Practice compliance requires vigilance and oversight, which can be a challenge for orthopedic surgery practices today and their corresponding medical coding, billing and collections process. Merging the practice of medicine with the business of healthcare can result in a high wire balancing act that can result in updates slipping through the cracks, especially when there’s a continuous stream of changes.
The right orthopedic surgery revenue cycle management process has got you covered.
This just in. According to a January 16, 2013 edition of Industry News, “Your practice can no longer brush off breaches of electronic patient health information (ePHI) files if fewer than 500 patients are exposed. Small breaches carry the same risk for all providers, according to HIPAA and HITECH regulations.”
The U.S. Department of Health and Human Services (HHS) defines a breach as “the unauthorized acquisition, access, use, or disclosure of protected health information, which compromises the security and privacy such that the use of the information poses significant risk of financial, reputational, or other harm to the affected individual.”
Regarding ePHI, only “unsecured” breaches trigger the notification requirement.
According to HHS, ePHI breaches nearly doubled last year, mostly as the result of lost or stolen laptops.
All affected individuals must be notified within 60 days when a breach occurs via regular mail or email (if permission was given)—or, if this information is outdated, by other methods such as the web or print advertisement. Industry News also explains that “If the breach involves PHI for more than 500 individuals, the breach must also be reported to a major media outlet serving the affected individuals. You must include the following in the notice:
- The date of the breach and when it was discovered
- A brief description of the incident that led to the breach
- Description of the unsecured PHI involved>/
- Suggested steps individuals should take to protect themselves against any problems stemming from the breach
It’s important to avoid a breach when you have an updated, comprehensive compliance plan as part of your orthopedic surgery revenue cycle management. Staying abreast of updates in risk and compliance requires an independent medical coding and billing company that has special expertise in orthopedic surgery compliance and risk management.
Just how can risks be eliminated? Implement these steps, as indicated by Industry News, into your orthopedic surgery practice compliance plan:
- Include mobile device security in your orthopedic surgery compliance plan
- Take the time to analyze what practices put your data at risk. A hospice or home health agency, for example, needs its staff to carry laptops to patients’ houses. Use of the Cloud for ePHI storage rather than the computer’s hard disk, along with extensive training about computer security might prevent similar breaches.
- Perform a thorough assessment of potential risks to the confidentiality, integrity, and availability of ePHI your practice holds, and implement security measures that are reasonable and appropriate to reduce risks and vulnerabilities to an acceptable level.
Another item to add to the list is to engage a proven orthopedic surgery revenue cycle management partner that’s a results-proven leader in orthopedic surgery compliance and risk management.
revMD.com is the results-proven alternative for healthcare revenue cycle management, with a niche specialization in orthopedic surgery medical coding and billing that generates unprecedented results and builds profitable medical practices. Leveraging a history of industry wide success spanning 25 years, revMD.com partners with medical practices in Arizona and throughout the U.S. to optimize revenue for hospital based and practice based physicians. For more information, visit www.revmd.com.
About the Author