Current through Register Vol. 63, No. 3, March 1, 2024
(1) The Department shall analyze and monitor
the operation of its programs and audit and verify the accuracy and
appropriateness of payment, utilization of services, or items.
(2) The Department shall comply with client
coverage criteria and requirements for the level of care or service or item
authorized or reimbursed by the Department and the quality of covered services
or items and service or item delivery, and access to covered services or
items.
(3) The provider and the
provider's designated billing service or other entity responsible for the
maintenance of financial, service delivery, and other records must:
(a) Develop and maintain adequate financial
and service delivery records and other documentation which supports the
specific care, items, or services for which payment has been requested. The
Department shall not make payment for services that are not adequately
documented. The following documentation must be completed before the service is
billed to the Department:
(A) All records
documenting the specific service provided, the number of services or items
comprising the service provided, the extent of the service provided, the dates
on which the service was provided, and identification of the individual who
provided the service. Patient account and financial records must also include
documentation of charges, identify other payment resources pursued, indicate
the date and amount of all debit or credit billing actions, and support the
appropriateness of the amount billed and paid. For cost reimbursed services,
the provider must maintain adequate records to thoroughly and accurately
explain how the amounts reported on the cost statement were
determined.
(B) Service delivery,
clinical records, and visit data, including records of all therapeutic
services, must document the basis for service delivery and record visit data if
required under program-specific rules or contracts. A client's clinical record
must be annotated each time a service is provided and signed or initialed by
the individual providing the service or must clearly identify the individual
providing the service. Information contained in the record must be sufficient
in quality and quantity to meet the professional standards applicable to the
provider or practitioner and any additional standards for documentation found
in this rule, program-specific rules, and any pertinent contracts.
(C) All information about a client obtained
by the provider or its officers, employees, or agents in the performance of
covered services, including information obtained in the course of determining
eligibility, seeking authorization, and providing services, is confidential.
The client information must be used and disclosed only to the extent necessary
to perform these functions.
(b) Implement policies and procedures to
ensure confidentiality and security of the client's information. These
procedures must ensure the provider may release such information in accordance
with program-specific federal and state statutes or contract, which may include
but is not limited to, ORS
179.505 to
179.507,
411.320,
433.045, 42 CFR part 2, 42 CFR
part 431 subpart F,
45
CFR 205.50, and ORS
433.045(3) with
respect to HIV test information.
(c) Ensure the use of electronic
record-keeping systems does not alter the requirements of this rule.
(A) A provider's electronic record-keeping
system includes electronic transactions governed by HIPAA transaction and code
set requirements and records, documents, documentation, and information include
all information, whether maintained or stored in electronic media, including
electronic record-keeping systems, and information stored or backed up in an
electronic medium.
(B) If a
provider maintains financial or clinical records electronically, the provider
must be able to provide the Department with hard-copy versions. The provider
must also be able to provide an auditable means of demonstrating the date the
record was created and the identity of the creator of a record, the date the
record was modified, what was changed in the record and the identity of any
individual who has modified the record. The provider must supply the
information to individuals authorized to review the provider's records under
subsection (e) of this rule.
(C)
Providers may comply with the documentation review requirements in this rule by
providing the electronic record in an electronic format acceptable to an
authorized reviewer. The authorized reviewer must agree to receive the
documentation electronically.
(d) Retain service delivery, visit, and
clinical records for seven years and all other records described in this rule,
program-specific rules and contract for at least five years from the date of
service.
(e) Furnish requested
documentation (including electronically recorded information or information
stored or backed up in an electronic medium) immediately or within the
time-frame specified in the written request received from the Department, the
Oregon Secretary of State, DHHS or other federal funding agency, Office of
Inspector General, the Comptroller General of the United States (for federally
funded programs), MFCU (for Medicaid-funded services or items), or the client
representative. Copies of the documents may be furnished unless the originals
are requested. At their discretion, official representatives of the Department,
Medicaid Fraud Unit, DHHS, or other authorized reviewers may review and copy
the original documentation in the provider's place of business. Upon written
request of the provider, the program or the unit, may, at its sole discretion,
modify or extend the time for provision of such records if, in the opinion of
the program or unit good cause for such extension is shown. Factors used in
determining if good cause exists include:
(A)
Whether the written request was made prior to the deadline for
production;
(B) If the written
request is made after the deadline for production, the amount of time lapsed
since that deadline;
(C) The
efforts already made to comply with the request;
(D) The reasons the deadline cannot be
met;
(E) The degree of control that
the provider had over its ability to produce the records prior to the deadline;
and
(F) Other extenuating
factors.
(f) Access to
records, inclusive of clinical charts and financial records does not require
authorization or release from the client, unless otherwise required by more
restrictive state and federal regulations if the purpose of such access is:
(A) To perform billing review
activities;
(B) To perform
utilization review activities;
(C)
To review quality, quantity, medical appropriateness of care, items, and
services provided;
(D) To
facilitate service authorization and related services;
(E) To investigate a client's hearing
request;
(F) To facilitate
investigation by the MFCU or DHHS; or
(G) To review records necessary to the
operation of the program.
(g) Failure to comply with requests for
documents within the specified time-frame means that the records subject to the
request may be deemed by the Department not to exist for purposes of verifying
appropriateness of payment, clinical appropriateness, the quality of care, and
the access to care in an audit or overpayment determination, and subjects the
provider to possible denial or recovery of payments made by the Department or
to sanctions.
Stat. Auth.: ORS
409.050,
411.060
Stats. Implemented: ORS
414.115,
414.125,
414.135,
414.145