Pain Management Coding Alert
HIPAA Knows no Borders
PDF
Question: Our practice uses a small cloud services provider (CSP) based in Canada to store information. Does the Health Insurance Portability and Accountability Act (HIPAA) still apply to our business arrangement since the vendor is outside the U.S.? Codify Subscriber Answer: Yes, HIPAA regulations still apply to this relationship. All of the rules about electronic protected health information (ePHI), including the need for business associate agreements (BAAs), are still in effect even when the partnering vendor is not based in the U.S. Expert opinion: “Be aware that HHS Office for Civil Rights [OCR] warns of increased risk to ePHI processed or stored outside of the U.S., especially if the server is in a country where cybersecurity risk is high,” says Grant Elliott, CEO of Ostendio and co-founder and president of the Healthcare Cloud Coalition (HC3). “More cloud service providers are touching ePHI every day,” Elliot continues. “While the OCR provides sample Business Associate Contract provisions as they relate to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules, it doesn’t state specifically how the contracted parties can be sure that the provisions are followed.” Review OCR guidance on writing up BAAs at www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html.
Related Articles
Pain Management Coding Alert
- ICD-10 Coding:
Dig Into Notes to Strike Migraine Coding Gold
Most, but not all, migraine codes require a sixth character. A patient has a migraine [...] - Q&A:
Stay Sharp With Trigger Point Documentation Smarts
Take this expert advice on what to include to cement your TPI claims. Coding for [...] - Modifiers:
Make Friends With Modifier 25 to Stave Off Denials, Audits
Use these FAQs to get the lowdown on this much-used modifier. If you think your [...] - You Be the Coder:
Answer Branch Question Before Choosing Destruction Code
Question: An established patient with trigeminal neuralgia reports to the PM physician complaining of facial pain. [...] - Reader Question:
Lack of CC Can Cause Coding Confusion
Question: An established 66-year-old patient presented to our provider. She did not state a specific complaint. [...] - Reader Question:
Pain in the Neck? Use These ICD-10 Codes
Question: When a patient reports to the PM physician complaining of neck pain, what is the [...] - Reader Question:
Interpreter Won't Always Mean More MDM Points
Question: We recently took on a new patient who is deaf. The patient came with [...] - Reader Question:
Use These Tips for Spontaneous Rupture Dx
Question: Notes indicate that the provider performed an evaluation and management (E/M) service for a new [...] - Reader Question:
Check for Arthrography Before Choosing X-ray Code
Question: Notes indicate that the PM physician performed a knee X-ray along with an ankle [...] - Reader Question:
Make ESI Coding Easy With Add-on Smarts
Question: I have some questions about billing for epidural steroid injections (ESIs). Patient #1 that [...] - Reader Question:
HIPAA Knows no Borders
Question: Our practice uses a small cloud services provider (CSP) based in Canada to store [...]