Archive for the ‘Regulatory Compliance’ Category

CMS Releases Important Update on PECOS

February 17, 2011

The Centers for Medicare & Medicaid Services (CMS) previously announced that, beginning January 3, 2011, if certain Part B billed items and services require an ordering/referring provider and the ordering/referring provider is not in the claim, is not of a profession that is permitted to order/refer, or does not have an enrollment record in the Medicare Provider Enrollment, Chain and Ownership System (PECOS), the claim will not be paid. The automated edits will not be turned on effective January 3, 2011.

CMS has stated that it is working diligently to resolve their enrollment backlogs and other system issues and will provide ample advanced notice to the provider and beneficiary communities before CMS begins any automatic nonpayment actions.

CMS urged physicians or other eligible professionals not currently enrolled in PECOS to enroll sooner rather than later, and outlined three ways that providers can verify their enrollment record in their system:


CME Certification for Physicians

September 14, 2010
Medical Board of California

Medical Board of California

Medical Board of California changed its continuing medical education (CME) reporting requirements in 2009.  Physicians are now required to complete 50 CME hours during every 2-year licensure period, as opposed to the 100 hours previously required every 4 years.  CME reporting deadlines are now based on the physician’s personal license renewal date (the last day of the month of the physician’s birthday), not the calendar year.

If physicians prefer to keep all their CME documentation in a centralized place, they could use California Medical Association’s Institute for Medical Quality (IMQ) CME Certification Program.  IMQ documents and verifies physicians’ CME activities.  When certified by IMQ, physicians’ CME credits will automatically be accepted by the medical board.  They also provide documentation of physicians’ CME in the event of a medical board audit.  The cost of IMQ’s CME certification is $29 for CMA members, $49 fo nonmembers.  Physicians also can request that their CME certification information be sent to hospitals, health plans, specialty societies, and others for credentialing or membership renewal purposes at no extra charge.

IMQ’s reporting form can be downloaded from their website at or by clicking here.

Mandatory Notice to Patients by MDs

June 14, 2010

Effective June 27, 2010, a new regulation, mandated by Business and Professions Code section 138, will go into effect requiring physicians in California to inform their patients that they are licensed by the Medical Board of California, and include the board’s contact information. The information must read as follows.

Medical doctors are licensed and regulated by the Medical Board of California
(800) 633-2322

The purpose of this new requirement (Title 16, California Code of Regulations section 1355.4) is to inform consumers where to go for information or with a complaint about California medical doctors. 

Physicians may provide this notice by one of three methods: 

  1. Prominently posting a sign in an area of their offices conspicuous to patients, in at least 48-point type in Arial font. (Click here to print the actual notice.)
  2. Including the notice in a written statement, signed and dated by the patient or patient’s representative, and kept in that patient’s file, stating the patient understands the physician is licensed and regulated by the board.
  3. Including the notice in a statement on letterhead, discharge instructions, or other document given to a patient or the patient’s representative, where the notice is placed immediately above the signature line for the patient in at least 14-point type.


For more information, please contact the Medical Board’s information officer, Candis Cohen, at or (916) 263-2394.Read the actual regulation by clicking here: CCR 1355.4

NOTICE TO CONSUMERS: Frequently Asked Questions 

If I choose the signage option, where should it be posted? 

The language of the regulation reads, “Prominently posting the notice in an area visible to patients on the premises where the licensee provides the licensed services..” The board expects a common-sense interpretation/application of this regulation. Your waiting room, examination rooms, or patient-registration area are the most obvious choices. 

How do I comply if my practice setting is not a traditional physician’s office? 

Physicians are responsible for the implementation of this regulation. This means you must make sure, regardless of practice setting, that the regulation is being complied with. Probably the easiest way is to make sure the necessary sign is posted in an area where patients are likely to see it, e.g., waiting room, discharge location. 

Are there any exceptions, e.g., radiologists, pathologists? 

No, but the board anticipates working with physician groups to refine this regulation. 

Must the disclosure be made in other languages? 


Does the regulation apply to hospital and clinic settings? 

Yes. Again, this regulation applies to every location where medicine is practiced by a physician in California, and that includes hospitals, nursing homes, medical clinics, outpatient facilities, urgent care centers, etc. It is the responsibility of the physician(s) who practice there to see that this regulation is complied with. At this time, we are leaving it to physicians and the facilities they work in to determine where the sign, should the physicians(s) choose that option, is to be posted. In hospitals and multi-level clinics, posting in a conspicuous place on each floor where patients are likely to see it would be a good-faith gesture that would suffice. 

Does this regulation apply to osteopaths? 

No. Medical doctors (M.D.s) only. 

Does the physician’s name have to be disclosed along with the other, mandated information? 

No. The only information required is the exact language in the regulation noted in bold, above. 

Must physicians who make house calls comply with this regulation? 

Yes. Option (2) or (3) as noted above would work. 

Are physicians’ facilities where the physicians themselves do not practice medicine exempt from this regulation? 

No, because the affiliated healing arts professionals who see the patients are under the direct supervision of physician 

Reference: http://www.ACOG,org,

“Red Flags Rule” are Effective June 1, 2010

May 26, 2010

Red Flags Rule will become effective June 1, 2010.

Red Flags Rule requires certain businesses and organizations to spot and heed the red flags that often can be the telltale signs of identity theft. The Federal Trade Commission (FTC) has continuously asserted that the Red Flag Rules DO apply to physicians and related health care providers. 

The goal of the Rules is “to reduce the overall incidence and impact of identity theft, including medical identity theft.” Medical identity theft can occur when a patient seeks care using the identity or insurance information of another person.  The rules are also intended to reduce risk of theft of credit information. 

Medical practices are covered under the rule if two conditions are met:

  1. They are a “creditor” organization, and
  2. They have “covered accounts

Under the rule, “credit” means an arrangement by which you defer payment of debts or accept deferred payments for the purchase of property or services.  A medical practice is a “creditor” organization if it first submits a claim for services to insurance and then bills any remaining amount to the patient after the claim is adjudicated. The FTC considers this to be a creditor arrangement since payment for goods and services is deferred until the claim is processed.  

Patient billing records are “covered accounts” under the Red Flag Rules if they permit multiple payments or if they have a reasonable risk of identity theft.

The FTC does not believe that the Red Flag Rules will impose any significant burdens on most healthcare providers. Red Flag Rules are risk based and designed to be flexible based on the level of risk faced by each practitioner. The FTC states that: “…for most physicians in a low risk environment, an appropriate program might consist of checking a photo identification at the time services are sought and having appropriate procedures in place in the event the office is notified – say by a consumer or law enforcement – that the consumer’s identity has been misused.”

What must a practice do?

     There are four steps to developing a compliant program:

  1. Identify Red Flags
  2. Detect Red Flags
  3. Prevent and Mitigate Identity Theft
  4. Update your program regularly

Breach Notification Rule – HITECH (HIPAA Part 2)

January 30, 2010

The Health Information Technology for Economic and Clinical Health Act, known as the HITECH Act, was enacted as part of the American Recovery and Reinvestment Act of 2009, signed by President Barack Obama on February 17 of last year.  HITECH Act amends the federal HIPAA’s privacy and security rules.

Effective February 2010, several of the provisions of HITECH become active including:

  • Breach notification.
  • Access to patient records.
  • Restrictions on the use and disclosure of protected health information.

Although HITECH went into effect on September 23, 2009, the U.S. Department of Health and Human Services stated that it would not impose sanctions for failure to comply with the new rules until February 2010.

Required provisions for HITECH compliance are:

Breach notification: The HITECH Act require providers to notify affected individuals of any data breach promptly.  If the data breach affects more than 500 people, the media should be notified including the affected people.  In addition, if the breach affects more than 500 people the Health and Human Services must be notified.  Breach affecting less than 500 people must be reported to the secretary of Health and Human Services on an annual basis.

Access to electronic health records: The HITECH Act now requires covered entities to provide individuals with electronic copies of their electronic protected health information.  Individuals can now also designate another person or entity to be the recipient of the electronic protected health information.

California law: California Health and Safety Code Section 123100-123149.5 entitles patients to:

  • Inspect records during business hours within 5 days of presenting a written request.
  • Receive copies of records within 15 days of presenting a written request.

The law gives the providers the right to:

  • Charge a reasonable clerical cost for locating and making the records available.
  • Charge $0.25 per page, as well as reasonable clerical costs, for copies.
  • Charge reasonable costs, not exceeding actual duplication cost, for x-ray copies.
  • Prepare a summary of the records as an alternative to providing copies or allowing inspection.

Restrictions on disclosure of protected health information: The HIPAA privacy rule currently provides individuals with a right to request a restriction on the use or disclosure or protected health information for purposes of treatment, payment, or health care operations purposes. Until now, providers had no obligation to agree to that request.  However, effective February 2010, if a patient has paid out-of-pocket for services rendered and requested that the provider not send their health information (or portions thereof) to their insurance plan, the provider must comply with this request.

%d bloggers like this: