The Healthcare Common Procedure Coding System (HCPCS, pronounced “hix-pix”) maintained by the Centers for Medicare & Medicaid Services comprises two medical code sets, HCPCS Level I and HCPCS Level II.
Level I consists of the Current Procedural Terminology© (CPT), a classification index which, as Applied Policy has previously discussed, is developed, maintained, and copyrighted by the American Medical Association.
With nearly 11,000 codes, CPT is extensive. But it is far from comprehensive and is not intended to be. As its unabbreviated name states, CPT’s focus is the medical procedures provided and performed by physicians and other healthcare professionals. It was not developed to allow for the classification of thousands of medical products and services, especially those used or delivered outside of an office setting.
HCPCS Level II fills this classification gap by providing a coding system for such items as durable medical equipment, prosthetics, orthotics, and supplies used outside of a physician’s office; drugs and biologicals not classified by CPT; ambulance services; and even certain episodes of chaplain spiritual care.
|
|
The Threat of Ransomware in Healthcare
|
|
In the first of a two-part discussion of cybersecurity concerns in the healthcare sector, we examine the mechanics, costs, and repercussions of ransomware attacks.
|
|
On Thanksgiving Day, 2023, Ardent Health Services, which owns and operates 30 hospitals and over 200 sites of care in six states, recognized that it was the victim of a ransomware attack. In response, the organization “proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.”
Essentially deprived of the technologies that have become the lifeblood of modern healthcare systems, Ardent-affiliated hospitals scrambled to cope. Emergency rooms went to divert status and some non-emergent, elective procedures were temporarily postponed. Staff at one hospital described working without access to electronic health records as “chaotic.” Not able to use Epic’s My Chart system, patients had to find workarounds to obtain prescription refills.
The Ardent case was just one of hundreds of cyberattacks on healthcare reported in 2023 and the associated ransom demand—the specifics of which remain unknown—is emblematic of a growing problem for the healthcare sector.
In the decades since the first ransomware attack was delivered to AIDS researchers on floppy discs in 1989, cyberattacks in general and ransomware attacks in specific have grown in both sophistication and cost. The healthcare sector, which represents nearly a fifth of the U.S. economy and is replete with protected health information and/or personally identifiable information, remains a favorite target among cybercriminals.
According to the American Hospital Association, there was a “dramatic increase in cyberattacks targeting hospitals and health systems” during the COVID-19 pandemic. As cybercriminals increasingly target small and rural hospitals, which generally have weaker defense systems, the average recovery duration has become longer.
It isn’t just hospitals. As researchers raced to develop vaccines and treatments for COVID-19 in 2020, hackers presumed to be associated with North Korea attempted to breach the information systems of global pharmaceutical company AstraZeneca. When cybercriminals attacked eResearchTechnology (ERT), which develops software used in clinical trials, ransomware further threatened drug development and research.
|
|
Applied Policy's Latest Summaries
|
|
CMS Proposes Rule Implementing Appeals Process for Certain Beneficiaries Eenied Coverage for Part A Hospital Stay
|
|
On December 21, 2023, the Centers for Medicare & Medicaid Services (CMS) issued a proposed rule implementing an order from the Federal district court for the District of Connecticut in Alexander v. Azar. The rule would establish an appeals process for certain fee-for-service Medicare beneficiaries who believe hospitals incorrectly classified their stays as observation instead of admissions.
The court directed the Department of Health and Human Services (HHS), as a result of a nationwide class action case filed in 2011, to establish an appeals process for certain beneficiaries with Medicare Part A and B initially admitted to a hospital as an inpatient but whose status is changed to outpatient by the hospital during their stay.
|
|
MACPAC Holds Final Meeting of 2023
|
|
On December 14 and 15, 2023, the Medicaid and CHIP Payment and Access Commission (MACPAC) held a virtual public meeting. The meeting included the following sessions:
- Annual Analysis of Medicaid Disproportionate Share Hospital (DSH) Allotments to States;
- Potential Areas for Comment on CMS Proposed Rule on Medicare Advantage for CY 2025; and
- Medicare-Medicaid Plan (MMP) Transition Monitoring: Interviews on Stakeholder Engagement.
|
|
'Hackers and Busybodies':
AHA Asks for Summary Judgment
in Website Tracking Suit
|
|
On January 5, the American Hospital Association, Texas Hospital Association, Texas Health Resources, and United Regional Health Care System filed a motion requesting summary judgment in their suit against the U.S. Department of Health and Human Services (HHS).
The original complaint was filed in federal district court in Fort Worth, Texas, in November.
At issue is HHS’s guidance regarding the use of online tracking technologies by healthcare entities and business associates covered by the Health Insurance Portability and Accountability Act (HIPAA). In a bulletin issued in December 2022, HHS specified that covered entities are prohibited from using website “tracking technologies in a manner that would result in impermissible disclosures of private health information (PHI) to tracking technology vendors or any other violations of the HIPAA Rules.”
The plaintiffs argue that the “rule exceeds HHS’s authority” and that in establishing the rule, HHS’s “rationale was arbitrary and capricious." They contend that the IP and email addresses of visitors to their websites do not meet the definition of individually identifiable health information under HIPAA.
In their request for summary judgment, the plaintiffs maintain that visitors to their websites may not even be patients, but “hackers probing for vulnerabilities; local busybodies who are simply curious about these pages; or clumsy-fingered web surfers who just clicked on the wrong hyperlink.”
The brief filed last Friday included a screenshot documenting the use of third-party analytics and advertising tools on the U.S. Department of Veteran’s Affairs webpage. The plaintiffs claim the image demonstrates that “the federal government’s own HIPAA-covered entities continue to create the Proscribed Combination and disclose that information to their third-party technology vendors, notwithstanding HHS’s Bulletin.”
|
|
What's in a Name?
EMA Updates Guidelines on Naming Medicines
|
|
Last month the European Medicines Agency (EMA) released updated guidelines for naming human medicinal products.
This first revision since 2014 aims to enhance clarity in naming requirements, particularly for proposed (invented) names. Key updates include addressing safety concerns like misleading therapeutic implications, refining international non-proprietary name rules, and introducing new concepts such as cognitive error and umbrella branding.
The guideline emphasizes the necessity of a single, unambiguous name for each medicinal product in the EU, a critical factor in ensuring patient safety and reducing medication errors. It also delineates the applicant's responsibility in trademark considerations, separating this from the EMA's role in evaluating the safety implications of product names.
|
|
Join NVHPF on January 23 for
Exploring Tomorrow’s Pain Relief – Innovations, Coverage, and Payment of Non-Opioid Alternatives
|
|
Emerging data from this past year indicate that the opioid epidemic, which has gained force annually over the last decade, is showing no signs of abating. As the search for effective prevention and treatment intensifies, non-opioid alternatives to pain control offer hope for both patients and healthcare professionals.
We invite you to join the Northern Virginia Health Policy Forum on Tuesday, January 23, as we host Sanjay Sinha, MD, Founder and Chief Innovation Officer of Gate Science and Lead Anesthesiologist at the Connecticut Joint Replacement Institute, and Dru Riddle, PhD, DNP, CRNA, FAAN, President of the American Association of Nurse Anesthetists.
Our guests will be discussing promising non-opioid approaches to pain control and the necessary steps to ensure their availability to patients who might otherwise be put at risk for opioid abuse.
The conversation starts at noon ET.
|
|
January 15
Applied Policy Office closed in observation of
Martin Luther King Jr. Day
January 18-21
January 23
January 25
January 25-26
|
|
Under Review/On the Docket
|
|
Applied Policy is following these rules under review at the Office of Management and Budget:
- Occupational Exposure to COVID-19 in Healthcare Settings
- Strengthening Oversight of Accrediting Organizations (AO) and Preventing AO Conflict of Interest, and Related Provisions (CMS-3367)
- Interoperability and Prior Authorization for MA Organizations, Medicaid and CHIP Managed Care and State Agencies, FFE QHP Issuers, MIPS Eligible Clinicians, Eligible Hospitals and CAHs (CMS-0057)
- Healthcare System Resiliency and Modernization (CMS-3426)
- Alternative Payment Model Updates; Increasing Organ Transplant Access (IOTA) Model (CMS-5535)
- Advance Notice of Methodological Changes for Calendar Year (CY) 2025 for Medicare Advantage (MA) Capitation Rates and Part C and Part D Payment Policies
- Disproportionate Share Hospital (DSH) Third Party Payer
- Streamlining the Medicaid and CHIP Application, Eligibility Determination, Enrollment, and Renewal Processes (CMS-2421)
- Nondiscrimination in Health Programs and Activities
See all rules under OMB review here.
|
|
Forbes
GAO Report
HHS
MIT Technology Review
|
|
Insight Joke of the Month for January
|
|
How is 10 +10 the same as 11 + 11?
|
|
What We Are Reading This Month
For Blood and Money: Billionaires, Biotech, and the Quest for a Blockbuster Drug
|
|
The book is a study of how cancer drugs are developed: a process that involves dedicated researchers, courageous patients and families, more than a little luck, and a lot of money.
Vardi, a managing editor at MarketWatch and former senior editor at Forbes, has made no secret of his belief that biotech needs billionaires. But, with its consideration of research and regulation, hope and dedication, For Blood and Money goes beyond a study of investors.
Kirkus Reviews described For Blood and Money as “an interesting tale of how personal ambition, scientific curiosity, and the pursuit of wealth led to life-extending drugs,” while a review in The Economist asked if a “testosterone fueled, profit driven process really the best way to develop lifesaving drugs?”
|
|
|
Applied Policy, L.L.C., is a health policy and reimbursement consulting firm strategically located minutes from Washington, D.C.
|
|
|
|
|
|
|