Q: I perform monthly HIPAA audits of computer systems at the medical group where I am employed. I recently started auditing physicians and allied health professionals who are credentialed members of our medical staff.
Obtaining valid authorizations for disclosure is a significant area of risk for many organizations. Often, staff members handling disclosures don't understand the requirements?especially regarding when authorizations are needed and who can legally sign them. This chapter takes a comprehensive look at authorizations, including required elements, when they're needed, when they're not needed, who can sign them, and the need to screen outside authorizations.
Q: You are reviewing a computer-generated insurance claim before it is sent to the insurance carrier, and you happen to notice the patient's name on the claim?it's an old friend of yours. You quickly read the code for the diagnosis. Is this a breach of confidentiality?
As required by The Joint Commission, a board of directors should regularly assess its performance, appropriateness of board and committee processes and charter fulfillment, adequacy of meeting structures and goals, communication with management, and other governance structures and activities. Generally, boards and their committees complete this assessment through self-surveys, internal audits, or collection of results as performed by legal services. Assessment results can lead to changes in board processes, with the goal of adapting to changing risks and environmental requirements, and improvements in governance.
