One of the biggest challenges to the provider community, including hospitals and critical access hospitals (CAH), is keeping up to date with current regulatory requirements, particularly when it comes to rules on coverage, coding, billing, and payment for services provided to beneficiaries under federal healthcare programs, including Medicare and Medicaid. For those of you who have taken one of our hospital or CAH Medicare Boot Camps, you probably remember discussing this early during the week, when we identified the major official sources of authority on Medicare rules, as well as some tips about how to efficiently keep yourselves up to date.
Mergers and acquisitions in the healthcare industry are often decided upon and negotiated by C-suite staff with involvement from security and IT professionals. However, significant security implications must be considered by both parties prior to, during, and after a merger or acquisition.
The Office for Civil Rights (OCR) announced December 8, 2014, that it fined an Alaska behavioral health service $150,000 for potential HIPAA violations. OCR entered into a resolution agreement with Anchorage Community Mental Health Services (ACMHS), a nonprofit behavioral healthcare service, per the announcement (see www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/acmhs/amchs-capsettle...).
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is an editorial advisory board member for SHCC's sister publication Briefings on HIPAA.
Each year the Office of Inspector General (OIG) outlines its enforcement priorities. Its 2015 Work Plan includes items case managers should have on their radar.
