Volume 141 - February 17, 2012

Welcome to our new look and layout; it is the product of our editor Alicia Nevins. We are quite excited about the look-back feature for recent SIPA’s and the Table of Contents which will allow you to choose YOUR priority topics in the current issue. In addition, when the construction of our website is completed you will have the ability, as a subscriber, to access the SIPA Archive by subject matter or issue. We hope you will find the new SIPA very user-friendly and still filled with ‘need to know’ topics…no fluff! It is our goal to be succinct but some issues, like this one, will have lots of necessary details.

This issue is focusing on frequently asked questions or commonly observed compliance faux pas’ as well as breaking news.

Signing off for now…




Practitioners across the country are experiencing claim denials; that means no payment for multiple reasons but the most often reason noted was the “submitter is not authorized to submit electronic claims”. This appears to be due, in part, to the lack of linking the practice to its billing company or clearinghouse and ultimately to the payer. In the 5010 version the submitter’s number must be that of the practice if it directly transmits to the payer, or it must be that of the clearinghouse or billing company, whichever the practice submits through. If you are not being paid or getting notices about claim denials it might be good to review your remittance advice reason codes and then contact either provider enrollment or the EDI department to determine what the cause is for the denials.


National Labor Relations Act contains a provision, Section 7 (29 U.S.C. § 157), that gives all employees the right to "engage in concerted activities", including the right to discuss their terms and conditions of employment with each other. Section 8(a)(1) of the NLRA (29 U.S.C. § 158(a)(1)) makes it an unfair labor practice for an employer to deny or limit the Section 7 rights of employees. Based upon those two provisions, the National Labor Relations Board (NLRB) has taken the position for decades now that employers may not prohibit employees from discussing their pay and benefits, and that any attempts to do so actually violate the NLRA. Courts have basically uniformly supported that position. Moreover, those particular sections of the NLRA apply to both union and non-union employees, so there is no exception made for companies where the employees are non-unionized.


At this time there is no CPT code for dry needling; contrary to what instructors advise this intervention may not be coded as manual therapy. In the absence of a CPT code for any specific procedure or intervention, the best advice is to utilize an unlisted procedure code (97139) and include a description of the service on the claim form. This will, most likely generate a request for support documentation, so be prepared to provide sound rationale and detail for the procedure performed. The APTA has drafted a Resource Paper which should help justify medical necessity, scope of practice and skill issues. http://bcmscomp.com/docs/DryNeedling.pdf

If you are providing this service to a non Medicare/Medicaid patient you should investigate its payment policy for dry needling and comply with its coverage and payment stipulations. If would be prudent to obtain guidance in writing unless the allowance or limitation for this intervention is available within the payer’s medical/coverage policies.


A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.   While there are some exceptions related to breach terminology most breaches involve unsecured PHI. Unsecured PHI is protected health information that is not secured through the use of a technology or methodology specified by the DHHS Secretary.  An example of unsecured PHI is the transmission of email that is not encrypted. Remember social media is not a medium for discussing, blogging, etc. protected health information. Click here to obtain some more information on HIPAA and Social Media. http://bcmscomp.com/docs/HIPAA-Social-Media.pdf

Breaches of Less than Five Hundred (<500) Individuals the Provider Must:
1. Provide the affected individual with a notice in written form by first-class mail, or send an e-mail notice, if the affected individual has agreed to receive such notices electronically. The notice will be provided without unreasonable delay and, in no case, later than sixty (60) days following the discovery of a breach.
2. Provide Health & Human Services, Secretary of State, with an electronic notice of the breaches within sixty (60) days of the end of the calendar year in which the breaches occurred. A separate form will be completed for every breach that occurred during the calendar year.  The electronic form OMB No. 0990-0346 will be completed as posted on the Health & Human Services website. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html

Breaches of More than Five Hundred (<500) Individuals the Provider Must
1. Fulfill number 1 & 2 above
2. Provide a notice to prominent media outlets, by press release, serving
the State or jurisdiction. It must provided without unreasonable delay and, in no case, later than sixty (60) days following the discovery of the breach and it will include the same information required for the individual notice

Business Associate Breaches

If a breach of unsecured protected health information is caused by a business associate, the business associate must notify *FACILITYNAME following the discovery of the breach.  The business associate must provide notice to our facility without unreasonable delay and no later than sixty (60) days from the discovery of the breach.

Note: These changes must be made to your Privacy Note and you must retain a complete copy of each version of the Notice of Privacy Practices for 6 years.


1 These entities are still subject to site visits performed by state agencies or ‘deemed’ agencies to determine compliance with the conditions  of participation for Medicare-certified providers

Transmittal 404 January 20, 2012: Effective April 22, 2012

CMS adopted new regulations under 42 C.F.R. § 424.510(d)(8)  on March 25, 2011 authorizing on-site reviews to determine if an enrolled provider or supplier is "operational" to furnish Medicare covered items or services and whether or not the provider or supplier is in compliance with the Medicare enrollment requirements.

The Medicare contractor shall limit its site visit to an external review whenever possible. If, however the contractor cannot determine that the practice is operational the contractor shall conduct unobtrusive site verification and limit its encounter with the provider, supplier or its patients.

• Document the date and time of the attempted visit(s)
• Photograph the provider or supplier’s business include a date/time
• Document observations made at the facility
• Provide a report of findings
• Provide a signed declaration verifying the site visit
• Perform site visits Monday through Friday (excluding holidays) between 9am-5pm unless posted hours are different
• Revisit a site if the facility is closed on the first attempt but only if it appears to be operational

If a Medicare contractor determines that the practice does not comply with the regulatory provisions for their practice type it shall revoke its Medicare billing privileges within seven (7) days of the determination and will initiate a two (2) enrollment bar. CMS will afford the provider or supplier with appeal rights.  


The worksheet for Measure 131-Pain Management is now available. Click here to access it. http://bcmscomp.com/docs/131PainMgt.pdf All other applicable worksheets can be found on January 3, 2012 PQRS-SIPA

What is BCMS?

Business & Clinical Management Services, Inc. (BCMS, Inc.) has been providing practice management & compliance consultation since 1985. It specializes in outpatient practice and rehab billing compliance; payment and coverage policy; audit preparation and appeal intervention; provider enrollment and revalidation; and billing, coding and documentation audits and education.

BCMS conducts small and large group seminars; train-the-trainer and online educational programs. It has an active presence in over 30 states and prides itself on maintaining and growing its client base. 

Our Products: We produce customizable compliance policy and procedure manuals for outpatient rehab practices and third party rehab billers; these are tools which constiitute a creditable Compliance Plan. We also produce SIPA, our time sensitive e-alert vehicle. 

Disclaimer: Great care has been made to provide current and accurate information as of the date of this volume. Please note, that no material herein should be considered legal advice nor be a substitute for individual consultation for matters that need additional guidance.

SIPA is a paid subscription e-alert, if you have not purchased this or other issues, please consider doing so by going to www.bcmscomp.com