Apr 11, 2022 | Live Compliance, Partner
As we’ve stressed before, your organization’s annual HIPAA Security Risk Assessment and Analysis are only one element of the compliance process.
Whether you’re a Business Associate or Covered Entity, your organization must also “implement security updates as necessary and correct identified security deficiencies”. In other words, you must act via a Corrective Action Plan (CAP) following the required risk assessment process.
Here are a few common Corrective Action Plan steps. These generally include:
- Implement technical policies and procedures to allow access only to those persons or software programs that have been granted access rights to information systems maintained.
- Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
- Conduct accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.
- Develop a complete inventory of all its categories of electronic equipment, data systems, and applications that contain or store ePHI, which will then be incorporated into its Risk Analysis, and must complete a Risk Management plan.
What happens if I fail to complete my Security Risk Assessment? What happens next?
Failing to complete your annual Risk Assessment oftentimes means the organization will be required to complete a “robust” Corrective Action Plan (CAP) and often with at least two years of monitoring activity.
Have you ever doubted whether a small Billing Company or independent physician practice actually ever face penalties?
Keep in mind, a Business Associate is a ‘person’ or ‘entity’. This means there is no Billing Company too small or too large to comply with the Federal HIPAA regulations. Again, if you haven’t completed an accurate and thorough security risk assessment prior to that, you could also be penalized under ‘willful neglect’. This category alone is $50,000 per violation!
As we have stressed before, it is important for you to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, a billing company, or other vendor, suspects a breach you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action.
At Live Compliance, we make checking off your compliance requirements extremely simple.
- Completely online, our role-based courses make training easy for remote or in-office employees.
- Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required, but is a useful tool to expose potential vulnerabilities.
- Complete set of HIPAA Policies and procedures built directly into your portal. Includes actionability, change management documentation, and Incident Response Policy to assist with your Corrective Action Planning. Easily share policies with staff with one click.
- Built directly into your portal, easily monitor where your workforce may be vulnerable with our Dark Web Breach Searches. Easily expose breach sources with ongoing searching of active employee email or domain ensuring continued awareness of potential breach exposure. Weekly automatic email notifications if new breaches are discovered.
- Short, informative, privacy awareness videos covering technical, administrative, and physical safeguards with topics such as Ransomware, Phishing, the Dark Web, Password Protection, etc. Delivered monthly with no logins required, empower your workforce to make conscious decisions when it comes to your organization’s privacy and security.
Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email me, Jim Johnson at Jim@LiveCompliance.com or visit www.LiveCompliance.com For more information please contact us at (980) 999-1585 or email us at support@livecompliance.com
For more information please contact us at (980) 999-1585 or email us at support@livecompliance.com
Apr 6, 2022 | Live Compliance, Partner
Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email Support@LiveCompliance.com or visit www.LiveCompliance.com
Apr 6, 2022 | MedCycle Solutions, Partner
Although Telemedicine has been around for years, it was really the COVID-19 pandemic that expedited the need for implementing these services rapidly and on a larger scale.
According to Medicaid.gov “telemedicine seeks to improve a patient’s health by permitting two-way, real time interactive communication between the patient, and physician or practitioner at the distant site.” This can be accomplished via telephone, video calls, or through web-based applications utilizing a microphone and video camera.
In our previous article, 4 Ways Telehealth Has Changed the Landscape of Patient Care, we discussed ways practitioners can provide safe, necessary patient care while providing a cost-effective alternative to augment revenue.
To assist in navigating telemedicine/telehealth, we’ve provided five telehealth links for providing healthcare.
1. Telehealth for Providers: What You Need to Know
The Centers for Medicare & Medicaid Services (CMS) provides a 17-page document with electronic links for telehealth and telemedicine. This resource is for providers who wish to establish permanent programs. It includes links to vendors, patient monitoring, documentation tools, etc.
2. CMS List of Telehealth Services
The CMS have made available resources for medical billing and coding. This resource link contains the 2022 medical coding schedule for allowed services for Medicare telehealth services.
3. How to Get or Provide Remote Health Care
The Health Resources & Services Administration (HRSA) provides information for both patients and providers on telehealth services. Providers can get information on remote care, find recent COVID-19 reimbursement, billing, and policy changes.
4. Introduction to Telehealth for Behavioral Health
The HRSA provides information on getting started with providing Behavioral Telehealth. This may also be referred to as telebehavioral health, telemental health, telepsychiatry, or telepsychology. There are resources for developing a Telehealth strategy, billing, and preparing patients along with many other resources.
5. Is Telehealth Viable for Mental Health Needs Post-Pandemic?
The American Association of Post-Acute Care Nursing (AAPACN) provides an in-depth article meant to help nursing home facilities walk thru providing mental and behavioral healthcare in its facilities. Prior to COVID-19, long-term care facilities didn’t see the need for technology. COVID-19 proved that by utilizing smaller technology, such as iPads, residents are able to get safe, immediate mental and behavioral health care.
MedCycle Solutions provides Revenue Cycle Management, Credentialing, Outsourced Coding, and Consulting Services to a number of healthcare providers in a variety of specialties. To find out more about MedCycle Solutions services please visit www.MedCycleSolutions.com.
Mar 15, 2022 | MedCycle Solutions, Partner
By Ranadene Tapio, MBA, CMRS, CPCS
As healthcare delivery gets more complex, patient reimbursement decreases, and patient demand increases, practices are forced to reevaluate their revenue cycle management (RCM) process.
Some people underestimate the importance of effective revenue cycle management. RCM is the lifeblood of your practice. It determines almost all key performance indicators and practice health.
Along with the obvious indicators, here are six positive impacts that effective revenue cycle management has on a healthcare practice.
- Collections. An effective RCM process will include a strategy for collections. This should include prompt reminders, multiple payment options and other collections best practices.
- Productivity. A commonly overlooked benefit of an effective RCM strategy is increased productivity for your staff. Your team will be able to spend less time chasing collections, correcting erroneous codes and reinventing the wheel. A well laid out process will be easy to follow and more efficient.
- Team morale. Along with increased productivity, you’re likely to see a boost in team morale as a direct benefit of a defined RCM process. When employees are productive and accomplishing goals, they are happier and find more satisfaction in their work. It’s a win/win!
- Bottom line. Possibly the best benefit of optimizing your RCM is an improved bottom line. You’ll be collecting more, spending less, attracting more patients and being more productive. Whether they’re hard benefits or soft benefits, they’ll have an impact on your bottom line.
- Patient satisfaction. With a well formulated plan in place, your practice will be running more efficiently and effectively. Patients will notice the difference that comes in better efficiency, communication and processes. In many practices, these benefits are noticed by the patients in the forms of less wait time, quicker registration and overall a more organized delivery of care.
- Compliance. An effective RCM process helps ensure compliance and protection of patient data. When a process is followed, fewer errors are made, which leads to fewer compliance issues.
Is your RCM process optimized? Is it well-developed, well-defined, and well-understood by your staff? Are you reaping the benefits of a healthy revenue cycle management process?
There are many great organizations that can help you in these areas – MedCycle Solutions is one of them. If you’re wondering how partnering in these areas could work for your practice, let’s connect.
Ranadene (Randi) Tapio, MBA, CMRS, CPCS is the Founder and CEO MedCycle Solutions, which provides Revenue Cycle Management, Credentialing, Outsourced Coding, and Consulting Services to a number of healthcare providers in a variety of specialties. To find out more about MedCycle Solutions services please visit www.MedCycleSolutions.com. You can reach Randi via email at Randi@MedCycleSolutions.com or call 320-290-6448.
Mar 8, 2022 | MedCycle Solutions, Partner
By: Winona Thomas BS HCS
According to Kaiser Health News, there has been a spike in retroactive denials for emergency department care and more patients are being caught in the middle of possibly becoming responsible for unresolved hospital bills.
Healthcare providers along with healthcare payers are finding challenges with keeping up with the evolving government guidelines for correct claim submissions of COVID-19 billing procedures. Challenges such as unnecessary claim denials, underpayment of claim payments or payment delays, and retroactive claim denials may pay tribute to increased volumes of patient billing.
In an article written in the Healthcare Financial Management Association (HFMA), Revenue Cycle leaders provide 4 tips to keep ahead of denials amid the pandemic.
- Pinpoint the most at-risk areas – Identify areas where providers are most likely to have difficulties keeping track of varying payer requirements introduced a new level of intricacy to claim processing.
- Strengthen team communications – As the workforce transitioned to a remote environment due to the pandemic, for health systems, that meant remote revenue cycle processes had not been fine-tuned across functions, presenting challenges for areas such as customer service and claim processing.
- Proactively manage relationships with payers – An organization’s ability to identify changes to payer rules around COVID-19 and telehealth claims, in real time, and keep staff informed on the variances in billing rules by payer is essential to denials prevention.
- Increase payment flexibility for patients – Health systems ramped up patient payment options — from self-service options to payment plan offerings – to ease consumers’ financial fears ex
One of the key components for healthcare providers is to be proactive with the implementation of new revenue cycle processes and procedures to facilitate improved payment and denial management strategies with healthcare payers and the consumer population.
Winona L. Thomas, BS HCS is an Account Specialist and Writer at MedCycle Solutions, which provides Revenue Cycle Management, Credentialing, Outsourced Coding, and Consulting Services to a number of healthcare providers in a variety of specialties. To find out more information about MedCycle Solutions services, please visit www.MedCycleSolutions.com.
Feb 14, 2022 | Live Compliance, Partner
On January 21, 2021, OCR published a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. OCR says, the goal is to “support individuals’ engagement in their health care, remove barriers to coordinated care, and decrease regulatory burdens on the health care industry, while continuing to protect individuals’ health information privacy interests.” New regulations under consideration are centered around how substance abuse and mental health information records are protected. In addition, the HITECH Act called for an increase in penalties for non-compliance with the HIPAA.
In this article we will address the most recent changes to HIPAA and discuss which rules may have an impact on 2022 and beyond.
2020 CARES Act
2020 CARES Act aligned 42 CFR Confidentiality of Substance Use Disorder Patient Records (Part 2) regulations more closely with HIPAA as well. The CARES Act improves 42 CFR Part 2 regulations by expanding the ability of healthcare providers to share the records of individuals with substance abuse disorder, but also tightens the requirements in the event of a breach of confidentiality.
In short, rather than having to obtain a consent form for the SUD patient, and state the specific parties of whom information will be shared, patients can now give broad consent. It’s been suggested that HHS is considering changes to 42 CFR Part 2 regulations in 2022 to “to protect the privacy of substance abuse disorder patients who seek treatment at federally assisted programs to improve the level of care that can be provided.”
2021 HIPAA Safe Harbor Law
The HIPAA Safe Harbor Bill now instructs HHS to take into account the cybersecurity best practices that a HIPAA-regulated entity has adopted in the 12 months preceding any data breach.
“The bill also requires the HHS to decrease the length and extent of any audits in response to those breaches if industry security best practices have been implemented” says HHS.
21st Century Cures Act
The Cures Act called for the HHS to create a new Rule that would improve the flow of healthcare data between providers, patients, and developers of Health IT. Implementing reasonable and necessary activities that do not constitute information blocking, the implementation of these provisions will advance interoperability and support the access, exchange, and use of electronic health information.
Final Rule Expected on Proposed Changes to the HIPAA Privacy Rule
According to HHS, “the proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the Opioid and COVID-19 public health emergencies; and reducing administrative burdens on HIPAA covered health care providers and health plans, while continuing to protect individuals’ health information privacy interests.”
The proposed new HIPAA regulations announced by OCR in December 2020 are as follows:
- Allowing patients to inspect their PHI in person and take notes or photographs of their PHI.
- Changing the maximum time to provide access to PHI from 30 days to 15 days.
- Requests by individuals to transfer ePHI to a third party will be limited to the ePHI maintained in an EHR.
- Individuals will be permitted to request their PHI be transferred to a personal health application.
- States when individuals should be provided with ePHI at no cost.
- Covered entities will be required to inform individuals that they have the right to obtain or direct copies of their PHI to a third party when a summary of PHI is offered instead of a copy.
- Healthcare providers and health plans will be required to respond to certain records requests from other covered health care providers and health plans, in cases when an individual directs those entities to do so under the HIPAA Right of Access.
…to name a few.
At Live Compliance, we make checking off your compliance requirements extremely simple.
- Reliable and Effective Compliance
- Completely online, our role-based courses make training easy for remote or in-office employees.
- Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.
- Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real time.
- Electronic, prepared document sending and signing to employees and business associates.
Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email Support@LiveCompliance.com or visit www.LiveCompliance.com
