Information security officers often have their hands full with HIPAA. But as high-deductible health plans have patients paying more out of pocket, it’s time organizations took a closer look at another set of cybersecurity guidance: the Payment Card Industry Data Security Standard (PCI DSS).
Almost a year after the world of coding was transformed by the implementation of ICD-10-CM/PCS, CMS released the 2017 ICD-10-CM Official Guidelines for Coding and Reporting along with more than 5,000 diagnosis and procedure code changes. The new codes and guidelines went into effect October 1, but not without some controversy. Many of the changes were praised for the increased clarity and level of detail they allow providers to capture. Other changes, though, raised questions and eyebrows and left some wondering what the Cooperating Parties may have intended.
It’s been a challenging year for HIPAA compliance. OCR levied more than $20 million in breach settlement fines. Ransomware rocked the healthcare industry.
A new phishing scam targeting covered entities (CE) and business associates (BA) is disguised as an official communication from the Office for Civil Rights (OCR). In an alert released November 28, OCR advised CEs and BAs that a phishing email is being circulated on fake HHS letterhead with the signature of Jocelyn Samuels, OCR’s director.
The University of Massachusetts Amherst (UMass) agreed to a $650,000 HIPAA settlement fine after a breach investigation revealed the university failed to implement basic security measures.
Single-use drug vial wastage and CMS’ implementation of the Quality Payment Program are in the spotlight in the Office of Inspector General’s (OIG) fiscal year 2017 Work Plan. The Work Plan, released November 10, outlines areas the OIG will scrutinize in the coming year and ongoing projects.
Data breaches spiked dramatically in the second half of the year but some experts at AHIMA’s 2016 national convention in Baltimore suggest the apparent surge might be caused in part by improved reporting.
