CMS released the Notice of Benefit and Payment Parameters for 2019 final rule April 9 to give states additional flexibility when choosing benefits in essential health benefit benchmark plans offered under health insurance marketplaces.
CMS held a listening session March 21 to gather input from stakeholders on potential updates to the E/M documentation guidelines. The current guidelines are considered outdated in light of medical advances and the advent of the electronic health record.
Q: We are having trouble determining what qualifies a patient as having an acute myocardial infarction (MI) and what documentation would support the diagnosis. Can you help our coding team clarify?
The Mississippi State Department of Health in Jackson, Mississippi, recently notified 30,799 patients of an email breach that gave a Centers for Disease Control and Prevention contractor unauthorized access to patient information, according to a press release
Q: We are a doctor’s office in a small town. Recently, one of our patients threw away some papers containing PHI in a wastebasket in the waiting room. Another patient’s child later took them out of the wastebasket. The child’s parent brought the papers up to the desk and apologized. Is this a privacy breach? Are we responsible for the papers even though we turned them over to the patient?
Q. Do laptops need to be encrypted if there is no PHI stored on them? Employees do use them to access PHI, but the PHI is stored remotely. We have a policy that states that employees are not allowed to save PHI to laptops.
CMS reminded organizations to pay attention to billing and coding for specimen validity testing done in conjunction with drug testing. The agency reviewed recent code changes and billing guidelines for these lab tests in Special Edition MLN Matters 18001 released on March 29. CMS emphasized that providers that perform validity testing on urine specimens cannot separately bill the validity testing.
Primary Health Care in Des Moines, Iowa, recently announced an email breach of its system one year after discovery. This exceeds the timeframe outlined in the HIPAA Breach Notification Rule, which states that organizations are required to report a breach within 60 days of discovery.
