Now that OCR has officially started the Phase 2 HIPAA Audit Program, are you adequately prepared to be an auditee? OCR is currently compiling its pools of potential auditees that will be selected at random for auditing purposes. Many healthcare providers have already received this OCR notice requesting verification of contact information which must be
Do you ever have trouble figuring out which trash can to use when throwing something away? Even a simple cardboard coffee cup with a plastic lid may give you pause while trying to choose the best option. Now, you may be confronted with a myriad of sorting choices: paper, aluminum, plastic, paper, glass, all recyclables
An individual’s right to access their protected health information (PHI) should be nothing new to covered entities. In 1996, HIPAA Privacy Rule detailed an individual’s right to access PHI. As part of HITECH and the Final Omnibus Rule, modifications to the Privacy Rule have included additional requirements for covered entities and business associates. Unfortunately, recent
The Office of the Inspector General (OIG) is responsible for protecting the integrity of the programs in Health and Human Services against fraud, waste and abuse as well as recommending improvements to the system that would promote efficiency and efficacy within the limits of the health care laws. Although OIG oversight includes programs such as
Health care fraud recoveries for fiscal years 2009- 2014 exceeded previous records with five straight years of more than $2 billion in annual recovery from cases involving fraud and false claims against federal health care programs such as Medicare and Medicaid. Most healthcare providers are aware of significant civil liability due to recent enforcement. However,
After reviewing the HIPAA Privacy case investigations from 2009-2011, the Office of the Inspector General sent a strong message to the Office of Civil Rights in regard to the administration and enforcement of the HIPAA Privacy Rule. The OIG recommendation is clear in the September 2015 executive summary, “OCR Should Strengthen Its Oversight of Covered
Audits and investigations are stressful events either with or without prior notice. Medical staff should be prepared for an unannounced visit. First Healthcare Compliance provides a sample policy that assists clients in preparing the front office. Here are some recommendations to ensure that proper steps are taken: Immediately contact your supervisor, manager and/or Compliance Officer
As part of HITECH, any breach of over 500 individuals will be posted on “The Wall of Shame” on the HHS website. It is important for covered entities to be aware of the necessary steps to avoid joining this list and to become familiar with the HITECH Breach Notification Protocol in the case of a
The OCR reports 54 data breach incidents affecting more than 500 people in first six months of 2014. About half are related to theft, most commonly involving laptops, desktop computers and other portable electronic devices. Compared to 2013, the percentage of breaches related to theft has increased (Redspin 2013 Breach Report). Theft is responsible for
The OCR is responsible for enforcement of HIPAA Privacy and Security Rules. These standards allow patients access to their medical record and control over uses and disclosures of their protected health information. The confidentiality of the electronic protected health information is protected with administrative, technical and physical safeguards. Since the 2003 compliance date, 94,445 HIPAA
