pete lawson, manager, provider audit, hunt valley, md...

o Novitas Presenters – Pete Lawson, Manager, Provider Audit, Hunt Valley, MD – Barb Shadle, Lead Auditor, Provider Audit, Mechanicsburg, PA

o Your Questions for Novitas Solutions (slides 2-3)

o Other Audit Issues (slides 4-7)

o Encryption of Sensitive Information in Email (slides 8-17)

o Novatisphere Portal Overview (slides 18-53, time permitting)

1

Novitas Agenda – NJHFMA Education Session 09/13/2016, 1:10-2:15pm

GuideWell Source | Encryption of Sensitive Information in Email

o 2005 Final Settlement Issuances (no updates available from CMS)

o Update on Allina Health issue from CMS (no update available from CMS)

o 3. The audit process – for example, why are audits being done for KNOWN issues such as bad PS&R (i.e. Model 1 Issue)… the provider will have to file for a reopening. (Clarify - Model 1 PS&R was fixed 10/28/15)

o 4. Wage Index Audit Process (see next slide)

o 5. How does Novitas plan on auditing the S-10 Worksheet? Similar process as the Wage Index Audits? (awaiting instructions from CMS)

o 6. When the auditors send out their proposed and/or final adjustments; can Novitas auditors make it a common practice to also send the HFS Medicare Auditor file? This way the providers can easily import the adjustments to quickly determine the impact of any given entry without having to manually enter all the adjustments. Other MACs are providing this file. (discuss)

2

Questions for Novitas Solutions


Proprietary and Confidential

Wage Index Time Table – FFY 2018 All important deadlines

1. 09/02/16 Deadline for Hospitals to submit revisions

2. 10/24/16 Deadline for MACS to complete assigned Hofc WI reviews.

3. 11/4/16 Deadline for MACS to notify State Hospital Assoc about non responsive providers

4. 11/15/16 Deadline for MACS to submit wage files to CMS

5. 01/30/17 First revised PUF filed issued by CMS

6. 02/17/17 Deadline for Hospitals to request changes to PUF issued 1/30/17

7. 03/24/17 Deadline for MACS to submit revised files to CMS (make sure to send adj to providers, CMS mentions this in timeline)

8. 04/05/17 Deadline for Hospitals to appeal MAC determinations

9. 04/28/17 Final revised PUF issued by CMS

10. 05/30/17 Deadline for Hospital to request corrections due to errors only

11. 08/01/17 Final Rule PUF issued by CMS

GuideWell Source | Presentation Title | 3

o SSI update – what’s being settled, and when; - 2014 SSI, for 12/31/14 cost reports 07/15/16 – CMS issued SSI% and allowed it for use in cost report settlements; 09/08/16 – CMS issued a notice for MACS to stop settling cost reports that utilize the 2014

SSI% (indefinitely), due to the provider’s having the option to submit amended w/s S-10 (until 09/30/16).

- 2013 SSI, Novitas JL has settled 176 out of 178 cost reports - 2012 SSI, Novitas JL has settled 202 out of 206 cost reports - Other reasons for holding settlements take precedence, such as RAC PIP, outlier

hold, or material negative charges

o CMS quality initiatives – MAC workpapers under close scrutiny – Bed days available for IME; – NAHE, legal operator;

4

Audit Issues


o Cost report reopenings for HiTech data elements – CMS compared the settled hospital’s worksheet S Hitech settlement to

the FISS payment screens, any discrepancies need to be resolved by MACS by September 30.

– Some potential issues: • A cost report includes Hitech elements, but is not used for Hitech

settlement - reopening required • FISS screen does not match the final settled cost report – fiss

update required; • FISS screen is correct but does not have the “F” indicator for final

payment – fiss update required;

See the following two slides for examples . . .

5

Audit Issues


6

Cost report Worksheet S

GuideWell Source | Presentation Title |

7

FISS Hitech payment screen

GuideWell Source | Presentation Title |

ENCRYPTION OF SENSITIVE INFORMATION IN EMAIL Centers for Medicare & Medicaid Requirements September 8, 2016

o CMS Sensitive Information includes: – Personally Identifiable Information (PII) – Protected Health Information (PHI) – Federal Tax Information (FTI) – Information system component information

o The following elements are not required to be sent in encrypted attachments unless they are combined with other elements above:

– Provider Name – Provider Address – Provider Telephone Number – Provider Email Address – Provider Transaction Access Number (PTAN) – National Provider Identifier (NPI)

9

CMS Sensitive Information


o PHI must be in an encrypted attachment when sent by email – PHI is individually identifiable health information related to past, present or future

physical or mental health or condition of an individual; provision of health care to an individual; or past, present or future payment for provision of health care to an individual

10

Protected Health Information (PHI)


Protected Health Information (PHI) includes all of the following information:

• Name • Dates – birth date, admission date, discharge date, date of death

• Device identifier and serial numbers

• Address • Medical record numbers • Web Universal Resource Locators (URLs)

• Telephone Numbers

• Health plan beneficiary numbers

• Internet Protocol (IP) address numbers

• Fax Numbers • Account numbers • Biometric identifiers, including finger and voice prints

• Email Address • Certificate/license numbers • Full face photographic images and any comparable images

• Social Security Numbers

• Vehicle identifiers and serial numbers, including license plate

• Any other unique identifying number, characteristic or code

CMS Information Security Acceptable Risk Safeguards (ARS) 2.0 SC-CMS-1 – Electronic Mail (High)

o Control Controls shall be implemented to protect sensitive information that is sent via email.

o Implementation Standard(s) 1. Prior to sending an email, place all sensitive information in an encrypted

attachment.

CIO Directive 16-01 CMS Encryption of Sensitive Information in Email

o Must use encryption that meets Federal Information Processing Standard (FIPS) 140-2 requirements (e.g., SecureZIP)

o Encryption/decryption password/passphrase can no longer be communicated by email effective 7/15/2016

11

CMS Requirements for Sending Sensitive Information by Email


o SecureZIP must be used to CMS Sensitive Information in an encrypted attachment when sending an external email

– External includes emails sent outside of the GuideWell Source, First Coast and Novitas domains

– Must check options for ZIP and Encrypt attachments

12

SecureZIP


o Password/passphrase must: – Include at least eight characters – Contain at least one (1) upper case letter, one (1) lower case letter, one (1)

number and one (1) special character

o Never include the password/passphrase in the same email as the encrypted attachment

o Effective July 15, 2016, the password/passphrase cannot be sent by email when sending CMS Sensitive Information in encrypted attachments

13

Password/Passphrase Requirements


o Faxination – This is the preferred method to send a password/passphrase. – Refer to Faxination Instructions

o Fax – When using a physical fax machine, verify that you entered the correct phone

number before sending the fax.

o Phone call – The password cannot be left on voice message. – If you do not reach the individual your first time calling, you may leave them a

message to call you back so that they may retrieve their decryption password/passphrase.

Note: If using any method other than Faxination, record the password on a log to ensure that the encrypted attachments can be opened if necessary when required for company or legal purposes

– Log can be in a spreadsheet, database, or application – Refer to department specific procedures

14

Approved Methods to Share Password/Passphrase


http://home.guidewellsource.com/webcenter/portal/GuideWellSourceDept/pagebyid?contentId=00165423&_adf.ctrl-state=ju7dc08dv_1&_afrLoop=163599699258000

o Standard password/passphrase may be used and shared using one of the approved methods

o A standard passphrase can be used for no longer than 365 days with an external organization

o Password should be different for each organization

o Guidelines for routine emails that involve multiple organizations – If there is a group email that always goes to the same set of individuals at

differing organizations each time, then these organizations can share the same password.

– If the group email does not go to the same individuals at differing organizations each time, then separate emails should be sent to the different organizations. The password for each organization would need to be different.

o Emails sent to a group distribution list within the same organization – Single password could need to be shared to the entire distribution list.

15

Standard Password/Passphrase


o If recipient cannot open email with the SecureZIP encrypted attachment, send the troubleshooting tips to the recipient using these links:

– First Coast – First Coast Spanish version – Novitas JH – Novitas JL

o If recipient continues to experience issues with SecureZIP, open a ticket with the IT Service Desk by calling x18737, option 1, option 4, option 2

o Ironport can only be used after receiving approval by System Security. – Approval is on a case-by-case basis and must be requested each time or for a

specific period of time (e.g., for the completion of an audit). There is no one time approval.

– Once approved by System Security, type the word ‘Secure’ in the Subject line to encrypt an email. This will encrypt the message, and a link will be emailed to the recipient so they can access the email at a secure, external site.

16

SecureZIP Troubleshooting Tips


http://medicare.fcso.com/Help/0304973.asp

http://medicareespanol.fcso.com/ayuda/0305002.asp

http://www.novitas-solutions.com/webcenter/portal/MedicareJH/page/pagebyid?contentId=00008271&_adf.ctrl-state=e3zukexen_82&_afrLoop=1011118465278458

http://www.novitas-solutions.com/webcenter/portal/MedicareJL/page/pagebyid?contentId=00008271&_adf.ctrl-state=&_afrLoop=1011198236720937

o Recipient cannot open the SecureZIP® file – SecureZIP® files must be opened with ZIP Reader by PKWARE. This software is

free and can be downloaded from www.zipreader.com.

o Recipient receives an error message that the password is not correct

– File may be opening using the standard Windows compressed/zipped function.

• Make sure that ZIP Reader by PKWARE is installed. • Ensure that the file association for *.zip is set to open using ZIP Reader by PKWARE.

o The recipient’s IT support may need to be contacted if the recipient does not have the ability to install software or access file associations (Control Panel).

17

Most Common SecureZIP Issues


http://www.zipreader.com/

Novitas Solutions Medicare Part A Presents:

Novitasphere Portal Overview

Today’s Presentation

Agenda: • General Novitasphere Screens • Eligibility, Secure Message and MailBox

Features • Helpful Resources

Objectives:

• Examine how to access Novitasphere • Explore Novitasphere’s features • Provide helpful resources

What is Novitasphere?

Free web-based Portal

Part A users will have access to obtain patient Eligibility, submit Medical Review Records

and Provider Audit & Reimbursement Cost Reports

For demonstrations and more information on Novitasphere visit:

• JH Providers: http://www.novitas-solutions.com/webcenter/portal/Novitasphere_JH/

• JL Providers: http://www.novitas-solutions.com/webcenter/portal/Novitasphere_JL/

http://www.novitas-solutions.com/webcenter/portal/Novitasphere_JH/

http://www.novitas-solutions.com/webcenter/portal/Novitasphere_JL/

Eligibility, Secure Message and MailBox Features

Novitasphere Disclaimer

Users with Roles with Multiple Organizations –Switch Org

Users with Roles with Multiple Providers –Switch Provider

Benefits & Eligibility

Benefits & Eligibility Results

Eligibility Information

Eligibility

• Part A Eligibility Effective and Termination Dates • Part B Eligibility Effective and Termination Dates • Inactive Periods • End Stage Renal Disease (ESRD) dates and

information

•Deductible

Part B Total Deductible Remaining for Calendar year Occupational, Physical and Speech Therapy amounts

applied to the capitation limits Rehabilitation Session counts

Medicare Advantage Plan (MAP)

• Contract Name and Number • Type of Medicare Advantage Plan • The Bill Option code of the Plan type • Effective and Termination Dates • Plan Address and Telephone Number

Medicare Secondary Payer (MSP)

• The reason Medicare is secondary • Effective and Termination Dates • Name of Insurance Company and Address

Hospice/Home Health • Certification codes and dates • Home Health Eligibility History • Insurer Name and Address • Home Health Episode Start and End Dates • Home Health Episode termination date • Provider NPI Number of the Home Health Facility

Preventive Services • Number of Smoking Sessions remaining for the

beneficiary • Next Available Smoking Cessation Date • Preventive Service Procedure Code • Preventive Technical and Professional Dates • Calendar Year • Deductible Applied for the Calendar Year • Deductible Remaining for the Calendar Year • Coinsurance Remaining for the Calendar Year

Inpatient • Date of earliest and latest billing activity for the

spell of illness • Hospital Information • Skilled Nursing Facility Information

Secure Message Medical Review Record Submission

Medical Review Record Submission Confirmation

Secure Message Provider Audit and Reimbursement Form

Submit an Initial or Amended Cost Report

Initial or Amended Cost Report Form

Initial or Amended Cost Report Form – Sub Document Type Descriptions

Completed Initial or Amended Cost Report Form

Cost Report Submission Acknowledgement

Submit a Low or No Medicare Utilization Cost Report

Low or No Utilization Report Form

Submit Additional Documentation

Miscellaneous Documentation Submission

• Cost Report Reopening: • Used for Submission of reopening

Requests for a cost report after it has been settled

• Cost Report Appeals: • Used for the submission of supporting

documents for cost reposts that are under appeal

• SSI Realignment Request (DSH): • Used to request an update to a provider’s

disproportionate share statistics • Provider-Based Determination:

• Used to request initial setup or change in a unit’s provider-based status

• Wage Index/Occupational Mix Submissions:

• Used to upload documentation for the yearly wage index and occupational mix audits

• Desk Review/Audit Additional Documentation:

• Used to upload documentation requested by the Novitas audit staff during the time of a desk review and/or audit

• Submit FOIA Request: • Used to submit a Freedom of Information

Act request for Medicare cost reports • Submit PS&R Request:

• Used to submit a Provider Statistical & Reimbursement report request for fiscal years not covered on the CMS PS&R online system. Providers may utilize this selection if they are currently experiencing PS&R access issues as well

• General Correspondence: • Used to submit documentation for items

not covered in the above-mentioned table selections; such items include: Request for Interim Rate Change Request for Tentative Settlement Change TEFRA Exception Request SCH Low Volume Request Request for Change in Statistical Basis CMS Tie-In-Notice Bankruptcy Other Supporting Documentation 50%Reduction Request

Submit Miscellaneous Documentation

Miscellaneous Documentation Form

Secure Message Submission History – Search by Date Range

Secure Message Submission History – Search by Confirmation ID

Secure Message Submission History – Medical Review Submission Results

Secure Message Submission History – Audit & Reimbursement Submission Results

MailBox Secure Message Communications

Secure Message PDF

MailBox Medicare Communications

Reference

Contact Us

Live Chat

Helpful Resources

Novitasphere References

Novitasphere Part A User Manual: http://www.novitas-

solutions.com/webcenter/content/conn/UCM_Repository/uuid/dDocName:00126973

Part A Novitasphere Frequently Asked Questions: http://www.novitas-


Eligibility Guide: http://www.novitas-


Cost Report Submission Quick Steps: http://www.novitas-


http://www.novitas-solutions.com/webcenter/content/conn/UCM_Repository/uuid/dDocName:00126973








pete lawson, manager, provider audit, hunt valley, md...

Documents