The HIPAA Privacy, Security and Breach Notification Rules require the development and implementation of policies. Covered entities must address all the standards in the rules
As privacy officer of a healthcare organization that includes about 12,000 employees in 14 hospitals and 30 clinics, Nancy Davis, MS, RHIA, CHPS, is a realist about one thing related to HIPAA compliance: Employees will make mistakes. They are human, after all.
Compliance with the 2-midnight rule has been tricky for many organizations?and things aren't expected to get easier anytime soon. The 2016 OPPS proposed rule may bring some additional tweaks to the 2-midnight rule (see related story, "Proposed OPPS rule suggests tweaksto 2-midnight rule," in the September issue of CMM), and education and enforcement may change hands from Recovery Auditors to Quality Improvement Organizations.
