WASHINGTONreport
BY JOSEPH GOEDERT
The Medicare
program now is
accepting two
new Current Procedural Terminology codes that
facilitate physician
payment for care
coordination.
The codes
cover discharges
from a hospital
or skilled nursing facility. The
American Medical
Association’s CPT
Editorial Panel
created codes
99495 and 99496.
The codes
enable reporting of time spent
discussing a care
plan, connecting
patients to community services,
transitioning them
from inpatient
care, and certain
procedures to
prevent readmission. They are
intended to support physicians
participating in
medical homes,
ACOs and other
emerging care
delivery models
that emphasize
coordination between providers.
New CPT
Codes
for Care
Coordination
Attorney: HIPAA Rules Change
Game for Cloud Companies
Provisions of the new HIPAA privacy and security rules could change the regula- tory landscape for the cloud computing industry, says Robert Belfort, a partner in
the health care practice at law firm Manatt,
Phelps & Phillips.
The omnibus HIPAA rule, released Jan. 18,
included some revisions to the definition of
business associates, including:
• Making business associates and subcon-
tractors comply with HIPAA rules in the same
manner covered entities must; making BAs
and subcontractors directly liable for HIPAA
violations—even if a BA failed to enter into a
formal contract with a subcontractor—and
making covered entities and business associ-
ates legally liable for the acts of their business
associates. The BA for a business associate
would be a subcontractor. The BA—not the
covered entity—is responsible for having a
subcontractor appropriately safeguard infor-
mation, but the covered entity is responsible
for the BA’s actions.
• Expanding the definition of business associates to include patient safety organizations, health information organizations, eprescribing gateways, providers of data transmission services for protected health
information to a covered entity and requiring routine access to PHI, or personal
health record vendors offering PHRs to individuals on behalf of a covered entity.
PHRs offered directly only to individuals are not covered.
Many cloud companies have taken the view that they are not business associates under HIPAA, but some of them now will be, Belfort asserts. The rules change
the definition of a BA to include any entity that maintains protected health information. An Internet service provider, such as a cloud company, is not a BA if
it does not maintain or at times access PHI, but acts as a conduit with data just
passing through, he explains. “But a company that maintains data is a BA even if it
doesn’t access the data. I think that will have implications for the cloud industry.”
The rules also have important
changes to marketing definitions
affecting pharmaceutical firms,
Belfort says. HIPAA previously
Policy &
Regulation
http://www.healthdata
management.com/
policy-and-regulation
