Recent OIG Studies Recommend Tighter Enforcement of the Privacy and Security Rules

The U.S. Department for Health & Human Services’ Office of Inspector General (OIG) has conducted two recent studies calling for tighter enforcement of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act (HIPAA).

OCR Should Strengthen Its Oversight of Covered Entities’
Compliance With the HIPAA Privacy Standards

In the first study, the OIG recommends that the Office of Civil Rights (OCR), the government agency responsible for enforcing covered entities’ compliance with the HIPAA Privacy Standards, should strengthen its oversight of these privacy standards. The OIG reviewed a statistical sample of privacy cases investigated by the OCR from September 2009 through March 2011, surveyed and interviewed OCR staff, reviewed the OCR’s investigation policies, and surveyed providers’ compliance with five selected privacy standards.

Based upon this review, the OIG concluded that OCR should strengthen its oversight of covered entities’ compliance with the Privacy Rule. It criticized the OCR’s oversight as “primarily reactive” and suggested they be more Continue reading

No Further Extensions for ICD-10 and MU Stage 2

strike before midnightUpdate:  On April 1, 2014, President Obama signed into law the “Doc Fix” bill, Public Law 113-93, which extends the deadline for ICD-10 for an additional year.  Section 212 of this law prohibits the Secretary of Health and Human Services from adopting ICD-10 code sets prior to October 1, 2015.

Everyone is a-twitter (pun intended) about the announcement on Thursday, February 27, 2014, from Marilyn Tavenner, the Administrator for the Centers for Medicare & Medicaid Services (CMS), that the deadline for adoption of ICD-10 will not be extended. Tavenner was the keynote speaker at the HIMSS14 conference, and numerous tweets from HIMSS attendees highlighted her assertion that CMS will stand firm on the October 1, 2014 deadline. All entities covered by the Health Insurance Portability and Accountability Act (HIPAA) must be prepared to use ICD-10 codes on transactions by this date.

Tavenner also affirmed that the deadlines for Stage 2 Meaningful Use (MU) will not be extended. Providers who are not meaningful users of Certified Electronic Health Record (EHR) Technology under the Medicare EHR Incentive Programs will face a penalty, in the form of Medicare payment adjustments. These payment adjustments will be applied beginning on January 1, 2015. Continue reading