Inpatient Facility Coding & Compliance Alert
Are Your BA Agreements Risk Magnets? Find Out Here
Heads up: Regulations apply to any vendor or subcontractor.
Federal scrutiny — and penalties — for patient privacy breaches are intensifying and expanding to include the agreements your facility has with various business associates (BAs). Diminish your risks by ensuring your BA agreements meet the latest requirements.
Definition: A “business associate,” according to HIPAA information from the U.S. Department of Health and Human Services (HHS), is “a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. A ‘business associate’ is also a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate.”
HIPAA rules generally require covered entities and business associates to enter into contracts with their business associates to ensure that the BAs will adequately safeguard protected health information. Contracts clarify and limit how the BA is permitted to use and/or disclose protected health information, based on the business relationships and the activities or services the BA performs.
Note: A BA is directly liable under the HIPAA Rules and subject to civil (or possibly criminal) penalties for using or disclosing protected health information in ways that are not authorized by its contract or required by law. “A business associate also is directly liable and subject to civil penalties for failing to safeguard electronic protected health information in accordance with the HIPAA Security Rule,” the HHS website states.
Your contracts need to establish BA permissions and restrictions, outline safeguards that will be taken to protect patient privacy, and more. For a complete look at what HHS says should be in a BA contract and to view a sample BA contract, visit http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html
Inpatient Facility Coding & Compliance Alert
- Critical Care:
Do Your ED Docs Capture All Their Critical Care Time?
Check out these resources to see if your policies are in order. All reimbursement hinges [...] - Chemotherapy:
Get Your Best Infusion Pay by Following 96401-96549 Guideline Revisions
Take note: One coding example specifically applies to facilities. If your facility provides chemotherapy infusion [...] - HIPAA:
Are Your BA Agreements Risk Magnets? Find Out Here
Heads up: Regulations apply to any vendor or subcontractor. Federal scrutiny — and penalties — [...] - ICD-10-PCS:
Select the Appropriate Cesarean Procedure and Diagnosis Codes With This Advice
For a cesarean, ICD-10-CM guidelines say to use this code as your primary dx. Although [...] - You Be the Coder:
Choosing Codes With No Pathological Diagnosis
Question: The pathologist examined a portion of rib removed for thoracic outlet syndrome, but didn’t [...] - Reader Question:
Include Specific Critical Care Times on EMR Templates
Question: Would a template listing a range of time spent rather than a specific time [...] - Reader Question:
Save 03.91 for Non-Surgery Administrations
Question: An anesthesiologist used both general anesthesia and an intrathecal during a patient’s total knee [...] - Reader Question:
Back Up Resident Services With MD Confirmation
Question: If no linking statement by the attending physician is present, which part of the [...] - Reader Question:
Verify Situation Before Coding Coumadin Toxicity
Question: A patient was admitted to the hospital with hematuria which the physician suspected was [...] - Reader Question:
Documentation, Not Initial Thinking, Guides Primary
Question: Sometimes our chart reviewer changes the COPD exacerbation and reports pneumonia as the primary [...]
