One of the three foundational security requirements is availability-the ability to access data when you really need it. Data accessibility is considered sound security practice and is a requirement per the HIPAA Security Rule (45 CFR 164.306[a][1]). If a data storage device fails, you can lose access to your patients' or health plan members' PHI. This could adversely affect patient care and service to health plan members.
Q Can a mental health and alcohol and chemical dependency treatment health center e-mail and text PHI between healthcare providers and between field caseworkers and patients? We have implemented a secure messaging solution, but it is the organization's policy to prohibit sending PHI via e-mail or text.
Our coding experts answer your questions about determining ED visit level, coding open reduction and internal fixation of a radius fracture, and coding image-guided minimally invasive lumbar decompression.
Fortunately for providers, CMS decided not to cap outpatient payment rates for cardiac resynchronization therapy defibrillator (CRT-D) procedures at the standardized inpatient rate. The agency announced its decision as part of the CY 2012 OPPS final rule released November 1, 2011.
