At this point, there are no federally recognized HIPAA certification standards for covered entities (CE) and business associates (BA). However, that doesn't mean there are no good assessment tools out there to gauge information security and regulatory compliance. The Health Information Trust Alliance (HITRUST) published its first common security framework (CSF) in March 2009 with the goal of focusing on information security as a core pillar of the broad adoption of health information systems and exchanges.
RC.01.01.01, Content of the Medical Record, did not top the list of the survey findings for hospitals in the first half of 2014, according to the September 2014 issue of Joint Commission Perspectives. Nor was it on the list for critical access hospitals at all! However, 49% of hospitals surveyed received a requirement for improvement for this standard, primarily in the EPs related to timing and dating entries. This indicates hospitals are still using a lot of paper records. That said, the downward swing is encouraging as more and more hospitals fully implement the EMR.
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is a BOH editorial advisory board member.
In a concerted effort to move healthcare payments to a system of "quality over quantity," CMS finalized policies that greatly expanded packaging for outpatient providers in the 2015 OPPS final rule. It also introduced complexity adjustments with comprehensive APCs (C-APCs).
As CMS pushes the OPPS from a fee-for-service program toward more of a true prospective payment system, financial impact analysis of changes, departmental budgeting, and forecasting has become more complicated each year.
