It has been quite a year in the privacy world, hasn't it? The OCR website has reported 500 breaches of unsecured PHI affecting 500 or more individuals, totaling more than 12 million patients. There has been an increase in HIPAA-related criminal sentences involving jail time. And private lives are no longer private.
One thing is certain: You don't want to wait until you receive a notification letter from OCR before you begin preparing for a HIPAA audit, says Dena Boggan, CPC, CMC, CCP, HIPAA privacy/security officer at St. Dominic Jackson (Miss.) Memorial Hospital.
As part of the 2013 OPPS final rule, CMS finalized a clarification to 42 CFR 419.2(b) that could cause confusion in the future if hospitals are audited by third-party payers or by Medicare contractors who do not fully understand the intent of the language or how CMS develops payment rates, says Jugna Shah, MPH, president of Nimitt Consulting based in Washington, D.C.
Hospitals earned a big win with drug payments this year in the 2013 OPPS final rule, released November 1. CMS decided to finalize its proposal to follow the statute and reimburse facilities at the average sales price (ASP) plus 6%.
Despite efforts to prevent data breaches in healthcare, they continue to cause alarm. Almost 20 million patient health records have been compromised in the past two years, according to statistics from HHS.
