From Report on Patient Privacy - What if…someone at Community Health Systems, Inc., had discovered the cyber intruder that had wormed its way into CHS’s network before it bundled up and off-loaded data for 4.5 million patients? With a workable incident response plan in place — which is required under the 2005 HIPAA security rule, by the way — CHS very well could have stopped the attack and prevented the data loss. A threat that is contained and eliminated means data remain safe and there’s no reportable “breach” under the HIPAA definition. Read more

From Report on Medicare Compliance - A discrepancy between the number of licensed beds and the number of beds billed, perhaps partly because of Medicare’s two-midnight rule, may put hospitals at risk with regulators. About 35 states have certificate-of-need (CON) laws, which limit the number of beds that hospitals may fill and bill for, usually by type of service. Read more

Compliance Blog

By AIS Staff - July 15, 2014
The scandal at the Department of Veterans Affairs (VA) that has so outraged the nation over veterans’ access to medical care also has pointed the spotlight on whistleblowers and a covered entity’s compliance with whistleblower protection laws. This month’s issue of Report on Patient Privacy (RPP)...
By AIS Staff - June 16, 2014
Let’s say, for whatever reason, you wanted an electronic copy of your medical records. You have a right to them, by law, except that’s not what’s happening at many HIPAA covered entities. For its June issue, Report on Patient Privacy (RPP) took a look at the websites of several prominent health...
By Nina Youngstrom - March 10, 2014
Two recovery audit contractors have a bone to pick with some of the changes planned by CMS for the next round of the five-year RAC contracts and have filed “pre-award” protests with the Government Accountability Office (GAO), Emily Evans, a partner in Obsidian Research Group in Nashville, said at a...

It's quick and easy to sign up for FREE access to!

Why do I need to register?