By Jack Anderson
February 5, 2016
As a company that helps durable medical equipment companies get accredited as well as helping covered entities and business associates get HIPAA compliant we are in a perhaps unique position to understand the meaning of the recent civil penalty for HIPAA violatons by Lincare.
Lincare is a large DME with over 800 locations and is accredited by CHAP. All DME companies are required to be accredited in order to be reimbursed by Medicare. The Omnibus Rule put in place in 2013 by HHS requires all covered entities and business associates to be HIPAA compliant. While there are similarities and overlap between the two standards they are different.
We have two different sets of policies, procedures, and forms for each and different websites to support the two client bases. One main difference is that accredited facilities are required to get an on-site survey by an accrediting agency initially and every three years. They are also subject to unannounced surveys during the three year accreditation period. The accrediting agencies have authority from CMS to certify compliance which HHS has refused to do for HIPAA.
Another big difference which would be useful to ensure HIPAA compliance is the fact that accreditation is directly tied to reimbursement. How different would HIPAA compliance be if organizations had to provide proof of compliance to get paid?
A certification process for HIPAA compliance could be relatively simple and inexpensive. Instead of requiring an on-site survey which is expensive, compliance could be confirmed through a “desk audit”. Organizations would have to supply a quarterly risk assessment, updated policies and procedures, and documentation of staff training. An on-site audit would only be necessary in breach investigations. Of course all organizations would be subject to unannounced audits.
So it is not surprising that an accredited company paid more attention to the set of standards that were tied to reimbursement and failed to pay as much attention to HIPAA. In case we ever forget, it is always about the money.