search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
COMPLIANCE


to implement the Security Manage- ment Process standard . . .”


The Security Rule does not specify


how frequently a risk analysis should be performed by a covered


entity


(i.e, health plan, health care clear- inghouses and health care provid- ers who electronically transmit any health information in connection with transactions for which the US Depart- ment of Health and Human Services has adopted standards). Some cov- ered entities may perform an annual assessment; others perform these assessments as needed (e.g., bi-annu- ally, annually, every two years or every three years) depending on the size of the entity and its policy stipulations. Remember, once a policy regarding frequency is established, your facility (covered entity) will need to prove it is in compliance with that policy.


Non-existent or outdated business associate agreement. ASCs must


ensure that their vendor contracts and business associate agreements are cur- rent. The HIPAA Privacy Rule requires covered entities to enter into written contracts with business associates to protect the privacy of PHI. A business associate that performs a service on behalf of a covered entity that involves the use and disclosure of PHI must sign a covered entity’s Business Asso- ciate Agreement (BAA) or other writ- ten agreement. The BAA defines the permitted uses and disclosures of PHI as well as prohibitions. While a covered entity is not required to monitor a business asso- ciate, a covered entity is required to obtain satisfactory assurance from its business associate(s) that ensures the business associate will safeguard its PHI. The following is an excerpt: HIPAA Privacy Rule §164.504(e)”. . . requires CEs, and BAs using vendors and or BA subcontractors to obtain “reasonable assurances” from the


MANAGE SURGICAL FLUIDS


OUR ENVIRON-MATE® DM6000 SERIES SUCTION-DRAIN™ SYSTEMS MANAGE YOUR SUCTIONED FLUIDS!


THREE SYSTEMS AVAILABLE! • Surgery/OR - DM6000-2A (Shown) • GI/Endoscopy - DM6000-2 • SPD/Utility Room - DM6000


COMPACT, WALL-MOUNTED UNITS • Only 13.5”w X 16”h X 5.5”d (DM6000-2A) • Save Valuable Floor Space


USE DM6000-2A FOR SURGERY • Unlimited Fluid Compactly • Arthroscopy, Cystoscopy/Urology • Available with Fluid Totalizer


NO MORE CANISTERS! • Reduce Room Turnaround Time • Eliminate Staff Exposure to Fluids • Save Canister and Solidifier Costs


DM6000-2A


person to whom the information is dis- closed that it will be held confidentially and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person.” Common content verbiage


in a


BAA may state that the business asso- ciate is to make available its policies and procedures related to the Use and Disclosure of PHI to the covered entity. Occasional push-back comes when a business associate refuses to provide specific policies and proce- dures related to PHI safeguards stat- ing that its policies and procedures are confidential and proprietary. HIPAA Security Rule § 164.314(a)(1) “. . . instructs the covered entity to docu- ment the attempt(s) in good faith to obtain satisfactory assurance and the reasons that such assurance cannot be obtained or are refused…” Please refer to Security Rule § 164.314(a)(1) for the complete guidance. In addition, always consult legal counsel for any suspected or known contract breach. When performing the HIPAA com- pliance audits, HHS OCR will not only review the policies and procedures for the covered entity but also determine whether the covered entity has reviewed its business associate policies as part of reasonable assurance practices.


Cristina Bentin, is the president of Coding Compliance Management LLC in Baton Rouge, Louisiana. Write her at cristina@ccmpro.com.


ASCA Offers HIPAA Resources for ASCs


PROMETHEAN ISLAND® FROM MD TECHNOLOGIES INC.


Mat Size 46" x 30"


800.201.3060 mdtechnologiesinc.com


 Collect fluids before they reach the floor  Accurately measure spilled irrigation fluids  Reduce Post-Op clean-up/turnaround time


ASCA developed the HIPAA Workbook for ASCs to help surgery centers meet the requirements the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and reduce their HIPAA-associated risks. Visit www.ascassociation.org/ hipaa for more information.


24 ASC FOCUS JUNE/JULY 2017 |www.ascfocus.org


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42