Corporate Compliance

*Is working at home a threat to HIPAA compliance?
*Documenting medical necessity

Compliance Monitor, November 24, 2003

FREE Charge Master Demos: Code Changes for 2004
11/24 AC: Discharge Planning Compliance Comply with new EMTALA rule with this kit

November 21, 2003
Vol. 6, No. 93


SUBSCRIBE to Compliance Monitor

SUBSCRIBE to Health Care Auditing Weekly

Join the Compliance Monitor team!


IRP, Inc.

IRP's Coding Software is specifically designed for Medicare DRG and APC compliance. Versions available for PCs and mainframes. Click here to use our APC Reference Library for the latest Medicare APC changes, or call 800/634-0496, x244.


Solve all of your biggest challenges—AUDITING, KICKBACKS, STARK, HIPAA,TRAINING, AND MEASURING EFFECTIVENESS with reporters who get the stories and ideas you need to comply and help your organization's bottom line!

"Strategies for Health Care Compliance," a 12-page monthly newsletter, helps you thrive in the ever-changing compliance environment by providing easy-to-understand compliance advice and analysis of the latest regulations. Each month, this newsletter offers how-to tips, features about your peers, policies and procedures, and tools for improving the efficiency and effectiveness of your corporate compliance programs. To learn more, click here or call 800/650-6787.


Sample compliance policies and procedures. (For subscribers to Strategies for Health Care Compliance only)

Sample audit programs. (For subscribers to Health Care Auditing Strategies only)

The OIG Work Plan for Fiscal Year 2003

Ask the Expert

Compliance Hot Topics: Billing and Coding, EMTALA, Stark, HIPAA

Question of the Week

Welcome to Compliance Monitor Q&A.

Our mission is to answer your difficult compliance questions—and your simple ones, too. To submit a question, send it to Compliance Monitor Q & A editor Kate Alvarez at We hope you enjoy this service and we welcome your feedback.

Editor's Note: Due to the Thanksgiving holiday, we will not send the November 28th issue of Compliance Monitor Q&A. Thank you and have a happy Thanksgiving.

This week's questions

Pay-per-view article
Quick survey
Questions and Answers

Is working at home a threat to HIPAA compliance?

Q: Do employees working from home, with online records or physical records, pose a security threat?

A: HIPAA allows staff members to work at home with health records, but requires the same level of protection as in a facility. If you allow working at home, you should provide training and develop policies and procedures to address security issues in detail.

We recommend the following safeguards:

  • When outside the facility, only work on health information in your home

  • Keep the information with you at all times while in transit

  • Keep information in a private, closed place at home

  • Do not permit others to have access to the information

  • Don't make copies

  • Never fax patient information from home

  • Don't enter patient information into a home computer

  • Don't store records at home

  • Return all information the next business day

  • Require employees using records at home to check in and out of the facility

    Online processing at home could be an even bigger risk than transporting hard records. How the information is actually processed is a big concern. Is the home computer functioning as a "terminal" not storing any information, or is it a "client" storing information for processing? Even a "thin" client may store and display some information it receives, like when a browser stores a temporary copy of visited Web pages for later access. Your information technology department or software vendor can tell you if you need to address this problem.

    If a computer stores patient information during processing, you could be opening the door to unwanted disclosures. HIPAA requires you to assess the risks involved before allowing work from home. Remember, electronic information can be disseminated widely and rapidly.

    If you do allow online access from home, protective measures like password security, limiting access to applicable records, clearing the screen when not using the information, not allowing anyone to see the screen, and a logout procedure will keep your records a little safer.

    Additionally, the following policies apply to online users at home:

  • Do not print records of any type

  • Never email patient information

  • Do not store information on the remote computer

  • Do not record login information on or near the computer

    This question answered by Marion Neal, President of

    Back to top


    Join the Compliance Monitor Team! Compliance Monitor Q&A relies upon experts just like you to answer pressing compliance questions. We're looking for experts in coding, billing, documentation, HIPAA, EMTALA, Stark, laboratories, and many other areas of compliance.

    If you are interested in answering questions from your peers, please e-mail Compliance Monitor editor Kate Alvarez.

    Tips, examples, and recommendations for planning your compliance focus areas and audit topics for the coming year

    HCPro can help you use the 2004 Work Plan to your best advantage. Attend the 90-minute live audioconference, "2004 OIG Initiatives: How to Get Ready and Stay in Compliance." Here is what Andy Navarro, Legal Counsel at Trinity Mother Frances Hospital in Tyler, TX, had to say about last year's HCPro program on the 2003 Work Plan for Hospitals:

    "Excellent program! This is a must for compliance professionals!"

    This program will be held on 12/10/2003. To register, or learn more, click here or call 800/650-6787 and mention source code EZ23867H.

    Back to top

    Tell us about your financial policies.

    Click here to take our quick survey on your financial policies and procedures.

    Back to top

    Pay-per-view article: Strategies for measuring privacy compliance effectiveness

    Measuring privacy program effectiveness has many benefits-it will help your organization focus limited resources, lead to more disciplined goal setting, and provide data to inform decision makers and drive change. It will also help to enhance accountability and lead to a culture of compliance, says Brian Felton, Esq., associate general counsel for Allina Health Systems.

    Now that you've met the privacy compliance deadline for the Health Insurance Portability and Accountability Act of 1996 (HIPAA), read this article for some ideas to ensure that your plan is effective.

    To find out more on measuring privacy program effectiveness, order the pay-per-view article "Strategies for measuring privacy compliance effectiveness." The cost is $10. Subscribers to the online version of Health Care Auditing Strategies have free access to this article. Subscribers to the print edition can find it in their November issues.

    A $30 steal.
    You can read this article and much more in the November issue of Health Care Auditing Strategies. Your cost: Five stories for only $30. You'll also learn how to audit the charge capture process, how to follow the government's lead for this year's audits, and you can check out a sample audit program for your organization's research costs.

    Back to top

    Top prosecutor gives practical strategies for pharma compliance

    Help your pharmaceutical reps meet their sales goals while staying in compliance. Get your team together and listen to the HCPro 90-minute live audioconference, "Successful Pharma Sales: How to Meet Sales Goals and Prevent Fraudulent Activity."

    This program will be held on Thursday, December 4, 2003. Can't get your team together? We'll also be offering this program on tape, so everyone can listen and learn at their convenience!

    To register, or learn more, click here or call 800/650-6787. Be sure to mention source code EZ23584B.

    Back to top

    Documenting medical necessity

    Q: Medicare/Medicaid requirements for "medically necessary" tests imply that the order for the test must document necessity. What are the necessary "authoritative" elements on a physician (or supplier's) order that will avoid claim denial due to a medical audit or investigation?

    A: To read the answer to this question, click here.

    Back to top

    Quick survey: Does your organization train employees on Medicaid compliance issues?

    To submit your answer, go to the Question of the Week at

    Here are the answers to the last survey:

    When will your organization begin auditing its HIPAA compliance program?

    • Within the next six months: 68%
    • In 7 to 12 months: 17%
    • In 12+ months: 9%
    • We do not plan to audit: 6%

    Back to top

    Network with your audit colleagues

    "Audit Talk" is a new, moderated chat forum that members can use to post messages or questions for their peers 24-hours-a-day. "Audit Talk" offers a free forum to network, share ideas, and solve problems for those in the audit industry. Getting involved is easy. To subscribe, just send your request to this e-mail:

    Back to top

    Share the news

    You've been benefiting from our informative e-mail newsletter, so why not pass on this resource to your peers? Sign up a colleague and get $20 off your next purchase on HCPro's Healthcare Marketplace!

    Back to top

    Send your comments and questions about Compliance Monitor Q&A to:

    Kate Alvarez
    Editorial Assistant

  • Compliance Monitor (c) 2003 HCPro, Inc. You have permission to forward Compliance Monitor, in its entirety only, to your colleagues, provided this copyright notice remains part of your transmission. Better yet, send them to where they can subscribe to the newsletter directly. All other rights reserved. None of this material may be reprinted without the expressed written permission of HCPro, Inc.

    DISCLAIMER Advice given is general, and readers should consult professional counsel for specific legal, ethical, or clinical questions. Users of this service should consult attorneys who are familiar with federal and state health laws.

    SPONSORSHIPS For information about sponsoring Compliance Monitor, contact Margo Padios at or call 781/639-1872, ext. 3145. If you would like further information about any of HCPro's products, including books, seminars, videos, consulting services, or newsletters please visit

    YOUR SUBSCRIPTION You are receiving this message as a subscriber to Compliance Monitor. If you would like to unsubscribe, please visit If you do not have web access, please forward this email to: and type "Remove" in the body.

    Copyright 2003 HCPro, Inc.

    Most Popular