The HIPAA security rule requires this type of assessment. However, many healthcare organizations have never completed a risk assessment, have not kept it up to date, or have failed to address all necessary areas of risk.
Cascade Healthcare Community, a three-hospital health system headquartered in Bend, OR, was one of those CEs that found itself under the microscope.
Unfortunately for Cascade, a virus invaded part of its computer system in December 2007, exposing the data of more than 11,500 donors and landing the healthcare system in the headlines.
Memorial Hermann Healthcare System (MHHS) in Houston includes nine acute care hospitals, one children's hospital, three long-term acute care hospitals, three specialty care hospitals, 21 regional affiliates, a home health agency, a retirement/nursing center, 10 ambulatory surgery centers, 21 imaging centers—and only one HIM department.
Prior to July 1, 2008, however, that was not the case. MHHS' medical records/HIM departments used to be facility- based. Each hospital had its own medical records department, its own coders, and its own vendors. But MHHS' leadership recognized that in an era when cost savings are a must, this model was not as efficient as it could be. A restructuring of the department was in order.
Considering communication is at the heart of what all case managers do, case management leaders should think about making solving the problem of language and cultural barriers a top priority.
Experts expect the RACs to begin auditing medical necessity this summer. Case managers may be asked to play a large role in appealing medical necessity denials because of their involvement in level-of-care determinations. To help case managers, we asked Medicare appeals experts to explain the case manager’s role in the appeals process.
