Mergers and acquisitions in the healthcare industry are often decided upon and negotiated by C-suite staff with involvement from security and IT professionals. However, significant security implications must be considered by both parties prior to, during, and after a merger or acquisition.
The Office for Civil Rights (OCR) announced December 8, 2014, that it fined an Alaska behavioral health service $150,000 for potential HIPAA violations. OCR entered into a resolution agreement with Anchorage Community Mental Health Services (ACMHS), a nonprofit behavioral healthcare service, per the announcement (see www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/acmhs/amchs-capsettle...).
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is an editorial advisory board member for SHCC's sister publication Briefings on HIPAA.
Each year the Office of Inspector General (OIG) outlines its enforcement priorities. Its 2015 Work Plan includes items case managers should have on their radar.
CMS' 2014 IPPS final rule redefined inpatient admissions when it implemented the 2-midnight rule, which requires a validated physician order, documentation of medical necessity, and the expectation of a stay crossing two or more midnights.
Better late than never. This is what some healthcare professionals are likely saying about the delayed release of the fiscal year (FY) 2014 OIG Work Plan, which was due to be released in fall 2013 but did not make an appearance until January 2014.
CMS has proposed to rescind the requirement for signatures on all lab requisitions, according to the "Medicare Program; Clinical Laboratory Fee Schedule: Signature on Requisition" proposed rule published in the Federal Register June 30. The 2011 Medicare Physician Fee Schedule, published last November, requires a physician's or nonphysician practitioner's (NPP) signature on lab requisitions for tests paid under the clinical lab fee schedule, regardless of whether there is a signed order. This is the opposite of prior CMS rulings that indicated signatures were not required on requisitions, although written and signed orders were required.
If patients were already concerned about healthcare organizations' ability to protect their information, a report released in May did nothing to alleviate their fears.
