Optum360 coding books logo
    Contact Us   (7 a.m.–7 p.m. CST)
  Home > Coding Central Articles > Coding Central Articles  
Coding Central
Coding Central Home
Inside Track to ICD-10
Coding Central Articles
Code This!
Case Studies
Chargemaster Corner

Articles for:
January 25, 2018

Four Tests Added to List of CLIA Waived Tests

In early January, the Centers for Medicare and Medicaid Services (CMS) announced new waived tests... Learn More

New and Revised Vaccine Codes Added to 2018 CPT Code Book

The American Medical Association (AMA) added and revised several vaccine CPT codes for its 201... Learn More

OIG Recommends Measures for Curbing Opioid Misuse and Fraud

Office of Inspector General testimony before the House Committee on Ways and Means in January ... Learn More

View Article Archive

To subscribe, paste this link into your preferred feedreader, or click on one of the buttons below:

Medical Coding News Archives

Time for a HIPAA Compliance Check-up

March 25, 2008:
The Centers for Medicare and Medicaid Services (CMS) announced that it will begin conducting onsite reviews and investigations to evaluate Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance; violations are subject to penalties. Information was posted on the CMS Web site on February 20 regarding these onsite HIPAA security investigations and compliance reviews. A checklist titled "Information Request for Onsite Compliance Reviews" was also posted on the Web site that provides examples of the information that may be requested during an investigation or review.

CMS’s Office of E-Health Standards and Services (OESS), which will oversee the onsite investigations and compliance reviews, suggests that covered entities review the checklist to evaluate their current level of compliance and identify any vulnerable areas. (The Department of Health and Human Services’ Office for Civil Rights [OCR] is the enforcement body for the HIPAA privacy regulations.) Covered entities under the HIPAA Security Rule include health care providers, health plans, and health care clearinghouses.

According to CMS, the primary difference is onsite investigations will be complaint-driven while compliance reviews will develop from non-complaint sources of information such as self-reported incidents. These compliance reviews are separate from and not related to the Office of Inspector General (OIG) compliance audits.

CMS has contracted with PricewaterhouseCoopers (PWC) to conduct HIPAA security compliance reviews in 2008. These PWC compliance reviews will focus on entities with existing security complaints. Although HIPAA Security Rule violations are subject to penalties, CMS says the intent of the reviews includes an educational component. According to CMS, the reviews will continue as CMS gauges industry response.

Sarah A. Serling, CPC, CPC-H, CPC-I, CCS-P, CCS
Clinical Technical Editor


Sign in to
Your Account
Forgot your username?
Forgot your password?
Don't have an account?
It's easy to create one.
Promo code

Have a promotional source code? Enter it here:

What is this?

Code This!

Test your coding knowledge!