Medicare Compliance & Reimbursement

HIPAA:

Top 5 Questions On The HIPAA Security Rule

Published on Thu Aug 26, 2004

Good news: CMS offers more guidance on HIPAA.

Security rule questions got you scratching your head? You may find what you're looking for on the Centers for Medicare and Medicaid Services' Web site. The agency listed 12 new and updated answers to frequently asked questions Aug. 12.

Here's the lowdown:

Does the Health Information Portability and Accountability Act allow for sending electronic protected health information in an email or over the Internet? Sending PHI via e-mail or over the Internet is allowed as long as access is protected. Covered entities are required to implement policies and procedures that protect the integrity of PHI and guard against unauthorized access.

Do the security rule requirements for access control apply to employees who work from home? Yes. The automatic logoff specification or an equivalent alternative safeguard must be implemented. Policies and procedures authorizing access to PHI should also be in place.

What is the difference between risk analysis and risk management? Risk analysis may include taking a close look at all systems/applications that are used to access and house data, and classifying them by risk. Risk management, however, is the implementation of security measures to reduce the risk of losing or compromising PHI.

How will we know if our organization and our systems are compliant? Rest assured, no single HIPAA compliance strategy will fit every organization. Compliance includes performing a risk analysis, implementing reasonable security measures and documenting/maintaining policies, procedures and other required documentation.

Are we required to "certify" our organization's compliance? No specification requires you to "certify" compliance with the security rule standards. The evaluation standard requires a technical and non-technical evaluation that can be performed internally or by external "certification" services.

To view more FAQs, go to http://questions.cms.hhs.gov/cgi-bin/cmshhs.cfg/php/enduser/std_alp.php; under category 'HIPAA,' type 'security' in the search text.

Medicare Compliance & Reimbursement

Outpatient PPS:
6.6-Percent Pay Boost On Its Way For Outpatient Pay
Administration fees soar from 2003, but plummet from 2004.

Hospitals are about to receive some much-needed [...]

Long-term Care:
SNFs Should Heed Admission Rules
Here are the hoops nursing homes will have to jump through if CMS heeds new [...]

HIPAA:
Top 5 Questions On The HIPAA Security Rule
Good news: CMS offers more guidance on HIPAA.

Security rule questions got you scratching your head? [...]

Physicians:
Income Guarantees For Recruits Guarantee Pain
Wave goodbye to non-compete clauses for new physicians.

Physician practices that partner with hospitals to recruit [...]

Physicians:
Stark II Regs Spell Changes For Doc Recruitment
Prepare to bring contracts into compliance.

In the past, physicians and hospitals have signed separate "income [...]

Policy:
Got A Question? Don't Ask Your Carrier
They only get the answers right 5 percent of the time, GAO says.

If you have [...]

Rural Providers:
Rural Docs Could See A 15-Percent Hike
Why some will benefit from the physician shortage.

Good news for rural physicians. They could gain [...]

Enforcement Watch:
Big Apple Says AWP Is More Than It Can Chew
Allegations could signal another round of pharmaceutical settlements.

States looking for a big boost to their [...]

Rehab:
IRFs Need To Get Up To Speed On PPS Regs
Here are the billing mistakes the OIG is looking for.

If inpatient rehab facilities want to [...]

Home Care:
Hospitals Must Inform Discharged Patients Of All HHA Options
CMS unveils new steps to "improve" hospital training.

Ensuring hospitals give patients a choice of home [...]

View All