Part B Insider (Multispecialty) Coding Alert

HIPAA:

Medicare Contractors Aren't Properly Overseeing HIPAA Policies, New OIG Report Finds

These surprising results may cause payers to start scrutinizing your HIPAA practices -- follow these steps to ensure compliance.

Think the days of HIPAA scrutiny are behind you? Not so fast. Based on the results of a new OIG audit, you could be facing renewed interest in your HIPAA policies.

On Oct. 30, the OIG released its latest audit report, entitled, "Nation-wide Review of the Centers for Medicare and Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight," which evaluated CMS oversight and

enforcement of HIPAA implementation.

Although most practices and hospitals feel that they've done their part by offering patients HIPAA statements to sign, the OIG found that CMS took only "limited actions" to ensure that covered entities adequately implemented HIPAA, and that

CMS relied on complaints to investigate whether practices were actually HIPAA-compliant.

Get Ready for Reviews

Based on the audit results, more practices could face scrutiny regarding their HIPAA compliance.

"There is no question, as highlighted by the recent report from the OIG, that there is a renewed emphasis by the U.S. Department of Health and Human Services (HHS) to enforce both the HIPAA Privacy and Security Rules," says Mark C.

Rogers, Esq., of The Rogers Law Firm in Boston. "Hospitals and other 'covered entities' can expect an increase in HIPAA audits such as the well-known audit that HHS conducted at Piedmont Hospital in Atlanta last year," he says.

Know Your HIPAA Status

Your best bet in light of the renewed HIPAA scrutiny is to shore up your policies to ensure that you haven't missed the HIPAA boat.

"Now is the time for covered entities to assess their HIPAA policies and procedures to ensure compliance," Rogers advises. "Such an assessment is best undertaken by an outside vendor so that an objective evaluation can be obtained. For

instance, our office has a consulting division (www.trcgsolutions.com) which assists health care providers to ensure they are HIPAA compliant," he says.

Such consultants may offer both general HIPAA compliance audits, as well as specific programs that combine auditing and education programs, Rogers says. These types of independent audits address a significant potential liability exposure

and demonstrate to HHS an organization's commitment to HIPAA compliance, Rogers says.

To read the OIG's complete audit report on this topic, visit the OIG Web site at www.http://oig.hhs.gov/oas/reports/region4/40705064.pdf.