Compliance

The hospital/health system revenue cycle has a significant role in hospital billing compliance. The billing department is the final gatekeeper for compliance, as it is the final area to touch a bill before it is sent to Medicare. Therefore, it is essential that billing staff understand key compliance risk areas.

To fully understand where your organization's risks lie, you not only need to have a firm grasp on risk analysis and assessment processes, you need to define these processes as well.

This week’s note is about observation services. Click the link above for more information and an in-depth analysis.  

This week’s note is about the OIG’s 2015 Work Plan mid-year update. Click the link above for more information and an in-depth analysis. 

Mergers and acquisitions in the healthcare industry are often decided upon and negotiated by C-suite staff with involvement from security and IT professionals. However, significant security implications must be considered by both parties prior to, during, and after a merger or acquisition.

The Office for Civil Rights (OCR) announced December 8, 2014, that it fined an Alaska behavioral health service $150,000 for potential HIPAA violations. OCR entered into a resolution agreement with Anchorage Community Mental Health Services (ACMHS), a nonprofit behavioral healthcare service, per the announcement (see www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/acmhs/amchs-capsettle...).

While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is an editorial advisory board member for SHCC's sister publication Briefings on HIPAA.

Each year the Office of Inspector General (OIG) outlines its enforcement priorities. Its 2015 Work Plan includes items case managers should have on their radar.

CMS' 2014 IPPS final rule redefined inpatient admissions when it implemented the 2-midnight rule, which requires a validated physician order, documentation of medical necessity, and the expectation of a stay crossing two or more midnights.

Better late than never. This is what some healthcare professionals are likely saying about the delayed release of the fiscal year (FY) 2014 OIG Work Plan, which was due to be released in fall 2013 but did not make an appearance until January 2014.