Ask the Expert

​Q. My understanding is that HIPAA doesn’t mandate use of a specific security standard. Are we required to keep documentation explaining why we chose a particular security standard? I’ve also been told that we are required to encrypt data according to National Institute of Standards and Technology standards. Is this spelled out in the regulations?

Q. Are HIPAA requirements different for college campus health centers than for larger facilities or private practices?

What are some guidelines for resolving procedure-to-procedure edits?

What guidelines should be followed when delivering the follow-up Important Message from Medicare?

What strategies can help case managers effectively communicate with low health literacy patients?

Q: Who should be responsible for coordinating the retrospective query process in a hospital? 

Can rural health clinics receive more than one all-inclusive rate payment per patient per day?

What is the best position on the executive team for the director of case management to report to?

Q. We acquired a home health agency and now employ home health nurses, physical therapists, speech therapists, etc. Can we permit workforce members to use their personal cell phones to communicate with patients? Is there a HIPAA-compliant means of doing so for calls, email, and text messages?

What laboratory services are covered under the rural health clinic benefit?