Q. Can paper patient records be kept in a public storage unit? The storage company we are considering has a digital entry at the main gate. We would also have a keyed lock on the storage unit door.
St. Joseph's Medical Center in Towson, Md., reached a settlement with the United States to pay $4.9 million in connection with its submission of false claims to Medicare, Medicaid, and other federal healthcare programs, announced the Justice Department on February 7.
Although the results of the Ponemon Institute's Third Annual Benchmark Study on Patient Privacy & Data Security don't paint a pretty picture when it comes to protection of PHI, healthcare organizations can use the dismal statistics to improve compliance.
Mobile devices have changed the way people share and access information in their personal and professional lives. Smartphones and tablets may make it easier and faster for people to communicate, store, and access information, but they present risks if lost, stolen, or hacked. This can be especially challenging in the healthcare industry as it has become common for providers to use various mobile tools, including smartphones, laptops, notebooks, tablets, phablets, personal digital assistants, USB devices, digital cameras, and radiofrequency identification devices, to communicate with colleagues and access applications.
The HIPAA Security Rule requires implementing risk management tools and techniques to adequately and effectively safeguard ePHI. Risk analysis and management provides the foundation for an organization's Security Rule compliance efforts, and reinforces its strategy to protect the confidentiality, integrity, and availability of vital information.
The hospital/health system revenue cycle has a significant role in hospital billing compliance. The billing department is the final gatekeeper for compliance, as it is the final area to touch a bill before it is sent to Medicare. Therefore, it is essential that billing staff understand key compliance risk areas.
To fully understand where your organization's risks lie, you not only need to have a firm grasp on risk analysis and assessment processes, you need to define these processes as well.
