INDUSTRY NEWS January 10, 2022  Key industry partners funnel Medically Home another $110M to deliver acute care at home Medically Home installs a suite of communications devices, remote patient monitoring devices, emergency response systems and other supplies such as durable medical equipment in a patient’s home so that providers can treat high-acuity patients outside of the hospital. Medically Home partners with healthcare providers to extend acute care to the home following hospital discharge January 9, 2022 5 States require Covid 19 booster for Nursing Home Staff Amid the latest COVID-19 surge, Massachusetts, New York and Connecticut became the latest states this week to require health care workers, including nursing home staff – to get a booster shot. They join California and New Mexico, bringing the total number so far to five. January 5, 2022 Legal Experts Weight in on CMS SCOTUS case Health care litigators and other legal experts expect it will be much easier to repeal the previously ordered lower court injunctions, compared to those made concerning the Occupational Safety and Health Administration (OSHA) rule. December 29, 2021 CMS issues Additional Vaccine Mandate, exluding religious and medical exemption and states that fall under the federal injunction  December 23, 2021 With Amazon starting pay at more than $18 per hour, NHs bleed staff “Amazon pays $25 an hour,” said Danielle Geoghegan, business manager at Green Meadow Healthcare Center in Mount Washington, Kentucky, a nursing home that has lost workers to the Amazon facility in Shepherdsville. The alternative? “They come here and deal with people’s bodily fluids.” December 21, 2021 Challenges mount at high court over OSHA vaccine or test-mandates The Supreme Court received at least 11 emergency applications on Monday challenging the federal mandate for businesses with over 100 employees to require Covid-19 vaccinations or weekly testing.

Communications HotLine FAQs 888-892-2732 ext 105 or email COMMUNICATIONS Q. When updating my enrollment in PECOS, how do I know what documents I need to submit with my application? A. You can view a list of required supporting documentation corresponding to your enrollment application by following one of the methods below: My Enrollments: For enrollment applications in New, Edit, Submit, In Progress, or Approval Pending Regional Office Review status, select the View button on the My Enrollments page next to the enrollment application. Select the "View Printable Supporting Documentation" option. Select the "View and Print" hyperlink next to "Supporting Documentation." "Required and/or Supporting Documentation" topic: For enrollment applications in New or Edit status, select the More Options button from the My Enrollments page and select the "Continue Working on Application" option. Access the "Required and/or Supporting Documentation" topic from the Topic View. Select the "View Required and/or Supporting Documentation" hyperlink. Submission: For enrollment applications in New or Edit status, proceed with submitting the application. The Submission Page will display the "Required and Supporting Documents" section. LEARN MORE Q. How did I get chosen for a post payment review? A. The Centers for Medicare & Medicaid Services (CMS) continually strives to reduce improper payment of Medicare claims per Social Security Act Sections 1833(e), 1815(a), 1862(a)(1)(A) and 1842(p)(4). MACS are tasked with preventing inappropriate Medicare payments. Contractors use data analysis as the foundation for detection of aberrancies or patterns of apparent inappropriate billing, which may be potential claim payment errors. Data analysis is the comparison of claim information and other related data to identify potential errors. Various sources of information and techniques are used to identify potential errors that pose the greatest financial risk to the Medicare program. When such aberrancies or inappropriate billings are identified, additional measures are taken to verify and add context to the data. One of the ways this is verified is through medical review of claims. Medical review of claims helps to ensure that Medicare pays for services that are covered, correctly coded, and medically reasonable and necessary LEARN MORE Q. We received a RUC for the claim adjustment reason code (CARC) CO109. (Claim/service not covered by this payer/contractor. You must send the claim/service to the correct payer/contractor.) What steps can we take to avoid this RUC code? A. The first step in avoiding the reason code CO109 is to check what type of insurance coverage the patient has and verify their eligibility status prior to submitting claims to Medicare. If the claim has been filed to Medicare in error it will be returned as an unprocessable claim and will need to be resubmitted to the correct payer/contractor for payment. In receiving this error, the provider can also refer to their remittance advice (RA) by evaluating the accompanying remittance advice remark code (RARC) to determine the correct payer/contractor of service. Common reasons: • Railroad Retirement benefits (RRB) • Receiving Part A benefits in a Skilled Nursing Facility on the date of service • Medicare Health Maintenance Organization (HMO) • Durable medical equipment (DME) • Claim(s) submitted to different region (other than beneficiary resides in) READ MORE

WHAT ARE THE 10 MOST COMMON HIPAA VIOLATIONS? Snooping on Healthcare Records Accessing the health records of patients for reasons other than those permitted by the Privacy Rule – treatment, payment, and healthcare operations – is a violation of patient privacy. Snooping on healthcare records of family, friends, neighbors, co-workers, and celebrities is one of the most common HIPAA violations committed by employees. Failure to Perform an Organization-Wide Risk Analysis The failure to perform an organization-wide risk analysis is one of the most common HIPAA violations to result in a financial penalty. If the risk analysis is not performed regularly, organizations will not be able to determine whether any vulnerabilities to the confidentiality, integrity, and availability of PHI exist. Risks are therefore likely to remain unaddressed, leaving the door wide open to hackers. Failure to Manage Security Risks / Lack of a Risk Management Process Performing a risk analysis is essential, but it is not just a checkbox item for compliance. Risks that are identified must then be subjected to a risk management process. They should be prioritized and addressed in a reasonable time frame. Knowing about risks to PHI and failing to address them one of the most common HIPAA violations penalized by the Office for Civil Rights. Denying Patients Access to Health Records/Exceeding Timescale for Providing Access The HIPAA Privacy Rule gives patients the right to access their medical records and obtain copies on request. This allows patients to check their records for errors and share them with other entities and individuals. Denying patients copies of their health records, overcharging for copies, or failing to provide those records within 30 days is a violation of HIPAA. OCR made HIPAA Right of Access violations one of its key enforcement objectives in late 2019. Failure to Enter into a HIPAA-Compliant Business Associate Agreement The failure to enter into a HIPAA-compliant business associate agreement with all vendors that are provided with or given access to PHI is another of the most common HIPAA violations. Even when business associate agreements are held for all vendors, they may not be HIPAA compliant, especially if they have not been revised after the Omnibus Final Rule. Insufficient ePHI Access Controls The HIPAA Security Rule requires covered entities and their business associates to limit access to ePHI to authorized individuals. The failure to implement appropriate ePHI access controls is also one of the most common HIPAA violations and one that has attracted several financial penalties. Failure to Use Encryption or an Equivalent Measure to Safeguard ePHI on Portable Devices One of the most effective methods of preventing data breaches is to encrypt PHI. Breaches of encrypted PHI are not reportable security incidents unless the key to decrypt data is also stolen. Encryption is not mandatory under HIPAA Rules, but it cannot be ignored. If the decision is taken not to use encryption, an alternative, equivalent security measure must be used in its place. Exceeding the 60-Day Deadline for Issuing Breach Notifications The HIPAA Breach Notification Rule requires covered entities to issue notifications of breaches without unnecessary delay, and certainly no later than 60 days following the discovery of a data breach. Exceeding that time frame is one of the most common HIPAA violations, which has seen two penalties issued this year Impermissible Disclosures of Protected Health Information Any disclosure of protected health information that is not permitted under the HIPAA Privacy Rule can attract a financial penalty. This violation category includes disclosing PHI to a patient’s employer, potential disclosures following the theft or loss of unencrypted laptop computers, careless handling of PHI, disclosing PHI unnecessarily, not adhering to the ‘minimum necessary’ standard, and disclosures of PHI after patient authorizations have expired. LEARN MORE

APDA UPDATES APDA Board held its first meeting of the year on January 6, 2022. Details on the latest in APDA work will be reported in our next Newsletter. A warm Welcome to our new member, PDQ Imaging Services APDA Conference committee and committee chair, Anna Dailey, are preparing for our Midyear billing conference and would like to hear from members. The committee works very hard to make our conferences educational and interesting and welcomes member input. If you have ideas and suggested speakers, please let us know. Send your comments and suggestions to: communications@apdahealth.com If you as a member have any issues you would like to see discussed at board meetings, please let a board member know or email communications@apdahealth.com

PROVIDER RELIEF FUNDS UPDATE Phase 4 and ARP Rural Distributions On December 16, 2021, HRSA began distributing Phase 4 General Distribution payments. Applicants receiving payments will receive an email notification with more information. The majority – approximately 75 percent – of Phase 4 applications have now been processed. The remaining applications require additional review as part of the risk mitigation and cost containment safeguards previously outlined in the Phase 4 methodology. On November 23, 2021, HRSA began distributing ARP Rural payments. Applicants receiving payments will receive both an email notification and a paper letter with additional detail on their aggregate payment, including individual payment amount(s) attributable to any eligible subsidiary billing TINs included in their application. The vast majority – approximately 96 percent – of ARP Rural applications have now been processed. Applicants that HRSA has determined will not receive a payment will receive email notifications that include the primary reason for their payment determination. Providers who have not yet received any communication regarding their Phase 4 and/or ARP Rural payment determination will be notified as soon as HRSA completes the review and processing of the remaining applications. HRSA anticipates distributing the remaining payments throughout early 2022. Within 90 days of receiving a payment, recipients must sign an attestation confirming receipt of the funds and agreeing to the Terms and Conditions of payment by re-entering the Provider Relief Fund Application and Attestation Portal.  Should a recipient choose to reject the funds, they must still complete the attestation to indicate this and then return the funds within 15 calendar days. To ensure transparency, HHS is publishing a public dataset with the names, locations (by city, state, and ZIP code), and payment amount of all ARP Rural payment recipients at the applicable subsidiary or billing TIN level, as well as a state-by-state breakdown of ARP Rural payments to date. For more information on how Phase 4 and ARP Rural payments are calculated, please consult the payment methodology webpage. Providers with questions about the Phase 4 and ARP Rural application process or who need payment support should contact the Provider Support Line at 866-569-3522 (for TTY dial 711). Reporting Period 2 is Open Providers who are required to report in Reporting Period 2: The PRF Reporting Portal opened for Reporting Period 2 on January 1, 2022 & will remain open through March 31, 2022 11:59PM ET Providers who received one or more General and/or Targeted PRF payments exceeding $10,000, in the aggregate, from July 1, 2020 to December 31, 2020 must report on their use of funds in Reporting Period 2. The deadline to use funds for Payment Received Period 2 was December 31, 2021. LEARN MORE

SAVE THE DATE! APDA 2022 Mid Year Conference May 2022 Austin, Texas DETAILS COMING SOON TOGETHER, WE CAN MAKE CHANGES HAPPEN!

NOT A MEMBER OF APDA? JOIN TODAY APDA Members get full access to all the aid, information, and benefits that the Association provides. Conference discounts Bi Monthly informative newsletters News Alerts to Critically timely industry information Lobbying and advocating on the Federal Level Help from industry experts on compliance, policy, etc Support from vendors with the latest technology

Stay Connected, Join Today

Disclaimer:The information provided in this newsletter is for general informational and educational purposes only. All information shared does not contain any medical or legal advice. Accordingly, before taking any actions we encourage you to consult with appropriate professionals of your choice. LOG ONTO APDA WEBSITE FOR DAILY UPDATES & THE LATEST NEWS Questions? contact: Rosie at communications@apdahealth.com or call 888-892-2732 ext 105