HIPAA originally recognized the business associate (BA) as a contractor of a covered entity (CE), but did not mandate direct accountability to the regulations. This put the onus on a CE to ensure, contractually, that its BAs met applicable requirements and supported their CE clients' compliance. When the Privacy and Security Rules first became effective, many CEs accepted BA contracts (BAC) (sometimes also called BA agreements [BAA]) from their BAs. Some BAs were actually quite adamant about having the CE sign their BAC. Although it was the obligation of a CE to initiated the BAC and the CE was liable under the law for compliance, in most cases, BAs offered a BAC that met the legal requirements and often looked like the model offered by HHS. If this was not the case or if either party wanted additional provisions, the CE and the BA negotiated a contract. No provisions required by HIPAA could be removed or changed, but other provisions could be added.
There are a number of tools on the market to assist covered entities (CE) and business associates (BA) in addressing their compliance needs. Solutions range from large governance, risk, and compliance programs to tools that assist in the development of a compliance program. When it comes to ongoing compliance management, Ostendio's My Virtual Compliance Manager™ (MyVCM™) offers a solution that is more than just a tool for an occasional look at the compliance stance of an organization.
One of the biggest challenges to the provider community, including hospitals and critical access hospitals (CAH), is keeping up to date with current regulatory requirements, particularly when it comes to rules on coverage, coding, billing, and payment for services provided to beneficiaries under federal healthcare programs, including Medicare and Medicaid. For those of you who have taken one of our hospital or CAH Medicare Boot Camps, you probably remember discussing this early during the week, when we identified the major official sources of authority on Medicare rules, as well as some tips about how to efficiently keep yourselves up to date.
Updates of MS-DRGs to the list subject to IPPS replaced devices offered without cost or with a credit policy; Revision to Medicare Code Editor (MCE) edit, procedure inconsistent with length of stay (LOS) for ICD-10-PCS respiratory ventilation, greater than 96 consecutive hours; and more!
The 2016 OPPS proposed rule released July 2 is deceptively short, but packs a punch. CMS is proposing the most massive APC reconfiguration and consolidation of APC groups since the beginning of OPPS, says Jugna Shah, MPH, president and founder of Nimitt Consulting, based in Washington, D.C., and Spicer, Minnesota.
To get a real sense of the financial impact, providers will need to take several steps, says Shah. First, review the narrative text to get a feel for the major categories of changes CMS is proposing, including some of the operational ones.
