Observation services are an ongoing point of confusion for hospitals and patients, many of whom have become fearful of out-of-pocket costs and SNF coverage eligibility associated with outpatient observation services. Developing a workflow to comply with the Notice of Observation Treatment and Implication for Care Eligibility (NOTICE) Act and the Medicare Outpatient Observation Notice (MOON) is essential and is intended to help hospitals ease patients' concerns by clearing up the implications of observation.
Reconciliation is a noun meaning "the process of finding a way to make two different ideas, facts, etc. exist or be true at the same time." In the world of clinical documentation improvement (CDI), "reconciliation" typically refers to diagnosis-related group (DRG) reconciliation, which is the process of adjusting DRGs when those assigned by the CDI specialist do not match those assigned by the coder.
Q: Can I leave a patient a voicemail about an MRI procedure, including the time and date? What should I do if someone else at the patient's home answers the phone? How much info can I leave with the other person, and how can I verify that person's identity and relation to the patient?
One of the more challenging aspects of a case manager's job is helping to ensure a patient successfully transfers from the hospital to the next level of care. Under a set of proposed revisions to Medicare's Conditions of Participation (CoP) announced in November 2015.
Hackers and malware are routine threats for most healthcare organizations, but this year saw criminals add a devastating tool to their arsenal: ransomware.
Although the dramatic increase in ransomware attacks against healthcare organizations is largely a recent phenomenon, ransomware itself is not new. According to the FBI, it's been around for several years, but the agency began to see an uptick in ransomware attacks in 2015, particularly against organizations. Early this year, the Department of Defense specifically warned healthcare organizations that they are a top target for ransomware. As ransomware continued to grab headlines and lawmakers called for official action, HHS released ransomware response and prevention guidance for healthcare organizations (www.aha.org/content/16/160620cybersecransomware.pdf).
State and federal lawmakers took notice as well. At a March 22 joint hearing of the House of Representatives subcommittees on Information Technology and Health Care, Benefits, and Administrative Rules, some lawmakers suggested HIPAA should be modified to specifically require covered entities and business associates to report ransomware attacks.
Security officers must act now to protect their organizations, and in turn, organizations must be prepared to invest in security and carefully follow related policies. The price for failing to do so could be high.
Paper records persist despite healthcare's steady move to purely electronic documentation. Although paper records are simpler to secure than electronic records in some ways—you can't phish your way into a locked file cabinet—they also can't be encrypted. If a paper record is left out on a desk, there's little that can be done to prevent an unauthorized individual from reading it or even taking it. Papers can easily be misplaced or lost. They can be mixed up with another patient's records—or other unrelated papers—on a desk or be put back in the wrong file. And papers can all too easily fall unnoticed out of a file while being taken from one place to another.
Paper is still generated at multiple points, from new patient information forms to medical records that must be printed in part or whole if another provider's EHR system isn't interoperable. Keeping track of paper and ensuring it stays secure remains a challenge for privacy officers, but it can be managed through sound policies and alert staff.
Medical records that exist only on paper and are not digitized will be kept in a folder system. Staff may need access to these records for reference or to make copies, Ruelas says. That means paper records can pass through many hands throughout their lifetime, leaving them vulnerable to simple breaches.
Despite the security headaches caused by electronic information, electronic files can be protected against casual viewing by unauthorized individuals through proper encryption. Paper has no such protection, Frank Ruelas, MBA, principal of HIPAA College in Casa Grande, Arizona, says. "Paper records, unlike electronic records, are immediately readable," he warns. "One doesn't need an electronic interface along with a login and passwords."
You also can't easily track paper and log how many people have looked at it. An electronic file may leave a trace even if it's deleted, but a missing paper won't be noticed until someone actually goes looking for it. "Unlike electronic systems, paper documents can be seen and taken by someone without leaving a trace," Kate Borten, CISSP, CISM, HCISSP, founder of The Marblehead Group in Marblehead, Massachusetts, says. And although electronic records are more likely to be involved in large-scale breaches, there can still be paper record breaches involving thousands of patients, she says.
