Quality and Compliance News

April 26, 2017 

NEWS...

 

Make Sure Your Business Associate Agreements are in Place

 

Brought to you by: Katherine Becker,  JD, LLM, CHC, CHPC, CPC, Associate Consultant

 

The U.S. Department of Health and Services (HHS) recently settled a potential HIPAA violation with a small for-profit covered entity. The settlement includes a $31,000 fine as well as the requirement to implement a corrective action plan. The investigation began in August 2015 when the Office of Civil Rights (OCR) began looking into a business associate that stored records containing protected health information (PHI). During their investigation of the business associate, the OCR initiated a compliance review of the covered entity as well. It was determined that while the covered entity had been disclosing PHI to the business associate since 2003, neither party was able to provide a signed Business Associate Agreement prior to October 2015.

 

This illustrates how important it is for you to make sure that you have business associate agreements in place with all the necessary vendors. A business associate is anyone who creates, receives or maintains PHI for a covered entity. Examples of business associates include but are not limited to: accounting firms, attorneys, billing companies, clearinghouse, shredding companies, consultants, answering services and outside transcription services.

 

Tips for Business Associate Agreements:

 

  • Make sure you have a business associate agreement in place before providing any vendor with your PHI.
  • Many corporate vendors will want you to sign their business associate agreement. Make sure you read through the agreement to make sure the terms they have chosen are compliant with both federal and state regulations. For example, here in the state of Florida we often see agreements that allow the business associate 30 days (or more) to notify the covered entity of a breach of unsecured PHI. Florida has its own state privacy law called the Florida Information Protection Act (FIPA). FIPA requires that a business associate notify the covered entity of a breach within 10 days. It is important that you get the vendor to change any requirements that would not keep you in compliance with federal and state regulations. Never assume that a corporate vendor has put terms in their agreements that are in your best interests or that contemplate different state regulations. 
  • Make sure your business associate agreement includes a purpose and scope of services, if appropriate. This is important so that you can show the reason that you gave the vendor access to PHI was appropriate and that the scope of access was reasonable.
  • Review your business associate agreements on a regular basis. Make sure that the scope of the original agreement is still valid. If the vendor has been given more or less access, make sure you update the agreement accordingly. If you realize a business associate agreement is no longer necessary, read through the terms of the agreement and make sure that all the requirements of termination have been completed. Examples of things that may need to occur when a business associate agreements ends are: return of records, terminating access to computer systems, getting a certificate of destruction, or if records cannot be returned or destroyed an agreement from the business associate that the records will be protected as long as the business associate has them.

 

As you can see there is a lot to think about when it comes to entering into relationships with business associates. It is important to make sure that you have a process in place for entering into these agreements and making sure the agreements are up to date. Make sure you have someone in your office who is tasked with being in charge of this process. It is important that everyone in your office is aware of these requirements and that they are letting the person tasked with this responsibility know before anyone establishes a new relationship with a vendor.

"Revised" Advance Beneficiary Notice of Noncoverage (ABN)

 

Brought to you by: Jean Acevedo, LHRM, CPC, CHC, CENTC, AAPC Fellow

 

The Office of Management and Budget (OMB) periodically reviews the ABN (Form CMS-R-131) and in March of this year (2017) approved it for renewal. There are no changes to the form itself, but the expiration date has been changed to 03/2020. For Medicare purposes, for an ABN to be considered valid, the provider must use the most recent version of the CMS-R-131. We are sending this out to you with the recommendation that you begin to use the new form as soon as possible.  For your convenience, you can access the “new” version, in both English and Spanish, in Word so that you can personalize the form with your practice/organization information by clicking the appropriate language below.

 

English                         Spanish

Educational Opportunities...

 

 

HIPAA Compliance Update (West Palm Beach, FL)

Participants will learn about recent enforcement actions and what to be on the lookout for in their own practice.  Hear tales from the trenches about where we see practices succeeding with HIPAA as well as their mistakes you can learn from. Learn which policies you may be overlooking in your own practice, and learn about the OIG’s latest guidance on patient access to their records and how much they can be charged for medical records.

 

Speaker: Katherine Becker, JD, LLM, CHC, CHPC, CPC

May 10, 2017 11:30 a.m. - 1:00 p.m. (EDT)

Palm Beach County Medical Society

Register

 

Providers, Counsel, Consultants: Compliance Liability and Risk  (San Juan, PR)

HCCA Regional Conferences provide a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational opportunities for compliance professionals to strengthen the industry.

 

Speaker: Jean Acevedo, LHRM, CPC, CHC, CENTC, AAPC Fellow & Lester Perling, Esq.

May 18, 2017 3:45 - 5:00 p.m. (EDT)

Health Care Compliance Association

Register

 

 

HIPAA Update  (Webinar)

This presentation will highlight the latest trends in HIPAA such as where we are seeing enforcement actions. We will also share real life examples of where practices have struggled with HIPAA and what you can do to avoid the same situation. We will also discuss the steps you should be taking to proactively protect your practice.

 

Speaker: Katherine Becker, JD, LLM, CHC, CHPC, CPC

May 25, 2017 12:00 - 1:00 p.m. (EDT)

Network of Florida Otolaryngologists

Register

 

 

For more upcoming educational events, please click here

 

Please forward this publication to others who may also be interested in this information.

Acevedo Consulting Incorporated 

2605 W Atlantic Ave, D102 Delray Beach, FL 33445
561-278-9328

Share on social

Share on FacebookShare on X (Twitter)Share on Pinterest

Visit our website