A business case for resourcing a compliance assurance program for privacy and security should be possible solely on the basis of the need to respond to complaints made directly to a covered entity (CE) (or business associate (BA) acting as an agent of a CE). However, despite stepped-up enforcement and periodic audits required by HITECH, industry experts still anticipate that a more proactive process for compliance may not be taken until an untoward event occurs. Consequently, other avenues for substantiating the importance of privacy and security measures are necessary and readily available. Information privacy and security officials may find it necessary to go beyond information about HIPAA Privacy and Security Rule enforcement in making the business case. Monitoring the general security industry and relating those risks to healthcare privacy and security are important when doing so. Consider the following:
In October 2014 a record number of hospitals were fined for excessive care transitions. In total, CMS penalized some 2,610 hospitals, and will assess fines between October 2014 and September of this year. Through these penalties, the government has given hospitals sufficient incentive to revamp their processes with an eye on preventing readmissions and improving transitions.
Q: I work in long-term care and I am familiar with the language in HIPAA regulations regarding requests for electronic copies of medical records for a reasonable fee according to community standards. However, my company does not maintain its medical records in electronic form, nor do we presently have the capability of converting our paper records into electronic format. Our state legislature addressed the issue of "reasonable charges and community standards" by state statute in 2006 by providing a formula for every medical provider to follow state-wide for copy charges regarding paper copies.
Do your coders ever feel as if they work more hours than most coders? Or perhaps they think their compensation is lower than other coders across the country? Have you ever wondered how your coders compare to the average coder?
Editor's note: With the increased specificity required for ICD-10-CM coding, coders need a solid foundation in anatomy and physiology. To help coders prepare for the upcoming transition, we will provide occasional articles about specific anatomical locations and body parts as part of a larger series for ICD-10-CM preparation. This month's article addresses the anatomy of the urinary system.
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is an editorial advisory board member for SHCC's sister publication Briefings on HIPAA.
