I recently attended the Health Care Compliance Association’s (HCCA) Compliance Institute (March 25-29, 2017) in National Harbor, MD, where healthcare compliance experts gathered to discuss the challenges faced in today’s complex regulatory environment.
From there, a short ride to Washington, D.C., took me to the annual HIPAA Summit (March 29-31, 2017), where healthcare privacy and security professionals and compliance wonks heard the latest HIPAA updates.
Representatives from the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) delivered remarks at both events on what to expect from their office in 2017.
New Director of the OCR
Attendees at the HIPAA Summit had the great honor of hearing the first public remarks from the newly appointed Director of the OCR, Roger Severino, in his new capacity. Prior to his appointment, Severino’s long and distinguished public service career included seven years as a trial attorney with the Department of Justice’s Civil Rights Division. He also served as the Housing and Civil Enforcement Section’s E-Discovery officer and attorney advisor to the fair housing testing program. Most recently, Severino served as director of the DeVos Center for Religion and Civil Society, part of the Institute for Family, Community, and Opportunity at the Heritage Foundation, a prominent conservative think tank.
In his remarks at the Summit, Severino shared his unique perspective, as well as what he brings to his new position, emphasizing the important role of health information privacy and security to the overall functioning of the healthcare system. This focus will lead to patient faith and confidence in the system, which, according to the new director, is paramount for the system to function.
Severino said he will approach the position from both the civil rights side and the privacy and security side, using this dual approach to focus on the people impacted by the OCR’s work, including patients, as well as employees of regulated entities. He also seeks to eliminate burdens on regulated entities wherever possible.
OCR Priorities for 2017
Following Severino’s remarks, OCR Deputy Director Deven McGraw shared the OCR’s outlook for 2017. McGraw and her team plan to work with Severino over the coming weeks to identify priorities for policy and guidance.
Update on HIPAA Audit Program
Speaking on Phase 2 of the HIPAA Audit Program, McGraw reiterated that the audits are a tool for learning, not a tool for enforcement, and should eventually yield best practices. She noted that Stage 1 is nearly complete, with draft reports sent to auditees; Stage 2 Security Rule and Breach Notification audits continue for Business Associates; and finally, plans for onsite audits as part of Stage 3 will be finalized once the first two stages are completed.
McGraw stated that the OCR hopes to develop a continuous compliance monitoring program moving forward, as opposed to the sort of periodic audits enacted currently.
OCR Enforcement
Iliana Peters, Attorney and Senior Advisor at the OCR, spoke on OCR enforcement at both the Compliance Institute and the HIPAA Summit. She highlighted lessons learned from 2016 resolution agreements and civil money penalties. Peters noted that providers should complete regular and thorough risk analyses, ensuring knowledge of where Protected Health Information (PHI) is stored.
Another focus for providers should be encryption. PHI needs to be encrypted whenever possible, and anytime something is not encrypted, providers need to explain why. Peters also touched on the need for access and audit controls, as well as timely breach notification. The OCR’s hope is to continue with the same rate of resolution agreements in the months ahead.
The OCR is undoubtedly in a state of transition, where the only certainty is uncertainty. It should be very interesting to see what the OCR designates as priorities over the next few months.
After nearly two decades, passage of a National Provider Identifier remains elusive. Since the Health Insurance Portability and Accountability Act (HIPAA) was passed and signed
The move is just one of many regulatory tweaks being made amid the looming presidential transition. In a landmark move made amid a flurry of
Familiarize yourself with the dramatic 2023 changes to codes, coding guidelines and documentation requirements for evaluation and management (E&M) split/shared and incident-to services.
Dr. Ronald Hirsch breaks down significant 2023 changes to coding and billing requirements for hospital observation services, including new physician E&M coding rules.
Learn how to save your facility hundreds of thousands of dollars in repayments and fines by correctly following CMS requirements for implantable medical device credit reporting. We provide you with all the need-to-know protocols, along with the steps for correct compliance while offering best practices to implement a viable strategy in your facility.
During an exclusive RACmonitor webcast, healthcare attorney Knicole Emanuel will explain in simple, easy-to-understand language the peril of the coming overpayment audits and describe your legal defenses.
Kay Piper reviews the guidance and updates coders and CDISs on important information in the AHA’s fourth quarter 2023 ICD-10-CM/PCS Quarterly Coding Clinic in an easy to access on-demand webcast.
Get access to important guidance on each of the AHA‘s 2023 ICD-10-CM/PCS Quarterly Coding Clinics with information-packed on-demand webcasts available shortly after each official publication.
Gloryanne Bryant reviews the guidance and updates coders on information in the AHA’s third quarter 2023 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Kay Piper reviews the guidance and updates coders on information in the AHA’s second quarter 2023 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Copyright © 2022 RACmonitor. Powered by MedLearn Media.
