A business case for resourcing a compliance assurance program for privacy and security should be possible solely on the basis of the need to respond to complaints made directly to a covered entity (CE) (or business associate (BA) acting as an agent of a CE). However, despite stepped-up enforcement and periodic audits required by HITECH, industry experts still anticipate that a more proactive process for compliance may not be taken until an untoward event occurs. Consequently, other avenues for substantiating the importance of privacy and security measures are necessary and readily available. Information privacy and security officials may find it necessary to go beyond information about HIPAA Privacy and Security Rule enforcement in making the business case. Monitoring the general security industry and relating those risks to healthcare privacy and security are important when doing so. Consider the following:
A lot can go wrong when an elderly patient is discharged home, from medication errors to transportation problems or self-care comprehension issues. However, an organization can create a solid discharge and transition process by focusing on some simple elements.
Q: My facility no longer registers patients under aliases, but will allow them to opt out of the patient directory. However, opting out of the registry will not exclude our patients from the operating room (OR) list. At one time, the facility's CEO received the daily OR list with full patient names so he could visit board members, donors, or others whom he knows at our facility. HIM changed this practice so that patients' names would not be on the OR schedule provided to the CEO. The CEO took this matter to the hospital attorney, who said the names could be included because the use of PHI by the CEO to determine whether and when a patient visit is appropriate is permitted by HIPAA as it is part of healthcare operations. Is it a violation of HIPAA for the CEO to use PHI to track patients in this manner?
Coronary artery bypass graft (CABG) procedures are not the only ones coders will report using the root operation bypass in ICD-10-PCS. Surgeons can create bypasses in other vessels of the body.
Inpatient coding professionals are used to DRG systems where all of the diagnoses and procedures map to a single DRG. So they may not look for additional procedures and services to report outside of that DRG.
