Health Information Compliance Alert

Published on Thu Jan 03, 2013 PDF

Physicians, there’s a new HIPAA compliance tool on the market that’s been designed specifically for you.

The American Medical Association and HIPAAdocs Corp. announced Nov. 11 the creation of AMA HIPAALink, a subscription service that seeks to help physicians “identify current shortcomings in their current security and privacy policies, and generate new HIPAA-compliant policies and procedures.”

The HIPAALink includes training for privacy officers and other staffers who routinely work with protected health information, and the service provides access to materials and guidance specifically tailored for small health care organizations’ compliance needs.

The HIPAALink includes a gap assessment to aid privacy officers, a policy generation tool, online training resources and regulatory updates.

For more information on the service, go to http://www.ama-assn.org/ama/pub/category/8910.html.

• Technology borrowed from managed care plans by large companies can be used to extract patients’ private data, the Denver Post reports.

Consumers identified as potential risks for developing expensive or chronic medical conditions are then paired with nurse managers who have access to the patient’s medical history. The nurses then make phone calls, offer prescription advice and even recommend doctors for the patient’s particular ailment.

This form of “outcomes management” saves corporations money and potentially improves  the conditions of patients.

The idea is to stop skyrocketing health care  costs to employers, but critics argue that patient  privacy is being illegally manipulated while federal  rules, including the Health Insurance Portability
and Accountability Act, are being thrown by the  wayside.

To see the article, go to: www.denverpost.com/Stories0,1413,36%7E33% 257E979848,00.html?search=filter.

• Every state in the nation asked for a oneyear delay with the Health Insurance Portability and Accountability Act’s transaction and code set provisions, according to Richard Friedman, director of Centers for Medicare & Medicaid Services.

Friedman said Nov. 1 at the Fifth National HIPAA Summit that all 50 states have requested the delay with the rule and thus have until Oct. 16, 2003 to reach compliance with the rule.

He added that CMS may withdraw matching Medicaid improvement funds from states if they fail to comply with the new transaction and code set rules, yet he expressed optimism that most states would reach compliance by October of next year.

• Compliance officers nationwide are having a tough time with their risk assessment plans and document management, but one compliance officer thinks her organization has a handle on things.

Tara Shewchuk, corporate compliance officer  with Chicago-based Resurrection Health  Care, tells Eli that the process was very similar to  her organization’s Y2K efforts. 

Shewchuk says Resurrection had each department manager be responsible for completing the risk assessment for his or her own area. Each facility had a coordinator, who collated all the responses into one risk assessment for the facility, she explains.

Risks were identified and ranked as either posing no risk, low risk or high risk. Shewchuk says Resurrection’s HIPAA task force is now in the process of reviewing these various, completed risk assessments.  During initial reviews, she identified several common issues for which they set up separate task forces (e.g. disaster recovery, accuracy of the MPI, establishing access controls, etc). The next step is to  prioritize the risk areas and develop remediation plans and to include policies and procedures.