Pathology/Lab Coding Alert
Let Enforcement Action Spur Your Lab’s Compliance
Track the basics to stay on course. The feds are ramping up HIPAA reviews, and one Georgia lab’s experience should be a warning to you. When an HHS Office for Civil Rights’ (OCR) review “found systemic noncompliance with the HIPAA Security Rule, including failures to conduct an enterprise-wide risk analysis, implement risk management and audit controls, and maintain documentation of HIPAA Security Rule policies and procedures,” the lab agreed to pay $25,000 to settle the issue and entered into a 3-year corrective action plan (CAP). To help you avoid a similar fate, use the following toolkit to make sure your lab is in compliance. Bolster Your HIPAA Preparedness With This Glossary A HIPAA breach is an impermissible use or disclosure under the Privacy Rule that compromises protected health information (PHI). Gauging the severity and penalty implications of a breach depends on understanding the following four definitions: 1. Administrative simplification provision: Standard transaction rules, code sets and identifiers that ensure consistent electronic communication within the U.S. health care system. 2. Reasonable Cause: An act or omission in which a covered entity (CE) or business associate (BA) knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the CE or BA did not act with willful neglect. 3. Reasonable Diligence: Business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances. 4. Willful Neglect: Conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated. Heads up: Willful neglect violations must be investigated, and penalties are mandatory, according to Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems, LLC in Charlotte, Vermont. Understand Civil and Criminal Penalties Based on OCR guidance, here are the civil monetary penalties linked to HIPAA violation tiers: Criminal: HIPAA criminal cases aren’t common, but when they do occur it’s often linked to the use of patient data for personal gain. The list of criminal penalties focus on the following three tiers: Compliance key: To overcome common staff hesitance to point out hunches or concerns regarding HIPAA, you need to “train in incident management, top to bottom,” Sheldon-Dean says. That includes providing clear descriptions of how incidents will be handled. “Staff need to feel like they are empowered to report their suspicions of information security incidents,” he says.
Related Articles
Pathology/Lab Coding Alert
- In Situ Hybridization:
Asking Who Oversees ISH May Change Your Coding
Remember: report ISH per specimen, then per procedure. Ancillary tests using in situ hybridization (ISH) [...] - Microbiology:
Answer 4 Questions for Perfect Urine Culture Coding
Unravel medical necessity. Even if you consider microbiology culture coding an easy task, urine cultures [...] - HIPAA:
Let Enforcement Action Spur Your Lab’s Compliance
Track the basics to stay on course. The feds are ramping up HIPAA reviews, and [...] - You Be the Coder:
Use 85610 and More for Coagulation Management
Question: How should we bill for INR testing at our Coumadin Clinic, including how to report [...] - Reader Questions:
Define Purpose For Topiramate Test
Question: The lab received a physician order for a therapeutic drug level for Topiramate, because [...] - Reader Questions:
Don’t Leave Genetic Test Pay on the Table
Question: Our lab is a full-service genetic testing lab, and we have certified genetic counselors [...]
