Deadline Approaching: Have You Conducted Your Security Risk Analysis for 2022? Our Team is Here To Help! Click Here to Learn More!

All I want for Christmas is a Compliance Abbreviation List

Are you familiar with the timeless Christmas classic "All I Want for Christmas Is My Two Front Teeth?" Most of us are familiar with the lyrics and for some of us, we may have had a similar wish. What would the lyrics of the song be if it was titled "All I Want for Christmas Is" a Compliance Abbreviation List?

We thought it would be fun to remix the Christmas classic in hopes our version would become a Compliance classic:

All I Want for Christmas is a Compliance Abbreviation List

Every body Pauses and stares at me

Our Compliance Committee is gone as you can see

don't know just who to blame for this catastrophe!

But my one wish on Christmas Eve is as plain as it can be!

All I want for Christmas

is a Compliance Abbreviation List

a Compliance Abbreviation List,

see my Compliance Abbreviation list!

Gee, if I could only

have my Compliance Abbreviation List,

then I could better understand

Healthcare Compliance.

It seems so long since I could say,

Health Insurance Portability and Accountability Act of 1996!

Gosh oh gee, how happy I'd be,

if I could fully understand why Compliance abbreviations

(are important to me).

All I want for Christmas

is a Compliance Abbreviation List

a Compliance Abbreviation List,

see my Compliance Abbreviation list!

Gee, if I could only

have my Compliance Abbreviation List,

Common Healthcare Compliance Abbreviations

  1. ACO Accountable Care Organizations are groups of doctors, hospitals, and other health care providers, who come together voluntarily to give coordinated high-quality care to their Medicare patients.
  2. BAA Business Associate Agreement, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA, also often accidentally or mistakenly spelled HIPPA), a BAA is a contract between a covered entity (CE) and business associate (BA) to ensure protected health information (PHI) is properly safeguarded in accordance with HIPAA
  3. CMP Civil Monetary Penalty, the Office of Inspector General (OIG) has the authority to seek civil monetary penalties (CMPs), assessments, and exclusion against an individual or entity based on a wide variety of prohibited conduct.
  4. DRP Disaster Recovery Plan is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.
  5. EHR / EMR (often used interchangeably) Electronic Health Record / Electronic Medical Record.
  6. FMLA Family and Medical Leave Act entitle eligible employees of covered employers to take unpaid, job-protected leave for specified family and medical reasons with continuation of group health insurance coverage under the same terms and conditions as if the employee had not taken leave.
  7. GHS Globally Harmonized System of Classification and Labeling of Chemicals. The GHS provides a single set of harmonized criteria for classifying chemicals according to their health and physical hazards and specifies hazard communication elements for labeling and safety data sheets (SDS). Under the GHS, labels include signal words, pictograms, and hazard and precautionary statements and safety data sheets would have a standardized format.
  8. HITECH The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology.
  9. ICD-10 International Classification of Diseases, Tenth Edition. When we hear "ICD-10" in the United States, it usually refers to the U.S. clinical modification of ICD-10: ICD-10-CM.
  10. JCAHCO Joint Commission on Accreditation of Health Care Organization is an independent, not-for-profit organization that certifies nearly 21,000 health care organizations and programs in the United States.
  11. KPI key performance indicator is a business metric used to evaluate factors that are crucial to the success of an organization. In other words, to determine if a company is achieving key business objectives.
  12. LEIE List of Excluded Individuals and Entities, Medicare Advantage plan sponsors are required to ensure that all FDRs (first-tier, downstream, and related entities) are screening all employees/vendors/subcontractors against the DHHS (Department of Health and Human Services) OIG List of Excluded Individuals and Entities (LEIE)prior to hiring or contracting and then recheck monthly thereafter.
  13. MU Meaningful Use is using certified electronic health record (EHR) technology to: Improve quality, safety, efficiency, and reduce health disparities.
    • Engage patients and family.
    • Improve care coordination, and population and public health.
    • Maintain privacy and security of patient health information.
  14. NPP Notice of Privacy Practices, the HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice that provides a clear, user-friendly explanation of individuals' rights with respect to their personal health information and the privacy practices of health plans and health care providers.
  15. OCR Office of Civil Rights is an organization within the U.S. Department of Health & Human Services (HHS) that investigates health information privacy and patient safety confidentiality complaints to decide if a discriminatory act or a violation of law has occurred and takes action to resolved issues identified during the investigation process.
  16. PQRS Physician Quality Reporting System is a quality reporting program that encourages individual eligible professionals (EPs) and group practices to report information on the quality of care to Medicare.
  17. QAPI Quality Assurance (QA) and Performance Improvement (PI) is the merger of two complementary approaches to quality
  18. RAC created by congress, the Recovery Audit (RAC) program helps CMS identify proper payments made by Medicare and Medicaid.
  19. SRA Security Risk Analysis. In accordance with 45 CFR 164.308(a)(1), the purpose of the SRA is to have a corrective action plan in place to address deficiencies, then to document any updates and improvements that were made as part of your subsequent SRA submission.
  20. TPO treatment, payment, and health care operations. The HIPAA Privacy Rule permits a covered entity may, without the individual's authorization, to use or disclose protected health information for its own treatment, payment, and health care operations activities.