Preventing readmissions is a hot topic these days. CMS has imposed new financial penalties for organizations that don't successfully prevent 30-day readmissions for patients with certain medical conditions, and organizations are always looking for new strategies to ensure patients are successfully able to move to the next level of care.
RC.01.01.01, Content of the Medical Record, did not top the list of the survey findings for hospitals in the first half of 2014, according to the September 2014 issue of Joint Commission Perspectives. Nor was it on the list for critical access hospitals at all! However, 49% of hospitals surveyed received a requirement for improvement for this standard, primarily in the EPs related to timing and dating entries. This indicates hospitals are still using a lot of paper records. That said, the downward swing is encouraging as more and more hospitals fully implement the EMR.
At this point, there are no federally recognized HIPAA certification standards for covered entities (CE) and business associates (BA). However, that doesn't mean there are no good assessment tools out there to gauge information security and regulatory compliance. The Health Information Trust Alliance (HITRUST) published its first common security framework (CSF) in March 2009 with the goal of focusing on information security as a core pillar of the broad adoption of health information systems and exchanges.
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is a BOH editorial advisory board member.
