021 Data Breach Response Guide downloadable readiness reading materials tried and tested notification templates a pre-breach incident checklist access to Experian’s full Reserved Response service, which provides support before or after a breach to ensure regulatory compliance and support for those impacted.   Reserved Response can help healthcare organizations put together a data breach preparedness plan in as little as three days.  

The pandemic dominated healthcare in 2020, but it won’t be recognized as a reason to delay complying with CMS’ price transparency mandate, which went into effect on Jan. 1, 2021. A recent study conducted by HealthAffairs indicated that 65 of the 100 largest hospitals in America had not complied as of February 2021. And new reports from CMS suggest $300 daily fines will follow if CMS warning letters have no impact, in addition to the possible public exposure of facilities failing to be compliant. There are a number of reasons why price transparency has generated so much attention – both before and during the COVID pandemic. Consumer advocates point to other transactional experiences, such as auto and home purchases, where understanding the price is complicated, but achieved. There’s been a lot of research on price transparency’s impact on patients, as well; helping consumers understand healthcare billing reduces the stress of their financial experiences. Transparent pricing makes sense in many cases for providers, too. They may benefit from patients being able to plan for the costs of care, which can result in fewer missed payments and write-offs. For these reasons and others, price transparency has been a hot topic for the last few years. The Centers for Medicare and Medicaid Services (CMS) final rule on price transparency became effective on January 1, 2021, requiring hospitals to give patients clear information about their medical costs, including a list of charges for the hospital’s 300 most shoppable services, so patients can make informed decisions. Payers are expected to provide similar pricing information beginning January 1, 2022. The spotlight on healthcare pricing seems unlikely to dim any time soon. What does this mean for providers and payers? Price transparency is here to stay There were legal challenges made against the price transparency final rule, questioning federal authority and invoking constitutional rights violations, but the DC Circuit Court dismissed the claims in December 2020. Arguments against the current mandate are not limited to disputing legal authority, suggesting that government should not interfere with private sector pricing – and that complex pricing information could create the opposite effect of confusing consumers. In fact, many providers and payers voice support for price transparency, but not as put forward by the final rule. Despite this, consumer demand for pricing clarity before delivery of services continues to grow and current government regulation is the most far-reaching attempt so far to remedy this. A few state legislatures are moving forward with their own regulations, which could prompt more local collaborations between providers and payers to clarify out-of-pocket cost estimates. Achieving the level of transparency that CMS and consumer groups hope for will be challenging, but attempts to find common ground are growing. What will price transparency look like under the Biden Administration? Since President Biden entered the White House, the trend towards transparent pricing has continued. Provider compliance has been slow – many pointing to 12 months of battling COVID as the primary reason – prompting legislative pressure to step up audits and penalties. CMS has already started issuing noncompliance warning letters and, while it may modify the ruling under a new administration, there’s no sign of any plans to reverse the policy. Consumer action groups have voiced concerns that the regulation falls short, citing the difficulty a consumer may have trying to find pricing at provider web sites. Other consumers are limited to payer-negotiated rates and have little choice but to stick with their current providers. Making information available is likely an early step toward what price transparency will ultimately look like, but making that information easy to find, understand and act on is what consumers value – and what many providers and payers say they want to provide in a more customized, less one-size-fits-all application. A marketing strategy for price transparency As patients bear more responsibility for healthcare costs, they’ve come to expect a consumer experience that affords them greater control and choice. A Pioneer Institute study found that 70% of healthcare consumers want to see pricing information before undergoing a medical procedure. Actively communicating a commitment to price transparency can be a powerful marketing strategy to attract and retain loyal consumers. Not surprisingly, this messaging resonates more with user-friendly tools to guide patients through their financial journey and make sense of charges. Many providers believe they’re complying with the final rule but may actually be vulnerable to penalties because their pricing files are in user-unfriendly formats. A web-based pricing tool can help solve for this by offering patients accurate estimates and recommended payment plans before or at the point of service. Similarly, a text-to-mobile tool, such as Patient Financial Advisor, can send automated text messages to patients with personalized estimates and bills. Keeping an eye on healthcare price transparency More tools are now available to help patients make sense of their billing and it’s becoming easier for providers and payers to create a patient financial experience that’s supportive from the start. Not only will this help patients understand their cost of care (and with that understanding likely comes better collections performance), it’ll help reduce the risk of uncompensated care ¬– and avoid penalties as the final rule takes root. The Biden Administration’s focus on consumer-friendly healthcare services will likely keep price transparency at the forefront. What that looks like over the next few years depends on regulatory and market forces, but providers and payers alike will benefit from offering solutions that make sense for their organizations and patient populations. Find out how Experian Health’s price transparency tools could help your organization with the transition.