Rx for practice management
|
|
- Ira Stanley
- 8 years ago
- Views:
Transcription
1 Rx for practice management Summer 2015 How to avoid data breaches in your practice Going boutique? How concierge services can work for your practice Paths to practice success in a value-based market Exploring the ins and outs of outsourcing the billing function Mount Arlington Office Newton Office
2 How to avoid data breaches in your practice id you know that the three most common ways that a data breach occurs D are theft (29% of all breaches), hacking (23%), and accidental public access or distribution (20%)? Over half of all data breaches occur in health care entities. Health data is more valuable to thieves than credit card information because it can be used to access bank accounts and obtain prescriptions for controlled substances. 2 Minimizing the threat The steps for minimizing, or preventing entirely, breaches of patient data are well established. They start with identifying all areas of potential vulnerability. This includes overall security for the practice s premises, records and equipment. Computers must be protected by adequate electronic security for protected health information (PHI). Devices that carry PHI must be encrypted, including desktops, laptops, tablets, smartphones, memory sticks and centralized servers. Loss or theft of such devices is one of the most common breach risks, and encryption is the best defense. The best practices already have many defensive measures in place. Still, breaches can sneak through and it s prudent to plan in advance how the practice will respond. So, how can you ensure your practice is safe? First, you need to train all practice staff on how to protect PHI, using HIPAA-compliant policies. That means restricting open discussion of patient PHI among staff members. Your practice should also audit or test physical, electronic, and procedural security policies regularly including the steps that will be taken if a breach occurs. Last, insure your practice against the high costs that can flow from a breach. The best practices already have most of these defensive measures in place. Despite them, breaches can sneak through and it s prudent to plan in advance how the practice will respond. Act quickly if a breach occurs The actions taken in the first 24 hours after a breach is recognized can influence how the government and your patients view you. It s critical to minimize the damage. The first step is to keep the situation from getting worse. If the practice is found guilty of willful neglect, it will face higher civil money penalties. If an employee appears to be mishandling patient data or inappropriately distributing it, that person may have to be suspended or denied access to the data. If the breach involves criminal activity, the police must be notified. If the protected information has been placed on the Internet, it must be removed. In addition, failing to respond promptly to a breach by one of your business associates may be attributed to the practice.
3 After the initial damage has been contained, assess the gravity of the breach. Contact an attorney experienced in advising health entities and their HIPAA obligations. Together, you will carry out the four-part risk assessment described in the HIPAA Breach Notification Rule to determine whether PHI was truly compromised. The four elements of that assessment are 1) the nature and extent of the PHI involved, 2) the person or party to whom the PHI was exposed, 3) whether the PHI was actually acquired or viewed, and 4) the extent to which the risk has been mitigated. If you conclude that PHI was compromised, numerous others must be notified of the fact. Federal law requires it, and many states have data breach laws that impose additional requirements. If more than 500 patient records have been breached, you must inform the HHS and be prepared to notify local media, as required by the HIPAA Security Rule. Notifying patients The greatest challenge is likely to be breaking the news to patients. The basic message should be candid. State what happened, what steps already have been taken, and what steps will be taken in the future. Quickly notify all staff and business associates of the breach, and prepare them for the questions they ll receive from patients in the coming weeks by phone, and in person. The questions will be in response to a letter sent to all patients whose PHI was compromised. Legally, you have 60 days to send this letter. But it s best to send it within 10 days. Train staff on how to address patient questions Start by appointing certain staff to answer questions. Train them on how to handle calls, helping them with a list of answers to frequently asked questions. Next, implement new security measures to patch the holes that allowed the breach to occur. The HHS will want to know what s being done to prevent it from happening again. This Ouch! Breaches can be expensive In 2012, Phoenix Cardiac Surgery was required to pay the HHS a $100,000 settlement after it posted clinical and surgical appointments on a publicly accessible, Internet-based calendar. The investigation into the practice also found that it had few procedures to comply with HIPAA, limited protections for patients electronic health information, no documentation of staff training on security policies and procedures, no conduct of a risk analysis, and no appropriate agreements with business associates. The practice was required to implement a corrective action plan that included a review of recently developed policies and other actions it would take to come into legal compliance. likely will involve new policies and physical and electronic controls, as well as privacy and security training for employees. Document all actions Next, prepare for an investigation by the Office for Civil Rights. This process can take as long as a year. And document all actions taken and new preventive changes introduced. Be sure to keep a copy of your risk assessment. Looking ahead Once you ve gone through the entire process, draw up a plan for future incidents. Based on lessons learned from the current breach, designate who will be responsible for monitoring possible breaches in the future. Finally, contact your health care advisor. He or she can help you work through the red tape. x 3
4 Going boutique? How concierge services can work for your practice oncierge services provide physicians with C the time to truly know their patients and treat each one individually. It s a great way to personalize a patient s care, and it allows doctors to get away from the daily grind of medicine and get more in touch with their patients. So, it s no wonder that boutique services continue to pop up. Offering premium services In a concierge practice, patients pay an annual retainer or subscription fee of between $1,500 to $5,000 (for an individual) and $3,500 to $8,000 (for a couple), depending on the services received. Those services might include immediate and 24/7 access to physicians via phone, or personal visits. They can also sport same- or next-day appointments, and an emphasis on wellness, prevention and health counseling. Beyond that, the practice can offer whatever premium services its patients desire and are willing to pay for: spa-like amenities and décor, house calls and out-of-office care, and telephone or consultations, for example. There s a caveat, however. The concierge fee doesn t and can t apply to clinical services for which third-party reimbursement may be sought from Medicare or private payers. The practice can either: 1) continue to perform the third-party billing function for its patients, or 2) forgo that responsibility entirely, leaving it up to patients to deal with their insurers. There are risks to the concierge model. Once patients remit their annual fees, be aware that they ll have virtually unlimited access to you and your physicians at any time. A substantial investment may be necessary to get started. You ll likely want a redesigned office space, for instance, along with staff retraining for greater customer sensitivity and new EMR capabilities for enhanced follow-up. Because your practice will want to get the word out about its concierge services, you ll also incur some marketing expenses. It can take one or two years to build up the patient volume to turn a significant profit. The benefits for your practice Once a concierge practice becomes fully operational with satisfactory patient flow, several benefits could begin to emerge. You may be able to downsize your existing coding and billing staff, potentially cutting payroll expenses. And with a smaller daily patient volume, you may need fewer front desk staff. Plus, moving to the concierge model often lets physicians focus on areas of medicine about which they re truly passionate. 4
5 new practice format will continue to bill third-party payers or operate as a totally direct-pay operation. In addition, research patient demographics and the local market to see if there s sufficient demand with the necessary financial resources to participate. Next, determine which noninsured services and amenities you ll offer and whether you ll need additional training for staff and physicians. You ll also need to calculate the monthly or annual fee/ retainer that you ll charge patients to cover costs for the new services. Of course, there are risks to the concierge model. Once patients remit their annual fees, be aware that they ll have virtually unlimited access to you and your physicians at any time. Above all, you ll be solely accountable for the fiscal welfare of the practice. How to transition to a concierge practice If the notion of a concierge practice interests you, do your homework before making the switch. For example, ask your physicians whether they re willing to adapt to a more interactive relationship with patients. You ll also need to decide whether the Be prepared Make sure you set a timetable for initiation and phase-in of the new format. And communicate with patients about the transition via letters, s, phone calls, office visits or focus groups. Also, ascertain how to handle existing patients who won t convert to the new practice model. Finally, create marketing materials and launch a campaign. Work with your advisors Your health care advisor can help you with the entire process. So make sure you get him or her on your team. x Paths to practice success in a value-based market t s no secret that health care reimbursement I is moving from a volume-based model to a value-based paradigm. Unfortunately, this is a transformational change for which most practices aren t prepared. The goal of value-based care Value-based care incorporates an array of clinical initiatives, delivery models, and provider payment methodologies involving bonuses and penalties. The goal is to align cost, quality and outcome measures. Participating successfully in these initiatives and models requires different capabilities and resource commitments. Supporting value-based care The recent 2014 Survey of U.S. Physicians by Deloitte Center for Health Solutions asked physicians to rank the most important work-related resources and capabilities they needed to support value-based care. The top results were: x Expanded clinical support capability, x Information technology tools, 5
6 x Access to nonphysician staff, x Access to the latest medical equipment and facilities, x Ability to negotiate third-party payer contracts, x Access to more patients, and x Access to capital. It s true that physician practices don t have control over all these elements. But, it is possible to narrow them down to a handful of critical success factors. Success factors Physicians need clinical and technical support to take a balanced, end-to-end approach to delivering quality care while also competing on value. This typically takes the form of care coordination, care pathways, registry access and patient engagement tools that often are available from partners, such as hospitals, health systems and health plans. Physicians need clinical and technical support to take a balanced, end-to-end approach to delivering quality care while also competing on value. Integrated health information technology (HIT) can enable physicians to more effectively treat patients and manage risk. Using EHR data and analytics, high-risk patients can be identified and actively managed. Physicians can test which actions/interventions best improve quality, cost, and health outcomes. HIT also allows them to communicate, share, coordinate and engage seamlessly with multiple clinicians for improved care management. In a value-based care environment, physicians benefit from enhanced business management and organizational skills that facilitate evaluating contracts, leading care coordination activities and managing partner relationships. These can be learned through formal courses and on-the-job training. Financial and clinical risks Transparent governance structures with trusted decision-making procedures help allocate financial and clinical risks among all parties involved. If accountability standards are set for caregivers at each stage of care, physicians will feel confident of receiving credit for their contributions. Giving physicians influence over setting performance goals may help address their concerns over fairness. Payment models As physicians prepare to practice more value-focused medicine, they can expect to encounter variations of four types of payment models: 1. Shared savings arrangements where a physician is rewarded if patients have better-than-average quality/cost outcomes, and penalized if they don t, 2. Per-patient-per-month capitation payments covering physician-related services, or global capitation payments covering costs of pharmacy, hospital, and other services, as well as physicianrelated services, 3. Bundled payments consisting of a single payment for all the services around a particular patient s treatment or episode of care paid to a physician, physician group, or hospital for redistribution to individual clinicians, and 4. Fee-for-service payments combined with a monthly care coordination fee. The bottom line Work with your advisors to take a balanced, end-to-end approach to delivering quality care while also competing on value. x 6
7 Practice notes Exploring the ins and outs of outsourcing the billing function hysician practices wrestle frequently with P the decision about whether to outsource their billing processes. It can be hard to balance the pros and cons. What s good for one practice might not work for another. So, whether you want to improve the billing practices within your practice or are looking for a vendor who can raise the output of your revenue cycle management, the answers to certain questions can lead to a better decision about outsourcing those functions. Key questions How does your practice billing and collection metrics compare with industry standards? Do you believe your billing and collection procedures and systems would benefit from upgrades? Have you accepted the need for more investment in your revenue cycle technology but lack the necessary capital? Do you know where to allocate your limited resources to maximize net revenue? Are your billing and collection operations keeping up with the practice s growth? Reimbursement models and payer requirements are evolving constantly. So be sure your revenue cycle processes and technology are up to the challenge. For example, is your practice able to keep up with changing compliance and payer policies? Have you had difficulty recruiting and retaining qualified billing and collections staff? Do staff members spend too much time trying to resolve denied claims? And last, do you have any concerns about misappropriation of funds or fraudulent billing? If the answers to many of these questions are affirmative, consider subcontracting billing and collection functions to an outside vendor. Third-party billing This function should offer several flexible, valuebased contracting options in which payments are tied to the practice revenue results achieved. In addition, the services it offers should be tailored to the practice s structure and requirements. Solutions in the vendor s package should function seamlessly with each other across the practice s revenue cycle. Look for a vendor that employs a full staff with experience in all phases of revenue cycle management, as well as the related technology. Its services should comply with HIPAA and support both ICD-10 and Meaningful Use in all stages. The vendor s operations should include the ability to electronically process the submission of claims and remittances, and the use of credit cards. As an added feature, the arrangement should allow the practice access to all its billing data, up-to-date reporting and analytics competencies. Finally, through the outsourcing contract, the vendor should assume responsibility for resolving claims denials. It s worth the effort Finding a billing vendor that meets these criteria will be worth the effort when it pays off in reduced costs and improved revenue cycle performance. x This publication is distributed with the understanding that the author, publisher and distributor are not rendering legal, accounting or other professional advice or opinions on specific facts or matters, and, accordingly, assume no liability whatsoever in connection with its use RXsu15 7
8
The switch to ICD-10: Are you ready?
healthcare insider Spring 12 The switch to ICD-10: Are you ready? The switch from ICD-9 to ICD-10 for diagnosis and inpatient procedure coding becomes a requirement on October 1, 2013. That gives private
More informationPreparing for the inevitable: The path to physician success in a value-based world
Preparing for the inevitable: The path to physician success in a value-based world Perspectives from the Deloitte Center for Health Solutions 2014 Survey of U.S. Physicians Executive summary The evolution
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationHIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality
HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.
More informationHow to Avoid Medicare Penalties in 2013 - A Physician Practice Consolidation
practice management advisor Spring 2013 When two become one Understanding the ins and outs of physician practice consolidation How to avoid Medicare penalties in 2013 Safeguarding your practice from Medicare
More informationHIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.
HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationRx for practice management
Rx for practice management Spring 2015 Are you ready for the next step? The ins and outs of Stage 2 meaningful use Dissension in the ranks How to knock out physician conflicts Compensating providers for
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationWhat Every Medical Practice Must Do to Optimize Workflow and Maximize Revenue While Decreasing Costs
What Every Medical Practice Must Do to Optimize Workflow and Maximize Revenue While Decreasing Costs Don t just trust that your staff is maximizing time and revenue. It is up to you to monitor, analyze
More informationThe Financial Case for EHR/RCM Integration. White Paper. The Power of Clinically Driven Revenue Cycle Management. Presented by
The Financial Case for EHR/RCM Integration The Power of Clinically Driven Revenue Cycle Management White Paper Presented by The Financial Case for EHR/RCM Integration The Power of Clinically Driven Revenue
More informationSecuring Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing
More informationMedical Information Breaches: Are Your Records Safe?
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationHIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com
HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationHIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013
Office of the Secretary Office for Civil Rights () HIPAA Enforcement Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services December 18, 2013 Presentation Overview s investigative
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationEarly Lessons learned from strong revenue cycle performers
Healthcare Informatics June 2012 Accountable Care Organizations Early Lessons learned from strong revenue cycle performers Healthcare Informatics Accountable Care Organizations Early Lessons learned from
More informationNEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The
More informationSafeguard Your Hospital. Six Proactive Best Practices to Improve Healthcare Data Security
Safeguard Your Hospital Six Proactive Best Practices to Improve Healthcare Data Security April 2015 A Piece of Paper Can t Cause that Much Harm. Or Can It? Imagine a piece of paper arriving at ABC Hospital
More informationHIPAA compliance audit: Lessons learned apply to dental practices
HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationHIPAA/HITECH: Conditional Access Management for Business Performance. Mark Seward, Director Security and Compliance Solutions Marketing
HIPAA/HITECH: Conditional Access Management for Business Performance Mark Seward, Director Security and Compliance Solutions Marketing Agenda HIPAA compliance problems (a review for most) EHR access issues
More informationWhat do you need to know?
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationELECTRONIC MEDICAL RECORDS. Selecting and Utilizing an Electronic Medical Records Solution. A WHITE PAPER by CureMD.
ELECTRONIC MEDICAL RECORDS Selecting and Utilizing an Electronic Medical Records Solution A WHITE PAPER by CureMD CureMD Healthcare 55 Broad Street New York, NY 10004 Overview United States of America
More informationHIPAA Compliance Manual
HIPAA Compliance Manual HIPAA Compliance Manual 1 This Manual is provided to assist your efforts to comply with the federal privacy and security rules mandated under HIPAA and HITECH, specifically as said
More informationUpcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies?
Upcoming : How Prepared and Confident are Medical Practices and Billing Companies? - Presented by NueMD a complete medical billing and practice management software solution company has partnered with Porter
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationDocument Imaging Solutions. The secure exchange of protected health information.
The secure exchange of protected health information. 2 Table of contents 3 Executive summary 3 The high cost of protected health information being at risk 4 The compliance officer s dilemma: keeping PHI
More informationYOUR HIPAA RISK ANALYSIS IN FIVE STEPS
Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE
More informationDecember 2014. Federal Employees Health Benefits (FEHB) Program Report on Health Information Technology (HIT) and Transparency
December 2014 Federal Employees Health Benefits (FEHB) Program Report on Health Information Technology (HIT) and Transparency I. Background Federal Employees Health Benefits (FEHB) Program Report on Health
More informationpractice management advisor
practice management advisor Winter 2013 It s time to start thinking about Stage 2 Meaningful Use Office staff overworked? Take the load off by outsourcing certain tasks Why patients change doctors and
More informationHIPAA WEBINAR HANDOUT
HIPAA WEBINAR HANDOUT OCR Enforcement Tools Voluntary corrective action Resolution Agreement and Payment CMPs Referral to DOJ for criminal investigation Resolution Agreements Contract signed by HHS and
More informationAre You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives
Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationThe HIPAA Audit Program
The HIPAA Audit Program Anna C. Watterson Davis Wright Tremaine LLP The U.S. Department of Health and Human Services (HHS) was given authority, and a mandate, to conduct periodic audits of HIPAA 1 compliance
More informationArizona Physicians Group To Pay $100,000 To Settle HIPAA Charges
Cynthia Marcotte Stamer Board Certified Labor and Employment Law Texas Board of Legal Specialization Primary Telephone: (214) 452-8297 24-Hour Telephone (469) 767.8872 Addison Telephone (972) 588.1860
More informationHosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE
Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationGreenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013
Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies
More informationOCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationOCR Reports on the Enforcement. Learning Objectives
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationBusiness Associates and HIPAA
Business Associates and HIPAA What BAs need to know to comply with HIPAA privacy and security rules by Dom Nicastro White paper The lax days of complying with privacy and security laws are over for business
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationBest Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP
Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII
More informationHealthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014
Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Agenda Introduction / Session Overview HIT Budgeting 101 Security and Compliance EHR budgeting HIT Where Are We Going Q & A 2 Copyright
More informationHealth Care Management Advisor
Health Care Management Advisor Summer 2014 Into (and out of) the breach: Cyber insurance to the rescue? Tips on how to mind your profit margins How to improve your hospital s health with IT investments
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationMedicare Fraud, Waste, and Abuse Training for Healthcare Professionals 2010-2011
Medicare Fraud, Waste, and Abuse Training for Healthcare Professionals 2010-2011 Y0067_H2816_H6169_WEB_UAMC IA 11/22/2010 Last Updated: 11/22/2010 Medicare Requirements The Centers for Medicare and Medicaid
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationSecurityMetrics Business Associate HIPAA compliance program
SecurityMetrics Business Associate HIPAA compliance program IS YOUR PHI SAFE? Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More informationEasing the Burden of Healthcare Compliance
Easing the Burden of Healthcare Compliance In This Paper Federal laws require that healthcare organizations that suspect a breach of sensitive data launch an investigation into the matter For many mid-sized
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationHIPAA Risk Assessments for Physician Practices
HIPAA Risk Assessments for Physician Practices Eric Sandhusen Corporate Compliance Director and Privacy Officer Lloyd Torres Director of Ambulatory HIM DISCLAIMER The statements and opinions presented
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationHealthcare Information Security Today
Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare
More informationTHE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationStrengthening Medicare: Better Health, Better Care, Lower Costs Efforts Will Save Nearly $120 Billion for Medicare Over Five Years.
Strengthening Medicare: Better Health, Better Care, Lower Costs Efforts Will Save Nearly $120 Billion for Medicare Over Five Years Introduction The Centers for Medicare and Medicaid Services (CMS) and
More informationReporting of HIPAA Privacy/Security Breaches. The Breach Notification Rule
Reporting of HIPAA Privacy/Security Breaches The Breach Notification Rule Objectives What is the HITECH Act? An overview-what is Protected Health Information (PHI) and can I protect patient s PHI? What
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationHow modern technology helped a multi-location orthopedic group boost financial results and reporting
CASE STUDY How modern technology helped a multi-location orthopedic group boost financial results and reporting CORE Orthopaedic Medical Center (CORE) has delivered outstanding orthopedic care to patients
More informationHIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT. and. Health Information Technology for Economic and Clinical Health Act.
HIPAA/ HITECH HEALTH INSURANCE PORTABILITY and ACCOUNTABILITY ACT Health Information Technology for Economic and Clinical Health Act Revised 4/4/14 1 Your Accountability Quality Care Compliance Reputation
More informationDisclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)
HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute
More informationSOOKASA WHITEPAPER HIPAA COMPLIANCE. www.sookasa.com
SOOKASA WHITEPAPER HIPAA COMPLIANCE www.sookasa.com Demystifying HIPAA Compliance in the Cloud Healthcare s challenges There s no shortage of signals that the healthcare industry is under pressure: To
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationAnnual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance. For Calendar Years 2009 and 2010
Annual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance For Calendar Years 2009 and 2010 As Required by the Health Information Technology for Economic and Clinical Health (HITECH)
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
More informationHIPAA COMPLIANCE PLAN FOR 2013
HIPAA COMPLIANCE PLAN FOR 2013 Welcome! Presentor is Rebecca Morehead, Practice Manager Strategist www.practicemanagersolutions.com Meaningful Use? As a way to encourage hospitals and providers to adopt
More informationChief Information Officer
Chief Information Officer The CIO leads the Information Technology Department maintaining the function of SETMA s electronic health record. The CIO is responsible for: 1. Maintaining the functions of SETMA
More informationI n t e r S y S t e m S W h I t e P a P e r F O R H E A L T H C A R E IT E X E C U T I V E S. In accountable care
I n t e r S y S t e m S W h I t e P a P e r F O R H E A L T H C A R E IT E X E C U T I V E S The Role of healthcare InfoRmaTIcs In accountable care I n t e r S y S t e m S W h I t e P a P e r F OR H E
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationMeeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel
Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Questions Answers 1 Is a Business Associate (BA) responsible for assuming a Covered
More informationExecutive Memorandum No. 27
OFFICE OF THE PRESIDENT HIPAA Compliance Policy (effective April 14, 2003) Purpose It is the purpose of this Executive Memorandum to set forth the Board of Regents and the University Administration s Policy
More informationEnterprise Analytics Strategic Planning
Enterprise Analytics Strategic Planning June 5, 2013 1 "The first question a data driven organization needs to ask itself is not "what do we think?" but rather "what do we know? Big Data: The Management
More information10 Tips for Embracing a HIPAA-Compliant Cloud. by Asaf Cidon, CEO of Sookasa
10 Tips for Embracing a HIPAA-Compliant Cloud by Asaf Cidon, CEO of Sookasa Communication between doctors and patients keeps getting easier as technology provides more and more opportunities for sharing
More informationEvergreen Solutions Lowering the cost of EHR ownership
Evergreen Solutions Lowering the cost of EHR ownership As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the
More informationMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
More informationInternet Malware Threats for School and Students
FIVE THINGS YOUR SCHOOL NEEDS TO KNOW ABOUT CYBERPROTECTION. Introduction As malware grows at an alarming rate, IT budgets are freezing and shrinking. Educational institutions are often forced into the
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationServices. Hospital Solutions: Integrated Healthcare IT and Business Process Solutions that Achieve Breakthrough Results
Services Hospital Solutions: Integrated Healthcare IT and Business Process Solutions that Achieve Breakthrough Results Hospital Solutions Overview Hospital Solutions Backed by more than 20 years of strength
More informationNOTICE OF PRIVACY PRACTICES. The University of North Carolina at Chapel Hill. UNC-CH School of Nursing Faculty Practice Carolina Nursing Associates
NOTICE OF PRIVACY PRACTICES The University of North Carolina at Chapel Hill UNC-CH School of Nursing Faculty Practice Carolina Nursing Associates THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU
More information