Durable Medical Equipment

Adding Durable Medical Equipment (DME) to a chiropractic practice has been one avenue that offices have used as an additional revenue stream.  The National Supplier Clearinghouse, part of Palmetto GBA, is the DME section of Medicare. 

Chiropractors can apply for and be granted a supplier number to provide durable medical equipment, such as back braces, to Medicare enrollees and are able to be paid according to the Medicare approved price codes and limits.

Chiropractors desiring to add DME to their practice must do so by following a strict set of DME guidelines.  These include:

  • Written order
  • Certificate of Medical Necessity (if applicable)
  • DME Information Form
  • Proof of delivery
  • Beneficiary authorization
  • ABN, if applicable
  • Information from the treating physician concerning the patient’s diagnosis
  • Additional documentation requiremen


Chiropractic physicians know that Medicare only covers manual manipulation of the spine to correct a subluxation; any other service or item ordered by a chiropractor is statutorily excluded and will be denied.  This includes any order for durable medical equipment.


This means that DC’s dispensing durable medical equipment for Medicare will require an order, certificate of medical necessity and other documentation from an MD or other authorized provider.  The dispensation of the product must follow the DME documentation guidelines required by Medicare.


In September 2012, the National Supplier Clearinghouse (NSC) announced a change in the DME accreditation rules.  Chiropractors are eligible to enroll as DMEPOS suppliers but are no longer afforded any special enrollment exemptions extended to other physicians and non-physician practitioners identified in Section 1861(r) of the Social Security Act. Medicare coverage for a chiropractor is limited to the manual manipulation of the spine to correct a subluxation; all other services furnished or ordered by chiropractors are not covered. As such, chiropractors are not exempt from DMEPOS accreditation, surety bonds, enrollment fees, site visits or licensing requirements as required for a DMEPOS supplier in the state(s) in which they provide service.


NSC further announced that existing chiropractic DME suppliers must complete the accreditation process and obtain a surety bond to be recertified. 


DME accreditation is a moderately complex process and requires full policy, procedure, and compliance programs are in place prior to a site visit that must be conducted before the entity can be accredited. 


All of these changes do not effect your Medicare Part B provider enrollment, claims processing or current payment stream for manipulations!


For additional information on this or other billing, coding, documentation or compliance related issues – contact Cornerstone Medical Management.  We are experienced providers of DME policy, procedure and compliance plans.

Updating your Notice of Privacy Practice

If your Notice of Privacy Practice (NOPP) is updated - through regulatory or office policy changes - there are several things you must do to maintain your compliance with the HIPAA regulations.

First, you must updated the last revised date on the NOPP form.  You must post the new notice in a prominent location in your office and you must include it on your website, if you have one. 

It is not necessary to have your existing patients sign new NOPP acknowledgements nor is it necessary to give existing patients a copy of the new notice.  Publishing the changes in your office and on your website is sufficient for current HIPAA regulatory compliance. 

Be sure you are providing all new patients with a copy of your Notice of Privacy Practice and that you are getting your acknowledgment signed!

HIPAA Privacy: 18 Things You Should Know

18 Elements of PHI 

Protected health information (PHI) is any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment..  The HIPAA Privacy Rule covers protected health information in any medium.

ePHI stands for Electronic Protected Health Information. It is any protected health information (PHI) which is stored, accessed, transmitted or received electronically. Protected Health Information (PHI) under HIPAA means any information that identifies an individual and relates to at least one of the following:

  • The individual’s past, present or future physical or mental health.
  • The provision of health care to the individual.
  • The past, present or future payment for health care.

There are 18 identified elements of protected health information (PHI) covered under the HIPAA Rules. 

  • Names
  • Geographic subdivisions smaller that state (geocodes, county, city, street address, etc)
  • Dates. 
  • Telephone numbers
  • Fax numbers
  • e-Mail addresses
  • Social Security Numbers
  • Medical Record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers (includes license plate numbers)
  • Device identifiers and serial numbers
  • Web URL (universal resource locator)
  • IP Addresses
  • Biometric identifiers
  • Full face and comparable photographic images
  • Any other unique identifying number, characteristic, or code

Many of the items in this list are obvious – we’ve all been training to know that names, social security numbers, birthdates, etc are protected health information.  It’s number 18 that is the “catch-all”; the place where any unlisted item can that uniquely identifies a patient becomes PHI.

Is your staff trained for HIPAA Privacy and Security?  Have you trained them in the last year?  Is that training documented??  Check out our upcoming "What's new with HIPAA" training classes here.