Editor's note: The following is adapted from the HCPro book The HIPAA Omnibus Rule: A Compliance Guide for Covered Entities and Business Associates, by Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, Mass. To learn more about the book, go to www.hcmarketplace.com.
There is some common ground in the corrective action plans (CAP) that OCR has imposed on healthcare organizations it has investigated for HIPAA privacy and security deficiencies.
Providers setting charges based on an understanding of their costs is not a new concept, says Jugna Shah, MPH, president and founder of Nimitt Consulting. However, providers struggle with this or fail to do it correctly, and then stand to deteriorate their future payment rates since CMS relies on provider data to set payment rates not only for inpatient and outpatient services, but also for laboratory services.
