General Surgery Coding Alert
Your Small Practice Size is No Protection From HIPAA Audit
Keep alert for verification requests.
The Office of Civil Rights (OCR) random desk audits will continue through Dec. 2016, and word on the streets is that even small practices are in the auditor’s sights.
“A covered entity is required to comply with HIPAA, regardless of its size,” explains Michael D. Bossenbroek, Esq., of Wachler & Associates, P.C. in Royal Oak, Michigan.
If you’re part of a small surgical group, here are some pointers to help you make it through a possible audit, breach, or complaint that will bring you before the OCR investigators.
Respond to Verification Request
If you or your business partners receive an Audit Entity Contact Verification form, don’t panic. This important form is meant to verify the contact information of the covered entities at the practice.
Receiving the form does not necessarily mean that you’ve been selected for an audit, says Seattle-based attorney Casey Moriarty of Ogden Murphy Wallace. “Although receipt of the communication is not a guarantee of an audit, it is the first step in a process that may lead to a comprehensive HIPAA compliance audit of your entity.”
No safe haven: “The OCR has stated that if an entity doesn’t respond [to the verification form], it does not mean the entity will avoid an audit,” says Bossenbroek.
Bottom line: It’s wise to respond to the verification request to establish correct contact information and avoid confusion down the road.
Do the Basics
“It is a real challenge for smaller practices with limited resources to comply with HIPAA,” Bossenbroek says. “However, there is what I would refer to as ‘low hanging fruit’ or basic HIPAA compliance issues that OCR has repeatedly identified and that a practice could address without much difficulty.”
For instance, you should have written compliance policies and procedures, and an assigned compliance officer. Templates and advice are available from multiple sources, as you can see below:
Go to the agencies: Some of the best advice devoted to both HIPAA privacy and security rules comes from the government agencies themselves. Here are some great resources for any size practice:
Support groups: If you can’t afford to engage a HIPAA-compliance vendor or law firm, there are other organizations that can offer insight. For example, don’t overlook the professional organizations you are involved with, Bossenbroek suggests.
“It is my experience that medical societies have collaborated on HIPAA compliance, such as offering presentations and materials,” he says.
For instance: You might find helpful information from this site by the American College of Surgeons: www.facs.org/advocacy/regulatory/hipaa.
Related Articles
General Surgery Coding Alert
- CPT® 2017:
Overhaul Laryngoplasty and Flexible Laryngoscopy Coding
Add lesion ablation and other specific procedure choices. When your surgeon performs a flexible laryngoscopy [...] - ICD-10:
5 Tips Perfect Your Burn Coding
Use ‘X’ placeholder properly. When your surgeon encounters patients for burn treatments, you’ll need to [...] - Compliance:
Your Small Practice Size is No Protection From HIPAA Audit
Keep alert for verification requests. The Office of Civil Rights (OCR) random desk audits will [...] - You Be the Coder:
Document EMR Steps
Question: When our surgeon performs an EMR, we find that payment for the claims is hit [...] - Reader Question:
78 Modifier Identifies Complication During Global
Question: Our surgeon performed a partial colectomy with anastomosis. Six days later, the patient returns to [...] - Reader Question:
Zero in on Scrotal Hernia Code
Question: The surgeon performs laparoscopic hernia repair for a strangulated left scrotal hernia. What is the [...] - Reader Question:
Report Single AV Shunt
Question: I code for certain dialysis arteriovenous shunt services like angioplasty and stenting. May I report [...]
