HIPAA compliance and enforcement saw its share of highs and lows in 2017. As the year comes to a close, it’s a good time to look back on what your organization has learned—in terms of personal growth and lessons gleaned from other organizations.
Q: We see many assertions that encryption at the right level meets the National Institute of Standards and Technology (NIST)/HIPAA safe harbor provision with no explanation of what is necessary to prove the breached electronic protected health information (PHI) was actually encrypted at the moment of breach. How can a covered entity prove the PHI was actually encrypted at the time of the breach?
Coding experts take a look at changes to ICD-10-PCS, including guideline updates, the addition of “other devices” characters, and new tables added for root operation Replacement.
CDI review teams can get bogged down and discouraged by routine. A CDI manager should be visible, positive, and combat team complancency and routine fatigue.
Three major types of payer record reviews are conducted every year: The Healthcare Effectiveness Data and Information Set (HEDIS), Medicare Risk Adjustment, and Commercial Risk Adjustment. As the volume of payer and health plan reviews continues to climb, millions of patient records are requested.
Most physicians are familiar with the MIPS quality models: These are the Physician Quality Reporting System (PQRS) measures that we’ve been reporting for years with the old Medicare value-based purchasing program. What we don’t know much about are the new cost efficiency models in MIPS, which are based solely on hospital and physician ICD-10-CM/CPT claims data rather than a clinical abstraction of our medical records.
Documentation and coding based on time requires knowledge about the general principles of E/M documentation, common sets of codes used to bill for E/M services, and E/M services providers.
OCR’s 2016 guidance on patient access opened up a debate in the industry and brought questions about fulfilling patient access requests to the foreground.
This month's security Q&A answers readers' questions on incidental disclosures, sending protected health information in the mail, and addressing vulnerabilities identified in a risk analysis.
