HIPAA Changes Providers Need to Heed

HIPAA Changes Providers Need to Heed

Here are some important Health Insurance Portability and Accountability (HIPAA) reminders and updates.

First, on the Security Rule side of things: this past Thursday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted its latest settlement with a covered entity related to alleged HIPAA violations. This $250,000 settlement, with a Washington-based healthcare provider, followed a ransomware attack and subsequent investigation by OCR.

The risky business at issue here is, in many ways, merely operating in the healthcare industry. According to OCR, ransomware and hacking are the primary threats in healthcare. But a ransomware attack, which will always be disruptive and damaging, and can be challenging to prevent and often results from human error, does not need to result in further payment to the government.

There have been countless ransomware attacks, but only a handful of them result in settlements, and that’s because it’s not the ransomware itself, but the state of your compliance, when OCR comes knocking. This latest settlement was, as many are, a complaint-driven investigation. And when OCR investigated, it found one of the most common HIPAA compliance failures – the lack of a comprehensive, accurate, organization-wide risk analysis. OCR also found insufficient monitoring of activity within the organization’s information systems that housed electronic personal health information (ePHI).

Preparing your organization for that worst-case but sometimes inevitable-feeling attack means you need to get your house in order to make sure that any investigation shows you were meeting your compliance requirements.

Now, compliance with the HIPAA Security Rule is staying more or less status quo, but there are some significant changes to the Privacy Rule that go into effect at the end of this year and will require some additional effort.

The new HIPAA Privacy Rule to Support Reproductive Health Care Privacy goes into effect Dec. 23. This new Rule implements a variety of new requirements, focused on providing further protection for “reproductive healthcare” – a new and very broadly defined term. The Rule, which was published in April, seeks to prohibit covered entities from using or disclosing PHI related to reproductive healthcare to identify a patient or healthcare provider in connection with an investigation or proceeding where the care was provided under lawful circumstances.

Here are some things to consider and make sure you’ve implemented by the end of the year:

  • Regulated entities (covered entities and business associates) will be required to obtain an attestation in certain circumstances from the person requesting the use or disclosure, stating that the use or disclosure is not for a prohibited purpose. HHS has posted a model on its website.
  • Similarly, regulated entities need to revise their processes for responding to requests for the use or disclosure of PHI for which an attestation is required.
  • Regulated entities need to revise policies and train staff, with a particular emphasis on the staff that will be responsible for reviewing and determining the sufficiency of these attestations.
  • Covered entities need to review and potentially revise business associate agreements and assess vendor relationships to make sure everyone is aware of their new compliance requirements.

The final requirement is to update Notice of Privacy Practices, but you have until 2026 to do that.

EDITOR’S NOTE:

The opinions expressed in this article are solely those of the author and do not necessarily represent the views or opinions of MedLearn Media. We provide a platform for diverse perspectives, but the content and opinions expressed herein are the author’s own. MedLearn Media does not endorse or guarantee the accuracy of the information presented. Readers are encouraged to critically evaluate the content and conduct their own research. Any actions taken based on this article are at the reader’s own discretion.

Facebook
Twitter
LinkedIn

Marguerite Ahmann, Esq.

Marguerite is a health care attorney whose practice focuses on regulatory, corporate, and transactional matters. She assists her clients in navigating the complex nature of health care law and regularly advises on regulatory matters involving fraud and abuse laws, HIPAA and health privacy, and Medicare and Medicaid enrollment and reimbursement. Marguerite also advises health care clients in various transactional matters, including mergers and acquisitions, joint ventures, and other strategic affiliations and partnerships.

Related Stories

Washington Carries On

Washington Carries On

As the November elections neared, you might have expected Washington to slow to a crawl amidst campaigning and uncertainty about the future. However, the show

Read More

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Comprehensive Inpatient Clinical Documentation Integrity: From Foundations to Advanced Strategies

Comprehensive Outpatient Clinical Documentation Integrity: From Foundations to Advanced Strategies

Optimize your outpatient clinical documentation and gain comprehensive knowledge from foundational practices to advanced technologies, ensuring improved patient care and organizational and financial success. This webcast bundle provides a holistic approach to outpatient CDI, empowering you to implement best practices from the ground up and leverage advanced strategies for superior results. You will gain actionable insights to improve documentation quality, patient care, compliance, and financial outcomes.

September 5, 2024
Advanced Outpatient Clinical Documentation Integrity: Mastering Complex Narratives and Compliance

Advanced Outpatient Clinical Documentation Integrity: Mastering Complex Narratives and Compliance

Enhancing outpatient clinical documentation is crucial for maintaining accuracy, compliance, and proper reimbursement in today’s complex healthcare environment. This webcast, presented by industry expert Angela Comfort, DBA, RHIA, CDIP, CCS, CCS-P, will provide you with actionable strategies to tackle complex challenges in outpatient documentation. You’ll learn how to craft detailed clinical narratives, utilize advanced EHR features, and implement accurate risk adjustment and HCC coding. The session also covers essential regulatory updates to keep your documentation practices compliant. Join us to gain the tools you need to improve documentation quality, support better patient care, and ensure financial integrity.

September 12, 2024

Foundations of Outpatient Clinical Documentation Integrity: Best Practices for Accurate Coding and Compliance

This webcast, presented by Angela Comfort, DBA, RHIA, CDIP, CCS, CCS-P, a recognized expert with over 30 years of experience, offers essential strategies to improve outpatient clinical documentation integrity. You will learn how to enhance the accuracy and completeness of patient records by adopting best practices in coding and incorporating Social Determinants of Health (SDOH). The session also highlights the role of technology, such as EHRs and CDI software, in improving documentation quality. By attending, you will gain practical insights into ensuring precise and compliant documentation, supporting patient care, and optimizing reimbursement. This webcast is crucial for those looking to address documentation gaps and elevate their coding practices.

September 5, 2024
Preventing Sepsis Denials: From Recognition to Clinical Validation

Preventing Sepsis Denials: From Recognition to Clinical Validation

ICD10monitor has teamed up with renowned CDI expert Dr. Erica Remer to bring you an exclusive webcast on how to recognize sepsis, how to get providers to give documentation that will support sepsis, and how to educate to avert sepsis denials. Register now and become a crucial piece of the solution to standardizing sepsis clinical practice, documentation, and coding at your facility.

August 22, 2024

Trending News

Featured Webcasts

Post Operative Pain Blocks: Guidelines, Documentation, and Billing to Protect Your Facility

Post Operative Pain Blocks: Guidelines, Documentation, and Billing to Protect Your Facility

Protect your facility from unwanted audits! Join Becky Jacobsen, BSN, RN, MBS, CCS-P, CPC, CPEDC, CBCS, CEMC, and take a deep dive into both the CMS and AMA guidelines for reporting post operative pain blocks. You’ll learn how to determine if the nerve block is separately codable with real life examples for better understanding. Becky will also cover how to evaluate whether documentation supports medical necessity, offer recommendations for stronger documentation practices, and provide guidance on educating providers about documentation requirements. She’ll include a discussion of appropriate modifier and diagnosis coding assignment so that you can be confident that your billing of post operative pain blocks is fully supported and compliant.

October 24, 2024
The OIG Update: Targets and Tools to Stay in Compliance

The OIG Update: Targets and Tools to Stay in Compliance

During this RACmonitor webcast Dr. Ronald Hirsch spotlights the areas of the OIG’s Work Plan and the findings of their most recent audits that impact utilization review, case management, and audit staff. He also provides his common-sense interpretation of the prevailing regulations related to those target issues. You’ll walk away better equipped with strategies to put in place immediately to reduce your risk of paybacks, increased scrutiny, and criminal penalties.

September 19, 2024
Pediatric SDoH: An Essential Guide to Accurate Coding and Reporting

Pediatric SDoH: An Essential Guide to Accurate Coding and Reporting

This webcast, presented by Tiffany Ferguson, LMSW, CMAC, ACM, addresses the critical gap in Social Determinants of Health (SDoH) reporting for pediatric populations. While SDoH efforts often focus on adults, this session emphasizes the unique needs of children. Attendees will gain insights into the current state of SDoH, new pediatric Z-codes, and the importance of interdisciplinary collaboration. By understanding and applying pediatric-specific SDoH factors, healthcare professionals can improve data capture, compliance, and care outcomes. This webcast is essential for those looking to enhance their approach to pediatric SDoH reporting and coding.

August 8, 2024
Oncology and E/M Services: Compliance, Medical Necessity, and Reimbursement

Oncology and E/M Services: Compliance, Medical Necessity, and Reimbursement

Join Becky Jacobsen, BSN, RN, MBS, CCS-P, CPC, CPEDC, CBCS, CEMC, VP of CDM, for a webcast addressing oncology service coding challenges. Learn to navigate coding for infusions and injections alongside Evaluation and Management (E/M) services, ensuring compliance and accurate reimbursement. Gain insights into documenting E/M services for oncology patients and determining medical necessity. This webcast is essential to optimize coding practices, maintain compliance, and maximize revenue in oncology care.

July 30, 2024

Trending News

Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →

👻Spooky Sale is Back!👻 Get 31% off all three Medlearn brands, using code SPOOKY24.