Optum360 coding books logo
    Contact Us   (7 a.m.–7 p.m. CST)
  Home > Coding Central Articles > Coding Central Articles  
Coding Central
Coding Central Home
Inside Track to ICD-10
Coding Central Articles
Code This!
Case Studies
Chargemaster Corner

Articles for:
March 27, 2018

Spring OPPS Update Released

The Centers for Medicare and Medicaid Services (CMS) summarized the spring update to the outpatie... Learn More

Therapy Caps Repealed and Payment for Therapy Assistant Services Lowered

Medicare payment caps on outpatient therapy were permanently repealed effective January 1, 2018. ... Learn More

OIG Update Work Plan, Studies Cardiac Device Credits

In March, the Office of Inspector General (OIG) posted several updates to its existing Work Plan,... Learn More

View Article Archive

To subscribe, paste this link into your preferred feedreader, or click on one of the buttons below:

Medical Coding News Archives

Time for a HIPAA Compliance Check-up

March 25, 2008:
The Centers for Medicare and Medicaid Services (CMS) announced that it will begin conducting onsite reviews and investigations to evaluate Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance; violations are subject to penalties. Information was posted on the CMS Web site on February 20 regarding these onsite HIPAA security investigations and compliance reviews. A checklist titled "Information Request for Onsite Compliance Reviews" was also posted on the Web site that provides examples of the information that may be requested during an investigation or review.

CMS’s Office of E-Health Standards and Services (OESS), which will oversee the onsite investigations and compliance reviews, suggests that covered entities review the checklist to evaluate their current level of compliance and identify any vulnerable areas. (The Department of Health and Human Services’ Office for Civil Rights [OCR] is the enforcement body for the HIPAA privacy regulations.) Covered entities under the HIPAA Security Rule include health care providers, health plans, and health care clearinghouses.

According to CMS, the primary difference is onsite investigations will be complaint-driven while compliance reviews will develop from non-complaint sources of information such as self-reported incidents. These compliance reviews are separate from and not related to the Office of Inspector General (OIG) compliance audits.

CMS has contracted with PricewaterhouseCoopers (PWC) to conduct HIPAA security compliance reviews in 2008. These PWC compliance reviews will focus on entities with existing security complaints. Although HIPAA Security Rule violations are subject to penalties, CMS says the intent of the reviews includes an educational component. According to CMS, the reviews will continue as CMS gauges industry response.

Sarah A. Serling, CPC, CPC-H, CPC-I, CCS-P, CCS
Clinical Technical Editor


Sign in to
Your Account
Forgot your username?
Forgot your password?
Don't have an account?
It's easy to create one.

Promo code

Have a promotional source code? Enter it here:

What is this?