Conducting pre-billing audits can be challenging, but when done correctly, it can save organizations from spending time recoding and rebilling claims that payers deny. These audits can be conducted on the front end, in both inpatient and outpatient settings, once records have been coded.
The Office for Civil Rights (OCR) announced December 8, 2014, that it fined an Alaska behavioral health service $150,000 for potential HIPAA violations. OCR entered into a resolution agreement with Anchorage Community Mental Health Services (ACMHS), a nonprofit behavioral healthcare service, per the announcement (see www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/acmhs/amchs-capsettle...).
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is an editorial advisory board member for SHCC's sister publication Briefings on HIPAA.
As the use of electronic health records (EHR) surges and organizations work toward meaningful use attestation, more in-depth monitoring of electronic patient records is becoming increasingly necessary.
