Here are some important Health Insurance Portability and Accountability (HIPAA) reminders and updates.
First, on the Security Rule side of things: this past Thursday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted its latest settlement with a covered entity related to alleged HIPAA violations. This $250,000 settlement, with a Washington-based healthcare provider, followed a ransomware attack and subsequent investigation by OCR.
The risky business at issue here is, in many ways, merely operating in the healthcare industry. According to OCR, ransomware and hacking are the primary threats in healthcare. But a ransomware attack, which will always be disruptive and damaging, and can be challenging to prevent and often results from human error, does not need to result in further payment to the government.
There have been countless ransomware attacks, but only a handful of them result in settlements, and that’s because it’s not the ransomware itself, but the state of your compliance, when OCR comes knocking. This latest settlement was, as many are, a complaint-driven investigation. And when OCR investigated, it found one of the most common HIPAA compliance failures – the lack of a comprehensive, accurate, organization-wide risk analysis. OCR also found insufficient monitoring of activity within the organization’s information systems that housed electronic personal health information (ePHI).
Preparing your organization for that worst-case but sometimes inevitable-feeling attack means you need to get your house in order to make sure that any investigation shows you were meeting your compliance requirements.
Now, compliance with the HIPAA Security Rule is staying more or less status quo, but there are some significant changes to the Privacy Rule that go into effect at the end of this year and will require some additional effort.
The new HIPAA Privacy Rule to Support Reproductive Health Care Privacy goes into effect Dec. 23. This new Rule implements a variety of new requirements, focused on providing further protection for “reproductive healthcare” – a new and very broadly defined term. The Rule, which was published in April, seeks to prohibit covered entities from using or disclosing PHI related to reproductive healthcare to identify a patient or healthcare provider in connection with an investigation or proceeding where the care was provided under lawful circumstances.
Here are some things to consider and make sure you’ve implemented by the end of the year:
The final requirement is to update Notice of Privacy Practices, but you have until 2026 to do that.
EDITOR’S NOTE:
The opinions expressed in this article are solely those of the author and do not necessarily represent the views or opinions of MedLearn Media. We provide a platform for diverse perspectives, but the content and opinions expressed herein are the author’s own. MedLearn Media does not endorse or guarantee the accuracy of the information presented. Readers are encouraged to critically evaluate the content and conduct their own research. Any actions taken based on this article are at the reader’s own discretion.
While attending the Florida Compliance and Privacy Consortium meeting, I was asked an excellent question. What if a patient who is ready for discharge from
We have been talking a lot lately about the malfeasance of Medicare Advantage (MA) plans, and deservedly so. But malfeasance can be a two-way street.
Please log in to your account to comment on this article.
Join Beth Wolf, MD, CPC, CCDS, for an in-depth webcast on the FY2025 spinal fusion MS-DRG updates. Discover key changes in DRG classification, understand impacts on documentation and CMI, and learn strategies to ensure compliance.
Join Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, as she presents effective strategies to strengthen collaboration between CDI, coding, and quality departments in acute care hospitals. Angela will also share guidance on implementing cross-departmental meetings, using shared KPIs, and engaging leadership to foster a culture of collaboration. Attendees will gain actionable tools to optimize documentation accuracy, elevate quality metrics, and drive a unified approach to healthcare goals, ultimately enhancing both patient outcomes and organizational performance.
Optimize your outpatient clinical documentation and gain comprehensive knowledge from foundational practices to advanced technologies, ensuring improved patient care and organizational and financial success. This webcast bundle provides a holistic approach to outpatient CDI, empowering you to implement best practices from the ground up and leverage advanced strategies for superior results. You will gain actionable insights to improve documentation quality, patient care, compliance, and financial outcomes.
Enhancing outpatient clinical documentation is crucial for maintaining accuracy, compliance, and proper reimbursement in today’s complex healthcare environment. This webcast, presented by industry expert Angela Comfort, DBA, RHIA, CDIP, CCS, CCS-P, will provide you with actionable strategies to tackle complex challenges in outpatient documentation. You’ll learn how to craft detailed clinical narratives, utilize advanced EHR features, and implement accurate risk adjustment and HCC coding. The session also covers essential regulatory updates to keep your documentation practices compliant. Join us to gain the tools you need to improve documentation quality, support better patient care, and ensure financial integrity.
Dr. Ronald Hirsch provides critical details on the new Medicare Appeal Process for Status Changes for patients whose status changes during their hospital stay. He also delves into other scenarios of hospital patients receiving custodial care or medically unnecessary services where patient notifications may be needed along with the processes necessary to ensure compliance with state and federal guidance.
Healthcare organizations face complex regulatory requirements under the No Surprises Act and Price Transparency rules. These policies mandate extensive fee disclosures across settings, and confusion is widespread—many hospitals remain unaware they must post every contracted rate. Non-compliance could lead to costly penalties, financial loss, and legal risks. Join David M. Glaser Esq. as he shows you how to navigate these regulations effectively.
Protect your facility from unwanted audits! Join Becky Jacobsen, BSN, RN, MBS, CCS-P, CPC, CPEDC, CBCS, CEMC, and take a deep dive into both the CMS and AMA guidelines for reporting post operative pain blocks. You’ll learn how to determine if the nerve block is separately codable with real life examples for better understanding. Becky will also cover how to evaluate whether documentation supports medical necessity, offer recommendations for stronger documentation practices, and provide guidance on educating providers about documentation requirements. She’ll include a discussion of appropriate modifier and diagnosis coding assignment so that you can be confident that your billing of post operative pain blocks is fully supported and compliant.
During this RACmonitor webcast Dr. Ronald Hirsch spotlights the areas of the OIG’s Work Plan and the findings of their most recent audits that impact utilization review, case management, and audit staff. He also provides his common-sense interpretation of the prevailing regulations related to those target issues. You’ll walk away better equipped with strategies to put in place immediately to reduce your risk of paybacks, increased scrutiny, and criminal penalties.
Copyright © 2024 RACmonitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
