Please excuse the mess. This page is still under construction.
Cost of HIPAA Non-Compliance
>$1Million Paid to OCR by Lifespan
A Corrective Action Plan and $1,040,000 is the cost for Lifespan Health System Affiliated Covered Entity (ACE) to settle the potential HIPAA violation related to an unencrypted stolen laptop.
Lifespan Corporation, the parent company and business associate of Lifespan ACE, filed a breach report with The Office for Civil Rights (OCR) concerning the theft of an affiliated hospital employee’s laptop containing electronic protected health information (ePHI) including: patients’ names, medical record numbers, demographic information, and medication information. The breach affected 20,431 individuals.
OCR’s investigation determined that there was systemic noncompliance with the HIPAA Rules including a failure to encrypt ePHI on laptops after Lifespan ACE determined it was reasonable and appropriate to do so. OCR also uncovered a lack of device and media controls, and a failure to have a business associate agreement in place with the Lifespan Corporation. The resolution agreement and corrective action plan can be viewed by clicking here. HIPAA Compliance Training is available – click here for more information.
FQHC Provider Fails to Implement Multiple HIPAA Security Rule Requirements
Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed to pay $25,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Metro is a Federally Qualified Health Center (FQHC) in rural North Carolina. The breach affected 1,263 patients.
OCR’s investigation revealed longstanding, systemic noncompliance with the HIPAA Security Rule. Specifically, Metro failed to conduct any risk analyses, failed to implement any HIPAA Security Rule policies and procedures, and neglected to provide workforce members with security awareness training until 2016.
“Health care providers owe it to their patients to comply with the HIPAA Rules. When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information,” said Roger Severino, OCR Director.
COVID-19 Prompts New Items Added to OIG Work Plan
End Stage Renal Disease Networks' Responsibilities During COVID-19
The Centers for Disease Control (CDC) has stated that beneficiaries with serious underlying medical conditions, such as end stage renal Disease (ESRD), are at higher risk for severe illness from COVID-19. This important topic prompted a new item to the July Office of Inspector General’s (OIGs) Work Plan. Click Here to read more.
Audit of Indian Health Service's Coverage of COVID-19 Testing
The OIG intends to audit COVID-19 related funding to the Indian Health Services (HS) COVID-19 relief. Between the various programs a total of $611 Million has been funded to HIS Federal Health Program and Tribal health programs. The OIG will audit allocation and utilization of these fund. Click Here to read more. Click Here to view all recently added items on the OIG Work Plan!
COVID-19 CMS Reponse to the PHE
MLN SE20011 Fact sheet was updated by the Centers for Medicare & Medicaid Services (CMS) on July 24, 2020 to make clarifications to the publication regarding the Families First Coronavirus Response Act and Waivers to Coinsurance and Deductibles. A new section is added to show that it applies to lab tests regardless of the HCPCS codes used to report COVID-19 related tests. Click Here to download the updated version of SE20011. Read our Article on “Unraveling the CMS COVID-19 PHE Modifiers”. Register for the COVID-19 Coding & Billing Encounters short course.
COVID-19 Impact on Medicare Beneficiaries
The Centers for Medicare & Medicaid Services (CMS) has a page dedicated on the national CMS website called “Preliminary Medicare COVID-19 Data Snapshot”. The Fact Sheet and other information is posted to this page which reports COVID-19 cases and hospitalizations data for Medicare beneficiaries based on ICD-10 diagnosis codes B97.29 (report from Jan 1, 2020 through March 31, 2020) and code U07.01 as of April 1, 2020. Click Here to learn more.
COVID-19 Code 87426 Added List Not Requiring NPI of Ordering Provider
During the COVID-19 Public Health Emergency (PHE), CMS is relaxing requirements for a limited number of laboratory tests required for a COVID-19 diagnosis. These tests do not require a practitioner order during the PHE. Code 87426 was added to this list which reports “Infectious agent antigen detection by immunoassay technique, (e.g., enzyme immunoassay [EIA], enzyme-linked immunosorbent assay [ELISA], immunochemiluminometric assay [IMCA]) qualitative or semiquantitative, multiple-step method; severe acute respiratory syndrome coronavirus (e.g., SARS-CoV, SARS-CoV-2 [COVID-19])”. Click Here for the May 2020 list to which code 87426 is being added. For online training in Coding & Billing COVID-19 Related Encounters, click here.
COVID-19 PHE Tip Sheets
COVID-19 Public Health Emergency (PHE) tip sheets are available for the home health, Inpatient Rehabilitation Facility (IRF), Long-Term Care Hospital (LTCH), and Skilled Nursing Facility (SNF) Quality Reporting Programs. These tip sheets provide guidance on quality data submission requirements starting July 1, 2020, now that the temporary exemptions ended.