Part B Insider (Multispecialty) Coding Alert
Car Break-in Leads to $750,000 HIPAA Settlement for One Practice
PDF
White House: CMS not making enough effort to fix errors.
An Indiana oncology practice agreed to pay $750,000 and create a “robust corrective action plan” after a breach that could have exposed information about 55,000 current and former patients, the Department of Health and Human Services announced on Sept. 2.
Three years ago, the Office of Civil Rights (OCR) discovered that someone stole a laptop bag from the car of an employee of the cancer practice. The laptop and an unencrypted backup storage device went missing during the theft, and they included the names, Social Security numbers, dates of birth, addresses and other protected health information (PHI) for thousands of patients.
When the OCR looked deeper at the practice’s habits, the agency found that it had never conducted a risk analysis after discovering the breach in 2012, nor did the practice have a written policy regarding how to handle PHI on portable hardware and electronic media devices.
“Organizations must complete a comprehensive risk analysis and establish strong policies and procedures to protect patients’ health information,” said OCR Director Jocelyn Samuels in the Sept. 2 statement. “Further, proper encryption of mobile devices and electronic media reduces the likelihood of a breach of protected health information,” she added.
Resource: To read more about the case, visit www.hhs.gov/news/press/2015pres/09/20150902a.html .
In other news…
Although it might feel like CMS is doing everything it can to keep money away from medical practices, the White House believes the agency isn’t doing enough to save cash.
That’s the takeaway from a Feb. 26 letter that Office of Management and Budget (OMB) Director Shaun Donovan sent to HHS Secretary Sylvia Burwell, in which he said that the OMB believes “a more aggressive strategy can be implemented to reduce the levels of improper payments we are currently seeing.”
The letter, which was made public after the Center for Public Integrity filed a Freedom of Information Act suit, also said that the Medicare Fee-for-Service improper payment estimate in 2014 was $9.7 billion higher than the previous year, and the Medicaid improper payment amount was $3.1 billion higher than 2013 levels. “The $12.2 billion improper payment amount remains a concern,” Donovan said.
Donovan urged Burwell to find “new and innovative ways to address the problem” and use “every tool at our disposal” in that effort. This will probably mean that the Department of Health and Human Services, as well as its Office of Inspector General, will be using new strategies to ensure that mistakes are brought to a minimum. Keep an eye on the Insider as these new tactics are unveiled to find out how HHS intends to implement additional ways to eliminate overpayments.
Related Articles
Part B Insider (Multispecialty) Coding Alert
- Audits:
NGS Medicare: "TMI" Does Not Apply to Documentation
Additional notes can be helpful, this MAC’s reps say. If a claims reviewer asks to [...] - ICD-10:
MediCal: We'll Convert ICD-10 Claims to ICD-9 Before Processing
California’s Medicaid payer isn’t quite ready to accept ICD-10 codes. Although you’re required to submit [...] - ICD-10:
5 FAQs Lead You to Last-Minute ICD-10 Answers
If you don’t know the diabetes type, you should default to this. You’ve got just [...] - Reader Question:
Routine Additions of 99211 Are Bad Idea
Question: Our practice’s physicians want to report 99211 with 85610 for prothrombin time checks and with [...] - Part B Coding Coach:
Xolair Injection Payments Hinge on Local Payer Policy
Always check your insurer’s rules before reporting 96401. If you dread choosing the right code [...] - Physician Notes:
Car Break-in Leads to $750,000 HIPAA Settlement for One Practice
White House: CMS not making enough effort to fix errors. An Indiana oncology practice agreed [...]