Home Health & Hospice Week
Other Shoe Drops With HIPAA Audits
Hundreds of providers will receive HIPAA scrutiny this year.
You’ve been hearing for years that HIPAA audits are around the bend, but with the HHS Office for Civil Rights repeatedly delaying them, many providers were beginning to wonder if the privacy audits were simply an urban myth. An OCR announcement in March, however, confirmed that phase two audits are very real — and have been in motion for a while.
What is phase two? During phase one of the HIPAA audits, the OCR implemented a pilot program to essentially establish the audit protocol. Now that phase two has started, OCR has pledged to audit not only covered entities, but also their business associates. Although most of the audits will be “desk audits,” some will be on-site audits, the OCR said in its announcement.
Fortunately, providers familiar with the phase one audits won’t find the phase two process that much different, says attorney Neil Eggeson of Eggeson Appellate Services in Indianapolis. “The phase one audits involved a three-step process: After creating the audit protocols (step one), OCR conducted an initial wave of 20 audits to test the protocols (step two). After revising the protocols, OCR conducted the rest of its audits,” he says. The total number of audits involved during phase one included only 115 covered entities.
“The phase two audit protocol is essentially a further revision of the phase one protocol streamlined to focus on specific areas,” Eggeson says. Due to that fact, OCR does not foresee revising the audit protocols further. “The first round of desk audits will focus on covered entities, the second round of desk audits will focus on business associates, and the third round of on-site audits will be drawn from those entities audited during the first two rounds. As all desk audits are expected to be completed by December 2016, it would seem that phase two is going to be limited to roughly 200 entities total (including health plans and clearinghouses).”
Don’t Stress About BAs
Some providers are concerned that if their business associates fail an audit, the BA will drag the provider down with it. Fortunately, however, that doesn’t appear to be a big risk.
“Strictly speaking, under HITECH a covered entity is not responsible for its business associ- ate’s compliance,” Eggeson says. “Thus, if a business associate fails a Phase two audit, it should not affect the covered entity’s own audit performance.”
If, however, you know about a BA’s privacy issues prior to an audit, then you do bear some responsibility to address it, Eggeson says. Thus providers “are well within their rights to demand broader assurances from their business associates — including a periodic review/audit of their business associates’ compliance.”
Assuming you are already familiar with your business associates’ privacy practices and you believe that they are in compliance with HIPAA, then you shouldn’t have to “pre-audit” them to make sure they are on the straight and narrow.
Note: More about Phase two of the HIPAA audits is at www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/index.html.
Home Health & Hospice Week
- Prospective Payment System:
CMS Proposes $180 Million Cut To Home Health Pay In 2017
Repeated cuts will lead to access problems. The number of home health agencies, users, and [...] - Know Your Facts:
CMS Bases Reimbursement Decisions On These Stats
Home health agencies continue to get squeezed by lower payment rates, despite declining statistics cited [...] - Payment:
LUPAs Go Up While Supplies Go Down
Rebasing passes LUPAs by. Home health agencies may feel under-reimbursed for their services to Medicare [...] - Prospective Payment System:
Prepare For Major Changes To Outlier Reimbursement
New winners, losers under methodology revamp. Time will be of the essence when it comes [...] - Outliers:
CMS Proposes Outlier Safeguards Under New Calculation Method
FDL will increase under time-based system. Medicare officials have already anticipated ways to game the [...] - Value-Based Purchasing:
Significant Tweaks To VBP On Deck
Just who your agency is compared to can make or break your VBP payments. The [...] - Value-Based Purchasing:
VBP Appeals Function Clarified, Expanded
Plus 4 measures dropped. The Centers for Medicare & Medicaid Services also proposes these changes [...] - Supplies:
More Reimbursement For Wound Care Patients Using NPWT Proposed
Consolidated billing exception in the works. A rare carve-out for non-routine medical supplies could put [...] - Pre-Claim Review:
HHAs Receive Pre-Claim Review Instructions
Physician signature requirement will be a major obstacle to payment under demo. Home health agencies [...] - Pre-Claim Review:
Pre-Claim Review Documentation Requirements
In its new operational guide for pre-claim review, the Centers for Medicare & Medicaid Services [...] - Make The Most Of Your Eli's Home Care Week Subscription
You have more than a decade’s worth of information on a multitude of home health [...] - HIPAA:
Other Shoe Drops With HIPAA Audits
Hundreds of providers will receive HIPAA scrutiny this year. You’ve been hearing for years that [...] - HIPAA:
Follow This Advice To Prepare Now For HIPAA Audits
Check and double-check your HIPAA policies and procedures. The HHS Office for Civil Rights’ new [...] - Industry Note:
HHAs Stuck With Loss Of Companionship Exemption -- At Least For Now
Remedy still sought. The U.S. Supreme Court has declined to hear the industry’s challenge to [...] - Industry Note:
OASIS-C2 Manual Out
Get ready for OASIS-C2’s January implementation by reading the tool’s new guidance manual, which the [...] - Industry Note:
HHA PEPPERs Hit In July
Mark your calendar to download the next installment of free billing benchmarks from Medicare. Around [...] - Industry Note:
Chain To Go To Charity
Bayada Home Health Care CEO J. Mark Baiada plans to donate the home care chain [...]
