Q. In the April issue of BOH, one of the Q&As discussed who must send out breach notification letters if the business associate (BA) was responsible for the breach. The answer was covered entities. Didn’t HITECH make BAs covered entities?
Dena Boggan, CPC, CMC, CCP, chuckled when someone recently suggested that her staff audit some patient records.
“I wish I had a staff,” laughed Boggan, HIPAA privacy/security officer at St. Dominic Jackson (MS) Memorial Hospital.
However, this is fairly typical in many healthcare settings, where HIPAA privacy and security officers often are the only individuals who are responsible for compliance.
The several different types of post-acute agencies (home health, nursing homes, hospices) and several individual agencies within those types can cause aggravation and, more importantly, delays.
The case management department at Children’s Healthcare of Atlanta (CHOA) developed a tool called “Ticket to Home” to prepare patients and their families for discharge.
