Compliance

HIM directors are responsible for the integrity of patients' records-even when a hospital shuts down certain wings of the facility or closes its doors entirely.

There is some common ground in the corrective action plans (CAP) that OCR has imposed on healthcare organizations it has investigated for HIPAA privacy and security deficiencies.

Quality of care is a top priority for HHS, CMS, OIG, and DOJ. It also has always been an issue for state surveyors, state attorneys general, and Medicaid Fraud Control Units as they examine skilled nursing facilities. In fact, quality of care is now part of the OIG's annual Work Plan.

One task that almost every healthcare organization is going to have to tackle to comply with the HIPAA omnibus final rule is amending its Notice of Privacy Practices (NPP).

Chasing down information on incomplete records can be overwhelming and a lost cause. What do you do when a medical record is incomplete 30 days after discharge (or 14 in California's case) and thus does not meet regulatory standards? Do you file it away without an answer to an open query or a signature from the practitioner? What if the responsible practitioner retired, expired, or is no longer practicing at your facility? Are you doing everything you can to get most deficiencies completed prior to the patient being discharged?

Business associates (BA) definitely have their work cut out for them.

One thing the release of the omnibus final rule has left healthcare ­organizations asking is, "Where do we start?"

Add another piece of evidence to the pile that shows data breaches in healthcare organizations are common and human error is often to blame.

Many healthcare organizations face the challenge of protecting patient records and reducing the stress that results from a data breach.

Editor's note: This article originally ran in our sister publication, Medical Records Briefing.