The Hospice Education Network—the online learning solution for hospice and palliative care professionals.
It's been almost twenty years since the Health Care Finance Administration (now the Centers for Medicare and Medicaid Services ) sent a memo to hospices announcing the first widespread, in-depth review of hospice medical records and patient eligibility. Focused Medical Review, as it was called in 1994, was just the beginning of the government's search for fraud and waste in hospice.
The HIPAA Omnibus Rule , published January 25, 2013, brought a number of changes to the HIPAA privacy, security and breach notification regulations. What has not changed, however, is the requirement to notify the Secretary of HHS of all breaches of unsecured protected health information that affected fewer than 500 individuals during a calendar year. This notification must be submitted no later than 60 days after the end of the calendar year during which the breach occurred*, or, in other words, by March 1. The notification must be submitted electronically, using a form posted on the website of the Office for Civil Rights (OCR). A separate form must be submitted for each breach that occurred during the calendar year. Additional instructions regarding the notification requirements for breaches affecting fewer than 500 individuals are also provided on the website.