Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
“Insider Tips To Make Your Medical Practice Run
Faster, Easier And More Profitably”
brainlink HIPAAStorm
Get More Free Tips, Tools, and Services At My Web Site: www.RajGoel.com
For many medical practices, the default answer is “more of the same”.
That’s also the wrong answer.
In November 2011
NIST (National Institute of Standards and Technology) released the
HIPAA Security Rule toolkit The Joint Commission (JCAHO) issued guidance stating health care
professionals should not use text messaging for orders
US Dept of Health and Human Services (HHS) released updated
HIPAA enforcement highlights
In 2011/2012
UCLA Health System, Cignet and Mass General paid sizeable, and
precedent setting penalties.
HHS conducted joint raids with FTC, State Attorney Generals and US
Postal Service Inspectors that led to scores of arrests.
The HHS wall of shame grew significantly larger.
Several small medical practices were fined for HIPAA violations
In the past 12 months, we
Conducted an in-depth HIPAA compliance audit for a major RHIO
Assisted several IT firms in conducting IT Security and Compliance
audits for their clients
Educated several thousand CISSPs in Privacy and Security
challenges with Cloud Computing Provided Ethics CLE and CPE training to several hundred attorneys
and accountants
If you haven’t had an HIPAA Security Rule mandated Information
Security Compliance Audit within the past 24 months, let’s talk.
If you have questions about what your employees, contractors and
Business Associates can and cannot do, with patient data, let’s talk.
If you have questions about HIPAA, PCI-DSS, GLBA, RED FLAG or
other compliance issues, call me at 917-685-7731 or email
- Raj Goel, CISSP
Catherine Patsos, Esq
“As a business owner, you don’t have
time to waste on technical and
operational issues. That’s where we
shine! Call us and put an end to your
IT problems and HIPAA/HITECH
compliance challenges!”
Volume V, Issue V May 2012
New York, NY
Inside This Issue…
What does 2012 hold for HIPAA/HITECH
Compliance?.........................................Page 1
New Year’s Eve Burglary Triggers Medical
Records Firm’s Bankruptcy…………..Page 2
$100,000 Fine Levied on Physician
Group…………………………………Page 2
In Honor Of Mother’s Day …………..Page 3
Learn from the BC/BS of Tennessee HIPAA
breach………………………………....Page 3
How To Detect Privacy Breaches…… Page 4
EHR Meaningful Use Stage 2 A High
What does 2012 hold for HIPAA/
HITECH compliance?
How To Detect Privacy Breaches
Just like your patients need routine checkups,
your computers and other devices can also use
a good sweeping from time to time.
For only $599 per office or location, we will
have a trained expert perform a “Preliminary
Network Exam” of your computers and
networks to detect privacy and security
violations. For only $599, we’ll come onsite
to perform a system maintenance check to:
Detect hidden spyware
Check your privacy settings, firewall
and network security
Perform various system checks and
maintenance to speed up your
computer and network
Block annoying pop-up ads and
check your online security settings
Check for system errors, conflicts, or
other problems
Verify your data backups
Normally we charge $995 for this maintenance
service, but it’s yours for only $599. But you
have to hurry…this special is only good
through the end of May, so call today!
917-685-7731
Page 4
EHR Meaningful Use Stage 2 A High Priority for HHS – Are You Prepared?
By Catherine G. Patsos, Esq.
Earlier this year, the Department of Health and Human Services (HHS) cited EHRs as
one of the agency’s top priorities in its regulatory agenda for 2012. Yet according to a
recent study released by Computer Services Corporation (CSC), many providers are
not ready to meet the recently proposed requirements of Stage 2 Meaningful Use
(MU).
In its regulatory agenda, HHS states that it “continues to encourage health care
providers to become meaningful users of health information technology by
accelerating health IT adoption and promoting electronic health records to help
improve the quality of health care, reduce cost, and ultimately, improve health
outcomes.”
According to the CSC study, however, eligible providers (EPs) either deferred or were
exempted from several Stage 1 MU requirements. Many of these requirements related
to improving care coordination and patient involvement, which are measures that will
likely be required for Stage 2 MU. Specifically, medication reconciliation, providing
patients with access to electronic health information and providing summary records at
transitions in care were among the requirements most often deferred by EPs.
Some of the biggest challenges for EPs in Stage 2 will be allowing patients to review
and download their electronic health information and transmitting summary-of-care
records at transitions of care. According to the CSC study, only 12% and 24%,
respectively, were prepared to fulfill these requirements. There has also been much
criticism of the proposed Stage 2 requirement that at least 10% of patients view their
own electronic health information, because fulfilling this requirement is not within
providers’ control.
The CSC study recommends that providers not wait until the Stage 2 final rule is
issued to begin to operationalize Stage 2 MU requirements, particularly with regard to
engaging patients and coordinating care. Specifically, the CSC study cites three areas
in which providers should begin building capabilities:
1) Providing patients access to electronic health information;
2) Establishing means to communicate with patients electronically; and
3) Exchanging patient information at transitions of care.
The CSC study can be accessed at http://assets1.csc.com/health_services/
downloads/CSC_Moving_Ahead_with_Stage_2_of_Meaningful_Use.pdf.
Catherine Patsos is a health care attorney with extensive experience in representing health care providers.
She concentrates her practice in health care reimbursement, regulatory and compliance matters, and fraud and abuse issues. For more information, visit www.healthcarelawllc.com.
Brainlink International, Inc.
87-90 118 Street
Richmond Hill, NY 11418
Get More Free Tips, Tools and Services at www.RajGoel.com or call me at 917-685-7731
Page 2 Page 3
HIPAA In The News
New Year’s Eve Burglary Triggers Medical Records Firm’s Bankruptcy
Still think HIPAA compliance is strictly for the big guys?
Still think your small medical practice or medical billing business is safe from hackers, criminals and litiga-
tors?
From the Wall Street Journal:
The New Year’s Eve burglary of a California office building has led to the collapse of a national medical
records firm.
Impairment Resources LLC filed for bankruptcy Friday after the break-in at its San Diego headquarters led
to the electronic escape of detailed medical information for roughly 14,000 people, according to papers filed
in U.S. Bankruptcy Court in Wilmington, Del. That information included patient addresses, social security
numbers and medical diagnoses.
Police never caught the criminals, and company executives were required by law to report the breach to state
attorneys general and the Department of Labor’s Office of Inspector General. Some of those agencies, in-
cluding the Department of Labor, are still investigating the matter, the company said in court papers.
- http://blogs.wsj.com/bankruptcy/2012/03/12/burglary-triggers-medical-records-firm%E2%80%99s-collapse/ _______________________________________________________________________________________
$100,000 Fine Levied on Physician Group If your company needs another reminder that policies and procedures, risk assessments, documentation and
training are critical elements for HIPAA compliance programs, we have another corrective action plan – and
monetary fine – that should be utilized as a “teachable moment” for health care providers and business asso-
ciates alike.
Phoenix Cardiac Surgery, P.C. has agreed to pay a $100,000 fine and implement a corrective action plan un-
der a Resolution Agreement with the U.S. Department of Health and Human Services (HHS) Office for Civil
Rights (OCR) after a lengthy investigation into potential violations of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) Privacy and Security Rules.
OCR investigated the physician practice following a report that it had been posting clinical and surgical ap-
pointments on a publicly accessible Internet-based calendar. OCR’s investigation, dating back to 2003,
found that Phoenix Cardiac Surgery had failed to implement sufficient policies and procedures to appropri-
ately safeguard patient information. OCR also concluded that the physician practice did not adequately doc-
ument employee training on the Privacy and Security Rules, identify a security official, conduct a risk analy-
sis, or obtain satisfactory assurances in business associate agreements with Internet-based calendar and email
providers. In a press release announcing the Phoenix Cardiac Surgery settlement, OCR Director Leon Rodri-
quez expressed the agency’s hope that health care providers “pay careful attention” to the Resolution Agree-
ment and the expectation that all providers, “no matter the size,” fully comply with the Privacy and Security
Rules.
- http://www.jdsupra.com/post/documentViewer.aspx?fid=28efff74-2781-485c-b366-d75563ca0e8f
The Lighter Side…
In Honor Of
Mother’s Day
A mother is a person who, seeing there are only four pieces of pie for five people, promptly announces she never did care for pie. ~Tenneva Jordan Being a full-time mother is one of the highest salaried jobs in my field, since the payment is pure love. ~Mildred B. Vermont A suburban mother's role is to deliver children obstetrically once, and by car forever after. ~Peter De Vries The phrase "working mother" is redundant. ~Jane Sellman The moment a child is born, the mother is also born. She never existed before. The woman existed, but the mother, never. A mother is something absolutely new. ~Rajneesh Some mothers are kissing mothers and some are scolding mothers, but it is love just the same, and most mothers kiss and scold together. ~Pearl S. Buck .
Google’s New Privacy Policy: What You Need To Know .On March 1st, Google implemented a new, unified privacy policy that affects
the browsing history and information Google has on you, both past and present.
Prior to this change, your Google history of the searches you made and sites you
visited was not shared with Google's other services, particularly advertisers.
Naturally, Google is one of the biggest media and marketing companies in the
world, and your preferences and search information is pure gold from a
marketing standpoint. Marketers armed with that information would know
exactly what products and services to display to you as you use the search
engine.
However, your search history can reveal a lot about you including details on
your location, interests, age, sexual orientation, religion, health concerns and
more. If you want to keep Google from combining your web history with the
data they have gathered about you in their other products, such as YouTube or
Google Plus, you may want to remove all items from your web history and stop
your web history from being recorded in the future. To do this, sign into your
Google Account and go to the “History” section, then select “Remove All
History.”
Of course, clearing the web history in your Google account will not prevent
Google from gathering and storing your preferences, searches and information
and using it for internal purposes. It also does not change the fact that any
information gathered and stored by Google could be obtained and used against
you by law enforcement.
With web history enabled, Google will keep these records indefinitely; with it
disabled, they will be partially anonymized after 18 months, and certain kinds of
uses, including sending you customized search results, will be prevented. This
brings up a whole other topic of what kind of information should you post about
yourself (or store) online.
If you would like to learn more about how to protect yourself, your kids and
employees from Social Media, then watch the video at http://
www.RajGoel.com/blog/what-to-teach-your-kids-employees-and-interns-about-
social-media/
Learn from the Blue Cross Blue Shield of Tennessee HIPAA breach
In March 2012, BCBS of Tennessee agreed to pay $ 1.5M for HIPAA data
breaches. BCBSoTenn failed to encrypt hard drives containing voicemail files.
Is YOUR medical practice encrypting hard drives and flash drives embedded
within
Laptops
Desktops
Servers
Copiers
Voice Mail systems
And other smart systems
The settlement is available at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/
examples/resolution_agreement_and_cap.pdf.
Get More Free Tips, Tools, and Services At: www.RajGoel.com Get More Free Tips, Tools, and Services At: www.RajGoel.com