The ONC has released a new guide (click here to download the PDF) as an aid to physician practices in the process of becoming compliant with theMeaningful Use $$ incentive requirement for privacy and security. A “Myths and Facts” section on page 11 is definitely worth reading.
A good summary of this guide can be found here.
Continue reaching out to your healthcare clients, and see how you can help!
Some important healthcare program deadlines have been delayed again — here is a quick update:
HIPAA 5010: Was March 31,2012, now delayed until June 30, 2012 (click here)
ICD-10: Was October 1, 2013, now delayed until ??? “Health and Human Services will announce a new compliance date moving forward.” (click here)
Meaningful Use: CMS and ONC intends to finalize the Stage 2 rules by midyear 2012. Stage 2 will begin in 2014 (click here )
Beginning on January 1, 2012 the new HIPAA 5010 electronic transaction standards will affect almost every aspect of a physician practice’s reimbursement and revenue stream (click here). This may require software upgrades, workflow changes and employee training. Employee training on the 5010 regulations does not count for the Retraining Tax Credit since it involves regulations. However, employee training on the new/upgraded software and workflow changes may count for the Retraining Tax Credit. Talk with your clients about their preparation for HIPAA 5010 and let them know that a tax credit could help out.
We had a lot of questions about our recent article on HIPAA and Business Associates (called a BA). One of the key determining factors is “access to protected health information.” This information may include patient health information or health information of the employees of the healthcare provider.
We talked with Paige Joyner, President of Compliance +, LLC, a consulting firm that provides customized compliance and training solutions for HIPAA and other regulatory programs (click here). She provided the following information:
The CPA firm may be considered a BA of the healthcare provider (called a Covered Entity) if the firm receives any patient data or employee health information and then does something with it on the Covered Entity’s behalf.
Many Covered Entities are requiring their CPA firms to sign a BA agreement in order to continue the business relationship (that is, sign if you want to continue working with them, regardless of your situation). Signing the agreement is only half the battle. All Business Associates must have HIPAA policies and procedures in place and be able to verify their compliance if asked.
An interesting AICPA article provides more insight regarding CPAs, BAs and the new HIPAA regulations (click here).
Know what you are signing, it could come back to bite you later!