Month: February 2025
What is the Security Rule Anyway?
The Security Rule specifically sets out to ensure the “confidentiality, integrity,
and security” of electronic protected health information (ePHI). What does that mean?
• Confidentiality: ePHI is not available or disclosed to unauthorized persons.
• Integrity: ePHI is not altered or destroyed in an unauthorized manner.
• Availability: ePHI is accessible and usable on demand by an authorized person.
Don’t Be Caught Unaware
Key HIPAA Security Rule components:
- Appoint a security officer: Assign someone responsible for overseeing HIPAA security compliance, which
includes managing risk assessments, audits and staff training. - Implement access controls: Limit access to ePHI to authorized personnel only, and use strong password
policies, multi-factor authentication (MFA) and user role-based access - Conduct regular risk assessments: These are explicitly required for HIPAA compliance.
Covered entities and business associates are required to “conduct an accurate and thorough
assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and
availability of electronic protected health information (ePHI).” This is often referred to as a “risk
assessment” or “risk analysis.”
♦ A one-time risk assessment is not enough. Risk assessments need to be ongoing and
periodic to ensure that new threats, vulnerabilities and changes to systems are consistently
evaluated. This should be annually or as dictated by your organization’s risk profile.
♦ Document all risk assessment processes and results to meet HIPAA audit
requirements. - Schedule regular security audits: While a risk assessment identifies threats and
vulnerabilities, security audits go deeper into validating whether your safeguards and
controls are both in place and effective.
♦ Administrative safeguards: Audits check for proper security policies, workforce
training, and contingency planning.
♦ Physical safeguards: Audits assess physical controls around facility access and device security.
♦ Technical safeguards: Audits evaluate technical controls such as encryption, access controls and
network monitoring.
♦ By conducting these audits on a scheduled basis (e.g., annually or quarterly, depending on the
organization’s size and risk profile), you can detect and address any areas of non-compliance before they
become liabilities. - Establish data backup systems: Regularly back up ePHI and store backups securely offsite
- Enable audit logs: Activate and monitor audit logs for all systems handling ePHI.
How Payers are Failing Practices and Patients
Sometimes we may feel all alone in our very strenuous dealings with Payers.
As I read through the different parts of this Physician Practice survey, I just kept thinking “we are not the only one”
Take a minute to open this scorecard. I think you will more than appreciate it.
Do Not Be Fooled
MultiPlan
Has Changed It's Name to:
Claritev
The company, which spent much of past year navigating rising debt and antitrust lawsuits, said Tuesday the rebrand will have no affect on its existing services.
Humana’s Contract Numbers
Knowing the Medicare Advantage (MA) Contract number of the plans your office has opt’ed into can be a big help.
Some may say what is a MA contract number? Or you may have heard it called an H number.
The Centers for Medicare and Medicaid Services (CMS) is responsible for identifying each Medicare Advantage C plan with a unique contract number. This number is assigned to the insurance company during the approval process. For local managed care contracts, the number begins with an ‘H’ or a ‘9″.
Below are your H numbers for the Humana-POET contract.
The next time you are in doubt about a Humana Card, look for one of these numbers on the front of the card.
Humana Gold Plus H0028-041 (HMO)
HumanaChoice Giveback H5216-358 (PPO)
Humana USAA Honor Giveback H5216-348-000-2025 (PP0) This is the only Humana Military card under the POET Contract.
This isn’t the best example of a Humana card, but you can see the H number in the bottom right hand corner.
Aetna Reverses NPP Payment Reduction
By: Hannah Wisterman ~ 2/12/25
On January 31st, InK reported Aetna was changing it’s policy on billing for Non-Physician Providers (NPP). As of February 10th Aetna has changed their stand. Please Read!
Aetna’s Feb. 10 reversal preserves NPPs’ ability to fully bill under a supervising physician’s name and National Provider Identifier (NPI) for services “incidental to” the physician’s diagnosis and treatment of an injury or illness. Services billed incident-to must be conducted in the same office suite where the physician is present and available to intervene if needed.
Having Trouble Locating BCBS 1st Qtr HCPCs?
POET has heard from Genesis our BCBS Network Management Consultant. 2024 HCPCs schedules are still in effect. The 1st quarter update will be effective March 1, 2025.
HS Connect Issues
You may have been experiencing issues with HS Connect. One office reported to POET (thank you) they had been in contact with HS Connect. And was told that on January 1, 2025 HS Connect had a major update. You may already guessed, it failed (Majorly in Texas). Our source was told that HS Connect is having to enter Texas Data by hand. What you are seeing when you pull up the screen is 2024 data.
For more information call: HS Connect Help Desk (866) 952-7596 , option 2 or email [email protected]
Recent Comments