At this point, there are no federally recognized HIPAA certification standards for covered entities (CE) and business associates (BA). However, that doesn't mean there are no good assessment tools out there to gauge information security and regulatory compliance. The Health Information Trust Alliance (HITRUST) published its first common security framework (CSF) in March 2009 with the goal of focusing on information security as a core pillar of the broad adoption of health information systems and exchanges.
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is a BOH editorial advisory board member.
Many coders rely on the advice in the American Hospital Association (AHA)'s Coding Clinic to resolve sticky situations with ICD-9-CM coding. However, the AHA will not be transitioning its current guidance to ICD-10-CM. Instead, in January, it began focusing solely on ICD-10-CM questions to help clear up confusion prior to implementation.
Mobile devices have changed the way people share and access information in their personal and professional lives. Smartphones and tablets may make it easier and faster for people to communicate, store, and access information, but they present risks if lost, stolen, or hacked. This can be especially challenging in the healthcare industry as it has become common for providers to use various mobile tools, including smartphones, laptops, notebooks, tablets, phablets, personal digital assistants, USB devices, digital cameras, and radiofrequency identification devices, to communicate with colleagues and access applications.