Most physicians are familiar with the MIPS quality models: These are the Physician Quality Reporting System (PQRS) measures that we’ve been reporting for years with the old Medicare value-based purchasing program. What we don’t know much about are the new cost efficiency models in MIPS, which are based solely on hospital and physician ICD-10-CM/CPT claims data rather than a clinical abstraction of our medical records.
The general rules for security, risk analysis, and risk management implementation specifications, and evaluation standards are key directives for ongoing compliance assurance. Although risk analysis concepts guidance appears in the Security Rule, many organizations use it for auditing Privacy Rule processes as well.
Q: We see many assertions that encryption at the right level meets the National Institute of Standards and Technology (NIST)/HIPAA safe harbor provision with no explanation of what is necessary to prove the breached electronic protected health information (PHI) was actually encrypted at the moment of breach. How can a covered entity prove the PHI was actually encrypted at the time of the breach?
Documentation and coding based on time requires knowledge about the general principles of E/M documentation, common sets of codes used to bill for E/M services, and E/M services providers.
Handling requests for information from law enforcement can throw staff for a loop. Most staff are aware of their organization’s policies and the basic HIPAA requirements for disclosing patient information to family members, friends, and other individuals such as legal guardians. But handling requests from law enforcement officials can be a different matter.
