Although numerous privacy and security laws apply to healthcare entities, HIPAA rules and requirements tend to receive the most emphasis?and generate the most angst. The terms HIPAA-compliant vendor, HIPAA cop, and HIPAA disciplinary action are anathema to experienced and serious privacy and information security professionals. HIPAA, as has been noted, represents the floor of requirements intended to protect the privacy and security of patient information. More stringent privacy requirements have existed at the state and national levels for several years before the HIPAA Privacy Rule was implemented (e.g., state medical records laws and requirements). Notably, many organizations implement policies and procedures that are more stringent than that required by HIPAA. Some of this is due to misinformation or misunderstanding of the HIPAA rules.
In an effort to make physicians more accountable for proper documentation, CMS has been doing the transmittal shuffle as of late--and the process may have you thoroughly confused.
Editor's note: Jugna Shah, MPH, president and founder of Nimitt Consulting, writes a bimonthly column for Briefings on APCs, commenting on the latest policies and regulations and analyzing their impact on providers.
