When it comes to providing high-quality patient care, most American hospitals simply don’t. That’s if the recent round of five-star rankings from CMS are to be believed. About 1,700 hospitals (39%) earned just three out of five stars, an “average” rating, FierceHealthcare reported.
Q: If my medical waste includes PHI, do I need a BAA with our waste management vendor?
A: Yes. For example, clinics and hospitals contracting with bio-waste disposal vendors that dispose of IV bags execute a BAA with the bio-waste disposal vendors. It's no different than the requirement to execute a BAA with a document shredding vendor. If the vendor will come in contact with PHI, a BAA is in order.
Editor's note: Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are that of the author and do not represent HCPro or ACDIS. Email your HIPAA questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
Hackers and malware are routine threats for most healthcare organizations, but this year saw criminals add a devastating tool to their arsenal: ransomware.
Although the dramatic increase in ransomware attacks against healthcare organizations is largely a recent phenomenon, ransomware itself is not new. According to the FBI, it's been around for several years, but the agency began to see an uptick in ransomware attacks in 2015, particularly against organizations. Early this year, the Department of Defense specifically warned healthcare organizations that they are a top target for ransomware. As ransomware continued to grab headlines and lawmakers called for official action, HHS released ransomware response and prevention guidance for healthcare organizations (www.aha.org/content/16/160620cybersecransomware.pdf).
State and federal lawmakers took notice as well. At a March 22 joint hearing of the House of Representatives subcommittees on Information Technology and Health Care, Benefits, and Administrative Rules, some lawmakers suggested HIPAA should be modified to specifically require covered entities and business associates to report ransomware attacks.
Security officers must act now to protect their organizations, and in turn, organizations must be prepared to invest in security and carefully follow related policies. The price for failing to do so could be high.
One of the more challenging aspects of a case manager's job is helping to ensure a patient successfully transfers from the hospital to the next level of care. Under a set of proposed revisions to Medicare's Conditions of Participation (CoP) announced in November 2015.
Reconciliation is a noun meaning "the process of finding a way to make two different ideas, facts, etc. exist or be true at the same time." In the world of clinical documentation improvement (CDI), "reconciliation" typically refers to diagnosis-related group (DRG) reconciliation, which is the process of adjusting DRGs when those assigned by the CDI specialist do not match those assigned by the coder.
