- Category: CMS
- Created: Thursday, 15 June 2017 18:19
5 Ways for Healthcare Providers to Get Ready for New Medicare Cards
Medicare is taking steps to remove Social Security numbers from Medicare cards. Through this initiative the Centers for Medicare & Medicaid Services (CMS) will prevent fraud, fight identity theft and protect essential program funding and the private healthcare and financial information of our Medicare beneficiaries.
- Category: Mid-level Providers
- Created: Friday, 19 May 2017 13:21
- Category: CMS
- Created: Friday, 19 May 2017 11:15
- Category: HIPAA
- Created: Monday, 21 March 2016 18:10
The launch is starting off with emails to so-called covered entities — health care providers, insurance plans and clearinghouses — and to business associates that handle patient information on behalf of those entities. The emails will simply ask to verify contact information, after which recipients will receive a “preaudit questionnaire” seeking details on their business size and operations.
From there, the Office for Civil Rights at the U.S. Department of Helath and Human Services will create a log of audit targets. The log will be created “in coming months” and will “represent a wide range of health care providers, health plans, health care clearinghouses and business associates,” the OCR stated..
If an audit turns up a “serious compliance issue,” the OCR said, further investigation may occur, which could trigger financial penalties and a formal agreement to improve HIPAA compliance.
More broadly, the agency said that it will use its findings to develop new guidance and policies aimed at strengthening adherence to HIPAA rules aimed at safeguarding the confidentiality of so-called protected health information.
It was not immediately clear how many audits the OCR intends to conduct. The agency did say that most of the reviews will be remote “desk audits,” although some in-person audits will take place. All the desk audits will be finished by the end of 2016, according to the OCR.
The OCR had performed pilot audits in 2012, but funding for further inquiries dried up. As a result, the agency has relied on tips and disclosures of breaches to police HIPAA compliance. That has given the agency plenty of material, but government watchdogs have still criticized the lack of proactive oversight.
On Monday the OCR promised to release its audit protocols — instructions on how audits are conducted — later this year, when the agency is closer to actually performing the audits. The protocols are being updated to reflect policies in a 2013 final rule that expanded HIPAA’s reach.
Companies selected for an audit will receive a detailed overview of the audit process and an outline of their obligations, according to the OCR. Generally, companies will have 10 business days to submit the requested information, and the OCR will then review the information and respond with its findings. Companies will then have a chance to respond to the findings before a final audit report is completed.
- Category: Meaningful Use
- Created: Friday, 22 January 2016 00:19