|
|
|
|
THIMA eNEWS
Inside this issue - March 5, 2015:
Oppose Efforts to Delay ICD-10
Congressman Pete Sessions chairs the House Rules Committee. This Committee controls which Bills from the Senate are heard in the House and also can attach amendments to proposed legislation.
We have received news that Chairman Sessions is looking to draft language to delay ICD-10. The Chairman is seeking support from his colleagues in Congress.
Call these legislators today (all members of the Rules Committee) and voice your support for ICD-10 in 2015. Note, this will be the most critical month in Congress to ensure the new code sets are implemented this year. Even though you are not a constituent, your voice needs to be heard by this Committee. The next three weeks are extremely important to promote implementation of ICD-10 this year.
You can follow these 4 easy steps:
1 - Call Dr. Michael Burgess at (202) 225-7772
2 - State that you support ICD-10 implementation in 2015.
3 - Use the talking points below:
- We need the code sets in 2015!
- A recent GAO report supports ICD-10 readiness.
- Small physician practices are expected to spend between $1,900 and $6,000 to transition to the new code set. This is much lower than previous reports. The study can be found on www.coalitionforICD10.org
4 - When you are done, call the other congressional leaders also.
Chairman Pete Sessions
State/District: TX-32
Phone #: (202) 225-2231
Rep. Virginia Foxx
State/District: NC 5
Phone #: (202) 225-2071
Rep. Tom Cole
State/District: OK 4
Phone #: (202) 225-6165
Rep. Rob Woodall
State/District: GA-7
Phone #: (202) 225-4272
Rep. Steve Stivers
State/District: OH-15
Phone #: (202) 225-2015
Rep. Doug Collins
State/District: GA-9
Phone #: (202) 225-9893
Rep. Louise Slaughter
State/District: NY-25
Phone #: (202) 225-3615
|
|
Announcing New Webinar Series: CDI for ICD-10 by Body System
This program follows the general format of ICD-10-CM chapters for each body system are designed to provide each participant with information needed to facilitate proper assignment of the appropriate ICD-10-CM code. The program will also cover the anatomy of the different body systems, general ICD-10-CM coding conventions and guidelines as well as chapter specific coding rules. Upon completion of the webinar series, each participant should be able to identify issues and documentation needed to allow for correct ICD-10-CM coding.
Learn more!
|
|
Coalition for ICD-10 Comments on Success of CMS End-to-End Testing
by Coalition for ICD-10
The Coalition for ICD-10 congratulates CMS on the success of its recent end-to-end testing, which demonstrated that CMS systems are ready to accept ICD-10 claims. In particular, there were zero claims rejected due to front-end CMS system issues for professional and supplier claims. While some claims submitted for end-to-end testing were rejected, only three percent of the rejections were due to invalid submission of an ICD-10 diagnosis or procedure code. The remaining rejections were for non-ICD-10 related errors that have no bearing on ICD-10 implementation and would be rejected under ICD-9. Read more of this post
Letter to Congress: 22 U.S. Health Systems and Representative Organizations Say No More ICD-10 Delays
by Coalition for ICD-10
In response to the recent House Energy & Commerce hearing on ICD-10, twenty-two health systems and representative organizations have signed a letter to all congressional committees of jurisdiction opposing further ICD-10 implementation delay. Read more of this post
|
|
While We Are Waiting for SPRING
It is turning out to be long, cold winter! Let’s get together, put the stresses of work behind us, and have some fun!
We are having a “THIMA Night with the Nashville Predators†on March 31. We have discounted tickets (two options) and seats together. Ticket prices includes concession food! Especially if you live in Middle TN, plan to be there! The Preds are having an amazing season (in spite of recent slump)! Let’s go cheer the home team!
Learn more.
|
|
BYOD
How is your organization managing mobile devices? Attend the THIMA Annual Meeting to learn best practices!
|
|
Give Back and Pay It Forward – With One Click
Become a Charter Donor of the THIMA Foundation – with every donation more THIMA Scholarships are available! Your donation is tax deductible . . . and there is no gift too small.
|
|
HIPAA crackdown coming: How to prep for audits
From Government Health IT
Earlier this month health insurer Anthem, Inc. disclosed a data breach involving an estimated 80 million records containing protected health information (PHI). In 2013, Anthem (then known as Wellpoint) was fined $1.7 million by the Department of Health and Human Services (HHS) in connection with an unauthorized disclosure of PHI.
Last May, Columbia University and New York-Presbyterian Hospital were fined a combined $4.8 million for HIPAA violations when a doctor disconnected his personal computer from the hospital network, leaving patient information vulnerable to discovery through Internet search engines.
After some delay, Phase II of the HIPAA Audit Program is expected to begin soon. This means the Office of Civil Rights (OCR) will begin conducting compliance audits this year. If you have not completed a HIPAA risk assessment in the last 12 months, you should do so now. Risk assessments are a fundamental requirement under HIPAA, not a “nice to do.†There is no way to properly implement HIPAA policies and procedures without fully understanding your environment and the risks it presents to protecting privacy and securing PHI.
When HIPAA was enacted in 1996, privacy was not the principal focus of the legislation. Indeed, it took HHS eight years to publish the initial HIPAA Privacy Rule. It took several more years for HHS to publish the initial Security Rule. The Security Rule directed “covered entities†(e.g., providers, hospitals, health insurers) to perform a risk assessment, understand where their vulnerabilities were, and to adopt reasonable safeguards to fix them. There are three categories of HIPAA safeguards:
Administrative safeguards
These involve designating personnel, creating and adopting HIPAA policies and procedures, and training your workforce to understand the policies and procedures, including how to document compliance. Training is not the place to cut corners because it is key to ensuring a HIPAA-compliant workplace – data security relies as much on institutional culture as it does on technology.
Physical safeguards
How your practice manages the physical devices and media where patient information is stored and can be accessed is vitally important. Locks and alarms for facility access remain important, but address a limited aspect of physical safeguarding. OCR reports HIPAA violations occurring because of lost or stolen flash drives, hard drives, laptops, and even paper files blowing out of car windows. It is therefore imperative that you develop physical safeguards that minimize or eliminate the possibility of exposing PHI through sloppy access protocols, leaving unencrypted PHI on electronic media, etc.
Technical safeguards
This may be the one area in which it is reasonable to believe that HIPAA compliance is a headache only for the CIO, CTO, and the IT department.
Technical safeguards focus on things like access controls, the integrity of PHI (i.e., making sure it can’t get corrupted), authentication (making sure the person trying to access PHI is who she says she is), and transmission security (is there a risk that PHI can be “grabbed†while it’s in transit?). That said, never lose sight of the fact that Security Rule compliance is based on implementing all of the safeguard types – meaning it necessarily involves personnel from a variety of disciplines within a covered entity’s organization.
In 1996, HIPAA compliance might have simply required a memo to staff, a sturdy lock on the records room, and an alarm on the building. The creation and rapid adoption of electronic health records over the last several years have rendered locks and alarms a quaint reminder of simpler data security times. Hence the Security Rule’s requirement that covered entities (and now business associates) conduct a proper risk assessment.
A risk assessment does not need to be expensive. The OCR website has a downloadable tool for performing a security risk assessment (SRA). The SRA tool consists of 156 “yes†or “no†questions about the organizational policies and procedures for your practice. When you are done, you will have up-to-date information about where your practice needs improvement with respect to HIPAA. Importantly, the SRA tool does not report information outside of your practice. The idea is to provide information helpful to your becoming fully compliant. Be aware, though, that HHS cautions that use of the SRA tool does not guarantee HIPAA compliance, and the ultimate determination of compliance is left to each health care provider and organization.
Phase II of the OCR’s HIPAA audit program is imminent, and may herald a further crackdown on compliance. While no formal announcement regarding the scope or concentration of the audits, OCR has been consistent in suggesting a substantial increase in on-site audits (as opposed to desk audits).
The OCR’s HIPAA audit protocol (in its current form) is obviously useful information as you continue your HIPAA compliance journey.
Keith Dennen is member attorney with the Nashville office of Dickinson Wright, PLLC, a full-service law firm with 12 offices throughout the United States and Canada. He focuses his practice on health care law and corporate law. Keith can be reached at kdennen@dickinsonwright.com. Brian Balow is a member attorney with the Troy office of Dickinson Wright, PLLC. He focuses his practice on health care law, information technology and technology transactions. Brian can be reached at BBalow@dickinsonwright.com.
|
|
|
|
|
|
|
|
|
