Anesthesia Coding Alert
Don’t Let Your Practice Size Justify Slack Security
Even smaller groups can use these tools from the feds. Data security is important no matter what size your practice might be. Keeping up to date against the latest threats can sometimes be intimidating, especially for smaller practices, but a new website from the feds can help you quickly track down advice on a variety of topics. Plus, since the site is designed with healthcare organizations in mind, it could become one of your go-to resources for information on reducing data risks, creating a cybersecurity training program, and more. The basics: The Department of Health and Human Services (HHS) set up a website for its 405(d) Aligning Health Care Industry Security Approaches Program in December 2021. The online tools are a collaboration between industry experts and the feds (aka the HHS 405(d) Task Group) and aims to align healthcare organizations’ compliance with regulations to better fight cyber threats en masse, an HHS release suggests. “This website is the first of its kind! It’s a unique space where the healthcare industry can access vetted cybersecurity practices specific to the [healthcare and public health] HPH sector on a federal government website,” says Erik Decker, 405(d) Task Group Industry co-lead, in the HHS release. “I think it’s a great resource for the HPH sector to turn to and will surely be a go-to site for organizations that want to better protect their patients and facilities from the latest cybersecurity threats.” Start Here to Better Understand the 405(d) Website Among HIPAA’s Security Rule provisions, the option to design your organization’s compliance program can be simultaneously liberating and daunting. The 405(d) guidance touches on this perennially challenging task. “The great thing about 405(d) is that it offers 10 best practices to improve security, and it breaks them down into recommendations based on organizational size,” says Jen Stone, MCIS, CISSP, CISA, QSA, principal security analyst, with Security Metrics in Orem, Utah. “This means that even small practices with limited funding can get started with reasonable security controls.” With the 405(d) resources, practices can access tools to help with common issues that sometimes lead to data breach problems later on. “For example, implementing unique account IDs will allow a small organization to prevent terminated employees from accessing protected information after they leave. This type of account management is an area where we have seen significant breaches occur, but it’s preventable using tools that are already paid for or have free versions,” Stone explains. Smaller providers don’t always have the financial means nor the staff to dedicate toward cybersecurity and risk management; however, the 405(d) identifies the most common threats to these organizations and offers role-specific tips. “Healthcare professionals, especially in smaller practices, often struggle because they take on many roles,” Stone points out. “Cybersecurity best practices aren’t complex, but not everyone knows where to find a quick summary of threats or the solutions to counter them. Fortunately, 405(d) offers both.” She adds, “A few of the most effective practices include multi-factor authentication, anti-malware, and timely patching.” Important: With more staff working from home, new challenges have popped up with access and security controls. Another area of critical importance is cybersecurity education — employees must understand the risks associated with remote work and how to recognize problems. “Remote staff are becoming well versed in the technologies that keep us together while apart,” Stone says. “The real trick is to make training meaningful so people will pay attention and retain it. Make sure the training you choose is focused on the type of work each staff member does so it will help them counter privacy and security challenges they will actually face.” Resource: Find the 405(d) website at https://405d.hhs.gov/public/navigation/home.
Related Articles
Anesthesia Coding Alert
- Reimbursement:
Do You Know When an Emergency Leads to +99140?
Let these tips help guide your usage. Appending qualifying circumstances (QC) codes to a claim [...] - Modifier Update:
Stay Atop These Medicare Changes to Locum Tenens Guidelines
Modifier QC is still valid — but under a new name. If your anesthesia practice [...] - Practice Management:
Don’t Let Your Practice Size Justify Slack Security
Even smaller groups can use these tools from the feds. Data security is important no [...] - You Be the Coder:
Here’s How to Translate Kenalog Quantities to Units
Question: How many units of J3301 are included in 4 mL of Kenalog? I’m stumped because [...] - Reader Questions:
Don’t Try to Calculate Anesthesia RVUs for ESP Blocks
Question: What are the anesthesia values for 64461 and +64462 when our provider administers an erector [...] - Reader Questions:
Code 62273 Does Not Apply to Dural Tear Repair
Question: Our anesthesiologist blocked a lumbar dural tear with a single piece of gelfoam. Should we [...] - Reader Questions:
Ask These Questions to Help Pinpoint Headache Diagnoses
Question: Some of our less experienced coders need help pinpointing the correct diagnosis code for headache [...] - Reader Questions:
Watch Anatomic Location for Difference Between +77002 and +77003
Question: I have multiple questions about fluoroscopy codes +77002 and +77003. What is the difference between [...] - Reader Questions:
Be Conscious of Technology “Dead Zones” and Potential Effects
Question: The Wi-Fi network at our hospital has the bandwidth to meet clinical, administrative, and visitor [...] - Reader Questions:
Verify Whether Anesthesia Codes Include Hypothermia
Question: I know we can’t always add +99116 to a claim when the anesthesiologist notes hypothermia. [...]
