Earn CEU credit Cathy Garrey, Connect with your - Health Care ...

More documents

Recommendations

Info

Complying with the HIPAA Privacy Rule – What you need to know ...continued from page 65 Confidential communications. Under the Privacy Rule, individuals have the right to request that communications of PHI be made by alternative means (e.g., by mail instead of by telephone) or at alternative locations (e.g., at work instead of at home). Health care providers are required to accommodate all reasonable requests. Health plans must accommodate reasonable requests only if the individual clearly states that the disclosure of PHI could endanger the individual. Is your rehabilitation program ready to face the auditor’s microscope Inpatient and outpatient rehab providers are experiencing increased scrutiny from their fiscal intermediaries and others. The 75% Rule, the Recovery Audit Contractor (RAC) project, and focused reviews for medical necessity have changed the way rehabilitation providers operate. Most rehab providers have not established effective mechanisms to assure the integrity of their operating and billing practices when viewed by a third party. The full consequences may only be apparent when it is too late. Noblis provides solutions-focused services across the post-acute care continuum and we can help solve the IRF compliance puzzle and help you face the future of rehab. Contact Noblis’ Center for Health Innovation Post-Acute Strategy experts (404.231.4422) to discuss customized solutions to your compliance needs. We will help you to climb out from under the auditor’s microscope. www.noblis.org/healthcare • 404.231.4422 Administrative requirements The Privacy Rule requires covered entities to implement certain administrative requirements. In effect, these requirements create an obligation for covered entities to establish a privacy compliance program. That is, many of the requirements are similar to the elements of a general health care compliance program. For example, covered entities must: n Designate a privacy officer. n Develop and implement privacy policies and procedures. n Provide training to all members of the workforce. n Have a process in place for individuals to make complaints regarding privacy issues, including issues related to the covered entity’s compliance with the Privacy Rule and its own privacy policies and procedures. n Have and apply appropriate sanctions against employees who violate the Privacy Rule and/or the covered entity’s privacy policies and procedures. n Refrain from intimidating or engaging in any retaliatory acts against individuals who exercise their rights under the Privacy Rule or who file a complaint against the covered entity. n Mitigate any harmful effect that results because of an act of noncompliance with the Privacy Rule or the covered entity’s privacy policies and procedures. n Implement appropriate administrative, technical, and physical safeguards to protect the privacy of PHI. n Maintain documentation as required by the Privacy Rule. Enforcement The HHS Office for Civil Rights (OCR) is responsible for enforcing the Privacy Rule. OCR has the authority to impose civil monetary penalties (CMPs) for violations of the Privacy Rule. CMPs are limited to $100 per violation with a maximum of $25,000 per year for each identical Privacy Rule requirement that is violated. The United States Department of Justice (DoJ) has the authority to impose criminal penalties for violations of the Privacy Rule. Specifically, if a person or entity knowingly obtains or discloses PHI in violation of the Privacy Rule, the person or entity may be liable for up to $50,000 and/or may be imprisoned for up to one year. If a person or entity obtains or discloses the October 2008 66 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
PHI under false pretenses, that person or entity may be subject to $100,000 in fines and/or five years in prison. In addition, if the individual obtains or discloses PHI with an intent to sell, transfer, or use it for commercial advantage, commercial gain, or malicious harm, that individual or entity may be fined up to $250,000 and/or be imprisoned for up to 10 years. It is important to note that there is no private right of action under HIPAA. Therefore, an individual may file a complaint with HHS with respect to a covered entity’s compliance with the Privacy Rule, but he or she may not file an action against the covered entity for violating the Privacy Rule. Conclusion As stated above, in order to comply with the Privacy Rule, a person or entity must, at a minimum, determine: n if the Privacy Rule applies, n what information is protected, and n what uses and disclosures of PHI are permitted. In addition, covered entities must have procedures in place to allow individuals to exercise their rights with respect to their PHI. Finally, and perhaps most importantly, covered entities must implement the administrative requirements required under the Privacy Rule. These administrative requirements create a HIPAA privacy compliance program infrastructure that is necessary to ensure compliance with the Privacy Rule’s requirements. Because Privacy Rule enforcement is a complaint-driven process, it is important to have this infrastructure in place, not only to comply with the law, but also to: n Reduce the potential for incidents to occur that may give rise to complaints; and n Be able to show OCR or DoJ that PHI is properly safeguarded by the covered entity. Such proof may be essential to avoid civil or criminal penalties should a Privacy Rule violation occur. n 1. Public Law 104-191. 2 67 Fed. Reg. 53182 (Aug. 14, 2002) codified at 45 C.F.R. Parts 160 and 164. To Register visit www.hcca-info.org Whistleblower Claims in Healthcare October 8 Part 1: A Compliance Perspective Available on CD Part 2: The Enforcement Perspective Carmen Wolf, Principal, BlickenWolf LLC Patrick Coffey, Partner, Locke Lord Bissell & Liddell Linda Wawzenski, Assistant United States Attorney, Deputy Chief, Civil Division, United States Attorney’s Office 2008 MACS and RACS: What It Means For The Lab — October 14, 2008 In this presentation you will learn about Medicare Administrative Contractors (“MAC’s”) and the MACs process both Part A and B claims allowing for increased program integrity. The full fee-for-service workload is scheduled to be transitioned to the MACs by October 2009. 2009 OIG Work Plan for Hospitals & Physicians — October 23 & 24 Be prepared for the year ahead by taking advantage of the HCCA’s presentation of the 2009 OIG Work Plan for Hospitals. Outstanding speakers combine with engaging interaction for a serious, in-depth look at the OIG’s key compliance concerns for fiscal year 2009. If you’re looking for OIG Work Plan coverage that is substantial and to‐the‐point don’t miss this conference An Insider’s Guide to Workplace Investigations October 30, 2008 Meric Craig Bloch, Vice President–Corporate Compliance, Adecco S.A. Past Audio/Web conferences are available on CD at www.hcca-info.org/ pastweb Health Care Compliance Association • 888-580-8373 • www.hcca-info.org 67 October 2008
Page 1 and 2:
Volume Ten Number Ten October 2008
Page 3 and 4:
INSIDE Publisher: Health Care Compl
Page 5 and 6:
which ensures that the understandin
Page 7 and 8:
Table 1: 14 CLAS Standards U.S. Dep
Page 9 and 10:
Scholarship Recipients The Four Dua
Page 11 and 12:
and need emergency care (e.g., an i
Page 13 and 14:
Court analyzes first case under Sta
Page 15 and 16: It was established in 1969 in respo
Page 17 and 18: and get linked up with e-newsletter
Page 19 and 20: Social networking Many compliance p
Page 21 and 22: Focus on Organizational Compliance
Page 23 and 24: Medicare’s medical necessity crit
Page 25 and 26: Is no notice enough notice Legal pr
Page 27 and 28: Exploring the question: Does this r
Page 29 and 30: “Does this really make a complian
Page 31 and 32: Certification - the recognized mark
Page 33 and 34: suffice. This potential error can b
Page 35 and 36: Introducing Compliance & Ethics Soc
Page 37 and 38: who typically sell multiple plans o
Page 39 and 40: n State OIG that fight Medicaid fra
Page 41 and 42: Coordinating external requests for
Page 43 and 44: The what, why and how of Medicare C
Page 45 and 46: The what, why and how of Medicare C
Page 47 and 48: to hear the message first. Educatin
Page 49 and 50: COMPLIANCE ACADEMIES February 2-5 S
Page 51 and 52: or whistleblower lawsuit. Moreover,
Page 53 and 54: SEC Disclosure: Managing informatio
Page 55 and 56: Upcoming Regional Conferences Octob
Page 57 and 58: SEC Disclosure: Managing informatio
Page 59 and 60: Complying with the HIPAA Privacy Ru
Page 61 and 62: Health Care Compliance Association
Page 63 and 64: HM-MDaudit_1_08.qxd 1/25/08 4:10 PM
Page 65: Complying with the HIPAA Privacy Ru
Page 69 and 70: Improving competitiveness and compl
Page 71 and 72: Speakers Sharon Anolik Blue Cross B
Page 73 and 74: commitment to overhaul deficient co
Page 75 and 76: e g i s t e r n o w f o r HCCA’s
Page 77 and 78: New principles can help advance ind
Page 79 and 80: New principles can help advance ind
Page 81 and 82: When to use a monitor Although some
Page 83 and 84: ASKLEADERSHIP John asks the leaders
Page 85 and 86: Enforcement actions in health care
Page 87 and 88: Corruption enforcement actions targ
Page 89 and 90: “I am a compliance professional a
Page 91 and 92: n M. Michelle Walker, LifePoint Hos
Page 94: 600 U.S. BANK PLAZA SOUTH 220 SOUTH
show all

Earn CEU credit Cathy Garrey, Connect with your - Health Care ...

Create successful ePaper yourself

Delete template?

Save as template?