HIPAA breaches haven't become less common. If the law was, in part, meant to reduce the amount of PHI released to unauthorized individuals, some may say its success is uncertain. HIPAA's requirements aren't prohibitively stringent: they provide a basic floor of privacy and security. If a covered entity (CE) or business associate (BA) does no more than comply with HIPAA, it will simply be doing the bare minimum to safeguard PHI. Although that may not sound difficult, some organizations continue to fall short and leave others wondering if HIPAA is enough to meet today's information security and privacy challenges.
Much of today's healthcare industry is reliant on third-party vendors. If you haven't asked your vendors whether they are compliant with HIPAA and have implemented sound information privacy and security programs, you are likely facing unknown?and possibly significant?risks. Covered entities (CE) and business associates (BA) are required by HIPAA to exercise due diligence when it comes to their BAs and BA subcontractors. Assessing the risk of those vendors is necessary, especially if those vendors support critical functions in support of CE operations.
Every couple months, it seems questions arise about the 2-midnight rule and there are rumors that it may be going away. Below are some questions with answers from our expert Ronald Hirsch, MD, FACP, CHCQM, vice president of the Regulations and Education Group at Accretive Health in Chicago, to clarify where things stand today with regard to the 2-midnight rule.
This week’s Medicare updates include the release of FY 2017 Dialysis Facility Reports and End Stage Renal Disease Core Survey Materials; the Denial of Home Health Payments When Required Patient Assessment Is Not Received; a Quality Payment Program fact sheet, and more!
Orders for services are a vital component of ensuring Medicare coverage. With the advent of computerized provider order entry (CPOE), it is important to review order templates in the electronic medical record (EMR) and the resulting order produced or printed in the formal legal medical record to ensure the templates meet requirements.
In a year of high-profile, multimillion dollar settlements for large HIPAA breaches, OCR raised the stakes in a big way—by taking a harder line on small breaches. OCR announced plans to crack down on smaller breaches—those affecting fewer than 500 individuals—in August.
