News & Analysis

February 1, 2015
Briefings on HIPAA

Q: As part of the audit controls policy at my organization, we hired an external security vendor to collect and review logs from several critical servers. The vendor creates tickets for our IT staff when a potential incident is discovered during the daily log review. This supplements our own activity reviews of internally generated reports, and the vendor then uses them for its own review. Our internal staff never sees the reports the vendor uses for its review. Do the reports the vendor uses fall under the HIPAA requirement for retaining logs for six years? Should we compel the vendor to retain these reports?

February 1, 2015
Briefings on APCs

In December 2014, CMS posted a document on its Advisory Panel on Hospital Outpatient Payment (HOP Panel) website outlining the hospital outpatient therapeutic services that were recently evaluated for a change in supervision levels. The three-page document contains a chart that includes the HCPCS code, the level of supervision required for coverage, and the effective dates of the changes for various services.

February 1, 2015
Strategies for Healthcare Compliance

Q: I am familiar with the HIPAA Security Rule requiring information system review audits. Are there any HIPAA Privacy Rule requirements?other than to perform audits?that require the examination of inappropriate access for an alleged breach? Currently, our security team performs monthly information system review audits and issues reports to leadership on a quarterly basis. Will this suffice, or are there audits that the privacy team should perform as well?

February 1, 2015
Strategies for Healthcare Compliance

Coding for sepsis requires a strong knowledge of ICD-9-CM coding guidelines, as well as complete and accurate documentation. That's not a surprise to any coding professional. They need those two elements to successfully code any medical record.

February 1, 2015
Strategies for Healthcare Compliance

While it can be challenging to define your organization's legal health record (LHR), one health system in Denver is proving that collaboration and perseverance can lead to an effective LHR and EHR.

February 1, 2015
Strategies for Healthcare Compliance

Beginning January 1, 2015, physicians will no longer need to provide certification for an inpatient admission unless the admission is expected to last for at least 20 days or the case is an outlier.

Pages