If the 2-midnight rule keeps you up at night, it might help to add some PEPPER to your processes. CMS recently updated PEPPER, otherwise known as the Program for Evaluating Payment Patterns Electronic Report, to provide hospitals with insight into how well they're doing with 2-midnight rule compliance.
In an effort to make physicians more accountable for proper documentation, CMS has been doing the transmittal shuffle as of late--and the process may have you thoroughly confused.
Q: I work at a pediatric practice, and we receive a lot of holiday cards from our patients, many of which feature family photos. We hang them up because the patients love to see themselves displayed in our lobby. We have reached out to a HIPAA security officer at a nearby hospital who told us it is not a HIPAA violation to display holiday cards received from patients. Is this accurate?
Although numerous privacy and security laws apply to healthcare entities, HIPAA rules and requirements tend to receive the most emphasis?and generate the most angst. The terms HIPAA-compliant vendor, HIPAA cop, and HIPAA disciplinary action are anathema to experienced and serious privacy and information security professionals. HIPAA, as has been noted, represents the floor of requirements intended to protect the privacy and security of patient information. More stringent privacy requirements have existed at the state and national levels for several years before the HIPAA Privacy Rule was implemented (e.g., state medical records laws and requirements). Notably, many organizations implement policies and procedures that are more stringent than that required by HIPAA. Some of this is due to misinformation or misunderstanding of the HIPAA rules.
