*Is working at home a threat to HIPAA compliance?
*Documenting medical necessity
Compliance Monitor, November 24, 2003
FREE Charge Master Demos: Code Changes for 2004||11/24 AC: Discharge Planning Compliance||
Comply with new EMTALA rule with this kit
November 21, 2003
Vol. 6, No. 93
Welcome to Compliance Monitor Q&A.
Our mission is to answer your difficult compliance questions—and your simple ones, too. To submit a question, send it to Compliance Monitor Q & A editor Kate Alvarez at email@example.com.
We hope you enjoy this service and we welcome your feedback.
Editor's Note: Due to the Thanksgiving holiday, we will not send the November 28th issue of Compliance Monitor Q&A. Thank you and have a happy Thanksgiving.
This week's questions
Questions and Answers
Is working at home a threat to HIPAA compliance?
Q: Do employees working from home, with online records or physical records, pose a security threat?
A: HIPAA allows staff members to work at home with health records, but requires the same level of protection as in a facility. If you allow working at home, you should provide training and develop policies and procedures to address security issues in detail.
We recommend the following safeguards:
Online processing at home could be an even bigger risk than transporting hard records. How the information is actually processed is a big concern. Is the home computer functioning as a "terminal" not storing any information, or is it a "client" storing information for processing? Even a "thin" client may store and display some information it receives, like when a browser stores a temporary copy of visited Web pages for later access. Your information technology department or software vendor can tell you if you need to address this problem.
If a computer stores patient information during processing, you could be opening the door to unwanted disclosures. HIPAA requires you to assess the risks involved before allowing work from home. Remember, electronic information can be disseminated widely and rapidly.
If you do allow online access from home, protective measures like password security, limiting access to applicable records, clearing the screen when not using the information, not allowing anyone to see the screen, and a logout procedure will keep your records a little safer.
Additionally, the following policies apply to online users at home:
This question answered by Marion Neal, President of HIPAASimple.com.
WE NEED YOUR EXPERTISE!
Join the Compliance Monitor Team! Compliance Monitor Q&A relies upon experts just like you to answer pressing compliance questions. We're looking for experts in coding, billing, documentation, HIPAA, EMTALA, Stark, laboratories, and many other areas of compliance.
If you are interested in answering questions from your peers, please e-mail Compliance Monitor editor Kate Alvarez.
Tips, examples, and recommendations for planning your compliance focus areas and audit topics for the coming year
HCPro can help you use the 2004 Work Plan to your best advantage. Attend the 90-minute live audioconference, "2004 OIG Initiatives: How to Get Ready and Stay in Compliance." Here is what Andy Navarro, Legal Counsel at Trinity Mother Frances Hospital in Tyler, TX, had to say about last year's HCPro program on the 2003 Work Plan for Hospitals:
"Excellent program! This is a must for compliance professionals!"
This program will be held on 12/10/2003. To register, or learn more, click here or call 800/650-6787 and mention source code EZ23867H.
Tell us about your financial policies.
Click here to take our quick survey on your financial policies and procedures.
Pay-per-view article: Strategies for measuring privacy compliance effectiveness
Measuring privacy program effectiveness has many benefits-it will help your organization focus limited resources, lead to more disciplined goal setting, and provide data to inform decision makers and drive change. It will also help to enhance accountability and lead to a culture of compliance, says Brian Felton, Esq., associate general counsel for Allina Health Systems.
Now that you've met the privacy compliance deadline for the Health Insurance Portability and Accountability Act of 1996 (HIPAA), read this article for some ideas to ensure that your plan is effective.
To find out more on measuring privacy program effectiveness, order the pay-per-view article "Strategies for measuring privacy compliance effectiveness." The cost is $10. Subscribers to the online version of Health Care Auditing Strategies have free access to this article. Subscribers to the print edition can find it in their November issues.
A $30 steal.
Top prosecutor gives practical strategies for pharma compliance
Help your pharmaceutical reps meet their sales goals while staying in compliance. Get your team together and listen to the HCPro 90-minute live audioconference, "Successful Pharma Sales: How to Meet Sales Goals and Prevent Fraudulent Activity."
This program will be held on Thursday, December 4, 2003. Can't get your team together? We'll also be offering this program on tape, so everyone can listen and learn at their convenience!
To register, or learn more, click here or call 800/650-6787. Be sure to mention source code EZ23584B.
Documenting medical necessity
Q: Medicare/Medicaid requirements for "medically necessary" tests imply that the order for the test must document necessity. What are the necessary "authoritative" elements on a physician (or supplier's) order that will avoid claim denial due to a medical audit or investigation?
A: To read the answer to this question, click here.
Quick survey: Does your organization train employees on Medicaid compliance issues?
To submit your answer, go to the Question of the Week at Complianceinfo.com.
Here are the answers to the last survey:
When will your organization begin auditing its HIPAA compliance program?
Network with your audit colleagues
"Audit Talk" is a new, moderated chat forum that members can use to post messages or questions for their peers 24-hours-a-day. "Audit Talk" offers a free forum to network, share ideas, and solve problems for those in the audit industry. Getting involved is easy. To subscribe, just send your request to this e-mail: firstname.lastname@example.org.
Share the news
You've been benefiting from our informative e-mail newsletter, so why not pass on this resource to your peers? Sign up a colleague and get $20 off your next purchase on HCPro's Healthcare Marketplace!
Send your comments and questions about Compliance Monitor Q&A to:
Compliance Monitor (c) 2003 HCPro, Inc. You have permission to forward Compliance Monitor, in its entirety only, to your colleagues, provided this copyright notice remains part of your transmission. Better yet, send them to http://www.hcmarketplace.com/free/emailnls.cfm where they can subscribe to the newsletter directly. All other rights reserved. None of this material may be reprinted without the expressed written permission of HCPro, Inc.
DISCLAIMER Advice given is general, and readers should consult professional counsel for specific legal, ethical, or clinical questions. Users of this service should consult attorneys who are familiar with federal and state health laws.
SPONSORSHIPS For information about sponsoring Compliance Monitor, contact Margo Padios at mailto:email@example.com or call 781/639-1872, ext. 3145. If you would like further information about any of HCPro's products, including books, seminars, videos, consulting services, or newsletters please visit http://www.hcmarketplace.com
YOUR SUBSCRIPTION You are receiving this message as a subscriber to Compliance Monitor. If you would like to unsubscribe, please visit http://firstname.lastname@example.org If you do not have web access, please forward this email to: mailto:email@example.com and type "Remove firstname.lastname@example.org" in the body.
Copyright 2003 HCPro, Inc.
- Differentiate between types of wound debridement
- CMS seeks comment on quality measures
- Note similarities and differences between HCPCS, CPT® codes
- OB services: Coding inside and outside of the package
- Fracture coding in ICD-10-CM requires greater specificity
- ICD-10-CM coma, stroke codes require more specific documentation
- Complications from immobility by body system
- Hospital offers incentives for identifying incorrect patient status
- What to expect when coding CAD, MI with ICD-10-CM
- What does case-mix index mean to you?
- Average resident salary rises
- More new physicians taking advantage of debt forgiveness program
- Medical school awards scholarships to delay student enrollment
- Medical errors are the third leading cause of death: Now what?
- Learn how to hold staff accountable in a nonpunitive culture
- HIPAA Q&A: Level of encryption needed for email
- From the nurse manager's bookshelf: Patient classification systems
- Ensure appropriate use of soft restraints, drugs
- Consider this before arming your security officers
- Coding, billing, and documentation tips for teaching physicians, interns, residents, and students