If you own a small- to medium-sized physical therapy practice, you are most likely preoccupied with daily operations such as paying bills, marketing your practice, and treating patients. You may know about HIPAA at a high-level—and you may also worry from time to time about a data breach. But, compliance and security are complicated; the regulations are written in legalese.
During this month’s webinar, compliance experts Heidi Jannenga, PT, DPT, ATC, WebPT Co-Founder and Chief Clinical Officer, and Veda Collmer, JD, OTR, WebPT’s Chief Compliance Officer, discussed strategies for contending with compliance chaos and Medicare mayhem.
With electronic storage of protected health information (“PHI”) becoming more common, healthcare providers are rightly concerned about ensuring their data and security systems are not breached, and developing an established course of action in the event that their systems are breached.
Whether you’re just starting out as a Medicare provider—or you’re making the switch from inpatient to outpatient—there’s a lot to keep straight when it comes to the complicated rules, regulations, and policies that govern Original Medicare (which consists of both Part A and Part B).
Before 2015, data breaches were mostly confined to retail businesses. However, as more patient information becomes digitized, big data breaches are becoming more common in health care. And hackers don’t discriminate; they target organizations of all types and sizes, ranging from big hospitals to small private practices.
What if I told you that no single policy or engagement plan would be enough to motivate all of your employees—no matter how good it is? I hope you’re comfortable with your answer to that question, because that’s exactly what I’m telling you.
I’m sure by now you’ve heard a rumor that California has enacted the most impactful privacy rule in the nation. Maybe you also heard that California’s privacy rule applies to California residents—and that it does not apply to medical information.
Without a doubt, healthcare practices—big and small—find the HIPAA risk assessment daunting. The HIPAA Security Rule requires all covered entities (a.k.a. providers) and business associates (a.k.a. the people and vendors providers do business with) to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all electronic protected health information (ePHI).
Last July, we covered updated guidance on X modifier use from the Centers for Medicare and Medicare Services (CMS). As WebPT’s Erica McDermott explains, “beginning July 1, 2019, CMS will unbundle NCCI edit pairs when providers attach the appropriate modifier (59, XE, XS, XP, or XU) to either the first-column or second-column code (assuming, of course, that the situation warrants the use of one of these modifiers).”
Charging different rates for the same therapy service is possible—sometimes. Learn how to navigate the legal minefield of discounts here: