Compliance & Legal
The Office of Inspector General is once again calling out CMS for failing to adequately address fraud vulnerabilities in electronic health records.
There's a right way to manage third-party risks and vendor contracting, and there's the wrong way. And, too often, it's the latter. But it doesn't have to be. Here are some things your organization should keep in mind.
It turns out many healthcare organizations get more than a few things wrong about their information security frameworks.
The threat from hackers affects all business, but healthcare providers face the additional threat of fines for failure to comply with HIPAA regulations. These fines are no mere speeding ticket.
One takeaway from the ICD-10 hearing on Capitol Hill this Wednesday? The majority of healthcare stakeholders called on federal lawmakers to issue no more delays for the code set implementation start date, which is set for Oct. 1.
Some 45,000 people are getting HIPAA breach notification letters after a mental health provider failed to encrypt laptops containing medical data and Social Security numbers.
A five-facility mental health organization in Alaska has agreed to pay up and shape up its HIPAA compliance program after a Department of Health and Human Services investigation found the group failed to appropriately safeguard patient data.
Your organization can have the most well-crafted privacy and security policies in the world. But if those policies are accompanied by lukewarm emphasis and no accountability, or your staff just downright ignores them, you have a big security problem -- just like the folks at one Ohio-based health system did last week.
The EHR audits are coming. The Office of the Inspector General will continue to pay closer attention to the healthcare industry's use of electronic health records -- in particular HIPAA security, EHR incentive payments and fraud, according to the office's recently released 2015 work plan.
When the Office for Civil Rights knocks on your door, asking about HIPAA compliance, it pays to be ready. And OCR is looking to audit providers ranging from large to small, and across a wide geographical distribution.