Practice Management Alert
Refine Your Breach Reporting Knowledge
Hint: The categories of breach are pretty all-encompassing. You and your colleagues may be well-versed in Health Information Portability and Accountability Act (HIPAA) compliance, but it’s often prudent to test your knowledge. Review breach procedures annually, especially because data and compliance breaches are on the rise. Even a minor breach of patient protected health information (PHI) or electronic PHI (ePHI) can be a death knell for small organizations, but you can try to ward off such occurrences by bolstering your compliance education and protocols. Plus, the HHS Office for Civil Rights (OCR) takes breach risk analysis and planning into account when evaluating organizations’ HIPAA breaches. “A comprehensive HIPAA plan serves to reduce the risk of a breach, as well as mitigate potential fines in the event of a breach,” counsels attorney John E. Morrone, partner with Frier Levitt LLC in New York City. “Recent settlements indicate that OCR will continue to penalize entities not only on the basis of a breach itself, but also for failing to have in place the requisite safeguards that HIPAA requires to limit and/or prevent such an occurrence.” Test your knowledge of the HIPAA Breach Notification Rule with this true and false quiz. See page 12 for answers. 1. Breaches and breach notifications are clear-cut; there are no exceptions. a. True 2. Breaches cannot be reported to the HHS secretary until covered entities (CEs) know the exact number of individuals affected. a. True 3: When the CE’s patients’ contact information is outdated or deficient, it can release a “substitute individual notice.” a. True 4: CEs are expected to notify impacted individuals “without unreasonable delay” within 60 days after finding a breach. a. True 5: The only thing a CE must provide to patients whose PHI was breached is a notice of the incident. a. True 6: Business associates are off the hook when it comes to the Breach Notification Rule. a. True 7: CEs have the extra duty of fulfilling other administrative requirements per the OCR and HIPAA after a breach. a. True
b. False
b. False
b. False
b. False
b. False
b. False
b. False
Practice Management Alert
- Compliance Quizzer:
Refine Your Breach Reporting Knowledge
Hint: The categories of breach are pretty all-encompassing. You and your colleagues may be well-versed [...] - Staffing Decisions:
Adjust Your Policies and Protocols for Remote Coders
Cross these t’s and dot these i’s before hiring a remote coder. Having a coder [...] - Compliance Quizzer:
Check Your Answers Here
Tip: Bolster your protocols for additional peace of mind. Answer 1: False. Not every issue can [...] - Reader Question:
Write a Form to Keep Credit Cards on File
Question: We recently had a consultant come in to evaluate our accounts receivables and collections. [...] - Reader Question:
Encrypt Your Devices
Question: I’ve been reading a lot about encryption and hearing about it in the news. [...] - Reader Question:
Don't Use This Code for No-Shows
Question: My office has had an uptick in no-show patients. One of my coders says [...] - Reader Question:
Note These Levels of Appeals
Question: I submitted a claim to my region’s Medicare Administrative Contractor (MAC) for a Part [...]
