This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
● Industry Watch CLAIMS AND CODING


CMS says no more ICD-10 delays Physicians must use ICD-10 codes on claims to payers


for services starting Oct. 1, 2014. T at point was made clear in a letter from Centers for Medicare & Medicaid Services (CMS) Acting Administrator Marilyn Tavenner to the American Medical Association’s (AMA) president, Jeremy Lazarus, M.D., dated Feb. 6, 2013. Submitted claims that do not use the new coding system will be rejected. Period. “We believe that the one-year extension through


September 30, 2014, off ers physicians adequate time to train their coders, complete system changeovers, and conduct testing,” wrote Tavenner. More than 80 physician groups represented by the AMA requested that CMS stop the changeover to the


SECURITY


Top data security tips for healthcare orgs Data breaches in healthcare are growing, insider negligence is


the root cause and mobile devices pose extensive threats to patients’ protected health information (PHI). T ose are some of the key fi ndings from the “T ird Annual Benchmark Study on Patient Privacy & Data Security” conducted by the Ponemon Institute and sponsored by ID Experts. T e research was published December 2012. You can get the report at www2.idexpertscorp.com. Despite the fact that 94 percent of the 80 healthcare organizations surveyed in the study suff ered data breaches, these events don’t have to be disastrous. Pre- and post-breach processes can be initiated and coordinated to better protect patient data and minimize impact. ID Experts, a provider of comprehensive


data breach solutions, off ers the following 10 tips from their experts to creating healthier security habits for your organization. 1. Establish mobile and bring-your-own- device (BYOD) policies that include technical controls and employee and management procedures. Rick Kam, CIPP/US, president and co-founder, ID Experts


measure risk. Most importantly, have a plan to address the risk, through remediation, mitigation or risk transfer activi- ties. Chad Boeckmann, president and chief strategy offi cer, Secure Digital Solutions, LLC


5. Immunize mobile devices against


Third Annual Benchmark Study on Patient Privacy & Data Security


Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2012


Ponemon Institute© Research Report


viruses that might steal patient data. Dr. Larry Ponemon, chairman and founder, Ponemon Institute 6. Attack your leadership team with phishing and other social engineering campaigns. Nothing raises awareness like catching people and correcting them on the spot – and it’s a lot more interesting than the annual 30-minute online security training. Michael Boyd, director of Infor- mation Security Management, Providence Health & Services 7. Use a checklist periodically to evaluate whether covered entities and business associates are in compliance with all privacy and security requirements. Sign and date the checklist to show that your organization is not guilty of “willful neglect” in complying with privacy and security laws. Jim Pyles, founding partner,


Powers, Pyles, Sutter & Verville, P.C.


2. Control the cloud, or it’ll control you. Make it a point to fully understand what cloud service-level agreements mean in practice, and then push for meaningful information on failover and disaster recovery practices used. Richard Santalesa, senior counsel, InfoLawGroup LLP


3. Have a current breach response plan that is ready and tested. T is will help pave the way for a well-executed response that can mitigate the fi nancial, legal and reputational harm caused by a security incident involving patient information. Marcy Wilder, partner and director of Global Privacy and Information Management Practice, Hogan Lovellis


4. Conduct small but focused risk assessments rotating con- trol review on a monthly basis to continually understand and


4 April 2013


8. Educate all staff to recognize applications, mobile devices and medical equipment that collect, contain or transmit patient information and/or biometric data. Train them to communicate the risk to those responsible for informa- tion security management. Christina T ielst, FACHE, vice president, Tower


9. Decide how to handle the residual risk of a data breach, how much risk to accept and how much, if any, risk to transfer through cyber insurance. Christine Marciano, president, Cyber Data Risk Managers, LLC


10. Boards should ensure their organizations have robust, board-reviewed and approved security policies and proce- dures. Larry W. Walker, president, T e Walker Company


HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com


more-complex ICD-10 system in December 2012, after the initiative had already been granted a one-year deadline extension in September 2012, from Oct. 1, 2013, to Oct. 1, 2014. “Many in the health industry are underway with the


necessary system changes to transition from ICD-9 to ICD-10,” wrote Tavenner. “Halting this progress midstream would be costly, burdensome, and would eliminate the impending benefi ts of these investments. Many private and public sector health plans, hospitals and hospital systems, and large physician practices are far along in their ICD- 10 implementation and have devoted signifi cant funds, resources and staff to the eff ort.”


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28