Hardly a week goes by in the healthcare field without another announcement of a regulatory change, delay, or new initiative. Technology innovation seems to outpace our ability to absorb change or install the latest update on various systems and software applications.
Release of information (ROI) is typically a function that is managed by the HIM department, but privacy and security officers often play a critical role in ensuring records remain secure during transmission.
Mental health disorders are common in the United States, with an estimated 19% of Americans 18 or older suffering from a diagnosable mental disorder, according to a 2012 survey from the National Institute of Mental Health (NIMH).
Coding tells a patient's story, based on the narrative the physician provides in his or her documentation. Accurately painting a picture of the patient's severity of illness (SOI) and risk of mortality (ROM) is essential for good patient care, and it is becoming increasingly important for quality measures and payment.
Q: As part of the audit controls policy at my organization, we hired an external security vendor to collect and review logs from several critical servers. The vendor creates tickets for our IT staff when a potential incident is discovered during the daily log review. This supplements our own activity reviews of internally generated reports, and the vendor then uses them for its own review. Our internal staff never sees the reports the vendor uses for its review. Do the reports the vendor uses fall under the HIPAA requirement for retaining logs for six years? Should we compel the vendor to retain these reports?
