Auditing and monitoring

Although it hasn't released many details yet, OCR plans to resume its audits to assess compliance with HIPAA privacy, security, and breach notification requirements in 2014. The government agency also plans to expand the audit focus to include business associates (BA).

Every healthcare organization should develop and implement a policy and a well-defined process that provides guidance for managing incident and breach response.

So your organization has a compliance program in place, but how well is it working?

Too many healthcare organizations are receiving ­failing grades for HIPAA compliance, an analysis of OCR's first 20 initial audits reveals.

Focus of OCR HIPAA auditors might surprise some healthcare organizations.

Case managers have already become familiar with the Medicare Recovery Audit Program. In January, however, government Recovery Auditors began focusing on new territory: Medicaid claims.

Just when you thought you had your RAC processes in place, more changes appear on the horizon.

First we had patient tracers, then system tracers, and now second-generation tracers! Wow!

The Program for Evaluating Payment Patterns ­Electronic Report (PEPPER), distributed ­either quarterly or annually depending on the type of facility, contains large amounts of ­data on how a facility compares to others in the same state, ­the same jurisdiction (i.e., the same Medicare ­Administrative Contractor), and nationwide in terms of coding and medical necessity target areas. (Find out more at www.pepperresources.org.) PEPPER identifies when facilities are outliers in their reporting of multiple risk areas. For coding, those areas are:

If patients were already concerned about healthcare organizations' ability to protect their information, a report released in May did nothing to alleviate their fears.