Every healthcare organization should develop and implement a policy and a well-defined process that provides guidance for managing incident and breach response.
To comply with the HIPAA omnibus final rule, healthcare organizations need to revise their risk assessment process to determine whether they must notify affected individuals of a breach.
This year's Recovery Auditor Benchmarking Report surveyed 325 respondents, representing both small and large hospitals, from all four Recovery Auditor regions. It may not come as a huge surprise to many that the main theme of this year's survey is the expanding state of the Recovery Auditors (RA), and the fact that they continue to gain speed and extend their reach.
To fully understand where your organization's risks lie, you not only need to have a firm grasp on risk analysis and assessment processes, you need to define these processes as well.
There has been some confusion surrounding a possible Recovery Auditor-related provision in the American Taxpayer Relief Act of 2012, also known as the fiscal cliff deal.
Recovery Auditor overpayment and underpayment statistics are released by CMS at the close of each fiscal year (FY) quarter, and with FY 2012 in the books, CMS has published its year-end improper payment figures. In FY 2012, the numbers continued to ascend, as CMS more than doubled its total correction amount from the previous year.
There are six generic approaches to managing risk, and the approach an organization chooses to use will depend on many factors. For example, how real is this risk? Can it actually become a problem, or is it merely theoretical? Management will want to decide whether the risk is likely to happen and whether it is possible to determine when it may happen. This will also assist in appropriate allocation of resources to focus on material risk areas.
One thing is certain: You don't want to wait until you receive a notification letter from OCR before you begin preparing for a HIPAA audit, says Dena Boggan, CPC, CMC, CCP, HIPAA privacy/security officer at St. Dominic Jackson (Miss.) Memorial Hospital.
UK HealthCare’s Chief Compliance Officer R. Brett Short knew he was in for a rough day as soon as he saw the email from his organization’s privacy officer.
Conducting pre-billing audits can be challenging, but when done correctly, it can save organizations from spending time recoding and rebilling claims that payers deny. These audits can be conducted on the front end, in both inpatient and outpatient settings, once records have been coded.
