Q: We see many assertions that encryption at the right level meets the National Institute of Standards and Technology (NIST)/HIPAA safe harbor provision with no explanation of what is necessary to prove the breached electronic protected health information (PHI) was actually encrypted at the moment of breach. How can a covered entity prove the PHI was actually encrypted at the time of the breach?
Documentation and coding based on time requires knowledge about the general principles of E/M documentation, common sets of codes used to bill for E/M services, and E/M services providers.
Handling requests for information from law enforcement can throw staff for a loop. Most staff are aware of their organization’s policies and the basic HIPAA requirements for disclosing patient information to family members, friends, and other individuals such as legal guardians. But handling requests from law enforcement officials can be a different matter.
The 2018 OPPS final rule, published in the Federal Register on November 13, has two changes that could affect case managers—the removal of the total knee replacement from the inpatient-only list and cuts to payments for drugs purchased through the 340B drug discount program.
