Q&a: coding based on clinical criteria.
Q: I remember reading an article, or a Coding Clinic, that basically said it was inappropriate for facilities to set internal policies for coding conditions based on clinical criteria, but I can’t find the reference. Can point me in the right direction?
A: You are correct. The decision to code or not to code cannot be based on clinical indicators but must be based only on physician documentation. It is commonly referred to as “Guideline 19” from the Official Guidelines for Coding and Reporting , which can be found on p. 13 under the heading “Code Assignment and Clinical Criteria:”
The assignment of a diagnosis code is based on the provider’s diagnostic statement that the condition exists. The provider’s statement that the patient has a particular condition is sufficient. Code assignment is not based on clinical criteria used by the provider to establish the diagnosis.
Practically speaking, this means that a coding professional reviewing a record in which a physician uses Sepsis-3 criteria cannot omit the sepsis code based on the fact that they prefer Sepsis-1 criteria. Similarly, a coding professional reviewing a record with the diagnosis of acute kidney injury cannot omit the code if they think the patient recovered too quickly or the creatine was suspect.
What coding professionals can do is hold the documentation against the Uniform Hospital Discharge Data Set (UHDDS) guidelines that say reportable diagnoses must be:
- Diagnostically tested
- Use additional nursing services
- Extend the length of stay
Therefore, a coding professional can omit a code if, let’s say, a physician documented sepsis, but there’s no evidence of the diagnosis being evaluated, treated, or tested, and there’s no evidence of the diagnosis extending the patient’s length of stay or expending additional nursing services.
Guideline 19 does not supersede the UHDDS guidelines. A coding professional has to work to reconcile these two seemingly opposing edicts as best they can in their coding process.
There is one important additional piece from the American Hospital Association’s Coding Clinic, Fourth Quarter 2017, p. 110, that you may find helpful (emphasis added):
Facilities should also work with their medical staff to ensure conditions are appropriately diagnosed and documented. If after querying, the attending physician affirms that a patient has a particular condition in spite of certain clinical parameters not being met, the facility should request the physician document the clinical rationale and be prepared to defend the condition if challenged in an audit. The facility should assign the appropriate code(s) for the conditions documented.
This means that if a documented diagnosis does not appear to be clinically supported, the facility is justified in requesting the physician document their rationale via a clinical validation query. They cannot, however, censor the reported codes on the coding side. Usually this happens most often when the physician has a perfectly legitimate reason for making a diagnosis, but the patient has presented in an atypical way which may not be apparent to the non-physician reviewer on the initial review. Generally, all that is needed is further physician explanation of the atypical nature of the presentation and why it is a legitimate diagnosis even though it may appear to the untrained eye to be unsubstantiated.
Remember, you absolutely can have your physician advisor set clinical criteria for when a query should be placed . Query criteria are unrelated to the problem of code assignment based on clinical criteria. We certainly do want our physician advisors involved in the use of appropriate criteria for query purposes in order to avoid unnecessary, unreasonable, or leading query practices.
Nonetheless, there are always exceptions (referring to Guideline 19). For example, I do not advise one blindly follow the index on documentation such as “cardiac injury” to a traumatic injury code when that is clearly inappropriate. I also cannot advise one to blindly follow a 1992 Coding Clinic that suggests cardiac injury be reported as a myocardial infarction (MI) when the new fourth universal definition of MI clearly suggests that cardiac injury is for use in cases where infarction is not present.
As stated in Coding Clinic, Fourth Quarter 2018, p. 90, “ Coding Clinic itself doesn’t advise you follow the ICD-10 index entry for emaciation to the nutritional marasmus code but rather they recommend defaulting to the reporting of cachexia when in doubt. (See Coding Clinic, Third Quarter 2017.)
Editor’s note: Allen Frady, RN, BSN, CCDS, CCS, CRC, CDI education specialist for HCPro in Middleton, Massachusetts, answered this question. Contact him at [email protected] . For information regarding CDI Boot Camps , click here .
More Like This
Acdis update: new acdis podcast episode focuses on acute kidney injury, q&a: audit processes, news: long covid could be a brain injury, according to new evidence, note from the director of programming: february 22 quarterly member call highlights malnutrition.
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Fact Sheet 42 CFR Part 2 Final Rule
Date: February 8, 2024
On February 8, 2024, the U.S. Department of Health & Human Services (HHS) through the Substance Abuse and Mental Health Services Administration (SAMHSA) and the Office for Civil Rights announced a final rule modifying the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 CFR part 2 (“Part 2”). With this final rule, HHS is implementing the confidentiality provisions of section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (enacted March 27, 2020), which require the Department to align certain aspects of Part 2 with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules and the Health Information Technology for Economic and Clinical Health Act (HITECH).
The Part 2 statute (42 U.S.C. 290dd-2) protects “[r]ecords of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance use disorder education, prevention, training, treatment, rehabilitation, or research, which is conducted, regulated, or directly or indirectly assisted by any department or agency of the United States.” Confidentiality protections help address concerns that discrimination and fear of prosecution deter people from entering treatment for SUD.
The modifications in this final rule reflect the proposals published in the December 2, 2022, Notice of Proposed Rulemaking (NPRM) and public comments received from: substance use disorder and other advocacy groups; trade and professional associations; behavioral and other health providers; health information technology vendors and health information exchanges; state, local, tribal and territorial governments; health plans; academic institutions, including academic health centers; and unaffiliated or anonymous individuals. Following a 60-day comment period, HHS analyzed and carefully considered all comments submitted from the public on the NPRM and made appropriate modifications before finalizing.
Major Changes in the New Part 2 Rule
The final rule includes the following modifications to Part 2 that were proposed in the NPRM:
- Allows a single consent for all future uses and disclosures for treatment, payment, and health care operations.
- Allows HIPAA covered entities and business associates that receive records under this consent to redisclose the records in accordance with the HIPAA regulations. 1
- Permits disclosure of records without patient consent to public health authorities, provided that the records disclosed are de-identified according to the standards established in the HIPAA Privacy Rule.
- Restricts the use of records and testimony in civil, criminal, administrative, and legislative proceedings against patients, absent patient consent or a court order.
- Penalties : Aligns Part 2 penalties with HIPAA by replacing criminal penalties currently in Part 2 with civil and criminal enforcement authorities that also apply to HIPAA violations. 2
- Breach Notification : Applies the same requirements of the HIPAA Breach Notification Rule 3 to breaches of records under Part 2.
- Patient Notice : Aligns Part 2 Patient Notice requirements with the requirements of the HIPAA Notice of Privacy Practices.
- Safe Harbor : Creates a limit on civil or criminal liability for investigative agencies that act with reasonable diligence to determine whether a provider is subject to Part 2 before making a demand for records in the course of an investigation. The safe harbor requires investigative agencies to take certain steps in the event they discover they received Part 2 records without having first obtained the requisite court order.
Substantive Changes Made Since the NPRM
In addition to finalizing modifications to Part 2 that were proposed in the NPRM, the Final Rule includes further modifications informed by public comments, notably the following:
- Safe Harbor: Clarifies and strengthens the reasonable diligence steps that investigative agencies must follow to be eligible for the safe harbor: before requesting records, an investigative agency must look for a provider in SAMHSA’s online treatment facility locator and check a provider’s Patient Notice or HIPAA Notice of Privacy Practices to determine whether the provider is subject to Part 2.
- Segregation of Part 2 Data : Adds an express statement that segregating or segmenting Part 2 records is not required.
- Complaints : Adds a right to file a complaint directly with the Secretary for an alleged violation of Part 2. Patients may also concurrently file a complaint with the Part 2 program.
- SUD Counseling Notes : Creates a new definition for an SUD clinician’s notes analyzing the conversation in an SUD counseling session that the clinician voluntarily maintains separately from the rest of the patient’s SUD treatment and medical record and that require specific consent from an individual and cannot be used or disclosed based on a broad TPO consent. This is analogous to protections in HIPAA for psychotherapy notes. 4
- Prohibits combining patient consent for the use and disclosure of records for civil, criminal, administrative, or legislative proceedings with patient consent for any other use or disclosure.
- Requires a separate patient consent for the use and disclosure of SUD counseling notes.
- Requires that each disclosure made with patient consent include a copy of the consent or a clear explanation of the scope of the consent.
- Fundraising : Create a new right for patients to opt out of receiving fundraising communications.
What has not changed in Part 2?
As has always been the case under Part 2, patients’ SUD treatment records cannot be used to investigate or prosecute the patient without written patient consent or a court order.
Records obtained in an audit or evaluation of a Part 2 program cannot be used to investigate or prosecute patients, absent written consent of the patients or a court order that meets Part 2 requirements.
What comes next?
The final rule may be downloaded at https://www.federalregister.gov/public-inspection/2024-02544/confidentiality-of-substance-use-disorder-patient-records . HHS will support implementation and enforcement of this new rule, including through resources related to behavioral health developed by the SAMHSA-sponsored Center of Excellence for Protected Health Information . Persons subject to this regulation must comply with the applicable requirements of this final rule two years after the date of its publication in the Federal Register . The Department will conduct outreach and develop guidance on how to comply with the new requirements, such as filing breach reports when required.
OCR plans to finalize changes to the HIPAA Notice of Privacy Practices (NPP) to address uses and disclosures of protected health information that is also protected by Part 2 along with other changes to the NPP requirements, in an upcoming final rule modifying the HIPAA Privacy Rule.
HHS planning to implement in separate rulemaking the CARES Act antidiscrimination provisions that prohibit the use of patients’ Part 2 records against them.
1 However, these records cannot be used in legal proceedings against the patient without specific consent or a court order, which is more stringent than the HIPAA standard.
2 See 42 U.S.C. 1320d–5 and 1320d-6.
3 Section 13400 of the HITECH Act (codified at 42 U.S.C. 17921) defined the term “Breach”. Section 13402 of the HITECH Act (codified at 42 U.S.C. 17932) enacted breach notification requirements, discussed in detail below.
4 See https://www.hhs.gov/hipaa/for-professionals/faq/2088/does-hipaa-provide-extra-protections-mental-health-information-compared-other-health.html .