Select the title to see a summary and a link to the full article.
By Wyn Staheli, Director of Research | Published July 7th, 2020 - Last Review/Update July 8th, 2020
The anticipated changes to the Advanced Beneficiary Notice of Non-coverage (ABN) Form (CMS-R-131) have arrived. This important form is issued to the patient or client by providers, physicians, practitioners, and suppliers in situations where Medicare payment is expected to be denied.
You can begin using the new ABN immediately if you so wish. However, it becomes mandatory on August 31, 2020.
Read the article →
December 18th, 2018
Are HIPAA Changes Coming?
By Wyn Staheli, Director of Research | Published December 18th, 2018
On December 14, 2018, the Office for Civil Rights (OCR) issued a Request for Information (RFI). They are considering making changes to some of the HIPAA regulations. Earlier this year at the HIMSS (Healthcare Information and Management Systems Society) meeting, Roger Severino, the head of the Office for Civil Rights ...
Read the article →
September 26th, 2018
HIPAA Handling Patient Requests for Medical Record Restriction
By | Published September 26th, 2018 - Last Review/Update October 17th, 2018
Healthcare compliance professionals frequently face confusing situations about sharing of protected health information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) supports the protection of privacy of medical records. However, even when a patient does not authorize sharing of his record, there are permitted uses and disclosures, such as...
Read the article →
September 24th, 2018
Q/A: Do I Have to Accept Any New Patient?
By Wyn Staheli, Director of Research | Published September 24th, 2018 - Last Review/Update January 28th, 2019
Question: Is it legal for us to not allow a patient to be seen in our office if their parents have bad debt with us?
Read the article →
August 31st, 2018
Finalized Confidentiality of Alcohol and Drug Abuse Patient Records Regulations
By Wyn Staheli, Director of Research | Published August 31st, 2018
In January, the U.S. Department of Health and Human Services (HHS) issued updates to the privacy regulations regarding the confidentiality of patient information of substance use disorder patients (42 CFR Part 2). This notice included references to better alignment with HIPAA regulations, but did state that Part 2 is more protective ...
Read the article →
August 3rd, 2018
Q/A: Is it Legal to Shred Archived Patient Records After a Certain Amount of Time?
By Wyn Staheli, Director of Research | Published August 3rd, 2018 - Last Review/Update January 28th, 2019
Shredding patient records. When is it appropriate? Read more to find out.
Read the article →
June 18th, 2018
Medicare Claim Submission Exceptions
By Wyn Staheli, Director of Research | Published June 18th, 2018 - Last Review/Update January 28th, 2019
There are several exceptions to the Medicare "Mandatory Claim Submission Rule." What are they?
Read the article →
May 30th, 2018
Creating a Culture of Compliance in 2018
By Sean M. Weiss & Frank Cohen | Published May 30th, 2018 - Last Review/Update June 4th, 2018
This year (2018), healthcare organizations (Hospitals, Health Systems, and Physician Groups/Practices) must focus on the criticality of creating a culture of compliance to ensure effectiveness and efficiency. Focusing on "compliance"-only approaches leaves healthcare organizations exposed to areas of liability oftentimes far more than what they could ever imagine or even...
Read the article →
May 30th, 2018
What is a Legal Hold and e Discovery Anyway
By Rachel V. Rose, JD, MBA | Published May 30th, 2018 - Last Review/Update June 4th, 2018
Whether I am assisting clients or presenting, I am often asked about legal holds and e-discovery. The transition from paper to electronic records, which include emails, computer faxes, protected health information ("PHI"), personally identifiable information ("PII") and documents that are created, received, maintained or transmitted in an electronic format created...
Read the article →
May 7th, 2018
Q/A: How Do I Respond to a Patient's Request to Not Submit the Claim to Their Insurance?
By Wyn Staheli, Director of Research | Published May 7th, 2018 - Last Review/Update January 30th, 2019
A number of patients now have high deductible plans. Sometimes, deductibles can be $5000 or $10,000. My payer contract states that I must submit all claims to insurance for covered services. However, sometimes patients with these high deductibles come to my office and state that they would prefer to receive a modest discount for paying cash and in turn, not have their services submitted to insurance. As a doctor, this places me in a tough situation. Do I follow the patient's wishes or the payer contract?
Read the article →
April 24th, 2018
FHIR Revisited
By Dugan MadduxDugan Maddux, MD, FACP & Dr. Ahmad SharifAhmad Sharif, MD, MPH | Published April 24th, 2018 - Last Review/Update May 2nd, 2018
Like a moth to a flame, we periodically have to take a close look at FHIR. As mentioned in the March 26 blog post, interoperability was the hot topic at HIMSS, and FHIR is at the blazing edge of interoperability...
Read the article →
April 23rd, 2018
Q/A: Someone Broke into My Office. What do I do Now?
By Wyn Staheli, Director of Research | Published April 23rd, 2018 - Last Review/Update January 24th, 2019
My office was broken into last night. I use electronic health records, but we do store some protected health information for my patients in paper files. These files are not secured, so the burglars did have access to them. It did not appear that the files were touched as the burglars were looking for cash. What responsibilities to I have to my patients in a situation like this? Do I need to contact them and advise them that their PHI could have been compromised?
Read the article →
February 27th, 2018
Health Information Exchange and Trusted Exchange Frameworks
By Dugan Maddux, MD, FACP | Published February 27th, 2018 - Last Review/Update April 12th, 2018
Despite progress in health IT, Health Information Exchange (HIE) remains squarely in toll booth mode, with gated stops and slowdowns that may or may not permit information to move forward. ...
Read the article →
February 5th, 2018
HIPAA Breach Settlements and Ransomware Attacks - Is Your Practice Secure?
By Wyn Staheli, Director of Research | Published February 5th, 2018
Two recent reports should make providers stop, take notice and make sure their practice's policies and procedures are up-to-date.
The first one involves a HIPAA Breach settlement of a company with facilities in several states. The OCR memo stated "In addition to a $3.5 million monetary settlement, a corrective action plan ...
Read the article →
February 1st, 2018
Are Your Computers Vulnerable to Cyber Attacks?
By Wyn Staheli, Director of Research | Published February 1st, 2018
Healthcare providers must be vigilant in ensuring that software upgrades, also known as patches, are kept current. Failure to do so can lead to a HIPAA Security Breach with all its associated penalties. For example Windows XP no longer has security updates and should not be used in healthcare settings.
On ...
Read the article →
January 31st, 2018
Mobile Health: Growing Engagement and New Responsibilities
By Dugan Maddux, MD, FACP | Published January 31st, 2018 - Last Review/Update March 29th, 2018
This week I'm blogging about an M-word. Not MACRA or MIPS, but Mobile Health or mHealth....
Read the article →
October 6th, 2017
HIPAA Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification
By Wyn Staheli | Published October 6th, 2017
In light of recent tragic events, the OIG has released a reminder that HIPAA allows for certain disclosures in these types of situations. The reminder dated October 3, 2017 states the following:
Following the recent mass shooting in Las Vegas, the HHS Office for Civil Rights (OCR) is taking this opportunity ...
Read the article →
August 16th, 2017
Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist
By NAMAS | Published August 16th, 2017 - Last Review/Update September 13th, 2017
August 4, 2017
Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist
Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology ...
Read the article →
August 4th, 2017
Cybersecurity - Are you sure you are secure?
By Wyn Staheli, Director of Research | Published August 4th, 2017
An article by Medical Economics highlights the June report of the Health Care Industry Cybersecurity Task Force. Their report confirmed once again that healthcare providers are not adequately addressing cybersecurity as part of the compliance programs. The threat of hackers is very real and providers need to ensure that they have taken ...
Read the article →
August 4th, 2017
Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist
By NAMAS | Published August 4th, 2017 - Last Review/Update August 16th, 2017
Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act)[2] and the more robust chain of liability (e.g. covered entities, business associates and ...
Read the article →
April 14th, 2017
Compliance Rules
By ChiroCode | Published April 14th, 2017 - Last Review/Update February 8th, 2019
Can we send a survey to our patients and still be compliant? Are there rules that regulate this?
Read the article →
January 23rd, 2017
HIPAA Exempt Offices (Paper)
By Wyn Staheli, Director of Research | Published January 23rd, 2017
It is a common misconception that every doctor’s office is (or must become) a HIPAA covered entity; however, the list of those who still qualify for exemption from HIPAA is rapidly shrinking. There are exceptions to the HIPAA requirements; if a practice sends or receives no transactions electronically, it is ...
Read the article →
January 23rd, 2017
Q/A: Where Can I Find More Information on HIPAA Penalties?
By ChiroCode | Published January 23rd, 2017 - Last Review/Update March 5th, 2019
Neglecting or overlooking a sound HIPAA Compliance policy can be crippling to a practice.
Where can I find more information on HIPAA penalties?
Read the article →
January 13th, 2017
Q/A: Is my Software Vendor a Business Associate to my Practice?
By Brandy Brimhall, CPC CPCO CMCO CPMA QCC | Published January 13th, 2017 - Last Review/Update February 8th, 2019
Q: Is my software vendor a business associate to my practice?
Read the article →
December 15th, 2016
How do I Determine who is a Business Associate to Our Practice?
By ChiroCode | Published December 15th, 2016 - Last Review/Update March 5th, 2019
How do I determine who is a Business Associate?
Read the article →
November 29th, 2016
Medical Billing and Coders Professional Liability
By | Published November 29th, 2016
Companies who regularly handle such sensitive information as patient medical records have a particular responsibility to maintain the confidentiality of the data. Failure to exercise the appropriate degree of care – whether intentional or not – can have a significant adverse financial impact on your firm.
The Federal Health Insurance Portability ...
Read the article →
October 14th, 2016
Q/A: Are You Liable When a Business Associate Has a Data Breach?
By ChiroCode | Published October 14th, 2016 - Last Review/Update March 5th, 2019
We have a Business Associate who has recently had a data breach, are we liable?
Read the article →
September 22nd, 2016
Are You Going to Be Penalized?
By ChiroCode | Published September 22nd, 2016 - Last Review/Update March 5th, 2019
We're flying through the last quarter of 2016! Before we know it, we'll be ringing in the new year, so we'd better be ready!
As always, there are end of the year things that we must be sure to complete so as to best prepare for the future and protect ...
Read the article →
July 5th, 2016
Q&A: We just learned that for Meaningful Use attestation, we have to complete a Security Risk Assessment. What is that and how do we do it?
By ChiroCode | Published July 5th, 2016 - Last Review/Update March 4th, 2019
Q&A:
We just learned that for Meaningful Use attestation, we have to complete a Security Risk Assessment. What is that and how do we do it?
Read the article →
May 26th, 2016
Groupon: Is it worth the risk?
By Dr. Ray Foxworth, Certified Medical Compliance Specialist and President of ChiroHealthUSA | Published May 26th, 2016 - Last Review/Update March 5th, 2019
Our team is frequently asked if it is legal for chiropractic offices to offer coupons or Groupons. We’re not allowed, as a profession, to dramatically discount our services, offer free treatments, or provide gifts or free meals for potential patients. Any one of these things can be considered an “inducement.” Practices that improperly induce patients to seek care or services, for example, by providing coupons for care or supplies, may find that they are in violation of the law if they aren’t careful.
So what will that mean to you and your practice? It isn’t pretty.
Read the article →
April 30th, 2016
Phase 2 of OCR HIPAA Audits Begins
By Wyn Staheli, Director of Research | Published April 30th, 2016
Phase 2 of HIPAA audits have begun. What do you need to know?
Read the article →
April 28th, 2016
An Important Rule that You're Probably Not Following
By ChiroCode | Published April 28th, 2016 - Last Review/Update March 5th, 2019
The HIPAA Security Rule requires that covered entities (your practice) conduct a Security Risk Assessment (SRA) for your organization, at a minimum of once per year. It is critical that practices perform the Security Risk Assessment for multiple of reasons. Not only is it important to comply with rules and regulations, but also, for what you may consider to be a more motivational reason, to protect your practice (and bank account) from what could become disabling fines and penalties.
Read the article →
April 13th, 2016
HIPAA Proposed Rule to Update Substance Abuse Confidentiality Regulations
By Wyn Staheli, Director of Research | Published April 13th, 2016
On February, 9, 2016 HHS published proposed revisions (81 FR 6988) to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, 42 CFR Part 2. Find out what changes are being considered.
Read the article →
April 13th, 2016
Lack of Business Associate Agreement (BAA) Costs Non-Profit 1.55 Million
By Wyn Staheli, Director of Research | Published April 13th, 2016
Failure to have a properly executed Business Associate Agreements (BAA) costs one organization $1.55 Million. In today's highly technological environment, it is too easy to skip the necessary precautions and easy for electronic devices to get lost or stolen. Are you prepared?
Read the article →
April 6th, 2016
HIPAA Violations - The Process Is The Answer
By Instacode Institute | Published April 6th, 2016
It's not just the names and addresses that matter -- It's the compliance. If you can demonstrate that you are hleping yourself to maintain HIPAA compliance by careful documentation and proper procedures, you can go a long way toward avoiding being fined by the HIPAA squads.
Complete & Easy HIPAA Compliance is a clear, simple “Just help me do what I have to do!” workbook that contains all the things the designated security officer must do to instantiate a robust HIPAA compliance program. It comes complete with over 45 forms and letters which can be used to state the office policies, spell out procedures, and ensure that each patient will be protected in their rights under HIPAA policy. It also can help demonstrate that a compliance program is in progress.
Read the article →
March 16th, 2016
Protected Health Information De-Identification Standards
By Instacode Institute | Published March 16th, 2016 - Last Review/Update January 27th, 2017
This article contains detailed information on the OCR guidance regarding the de-identification of Protected Health Information (PHI). Avoid HIPAA violations and learn specifically what de-identification is.
Read the article →
February 24th, 2016
Employee Exclusions Screenings Must be High Priority
By Wyn Staheli | Published February 24th, 2016
Many healthcare organizations are not aware of how critically important it is to screen their employees against ALL state and federal exclusions databases. This article has important information for organization to ensure compliance.
Read the article →
February 11th, 2016
What are the Rules for Safeguarding Patient Records?
By ChiroCode | Published February 11th, 2016 - Last Review/Update March 5th, 2019
Secure medical records is a broad topic that should be addressed in detail by all practices. There are multiple items to consider when meeting standards to best safeguard protected health information (PHI).
Read the article →
July 20th, 2015
HIPAA Standards for Claims
By | Published July 20th, 2015
(Rev. 3086, Issued: 10-03-14, Effective: ICD-10: Upon Implementation of ICD-10, ASC X12: January 1, 2012, Implementation ICD-10: Upon Implementation of ICD- 10; ASC X12: November 4, 2014)
The standards adopted under HIPAA include both a transaction standard and an implementation guide.
Claims sent electronically to Medicare must abide by the HIPAA standards ...
Read the article →
January 20th, 2015
HIPAA Helps and FAQs
By | Published January 20th, 2015 - Last Review/Update March 5th, 2019
The Health Insurance Portability and Accountability Act (HIPAA) has been around for quite some time. There are many misconceptions about HIPAA compliance that our office still gets calls about. This page is to help clear up some of these misconceptions.
All mental health providers will benefit from the common-sense approach and ...
Read the article →
October 24th, 2014
Q & A: Is it a HIPAA Violation to Email Patients?
By Evan M. Gwilliam DC MBA BS CPC CCPC QCC CPC-I MCS-P CPMA CMHP | Published October 24th, 2014 - Last Review/Update January 30th, 2017
Straight from the Office of Civil Rights:
Q: Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?
A: Yes. The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply ...
Read the article →
October 20th, 2014
4Medapproved Partner and Find-A-Code's first Mini-Course Workshop
By Christine Woolstenhulme, QCC, QMCS, CPC, CMRS | Published October 20th, 2014 - Last Review/Update March 2nd, 2016
Find-A-Code is now a 4Medapproved Partner and we are announcing our first Mini-Course workshop.
PROGRAM ANNOUNCEMENT 10/17/2014 Our first mini-course workshop will be presented by Brian Johnson, CHSP, CHSA:
HIPAA Workforce Certificate for Professionals LIVE Accelerated Workshop (1 Day/1 Hour)
LIVE ONLINE: Oct 29, 2014 at Noon EST, 11am CST, 10am MST and ...
Read the article →
October 16th, 2014
Is Compliance a Dirty Word?
By Evan M. Gwilliam DC MBA BS CPC CCPC QCC CPC-I MCS-P CPMA CMHP | Published October 16th, 2014 - Last Review/Update January 23rd, 2017
In October of 2000 in the Federal Register the Office of the Inspector General (who investigates fraud against the federal government on behalf of the Department of Health and Human Services) offered general guidelines for health care facilities to set up a “Compliance Program”. This advice has long been pushed ...
Read the article →
October 16th, 2014
Basic Fact Sheet on HIPPA Privacy and Security for Providers - CMS
By Christine Woolstenhulme, QCC, QMCS, CPC, CMRS | Published October 16th, 2014 - Last Review/Update January 30th, 2017
CMS has a released a fact sheet on HIPAA Privacy and Security basics for providers. Designed to provide education on covered entities and Business Associates under the HIPPA Privacy Rule.
Examples of a Covered Entity would be:
Doctors
Clinics
Psychologists
Dentists
Chiropractors
Nursing Homes
Pharmacies
Health Plans
Clearing houses
Any person or organization assisting in transmitting a transaction in electronic form, ...
Read the article →
September 11th, 2014
According to HIPAA, who are my Business Associates?
By Brandy Brimhall, CPC, CMCO, CCCPC, CPCO, CPMA | Published September 11th, 2014 - Last Review/Update January 30th, 2017
Providers work with many different groups and many of them have some interaction with Protected Health Information (PHI). In an effort to help us understand who qualifies as Business Associates the Department of Health & Human Services has provided some resources.
But first … what is PHI or individually identifiable health information? ...
Read the article →
September 9th, 2014
Cyber Insurance? What kind of Insurance Policy it that?
By Christine Woolstenhulme, QCC, QMCS, CPC, CMRS | Published September 9th, 2014 - Last Review/Update January 30th, 2017
Due to the increase of medical transactions stored online and in the cloud, cyber intrusions will only increase.
Cyber insurance also known as privacy and network security insurance can help cover the costs incurred if your computer system is compromised, or after a data breach which can include a HIPAA ...
Read the article →
September 9th, 2014
Do I Need Error and Omissions (E&O) Insurance for My Billing Company?
By Christine Woolstenhulme, QCC, QMCS, CPC, CMRS | Published September 9th, 2014 - Last Review/Update January 30th, 2017
Do I Need Error and Omissions (E&O) Insurance for My Billing Company?
Over the years Medical billing has been considered low risk, now it has developed into a huge liability with HIPAA, E&O and Business Associate Agreements to name a few.
HIPAA has rocked the world for small businesses. Looking at the ...
Read the article →
August 29th, 2014
Who in the World are my Business Associates?
By Christine Woolstenhulme, QCC, QMCS, CPC, CMRS | Published August 29th, 2014 - Last Review/Update January 30th, 2017
The associates in the provider’s world and healthcare society are filled with loads of potential business associates and endless Individual identifiable health information.
 We have had so many questions about business associates I thought I would go to the source and put together some information from HHS.gov, otherwise known as U.S. ...
Read the article →
July 15th, 2014
How the Internet is Reshaping Medical Coding and Billing
By David Berky | Published July 15th, 2014 - Last Review/Update January 25th, 2017
Since the Internet is affecting (usually for better) every industry, why should it come as a surprise that medical coding and billing is now heavily dependent on the Internet? Actually, a number of important challenges and changes in the healthcare industry, and in technology as a whole, are pushing medical ...
Read the article →
March 18th, 2014
How can I make sure new hires have not been in trouble with Medicare?
By Christopher Anderson, DC MCS-P | Published March 18th, 2014 - Last Review/Update January 25th, 2017
To avoid liability, it is recommended to routinely check (every 3 months) the LEIE to ensure that new hires and current employees are not on the excluded list.
One of the many parts of the compliance program is to see if your current staff (including yourself, regular staff and associate doctors) have been placed on the OIG (Office of the Inspector General) List of Excluded Individuals and Entities (LEIE).
OIG has the authority to exclude individuals and entities from Federally funded health care programs and maintains a list (List of Excluded Individuals and Entities or LEIE)of all currently excluded individuals and entities. Anyone who hires an individual or entity on the LEIE may be subject to monetary penalties.
It’s as simple as 1…2…3..
Read More
Read the article →
February 19th, 2014
Are Text Messages HIPAA Compliant?
By | Published February 19th, 2014 - Last Review/Update January 27th, 2017
As more and more people are using mobile and wireless devices, a new buzzword has emerged: mHealth. According to a National Institute of Health consensus group, mHealth is "the use of mobile and wireless devices to improve health outcomes, healthcare services and health research." Historically, the biggest gaps and HIPAA violations ...
Read the article →
September 30th, 2013
Are You Compliant with the New HIPAA Regulations?
By | Published September 30th, 2013 - Last Review/Update January 27th, 2017
September 23rd, 2013 was the deadline for HIPAA Omnibus Final Rule compliance. It seems to have just snuck up on everybody. ChiroCode has spoken with some clincis who say that they don't need to worry about it because ”they are just a small practice.” Please, do not wait any longer to ...
Read the article →
September 6th, 2013
Ominbus Final Rule and BAA Contracts Deadline
By | Published September 6th, 2013 - Last Review/Update January 27th, 2017
The official deadline for HIPAA covered entities to reach compliance with the provisions of the Omnibus Rule is officially set as September 23, 2013. This date is right around the corner and as a result, providers are concerned about meeting this deadline. The definition for a business associate has been ...
Read the article →
There are more articles.
Quick, Current, Complete - www.findacode.com