CMS proposes aligning its conditional packaging modifiers and deleting a much-maligned modifier for separately payable laboratory tests in the 2017 OPPS proposed rule, released July 6.
CMS is looking to implement the Section 603 provisions of the Bipartisan Budget Act of 2015 regarding off-campus, provider-based departments by January 1, 2017, according to the 2017 OPPS proposed rule, released yesterday.
The following is an excerpt from Inpatient-Only Procedures Training Handbook, written by Debbie Mackaman, RHIA, CPCO, CCDS. For more information and to purchase, visit the HCPro Marketplace.
This week’s updates include new waived tests; appeals of claims decisions, revisions to timeliness requirements for forwarding misfiled appeal requests, reconsideration request form, and guidelines for writing appeals correspondence; and more!
Creating and conducting an organizationwide risk analysis: Part 2
Editor's note: This is part two of a series about implementing an organizationwide risk analysis. See the May 2016 issue of BOH for part one.
Performing a regular organizationwide risk analysis is a basic HIPAA requirement and also simply good business practice. Beyond checking off an item on the HIPAA compliance list, a risk analysis will help an organization identify and rank security weaknesses, efficiently use resources to address them, and ultimately protect the security and integrity of an organization's data, including PHI, financial, and business operations information. Yet in a world of competing demands and limited resources, a risk analysis may be put off until it's too late. Even if one is completed, security officers may encounter obstacles when trying to act on the results of the risk analysis.
The purpose of a risk analysis is to develop a strategic plan of action that addresses and corrects vulnerabilities, and shouldn't be used to simply create a report on the current state of security, says Kate Borten, CISSP, CISM, HCISPP, founder of The Marblehead Group in Marblehead, Massachusetts. "Only when an organization performs periodic and as-needed risk assessments, and then mitigates significant risks, can the ISO [information security officer] and leadership have the confidence that their security program is functioning and adequate," she says.
A risk analysis is one of several activities that is part of a risk management program, says Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP, manager of risk advisory and forensic services at Wipfli, LLP, in Eau Claire, Wisconsin. The risk management program is about managing risks to the organization (i.e., business mission, image, reputation, and patient safety and privacy), organizational assets, and workforce. An organization can't mitigate risks it isn't aware of and doesn't understand.
Risks are first identified, then analyzed and evaluated based on what action is needed, Ensenbach says. They also must be monitored on an ongoing basis, a vital step that if missed can undermine an otherwise solid risk management program.
