Subscribe by Email

Your email:

Latest Posts

Customer Success resized 157

"When I call Home Care Software Solutions, I receive consistent, excellent support.Of the three vendors we interviewed, HCSS was the one who demonstrated their willingness to work with a new startup agency, with the equipment, with the training. If I was to go to another agency tomorrow, and they didn't have CareSmart AMS, I would pick up the phone and call Home Care Software Solutions, Inc. I refuse to work with any other company or software."

Mandy A. - Solutions Home Health Inc.
HCSS CLIENT SINCE 2009

Follow Me

CareSmart Blog

Current Articles | RSS Feed RSS Feed

CareSmart Blog - CHAMP Tools for your Home Care Agency

Posted by Michelle Harper on Thu, Sep 06, 2012
 

CHAMPThe CHAMP program has provided free-to-use evidenced base tools on their website

This month, CHAMP is focusing on dementia education and they have 26 tools specifically focused on assessing and treating patients with dementia.

 

Some of the tools you may find useful (this is only a sample, many more can be found on the CHAMP website)

AD 8 Dementia Screening Interview

A brief informant interview to detect dementia that can be used as a general screening device to detect cognitive change with different types of informants. The interview can be done with a family member, other informant, or the patient themselves.

Alzheimer's Disease: Unraveling the Mystery

This easy-to-read book explains what Alzheimer's Disease (AD) is, describes the main areas in which researchers are working, and highlights new approaches for helping families and friends care for people with AD.

Assessing Pain in Older Adults with Dementia (Try This, Issue D2)

A tool for assessing pain with cognitively impaired older persons and information on its use. Published by the Hartford Institute for Geriatric Nursing.    

Certified Nursing Assistant Pain Assessment Tool (CPAT)CareSmart Blog

A quick, easy-to-use tool for direct-care providers to measure pain in cognitively impaired older adults. Originally developed for use in nursing homes, the CPAT could be adapted to home care. (Also download the teaching instructions, provided separately).

Pain in Dementia: Family and Caregivers Guide to Assessment and Treatment

A brochure for caregivers that provides advice on assessing pain in older adults with dementia.

Tips to Enhance Interactions with Dementia Patients

Communication tips from the Alzheimer's Foundation of America to help improve verbal and non-verbal interactions with dementia patients. (print-friendly format available; and in Spanish)

CHAMP also has a great blog that you may want to check out.  This months topic is "Getting to the Right Diagnosis: When Dementia Isn't Alzheimer's". 

 

 

CareSmart AMSHome Care Software Solutions, Inc.  provides integrated home health software solutions with CareSmart AMS software.

Looking for software or billing solutions for your home health or hospice agency?

Check out CareSmart AMS, EDI Smart Reader, Data Smart Online Backup and CareSmart Billing.

Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , , , , , ,

Data Smart - Back Up Your Home Health and Hospice Agency!

Posted by Michelle Harper on Fri, Aug 31, 2012
 

Backup your agency with a trusted industry provider, Home Care Software.Data Smart Online Backup

Many post-acute care providers fail to implement regular preventative maintenance for their computer networks. With the complexity of day-to-day operations, data backup may be the last of a agency owner’s worries. But the nature of health care is what makes online backup so crucial - an agency can be completely wiped out by a data loss event.

Your home health patient and accounting data is vulnerable:

100% of disk and tape drives will eventually fail.

An average of 50% of critical corporate data resides on unprotected PC desktops and laptops.

Computer viruses cost U.S. businesses upwards of $55 billion in damages.

Don’t become a statistic. For over 18 years, Home Care Software has provided software, tools, and service solutions to home care providers.  With Data Smart Online Backup, your agency can be assured of HIPAA-compliant data backup. Even if your web-based EMR provides backup, don't forget about other electronic agency data including emails, accounting software, etc.

If you invest time and resources into your agency,  you should invest in your backup system.

No matter how capable your agencies IT Department may be, they deal with multiple tasks throughout the course of your business.  After a disaster or data loss event, your home heatlh and hospice agency may stop while you attempt to repair your network, or find someone who will. Data Smart Online Backup will save time and help you avoid costly repair bills. With so much on the line, secure your information online.

Oftentimes, shortcomings are discovered only after a major event wipes out significant data.

Only 34% of agencies actually test their tape backups once they’re in place.

Of the 34% that test, more than three-quarters find failures in their backup systems.

Data Smart Online Backup

  • Simple. One-Click File Sharing lets you share files with anyone with an email address.
  • Powerful. Our powerful recovery tool keeps an unlimited version history of all your files. This exclusive tool allows you to recover any version of your file from any given date.
  • Secure. We use a three-tiered encryption system which encrypts data on the user’s computer, again in transit and finally when at rest in storage.

For more information on how you can protect your agency's data, visit us here or call Home Care Software at 866-355-3164.

CareSmart AMS Home Care Software Solutions, Inc. provides integrated home health software solutions with CareSmart AMS software.

Looking for software or billing solutions for your home health agency?

Check out CareSmart AMS and CareSmart Billing.


Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , ,

Don’t Let a Disaster Destroy Your Home Health Agency!

Posted by Michelle Harper on Tue, Aug 07, 2012
 

Data Smart Online Backup

Disaster Recovery is a difficult but necessary element of any successful health care provider. Though disasters are unpleasant to consider, they are an unfortunate reality of the Internet Age. Think of technological disasters as the inevitable downside to the substantial benefits of managing your business online.

60% of small businesses go out of business within 6 months of losing critical data in a disaster.

Disaster Recovery is the ability to continue work  and see patients after a catastrophic event. This includes a crippling computer virus, hardware malfunction or even a natural disaster such as a fire or a flood. Disaster Recovery differs from Data Backup - simply having a copy of your data is insufficient to get your business back up and running should something happen.

 

Data Smart Online BackupEvery business needs a structured disaster recovery plan. With Data Smart Online Backup from Home Care Software, you can have tailored backup services to fit your home health or hospice agency. With server backup and recovery, remote office protection, laptop and desktop protection, and file archiving, your agency will be prepared for the worst.

Contact Home Care Software now for a no-cost, no obligation analysis of a comprehensive disaster recovery plan.

We provide industry-specific features for home health and hospice agencies.  HIPAA, enacted by Congress in 1996, established standards for the security and privacy of healthcare-related data. This legislation charged healthcare professionals and organizations with taking measures to ensure that their electronic data systems were fully compliant with HIPAA regulations. Those regulations explicitly state that any health care provider, clearinghouse or health care facility that electronically maintains or transmits health information for individuals must establish procedures for backup & recovery.

The odds of something happening to your data are high. The costs of restoring your system are even higher. According to the National Computer Security Association, without having an adequate backup solution in place it takes:

  • 19 days and $17,000 to recreate just 20 MB of lost sales/marketing data
  • 21 days and $19,000 to recreate just 20 MB of lost accounting data
  • 42 days and $98,000 to recreate just 20 MB of lost engineering data

Hopefully you will never need to use a disaster recovery plan, but if you do, you’ll be glad you planned ahead. You don’t want your customers to think there’s any room for failure – with secure online disaster recovery, there isn’t.

CareSmart AMS

Looking for software solutions for your home health agency?  

Check out CareSmart AMS.



Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , , , , , ,

Steps to Assess ICD-10 Transition - Home Health and Hospice Providers

Posted by Michelle Harper on Tue, Jul 31, 2012
 
CMS ICD-10

Although the final rule on the proposed ICD-10 deadline change has yet to be published, it is important for home health and hospice agencies to continue planning for the transition to ICD-10. The switch to the new code set will affect every aspect of how your organization provides care, from registration and referrals, to software/hardware upgrades and clinical documentation.

 

A critical step in planning for the transition is to conduct an impact assessment of how the new code sets will affect your organization. Your impact assessment should include: 

  • Documentation Changes: You will need to consider the increased specificity of ICD-10 codes compared to ICD-9 codes, and ensure that patient encounters are documented with appropriately comprehensive clinical descriptions. You should:
    • Train staff to accommodate the substantial increase and specificity in code sets
    • Consider physician workflow and patient volume changes
    • Revise forms, documents, and encounter forms  to reflect ICD-10 codes
    • Evaluate processes for ordering and reporting lab/diagnostic services to health plans
  • Reimbursement Structures:  You should coordinate with payers on contract negotiations and new policies that reflect the expanded code sets, since they can affect reimbursement schedules.
  • Systems and Vendor Contracts: Ensure your vendors can accommodate your ICD-10 needs. Find out how and when your vendor plans to update your existing systems. You will need to review existing and new vendor contracts and to evaluate vendor offerings and capabilities against your organization's expectations. Work with your vendors to draft a schedule for needed tasks.
  • Business Practices: Once you have implemented ICD-10, you will need to determine how the new codes affect your processes for referrals, authorizations/pre-certifications, patient intake, physician orders, and patient encounters.
  • Testing: Work with your vendors to determine the amount of time needed for testing and schedule accordingly.

 

ICD-10 will affect nearly all areas of your agency, but with a thorough impact assessment, you can keep your day-to-day activities running smoothly while you transition to ICD-10.

Keep Up to Date

Please visit the ICD-10 website for the latest news and resources to help you prepare.

CareSmart AMS

Home Care Software provides integrated home health software solutions with CareSmart AMS software.

Looking for software  or billing solutions for your home health agency?

Check out CareSmart AMS and CareSmart Billing.

Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , , , ,

Home Care Software Alert - CMS Home Health, Hospice Open Door Forum

Posted by Michelle Harper on Mon, Jul 09, 2012
 

cms.govThe next CMS Home Health, Hospice, & DME Open DoorForum is scheduled for :

Date: Wednesday, July 11, 2012;
Start Time: 2:00 PM Eastern Time (ET);
Please dial in at least 15 minutes prior to call start time.
Chair- Randy Throndset
Co Chair – Nancy O’Connor, Moderator: Gregory Price.
Open Door Forum Participation Instructions: This call is Conference Call Only.

1. To participate by phone:
Dial: 1-800-837-1935 & Reference Conference ID#: 76228833.


Persons participating by phone are not required to RSVP.


TTY Communications Relay Services are available for the Hearing Impaired. For TTY services dial 7-1-1 or 1-800-855-2880. A Relay Communications Assistant will help.
Encore: 1-855-859-2056; Conference ID: 76228833.


Encore is an audio recording of this call that can be accessed by dialing 1-855-859-2056 and entering the Conference ID. This recording will be accessible beginning 2 hours after the call and will expire after 3 business days.


For ODF schedule updates, E-Mailing List registration and Frequently Asked Questions, visit our website at http://www.cms.gov/opendoorforums .

The Centers for Medicare & Medicaid Services "Open Door Forums" provide an opportunity for live dialogue between CMS and the provider community at large, in order to understand and then help find solutions to contemporary program issues. Such issues may already exist or may be just developing within the various patient care settings impacted by agency regulations. Open Door Forum participants learn from each other's discussions, uncover useful clarifications regarding the different rules and instructions associated with coverage, coding, and payment, and generally become more of an asset to their office or facility's well being. The Forums also proactively engage beneficiary advocates in discussions of the opportunities and challenges associated with supporting access, improving medical outcomes, lowering costs, and improving quality within our programs.
 
Home Care Software provides integrated home health software solutions with CareSmart AMS software.
Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , ,

CMS Updates - Home Health

Posted by Michelle Harper on Thu, Apr 26, 2012
 

CMS.govCMS issues final rule on provider identification number 

Providers and suppliers who submit claims to Medicaid and Medicare must include an identification number on enrollment applications and payment claims, according to a final rule.

In a regulation that's effective June 26, the inclusion of a National Provider Identifier — which is a 10-digit provider identification number — will save Medicare $1.6 billion over 10 years, the Centers for Medicare & Medicaid Services estimates. The NIP, which also is required in HIPAA transactions, is used to verify certification as a means of curbing Medicare and Medicaid fraud and abuse.

While most providers already have an NPI, CMS said the savings estimate was calculated based on that a small number of patients would go to doctors without enrollment numbers, and therefore won't receive referrals for items like durable medical equipment.

Click here to read the full rule.

 

CMS Names Top 10 Survey Deficiencies

During the National Association of Home Care and Hospice’s (NAHC) March on Washington and Law Symposium, CMS representatives took part in a panel to discuss regulatory and policy initiatives. Key points discussed included payment policy, survey and certification, and medical review activities in homecare.

Of particular interest to us was that according to a CMS representative, the top 10 home health survey deficiencies, with their associated G-tags, are:

  • Written Plan of Care established & periodically reviewed (G158)
  • Plan of Care covers diagnosis, required services, visits, etc. (G159)
  • Record with past/current findings maintained for all patients (G236)
  • Assessment includes review of all medications (G337)
  • Compliance with accepted professional standards/principles (G121)
  • Supervisory visits if skilled care no less than once every 2 weeks (G229)
  • Coordination of Patient Services (G143)
  • Skilled Nursing Services furnished in accordance with Plan of Care (G170)
  • RN prepares notes, coordinates, informs MD, other staff of changes (G176)
  • Drugs and treatment administered only as ordered by physician (G165)

Most of these deficiencies are not a surprise to homecare providers. For example, plan of care deficiencies have long been prevalent in homecare. The most troublesome thing is that many of these top 10 deficiencies are repeated, or recurrent, and can be prevented. This is further validation that agencies must put compliance with the Conditions of Participation on their priority list sooner rather than later.

From the MLN: “Home Health Prospective Payment System” Fact Sheet Revised - The “Home Health Prospective Payment System” fact sheet (ICN 006816) has been revised and is now available in downloadable format. It includes the following information: background, consolidated billing requirements, criteria that must be met to qualify for home health services, coverage of home health services, elements of the HH PPS, updates to the HH PPS, and healthcare quality.

 

EDI Smart Reader


Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , ,

Home Health and Hospice Best Practices for Billing

Posted by Gretchen Swank on Wed, Apr 04, 2012
 

CareSmart Billin

The billing processes for home health, hospice and physicians are becoming increasingly more complicated.  Implementing best practices in your office will provide the framework for successful billing.

1. To avoid reimbursement delays, utilize a variety of resources to check the status of claims.
Immediate access of payer websites, payer portals and DDEs, as well as making telephone calls, all enable you to identify claims issues much sooner. Checking claims response files on a daily basis ensures that any rejection is corrected and/or rebilled by the next business day.

2.  Implement a “Billing Recovery” plan.
It is important to track down errant claims and get them back in the queue for processing so you can be compensated for your services. Performing weekly reports will allow you to check if there are any missing charges resulting in lost revenue.  You should also focus on outstanding A/R for the previous twelve months, keeping timely filing rules in mind.

3.  Create and review billing reports.
Agencies should review monthly A/R reports to determine the status of claims.  One very important report, A/R Aging, shows how much current revenue there is versus how much revenue is outstanding & for how long.  The A/R Aging report should be monitored regularly, with actions being taken when necessary so the charges can be paid as soon as possible.

4.  Educate your billing staff.
A knowledgeable billing staff can go a long way in making sure you bill accurately and on time.  Regular training and education for billers will keep them up to date on the latest regulations and processes.  Reach out to state and national home health and hospice associations for classes and trainings.

CareSmart Billing provides billing services to home health, hospice agencies and physicians across the country, helping them reduce overhead costs and relieving them of the burden of in-house billing.       

Having Trouble With Rejected Claims?  We Can Help.

Billing is one of the greatest drains on home health, hospice agencies and physicians. It takes up valuable time and requires highly skilled employees that are often hard to find and even harder to keep.

CareSmart Billing experts help relieve the administrative and technical burdens of in-house billing at a highly competitive price. Our sole focus is on home health, hospice and physician billing. Our experts receive continual education on regulations, rules and best practices. As a result of this experience and education, you will have fewer denied and rejected claims, allowing you to get paid more quickly and accurately.  

  banner2 

Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , , , , , , ,

CMS Releases April Dates for Hospice Quality Reporting Webinars

Posted by Michelle Harper on Thu, Mar 22, 2012
 

cms.govThe Centers for Medicare & Medicaid Services (CMS) has just scheduled the dates for two training webinars to help hospices prepare for mandatory Hospice Quality Reporting Program requirements, including data collection during the final quarter of calendar year 2012 (Oct. 1 through Dec. 31, 2012) and data submission in 2013.

The webinars will contain identical content and will be conducted on:

  • April 11, 2012 from 1-2:30 pm EST, and
  • April 19, 2012 from 3-4:30 pm EST

The webinars will be recorded and will be made available along with associated slides after the trainings.

The webinars will cover the:

  • Structural/QAPI measure, and
  • NQF #0209 Pain Measure

These measures are required for data collection in 2012, data submission in 2013, and will impact hospice’s annual payment update for FY 2014.

Directions on how to register for the webinar will be posted on the Hospice Quality Reporting -- Spotlight and Announcements page by the end of March.
Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , , ,

Palmetto GBA - DDE Password Changes

Posted by Michelle Harper on Fri, Mar 09, 2012
 
palmettogba newJurisdiction 11 Home Health and Hospice
DDE Password Changes Effective March 12, 2012

For security purposes, new password rule changes that apply to J11 Part A, J11 HHH, and LA & MS Part A Direct Data Entry (DDE) passwords will be effective March 12, 2012. The new password rules, which will enhance password security, will take effect the first time you change your current password after this date. Effective March 12, 2012, your password must include the following:

  • Eight characters
  • At least one upper case alpha character
  • At least one lower case alpha character
  • At least one of the following special characters - @, #, $
  • At least one numeric character

You may continue to use your current password until you are prompted to change it. When you change your DDE password after this change is implemented, you will be required to change at least four of the eight characters in your previous password. Also, you will not be allowed to reuse your prior 12 passwords. If you have questions about the DDE password changes, please contact the Technology Support Center at (866) 749-4301.

 

last updated on 03/07/2012
Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , , , ,

Home Health and Hospice - OCR Begins HIPAA Audits

Posted by Michelle Harper on Wed, Jan 25, 2012
 
poynerspruill.com                       

OCR Begins HIPAA Audits Under the Watchful Eye of Congress

What to Expect and How to Prepare

01.19.2012

​ In November 2011, as required by the HITECH Act, the Office for Civil Rights (OCR) began auditing selected covered entities’ compliance with the privacy and security provisions of HIPAA and its implementing regulations. In the near future, business associates will be eligible for audit selection as well.  This article describes the current enforcement climate and provides practical steps on preparing for and responding to a HIPAA compliance audit.

Is It Getting Hot in Here? HIPAA Heats Up

The commencement of these audits is one of a series of changes that are transforming the HIPAA compliance landscape.  The last two years have seen the implementation of breach notification requirements, a 60-fold increase in OCR’s fining authority, increased enforcement activity with more serious repercussions for enforcement targets, and as noted, the start of OCR’s compliance audits.  Omnibus regulations implementing the majority of the agency’s outstanding HITECH rules are anticipated shortly.

Breach notification has highlighted significant failures to secure health records, with the number of breaches reported increasing by 32% from 2010 to 2011 at an estimated cost to the health  care industry of $6.5 billion.  The severity of the problem has not gone unnoticed.  On November 9, 2011, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology, and the Law convened a hearing at which its members chastised OCR for its delay in issuing final rules to implement the HITECH Act and challenged the agency to step up HIPAA enforcement activities.

Despite what appears to the regulated community as substantial enhancement of HIPAA enforcement, the Subcommittee made clear that the agency’s efforts fell far short of its expectations, pointing out that, of tens of thousands of HIPAA complaints received by OCR since 2003, the agency has levied only one formal civil monetary penalty and has settled only six other cases for monetary amounts.  (Of course, several of these actions reached penalties in the millions, a fact that did not assuage the Subcommittee.) 

The Director of OCR, Leon Rodriguez, responded to the criticism by confirming that the agency is no longer required to provide enforcement targets with an opportunity to achieve voluntary compliance, as had been the case prior to the HITECH Act.  Rodriguez stated that the agency intends to put its fining authority to good use, stating “the real frontier is in our leveraging these new, stiff penalties that we have under the HITECH statute and expanding our utilization of those penalties” to promote compliance.

The Audit Process

It is in this climate that OCR commences its first compliance audits to assess target organizations’ compliance with the HIPAA Privacy, Breach Notice, and Security Rules.  Of the 150 targets to be assessed in 2012, the first 20 have been notified of their selection.  The audits will be conducted by OCR’s contractor, KPMG LLP, which has assisted the agency in developing an audit protocol to streamline the process.  In this pilot phase, the audit program functions as follows:

  • OCR will inform the covered entity that it has been selected as an audit target and will request documentation of its privacy and security compliance efforts.  The response is due within 10 business days.
  • OCR will conduct a site visit over a three to ten day period, interviewing personnel and observing operations.  Covered entities are expected to receive 30 to 90 days' notice of the site visit.
  • OCR will draft an audit report, describing the audit procedures, the findings, and the actions to be taken by the audit target in response to the findings.
  • OCR will give the audit target approximately 10 business days to review the draft audit report and to provide written comments to OCR regarding concerns and corrective actions in response to the draft audit report.
  • OCR will finalize the audit report within 30 business days after receipt of the audit target’s response.
  • If “serious compliance issues” are identified, OCR may initiate a formal compliance review.  Compliance reviews can result in a formal corrective action plan and/or monetary penalties.

Preparing for and Responding to an Audit

Preparing for an audit is critical to success given the short time frame, particularly the 10-day period in which to respond to the document request.  The following considerations should be evaluated immediately:

  • Documentation: At a minimum, covered entities and business associates must have all policies and procedures required by the HIPAA Privacy, Breach Notice, and Security Rules finalized and regulator-ready.  If your privacy function “owns” privacy policies and your IT function owns security policies, bring those groups together now to develop a comprehensive list of all relevant policies so they can be produced quickly.  Consider other documentation that supports your compliance efforts.  Are your logs of disclosures and security breaches in good order? Can you readily produce documentation supporting role-based access, systems activity review, business associate contracting, training, and other matters covered by the HIPAA rules?
  • Subject Matter Experts: OCR will expect you to know which individuals in your organization can speak to each aspect of HIPAA implementation.  Do you know who handles access requests? Who reviews access rights periodically to ensure they are correct? Who monitors system activity? What activities are logged in your systems? Who is responsible for getting appropriate contracts in place with your business associates? Who handles privacy complaints?  Find these people now and ask them the kinds of questions OCR might pose.
  • Site Visits: If you are selected for an audit, assume there will be a site visit.  OCR has determined that all 150 audits in this pilot phase will result in an on-site audit.  Do not wait for the agency’s notice of its visit to prepare.
  • Risk Analysis: The Security Rule requires that covered entities periodically conduct a comprehensive, formal risk analysis.  OCR recently released guidance on conducting such an analysis.  The results of that analysis will be among the documents the agency can (and is very likely to) request for review.  If you have not conducted a risk analysis in the last 12 months, do so now.  Upon completion, evaluate the results and determine how best to mitigate or manage each risk identified (an activity also required by the Security Rule).  Document the entire process.
  • Breach Notice and Incident Response: By now, your organization should have implemented a written incident response plan that reflects the requirements of both the Breach Notice Rule and the Security Rule.  Ideally, your organization will also conduct a trial run of its response plan and adjust the procedure as needed in light of the results.
  • Evaluate Compliance: Your organization is required to periodically evaluate the effectiveness of its compliance program, including evaluating the accommodations to the recent legal changes brought about by the HITECH Act and implementing regulations.
  • Training:  If you have not consistently or recently trained employees, now is a good time for a refresher.  Maintain documentation evidencing that every relevant employee has been trained.
  • Business Associates: If you have not identified all of your vendors that handle protected health information, now is an excellent time to do so.  Negotiate business associate agreements with all such vendors.
  • Timely Response:  Make sure that the appropriate people will timely receive OCR’s written notice of its intent to audit.  Do not let the notice sit in someone’s inbox while he or she is on vacation for a week, cutting your response time in half.
  • Influencing the Audit Report: The agency provides covered entities with an opportunity to respond to the draft audit report.  In our experience working with HIPAA assessors, they will be very responsive to constructive feedback, including presentation of new facts, legal arguments regarding the scope and application of the rules, and justification of your approach to implementation based on the unique position of your organization.  When you receive the draft audit report, formulate a response to any findings that you believe were unfair or inaccurate.
  • Next Steps:  Once the audit is over, be sure to take any compliance steps the agency has mandated, and seriously consider taking any it has suggested.  Failure to demonstrate reasonable progress on the audit findings, particularly if brought to light by a reportable security breach, will almost certainly result in swift enforcement action by the agency.

Whether or not your organization is ever selected for an audit, the preparatory steps described above will enhance your organization’s compliance posture.  In a time when fines surpass the million-dollar mark and a security breach lurks around every corner, undertaking that work will pay dividends even if your organization avoids an audit.  Of course, if you do find yourself among the lucky first 150 audit targets, you’ll certainly be glad you took the time to prepare in advance.

Reprinted with permission.  A thank you to our friends at PoynerSpruill.

Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601                                 
Copyright © 2011 Home Care Software Solutions.  All rights reserved.
0 Comments Click here to read comments
Tags: , , , , , , , ,
All Posts