CMS is reexamining inpatient criteria because it has seen a significant increase in the number of patients spending more than 24 hours in observation. Providers are worried that a Recovery Auditor will deny a short inpatient stay for lack of medical necessity and recoup payment years later. So instead, some facilities place patients in observation for longer time periods.
Demonstrating that ePHI encryption meets the safe harbor requirements may be more difficult than it seems when planning for that inevitable breach. Full disk encryption may not be enough. Many healthcare users believe encryption software installed on mobile devices and desktops will avoid the potentially damaging breach notification. The question is: Can you prove ePHI was encrypted at the time the device was lost, accessed, or stolen? Absio Corporation may have the answer.
