ecare India Blog

Clinical documentation is an integral part of health Information Management. The clinical documentation needs doesn’t end with diagnosis and treatment of patients. It is also needed for efficient medical claims processing. Clinical documentation remains the source for the coders to assign the exact diagnosis and procedure codes. Let’s explore more about the dependency on clinical documentation with ICD-10.

• ICD-10 is an organized coding system that contains more than 150,000 specific ‘diagnosis and procedure codes’ for diseases. In ICD-10, due to its ‘specificity’, coding is much dependant on clinical documentation for medical billing reimbursements. So, the clinical documentation should capture all possible observations including even minute variations in procedure done for patients, which will be captured in coding through specific ICD-10 codes and the claims will get paid for the allotted amount for that procedure. Which means ‘better the clinical documentation; better will be coding and thus reimbursements’.
• It’s essential to evaluate the current clinical documentation procedure of ICD-9 and explore the clinical documentation needs for ICD-10. This GAP analysis will enable better focus to clinical documentation. Claims that are sent on/after Oct01, 2013 will strongly depend on specificity of clinical documentation.
• It is necessary to identify the introduction of new terminologies in clinical documentation and get the coders acquainted with the terminologies to get along with ICD-10 in a faster pace.
• Consulting a ‘clinical documentation specialist’ or recruiting them can help a lot when you start with ICD-10.
• When you work with clinical documentation, it is essential to decide on the point of communication – whom you will contact in case there are discrepancies in clinical documentation.
• Improper documentation will not only lead to denials or low reimbursements, but also increase documentation queries and reworks resulting in increase of the medical billing cycle.
• Consulting a ‘clinical documentation specialist’ or recruiting them can help a lot when you start with ICD-10.

Therefore, when implementing ICD-10, clinical documentation should also be given necessary attention so that it will not be a last minute surprise for you.

Many healthcare entities as well as medical coding & billing companies are concerned about ICD-10 transition. What’s stopping medical coding & billing companies? Apart from the initial hurdles and cost factor, the main troubling parameter is productivity drop during ICD 10 transition. It is estimated that there will be a drop in productivity by 20-50% during ICD-10 implementation, varying for different medical claims billing entities.

It is common that there will be stagnancy in work during implementation of any new process. But ICD-10 has turned out to be a big challenge to the medical claims billing industry, affecting the daily operations. To balance this, it is essential to follow a streamlined productivity improvement plan that will efficiently solve the productivity issues.

Estimate the potential of your coding team:

Monitor the current productivity of your medical coding team for a month and calculate their daily productivity in numbers to know the actual potential. This report will be the baseline for your ‘productivity improvement plan’.

Divide your coding team in to 3 vital groups:

Once you start with ICD-10, you have to organize your coding team in-to 3 groups based on the skill set, experience and interest of the coders. By doing this, focus on productivity will not be lost and teams will be able to perform better.

1. Backlogs: Have a team handle any backlogs since completing this is essential to get a smooth start to ICD-10. You can use your coders with average experience on this.

2. Day-day work: Similarly you can assign newly joined coders who have little experience to handle the day-to-day work.

3. ICD 10 transition: Once this assignment is made the experienced coders with analytical skills can work on the ICD-10 transition.

Arrange for regular meetings:

Meetings are a must when implementing a plan. So, arrange for regular meetings and discuss with the 3 teams separately about their progress and check if they face any issues in their current scope of work. Help them out and encourage them to do well. Discuss on parameters like productivity, controlling errors & time management. Track productivity of the groups – only numbers can speak when productivity is concerned. Provide extra support to your ICD team to face the new challenges.

Provide periodical training sessions:

Based on the scope of work, provide quality training sessions to coders to handle their task more efficiently. Better the training, you will get better results.

Use technology to boost productivity:

Technology can transform processes and reduce complexity of a work. Analyze and find out tools that can help you in completing your task faster, thereby reducing the ‘turnaround time’ and increasing productivity. Errors and rework can affect productivity. So, go for system that can do better check on errors by providing alerts.  Have a system in place to track your productivity.

Monitor & review the results: Finally, you have to measure the results of your productivity plan. Make quarterly reviews to know the outcome of the change.  Once the ICD 10 initial setup is over, you can arrange for planned knowledge transfer sessions for other two groups and cross train them.

These guidelines can help you in managing the productivity drop in medical coding & billing operations during ICD-10 transition in a better way and deliver enhanced results.

If you are a physician billing company providing physicians billing services to hospitals & medical practices, you have to take extra care to implement ICD-10. As a provider of physicians billing services, you will be responsible for complete ICD-10 transition and you cannot depend majorly on your clients.

Don’ts

• Don’t procrastinate or don’t do it in haste: Have an implementation plan and work accordingly. The implementation goes live on Oct 01, 2013. So, don’t do it fast and mess up or don’t procrastinate on ICD-10 implementation, waiting for others to start or the deadline to change. Start now – The more you delay, the more you are at risk of working at the last minute. Let things happen on its own pace, as planned, so that you have time to sort out any issues arising of the implementation, well in advance.

• Don’t leave everything to coders alone: The complexity of the ICD coding system demands lot of groundwork from the coding team. Since the coders have to manage with ICD implementation as well as current work, don’t make them solely responsible for the implementation. The ICD 10 transition should be a combined work involving the transition management team, IT team and the medical insurance billing team as well.

Dos:

• Give proper training to the coding team: ICD-10 requires comprehensive training sessions for coders. Apart from educating the coders about ICD-10 codes, add real life – case based exercises and medical terminologies to the training module that will induce logical thinking in coders and help them act independently when they start coding for ICD-10. ICD-10 also requires basic insight on ‘Anatomy and Pathophysiology’ modules. So include these as short courses in the ICD-10 training sessions.

• Choose the right technology: Many healthcare IT companies have launched tools to aid with ICD-10 implementation. You need to be cautious in choosing the right system to suit your requirements. CMS provides latest updates on these tools in its website.

• Be in loop with latest ICD-10 updates: Though the implementation of ICD-10 is dated to OCT 01, 2013, many healthcare entities have started preparing for the implementation. Updates with ICD-10 are being made by medicare frequently and you need to be well informed about the latest changes happening in the industry to keep pace with the ICD implementation. Make it a practice to look for medical insurance billing & ICD-10 updates in CMS website

• Update your clients: Update your clients regularly regarding ICD-10 implementation initiatives taken by you. Explain them your plan and in fact any hurdles that you face so that they will know your commitment to ICD-10 implementation.

The ICD-10 is not a mere update in the coding system. ICD-10 is a streamlined set of codes that enables greater ‘specificity’ in indicating the exact medical condition of a patient and procedure done. This specificity will provide multiple benefits to the medical insurance billing and coding as well as healthcare industry.

Improved quality in clinical documentation: The ICD-10 coding system is much dependant on clinical documentation. Since thousands of diagnosis & procedure codes have been added to ICD 10, the precision of the codes depend on the clinical documents. So, with the implementation of ICD-10, quality of clinical documentation will improve.

Improved quality in healthcare: With ICD-9, the major focus was to improve reimbursements. But, ICD-10 coding setup supports ‘performance based payment’ system rather than aiming at returns. This will change the way healthcare is and will improve the quality of care.

Preventing healthcare fraudulent activities: National Healthcare Anti-Fraud Association (NHCAA) cites that anywhere between $70 billion and $234 billion is lost annually through healthcare frauds.  Healthcare frauds are becoming common in the medical billing industry also, focusing majorly on medical insurance billing and coding manipulations involving medical billing services providing companies, hospitals and other healthcare entities. ICD-9 is more generic and allows tweaks to be made in coding to get better reimbursements. But, in ICD-10, the codes are specific and prevent manipulations to a great extent. This will over a period of time, have control over medical billing fraudulent activities as well.

Reporting features: Since the ICD codes are used for health surveillance and researches also, specificity in ICD-10 will reveal the exact health condition of people in the US. For instance, for ‘Brain tumor’, the ICD-9 CM assigned was generic. In ICD-10 CM, there are specific codes to mention if the ‘right’ or ‘left hemisphere’ is affected and whether it is ‘occurrence or recurrence’. All this will provide better insight to the healthcare department & help in efficient ‘disease management’.

Interoperability:

Sharing of health information with other countries is difficult to US with ICD-9, since all other countries except a very few, follows ICD-10 coding system. Now, with the implementation of ICD-10, US will be able to bridge the gap by sharing information across borders more efficiently and thereby empowering quality of care.

Great accuracy with fewer codes: ICD-10 will contain nearly 150,000 codes including CM & PCS. Though there are thousands of codes newly included, you can accurately describe a medical condition or encounter with fewer codes when compared to ICD-9 that needs more number of codes to indicate the same.

Process revisions and implementations are not new to the US medical claims processing industry. But, after the ICD-9 transition in 1970s, ICD-10 is the major change that the medical billing and coding industry faces. We know that United States is not the first nation to implement ICD-10. Canada implemented ICD-10 in 2001, Germany in 2000, Australia in 1998, and the United kingdom in 1995 itself. As opposed to other nations that implemented ICD-10, the US has much enhanced ICD-10 coding setup due to the medical advancements that has happened during these years.

Let’s see the key factors about ICD-10.

ICD-10 Coding structure:

• ICD-10 has 3-7 digits when compared to ICD-9 that has 3-5 digits
• In ICD-10, Digit 1 is a letter, 2 a number and others (3-7) are either letters or numbers.

Who should implement ICD-10?

All entities in the United States that currently uses ICD-9 version like hospitals, physician’s offices, medical billing companies,  clearing houses etc.

How many ICD-10 Codes for 2013 implementation?

This cannot be answered accurately till the last coding update is published by CMS. The current version contains around 150,000 codes including CM & CPT codes.

What will ICD-10 change?

The ICD-10 coding system introduces thousand of diagnosis & procedure codes for better specificity.  As far as CPT codes are concerned, changes are made only to the in-patient hospital procedures where as outpatient & office procedures are not affected by the ICD-10 coding system. ICD-10 will make changes to the medical billing and coding operations.

A new dimension to medical billing and coding:

The use of ICD-9 codes was limited in terms of reporting & specificity. The ICD-10 coding system introduces a new dimension of ‘specificity’ to medical billing and coding by providing accurate codes for diagnosis and procedure.

Benefits of ICD-10 implementation:

ICD-10 implementation has multiple benefits.

• Improved quality in clinical documentation
• Improved quality in healthcare
• Control over healthcare fraudulent activities
• Great reporting features
• Interoperability with other countries
• Great accuracy with fewer codes

Implementation deadline:

ICD-10 has to be implemented across the United States on October 1, 2013

It is long since we started talking about ICD-10 transition. But, still most of us are unclear as what to do with the implementation. We are in fact awaiting the HIPAA 5010 change by January 1, 2012 that’s going to redefine healthcare compliance & enhance medical claims processing. This version will support ICD-10 changes which 4010 & 4010A cannot. should we wait till we go live with 5010 or at least till we hear final freeze updates from medicare or WHO?

No, says medical billing and coding experts in the field. Most of the medical billing companies have already started working on ICD-10 transition. This is because, getting acquainted with ICD-10 is essential to know the real challenges that can come across your way. Only then you will have time to fix the issues and get proficient with ICD-10.

Whatever be the challenges, we have to implement ICD-10 by Oct 1, 2013. So, it’s better to go for a smooth transition rather than learning it the hard way. How will you make this transition happen? Go for step-by-step implementation that will pave you way for smooth transition. Let me explain you how.

1. Form a committee: Setting up an ‘ICD 10 committee’ is essential to have control over planning and implementation. The committee should include people from the management, requirement analysts, medical billing and coding as well as IT experts.

2. Analyze requirements: A deep analysis should be done on requirements for ICD-10. Once the whole picture is clear, the committee should decide on implementation plan.

3. Plan: The ICD-10 implementation plan should include information about entire ICD-10 implementation initiatives, activities, people responsible to complete the tasks and importantly, the deadlines. Responsibilities should be delegated to every member of the committee who is skilled at working on the particular task and care should be taken to meet deadlines.

4. Allot budget: A rough budget should be allocated for implementing the plan that includes extra payouts for people, expenses related to system, software & documentation requirements.

5. Schedule regular meetings: ICD meetings should be held on a regular basis to discuss on progress, requirements and issues faced so that transition will be smooth without much of hassles.

6. Look for updates in CMS: Documenting the implementation plan is essential and the team should look out for any latest updates from CMS or WHO. Monitor the changes happening with ICD-10 and keep the team always informed

You can look out for updates in CMS website on:

i) GEM (General Equivalency Mapping) tools developed by CMS that can help in ICD-9 to ICD-10 transitions

ii) Policy changes related to ICD-10 transition.

iii) Updates on medical claims processing & ICD code changes

iv) Notices and remainders

v) Fact sheets and help materials to aid smooth transition

7. Go for planned training: CMS recommends that the training sessions can be classified in to Phase I & Phase II. The Phase II is recommended to commence 6 months prior to ICD implementation date. So, you need to plan the training accordingly.

A small team of coders can work on ICD-10 and get acquainted with the new codes while the coding team still works on ICD-9 till Sep, 31, 2013. Simulators and test cases involving ICD-10 can be implemented through pilot program and audited within the organization so that they will be able to foresee any issues that may arise after implementation of ICD-10 & take measures to control it. Knowledge transfer to other coders can happen once we get complete updates from CMS. Coders should then be cross-trained across multiple specialties for ICD-10

8. Speak to industry people: To know more about the changes required in software & system, speak to your vendors and connect with industry people. Since ICD-10 aids better reporting, tweaks need be done to the current medical claims processing system in order to track various parameters relating to performance like errors across different segments, deliverance, TAT violations etc.,- by specialty.

9. Complete backlogs: You will be completely held up with ICD-10 during the implementation period. Therefore you will not have time to concentrate on medical billing and coding backlogs. So, it’s crucial to complete the piled up backlogs in order to efficiently work with ICD-10.

10.   Going live: Don’t assume that the implementation date will get postponed. The CMS is strict about the implementation date. In order to get your claims paid, you need to implement ICD-10 on Oct1, 2013.

Medical practices that outsource their medical billing and coding operations to medical billing and coding should also confirm with them if the transition is happening as planned.

If I say this, it would give a better meaning if I mention about improving the medical billing collections. In the United States, healthcare industry functions in a totally different way. Practices not only have to care about curing the patients and coping with technology and medical advancements, but also have to run behind the uncollected money. It is unfair but has become an essential part of the day-day operations of any practice. So, how do we go about this?
All that we can do is organizing the operations where medical billing is concerned so that it can give practices a better tomorrow. At the same time, we know that optimizing the revenue flow is a tough game and most importantly a time consuming job. But we don’t have an option. It is essential to make good the loss when it comes to money. Once you streamline the process and make it a practice, you will not have to spend enormous time and human resource in working with collection backlog.

It starts here!

• Patient Demographics: Collecting all possible relevant and mandatory information from the patients is essential. Moreover the information should be accurate since the base for errors with medical billing is patient information. Executives at the doctor’s front office who collect and manage the patient information should make sure that the information collected is correct to avoid delays and reworks. Organizations can be twice as profitable as they are currently when they avoid or eliminate reworks and delays.

• Insurance Eligibility Verification: Patients might give card-copies which are not effective or which does not cover the service at the time of appointment. Before filing a claim it is advisable to check and confirm the Patient’s eligibility with the Insurance so that we do not end up in denials. Researches prove that improper verification of insurance can increase claim denials. So, it is necessary that insurance verification should be done well before starting the process.

• Medical Coding & Charge Entry – Sending clean claims: It is a little crucial when handling claims at this stage. Application of proper procedure codes, modifiers and state specific rules is inevitable. More over charges have to be entered accurately and double billing has to be eliminated. Making errors at this stage can be risky and would consume time and work in error analysis and rectification, causing delays and even denials. Not to miss, giving attention to claims filing limit. All these factors have strong influence on the reimbursement of the claims.

All we need is maximum reimbursement for the claims. In that case, we need to double check for errors and eliminate them before the claim reaches the insurance carrier or the clearing house. When sending clean claims and in appropriate format, it is assured that the claim would be reimbursed.

• Accounts receivable & Follow up: Doing regular follow ups can improve relation with the insurance carrier and would inculcate precision in the daily operations while speeding up the process. Analyzing the aged AR and working on a plan to get the claim reimbursed would boost your collections. But prioritizing the claims is even more vital. When you have an old AR and a high value claim at your desk, giving importance to the high value claim would be the best deal – that is act to situation.

• Giving importance To Patient AR: Patient AR also forms a significant part of the total collections. Therefore collecting money from the patients should also be given necessary attention and we have to follow systematic approach towards money collection. Collecting money from patients is easier when the follow-up is regular and the approach is professional. Most of the patients pay up within a few follow ups.

• Handling Denials: Denial analysis is a little exhausting but effective part. We call it the root cause analysis, when the denied claim is completely examined for flaws. Once rectification is done, care should be taken that the reworked claims should immediately be transmitted to the insurance carrier. Delays can minimize the chance of getting the claims reimbursed.

• At last, it is Staying updated with the industry: While staying updated with the industry, we will know the latest changes in policies, regulations and procedures which will help us in eliminating the errors occurring due to ignorance, costing huge dollars. Increasing medical billing collections is all about following the procedures and acting smart to the situation. It is nothing but a combination of certain factors: efficient medical billing software, talented work force and streamlined process- compliance, along with Regular follow-ups and eliminated errors guaranteeing you increased medical billing collections.

The “ICD-10 Articles” page of this ‘ecare India blog’ contains articles on ICD-10.

Go for this URL:
http://www.ecareindia.com/blog/icd-10-articles

The US healthcare industry is looking forward to many technological and industry based implementations in the forth coming years. With the deadline fast approaching for ICD10, HIPAA 5010 Compliance, ACO program and EMR implementation, hospitals & healthcare organizations are busy working out plans for smooth transition of these ventures. ICD10 and ACO implementations are being anticipated with the view to improve quality of healthcare in the US.

In line with this, EMR is also considered as an amazing product of technology that can help physicians provide better care to their patients and manage their clinical and administrative functions effectively. Though there is a strong need to implement EMR and pressure from the government, there is resistance prevailing in the industry for adopting it, due to various reasons. Good understanding of the EMR is essential in order to accept the transition from paper records to EMR.

Well, you need to know what an EMR is and how it’s different from EHR:

EMR: It’s an application that is a complete repository of patients’ clinical documents. It contains patients’ medical history, the summary of all visits, observations and treatment rendered within a Care Delivery Organization.

EHR: If the medical history of patients is made accessible across multiple CDOs within a locality or across states, then it is looked upon as electronic health record

Types of EMR:

Based on the technical feasibility, EMR is classified in to various types namely, SaaS Based, Client Based & Hybrid Model. Depending upon your practice requirements, you have to choose the best suiting EMR by consulting with the solution provider.

Essential Features of EMR:

The features of EMR may vary depending upon the brand you opt for. Compare the features of various EMRs and make sure that your EMR is equipped with the basic features to run your practice smoothly. There are specialty specific EMRs available that can be more flexible for your needs.

Main Advantages of adopting EMR/EHR

EMR has numerous advantages that can benefit your day-day functions:

• Legibility of notes
• Great features corresponding to charts
• Drug & allergy interactions
• Electronic Prescriptions
• Disaster Recovery

Main reasons for physicians to resist implementation of EMR:

• Cost factors associated with EMR
• Fear of losing productive hours during transition time
• Pressure to develop new skills
• Time factor associated with analyzing, comparing and choosing the best EMR for their practice

Why you need EMR: EMR usage has resulted in remarkable benefits for the physicians.

• Improved work flow & greater accuracy in process
• Enhanced network with patients, labs and drug stores
• Reduced medication errors due to drug allergy interaction alerts
• Increased safety for patient records
• Better drug refill capabilities
• Tools integrated with EMR and its extensive reporting features enables better clinical decision making

Adopting EMR- Incentives & penalties:

The US government insists implementation of EMR for betterment of practice performance and quality in healthcare. It has also fixed up good incentives for physicians who take up EMR and heavy penalties for those who don’t. So, if you have not started with EMR, it’s good that you start now. You get multiple benefits by satisfying government’s requirements on ‘meaningful use of EMR’. So, taking up EMR can be highly profitable for your practice in a long run.

For smooth transition from Paper records to EMR:

• Discuss with an ‘EMR clinical informatics consultant’ in order to clearly understand your requirements with EMR and how to make the transition more effective
• Homework before you start with EMR. The product you choose will decide the performance of your practice. So, analyze the different EMR products available in the industry, their features, cost factors – pricing model, usability and success ratio before going for one.
• Implementation of EMR is dependent on several technology factors  – So, make sure that you have other technical requirements satisfied to implement EMR
• EMR is becoming a must. So, be well informed of the operability & features in order to keep pace with the usual dynamism of your work.
• Monitor the changes continuously after the implementation of EMR

Researches done with the healthcare organizations that have implemented EMR prove that there is an overall improvement in efficiency, quality of care and patient services. Implementing a best suited EMR for your practice can translate into supreme quality at work and eventually, satisfied patients.

Time and again, the US healthcare industry is struggling to defend against the threats to patient data security. But, despite all patient data protection measures taken by the US government, the HIPAA covered entities – medical claims billing and allied organizations, data security breach incidents are still uncontrollable and the breach list is increasing day by day. It is projected that, after the technological advancements, patient data leaks or data losses have not stopped but crossed several hundred in numbers, affecting millions of individuals and costing several hundred million dollars.

Patient Data at risk

On analyzing the recent data leaks, it is found that the following patient data is at risk.

• Patient demographic information
• Patient clinical data
• Patients’ credit, billing and financial information

Causes for Data Leaks

Data leak incidents are high in the US healthcare billing industry involving hospitals, medical claims billing, medical claims processing and other patient data processing entities on a great scale. Also, most of the patient data leaks that happened in the United States belonged to one of the below listed causes

• Phishing – external hackers hacking the secure data of a company
• Insider dealing
• Ignorance
• Lethargic attitude
• Poor data security control
• Data theft
• Natural Disaster
• Data migration
• Technology glitches

Information security guidelines to check data leaks & data losses:

All healthcare organizations that deal with patient data should take ownership of patient data security and follow certain guidelines to eliminate threats.

• Portable media policy: These days, most of the healthcare billing organizations follow the ‘portable media policy’ that bans bringing portable storage devices inside work environment. This has to be strictly followed by all healthcare organizations and by all healthcare professionals irrespective of the designation. Prior approval can be given for genuine reasons and that has to be in records. Many researches confirm that banning portable media inside work environment has controlled data thefts to a great extent.

• Multiple Back-up of computer files: Maintaining back-up of computer files is crucial to avoid patient data loss. Taking multiple back-ups of the computer files is inevitable to avoid the probability of data loss due to missing of the back-up files. Also the back-ups should be stored in different locations to avoid data loss due to any unforeseen circumstances.

• Restricted Internet access: A main threat to data security is full access to internet. It is essential that medical claims billing and medical claims processing organizations have control over providing unrestricted internet access to their employees. In certain cases, even unintentional sharing of certain information on internet can lead to data leaks. Moreover, using of file sharing websites and using instant messaging to pass on confidential patient information among peers can be a major threat to patient data security.

• Streamlined Corporate communications: Organization have to be careful while sharing corporate information on social sharing websites. Most of the social sharing websites are meant for connecting with peers, friends and professionals. There are also professional websites meant for sharing of corporate communications, industry related discussions and adverts. It is always good for healthcare professionals who wish to communicate with other professionals through any social sharing web sites, to draft the data to be published, proof read it for any confidential information and then post it. Healthcare organizations should also ensure that unknowingly they don’t add any confidential patient information on their websites.

• Restriction to Shared network: Common sharing of patient data files, remote access to the system, and accessing secure patient data through wireless network can also become a threat to secure information and should be avoided, unless it is an urgent situation.

• Stringent email policy: Organizations should take care that unrestricted email access should only be provided to healthcare professionals for whom, email communication is a must. Webmail access is another important threat to patient data. Usually, the webmail access is provided for employees who travel often or have the option of working from home. Though there is a need to access the emails from a remote place, access can be provided only on a need basis in order to control unethical webmail access. Healthcare professionals should be well trained on information security guidelines pertaining to email policies.

• Media destruction policy: Healthcare professionals have to be cautious while destroying Unwanted or old patient data. Following stringent data destruction policy irrespective of whether the data it is electronic or paper will control data leak of confidential information.

• CCTV monitoring: Using CCTV (The closed circuit television) in work environment for surveillance purposes can prevent intrusion of unauthorized people in to entry restricted zone.

• Biometric access control: Having bio-metric access control in the work place is crucial to prevent intruders who may act as information carriers, from entering the secure work environment. Bio-metric access control makes sure that only authorized people enter the work place and thereby protecting patient information.

Most of the above guidelines can be achieved by having a proper ‘system security plan’ that helps in controlling data leaks & data losses.

Following the US Healthcare Complaince policies– HIPAA, a must:

There are several healthcare compliance policies and rules that lay emphasis on information security. We all know that HIPAA (Health Insurance Portability and Accountability Act) is the most specific compliance policy focusing on patient data security.  But, only a few organizations are HIPAA compliant in terms of completely satisfying the demands of patient data security. To ensure safety of patient data, every healthcare organization should ensure that it follows HIPAA and other information security policies.