Starting January 1, 2025, the UnitedHealthcare Community Plan of Nebraska will put in force a new, centralized credentialing method for care carriers. This manner could be managed with the centralized verification corporation (CVO), Verisys. Verisys will perform a single streamlined verification technique for numerous Nebraska managed care groups (MCOs), including:
Why centralized credentialing?
The new system eliminates the need to conduct individual credentialing procedures with every.
MCO. All could be completed right now.
Who’s required to take participate
The varieties of care companies required to participate encompass:
Who’s excluded
The following MCO delegates are excluded:
When to begin the re-credentialing method
Recredentialing starts somewhere in between the mid-2025. You’ll receive a letter from Verisys within the mail 6 months before your re-credentialing due date. The CVO will carry out credentialing every 3 years.
Note: Centralized re-credentialing no longer updates the Medicaid company enrollment screening procedure. All Medicaid care vendors must sign up with this system via Maximus. More statistics on a way to join the Nebraska Medicaid Program are on the Nebraska Department of Health & Human Services official website.
The Office of Inspector General (OIG) and the U.S. Department of Health and Human Services (HHS) announced the Nursing Facility ICPG i.e. an industry-specific compliance program guidance on November 20, 2024. It provides a structure that will help facilities avoid fraud, waste, and abuse while simultaneously encouraging high-quality care and streamlining operations.
This updated guidance supersedes the 2000 and 2008 versions and incorporates current compliance insights and enforcement priorities. It supplements the General Compliance Program Guidance, which was published in November 2023, and applies to all healthcare entities. The ICPG is nonbinding but offers actionable recommendations that can support compliance efforts. The Requirements of Participation, on the other hand, are mandatory by the Centers for Medicare & Medicaid Services.
Key Compliance Risk Areas
The four significant risk areas according to the Nursing Facility ICPG are as follows:
Adaptation and Implementation
They will adapt the ICPG recommendations to their specific operation and, therefore, increase their chances of better compliance with regard to better resident care and regulatory risk management.
As not all-inclusive guidance, it is a useful, centralized resource for improving the facility and corporate compliance strategy. By aligning themselves with the ICPG, nursing facilities can be well-positioned to improve the standards of care, manage fewer risks of regulatory action, and thereby improve operational efficiency.
Among changes finalized in the CMS's 2025 Physician Fee Schedule, new rules for the refund of Medicare overpayment are finalized. These involve a definition of the identifications of standards for overpayments and adding a six-month period for providers to investigate possible overpayments as they apply to FCA regulations. The updated changes will be implemented on January 1, 2025.
The key changes are as follows: The "reasonable diligence" standard is replaced by the FCA's knowledge-based threshold. Providers will report only those overpayments for which they have "actual knowledge" or act with "reckless disregard or deliberate ignorance" of the overpayment. This change will apply to all Medicare parts, namely Part A (hospital care), Part B (physician care), Part C (Medicare Advantage), and Part D (prescription drugs).
CMS also codified a six-month timeframe for Parts A and B providers to research and identify overpayments prior to the 60-day repayment period. Providers performing good faith research within that timeframe will have up to 240 days to assess and report associated overpayments.
These updates respond to a 2018 court ruling in UnitedHealthcare Insurance Co. v. Azar, where the "reasonable diligence" standard for Medicare Advantage plans was rejected due to its incompatibility with the FCA. The CMS decided to extend these updates to all Medicare parts for consistency.
While regulatory changes tend to be scrutinized more during election transitions, it is unlikely that the provisions will be rolled back because of the legal underpinnings and practical benefits of the new provisions. The new rules also have clearer guidelines for compliance that reduce the liability risks for providers while ensuring a fairer investigatory process.
Providers should prepare themselves by reviewing their compliance protocols and documenting the investigations properly. Failure to comply may lead to FCA liability.
On a comprehensive examination, the Office of Inspector General has directed the reforms to the audit program of the Office for Civil Rights in the Department of Health and Human Services as required under the Health Insurance Portability and Accountability Act. The report sums up findings regarding the program's lack of efficient security measures for ePHI electronic protected health information. The statistics here have shown an increase of 239% in hacking breaches between the years 2018 and 2023.
OIG's analysis reveals that OCR's last audits, conducted in 2017, covered an extremely limited scope of the HIPAA requirements, which barely touched on Security Rule administrative safeguards and failed to cover physical and technical safeguards, for example, encryption and ransomware protections. In addition, OCR did not implement corrective actions upon deficiencies or track audit outcomes, thus making the program less effective.
OIG proposed four key recommendations:
While OCR agreed with most recommendations, it noted that resources are limited and that HIPAA audits are voluntary, focusing on providing technical assistance rather than on mandatory corrections.
These findings highlight the need for health organizations to have strong cybersecurity. OIG's report might motivate OCR to boost enforcement activities and expand audit scopes with heightened scrutiny toward covered entities and business associates.
Healthcare organizations should strengthen protections for ePHI, undertake risk audits that consider all aspects, and remediate weaknesses in administrative, physical, and technical safeguards. To keep ahead of the curve, vigilance regarding changes to OCR audit protocols and being prepared for potential enforcement will be crucial in protecting sensitive patient information and remaining compliant.
For further information on the recommendations made and their meanings, please refer to the OIG's complete report entitled "A-18-21-08014".
The Centers for Medicare & Medicaid Services (CMS) modernized version 2.0 of their online validator tool in place to quickly align with the price transparency requirements of hospitals. The requirement from 2021 as directed to the hospital should be to automatically publish machine-readable files setting standard charges for services and items that include all the gross charges, payer-specific negotiated rates, allowing de-identified minimums and maximums, and discounted cash prices.
The new version enables hospitals to check their machine-readable files against new format and data specifications, indicating "errors" and "warnings" to help them make corrections. Errors indicate noncompliance with requirements that will be effective July 1, 2024, while warnings indicate standards that will be enforced from January 1, 2025. According to CMS, the tool stops reviewing if errors exceed 250 or if critical data elements in rows 1-3, which include headers and standard charges, are flawed.
In all these years of enforcement, the compliance rate is still relatively low. According to the report from PatientRightsAdvocate.org just published, only 34.5% of hospitals are completely compliant with the requirements- those are posting machine-readable files and offering consumer-friendly pricing for 300 common shoppable services or a price estimator tool. Noncompliance is widespread, with 65.5% of hospitals either providing incomplete files or failing to clearly associate prices with payers and plans.
True transparency and facilitating customer comparison as well as research can be supported through machine-readable files. Although CMS emphasizes that it does not provide certification of full compliance, it does offer a proactive measure for its hospitals to comply with the regulatory requirements.
A healthcare facility can upload files in both .json and.csv formats. CMS does not track the usage of an individual validator but may use this in compliance reviews. This notice underlines CMS's commitment to strengthening its focus toward helping its clients as a hospital make price transparency in such complex pricing structures.
A Florida-based healthcare provider that helps people with pain management got into some hot water with the folks from the U.S. Department of Health and Human Services Office for Civil Rights. They had to cough up a hefty fine of $1.19 million due to mishandling of some private health information. As it happens, they hired a contractor in May 2018 to assist them with their business, and even after their employment terminated in August 2018, the contractor retained their digital keys i.e. electronic medical records (EMR) system.
The contractor submitted about 6,500 false Medicare claims from September 2018 through February 2019 after it accessed the ePHI of 34,310 individuals without authorization. The breach, which occurred on February 20, 2019, compromised sensitive patient information, which included names, addresses, Social Security numbers, and insurance, in addition to medical information. The provider canceled access to the contractor's system on February 21, 2019, and informed OCR about the breach in April 2019.
Multiple compliance failures were issued from the OCR investigations under the Security Rule of HIPAA. Some components of these represent, among other things, the lack of comprehensive risk analysis in the provider's practice, insufficient monitoring of system activities, failure to implement strong termination access procedures, and limited workstation access policies.
OCR Director Melanie Fontes Rainer talks about the measures to protect patients' information against all risks stating, "Effective cybersecurity and compliance with the HIPAA Security Rule means being proactive in reviewing who has access to health information and responding quickly to suspected security incidents."
The penalty was reduced under the HITECH Act’s Recognized Security Practices provision, which considers evidence of continuous compliance efforts over the preceding 12 months. This case underscores the need for healthcare entities to align their security measures with HIPAA requirements to prevent costly penalties and protect patient trust.
Effective March 1, 2025, Rocky Mountain Health Plans (RMHP) will implement new UnitedHealthcare
requirements and criteria, enhancing the efficiency of RMHP's clinical review processes and accelerating
clinical decision-making times.
The updates will affect RMHP Individual Exchange plans, Medicaid PRIME, Child Health Plan Plus (CHP+),
Medicare Advantage, and Dual Eligible Special Needs Plans (D-SNP) as follows:
Medical prior authorization and notification requirements will be aligned with UnitedHealthcare's
standards for numerous codes, details of which are available here:
Please note that behavioral health prior authorization and notification requirements will remain
unchanged.
Medical Policies
Plans will conform to UnitedHealthcare Medical & Drug Policies, accessible on the Policies and Protocols
for Providers page.
Utilization Management Criteria
Plans will transition from MCG to InterQual® criteria for utilization management. This change is designed
to integrate seamlessly into existing practices. For more details, please visit the Clinical Guidelines page
and select InterQual Clinical Criteria.
Specific Updates for RMHP Individual Exchange Plans
These updates apply only to Colorado Doctor’s Plan, Monument Health HMO, Monument ONE, and
Rocky Mountain Valley Plans.
Site of Service Medical Necessity Reviews
Prior authorization or notification is now required for the following services:
It is recommended that authorization requests be submitted well in advance to verify medical necessity
and the appropriate site of service. For any surgical procedures or CPT® codes already under prior
authorization/notification mandates, the ongoing review process to confirm medical necessity will
continue as usual.
Beginning January 1, 2025, medical and behavioral health care providers will be able to use qualified
billing and diagnostic codes to address the follow-up after hospitalization (FUH) for mental illness
HEDIS® gap.
How they can help:
Providers can help to close these gaps if the visit occurs within 7 days of discharge from an inpatient
setting. Postoperative day one is defined as the day after the patient is discharged from the hospital. If a
patient cannot be seen within 7 days, then an appointment can be arranged within 30 days after
discharge.
Submission of appropriate billing codes to close HEDIS FUH gaps: Medical and mental health care
providers are encouraged to use specific codes to address FUH numerator gaps in care. However, these
codes should not be viewed as directives for billing practices.
Behavioral health outpatient visits with a mental health care provider OR with a diagnosis of
mental health disorder
98960–98962, 99078, 99202–99205, 99211–99215, 99242–99245, 99341, 99342, 99344, 99345,
99347–99350, 99381–99387, 99391–99397, 99401–99404, 99411, 99412, 99483, 99492–99494
and 99510
Outpatient visit, in person or telehealth, with a mental health care provider OR with a diagnosis of
mental health disorder, and with the appropriate service code (visit setting unspecified) billing codes
90791, 90792, 90832–90834, 90836–90840, 90845, 90847, 90849, 90853, 90875, 90876, 99221–99223,
99231–99233, 99238, 99239 and 99252–99255
Psychiatric collaborative care management billing codes
99492, 99493, 99494; HCPCS: G0512
Transitional care management billing codes
99495, 99496
Telephone visits billing codes1
98966–98968, 99441–99443
Additional codes for this measure and others can be located in the PATH reference guide.
If there is a need to refer a patient to a network behavioral health care professional for further
assessment and/or treatment, please contact the behavioral health number listed on the back of the
patient's member ID card.
Resources: For more information and resources, please visit the Clinical Tool page or the Optum
Provider and Staff Toolkits page.
Before authorization for Total Joint Replacement procedures under codes 27445, 27447, 27130 & 27132
in UnitedHealthcare’s commercial plans, additional information may be requested from the submitting
healthcare provider. It relates to all the fully insured and self-funded health plans in the country.
The evaluation of these requests will be conducted by the following policies:
Summary of Required Documentation Changes: For hip surgeries, healthcare providers must include:
For knee surgeries, the medical documentation should include:
Conservative Care Requirements
These remain unchanged and should be documented, detailing the treatments used along with their
timing and duration:
substitute for NSAIDs if necessary.
Further Guidance: For more detailed information, providers are advised to consult the relevant
UnitedHealthcare Commercial Policies on hip and knee surgeries.
All laboratories are invited to submit their request to join the UnitedHealthcare Preferred Lab Network
starting from July 1, 2025. This network consists of freestanding laboratories that are presently
contracted and have high standards in terms of accessibility, cost, data quality, and services.
Benefits of Participation
Approved applicants will receive the following benefits:
1. Enhanced Visibility: The approved laboratories will be listed on the UnitedHealthcare directory
to ensure they are easily accessible to the members and ensure that the members’ healthcare
professionals refer them to those laboratories.
2. Marketing Support: Marketing and communications materials will be pre-approved for language
to be used to promote the Preferred Lab Network designation for laboratories.
How to Apply
To start the process, send an email to preferred_lab@uhc.com by January 15, 2025, with "Preferred Lab
Network" in the subject line. Include the following details in your email:
Once you email, UnitedHealthcare will send you a link to the application, which must be completed by
January 31, 2025.
What Happens Next?
If your lab is selected, you’ll be notified by May 30, 2025. UnitedHealthcare will also provide an updated
Participation Agreement outlining the terms of your Preferred Lab Network designation.
For more information questions or support, chat with us anytime on the UnitedHealthcare Provider
Portal.
