Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Weekly eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!
EMAIL ADDRESS

Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!
You are here: Home / Archives for HIPAA
COMPLIANCE

5 things to do before a HIPPA audit happens to your medical office

January 10, 2022 by

By Jordan MacAvoy The Health Insurance Portability and Accountability Act (HIPAA) was introduced to safeguard sensitive patient data. As expected, a good number of covered entities and business associates are yet to implement the safeguards fully. Most of these healthcare providers, business associates, and organizations that are struggling to implement the compliance guidelines, think that they might not be audited. It might not happen today, but eventually, the Office of Civil Rights (OCR) will get to you. Since you’ve no idea when the OCR will decide to audit your business, the best decision is to prepare for the audit. When the OCR decides to audit your business, they’ll send you an email, and you’ll have 10 business days to compile and provide the relevant documents. Here is how you do… . . . read more.

Tagged With: ,
Patient Privacy

Failure to prevent ransomware attacks exposes healthcare providers to costly negligence lawsuits

December 12, 2021 by

Custodians of personal health information have become a prime target for ransomware attacks. In addition to fines for HIPAA violations, failure to safeguard patient medical information against these threats can lead to liability under state negligence and gross negligence laws, including within the framework of potentially disastrous class action lawsuits. The recent case against national cloud software provider Blackbaud, Inc. offers a useful illustration of potential ransomware liability risks. The Ransomware Attack and Class Action Lawsuit    It’s an all too familiar story. Blackbaud was burned in a two-stage ransomware attack that compromised the private, personal data of many of the medical labs, non-profits and other users of its data management software for fundraising and marketing. A group of 34 downstream customers of those clients whose data was exposed banded… . . . read more.

Tagged With: , ,
COMPLIANCE

Fraud recoveries grow as feds target telemedicine and COVID-19 add-on test scams

August 8, 2021 by

Despite the COVID-19 pandemic and continued sequestration of enforcement funds, the federal Health Care Fraud and Abuse Control Program (Program) reversed recent trends and recovered more money in FY 2020 than it had the year before. In fact, recoveries for the year reached nearly $3.1 billion, the highest return since 2016. Here’s a briefing for medical office managers on the July 14 OIG report and what it says about the current state of federal health care fraud enforcement. ROI increases for second year in a row The Program was created as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) under the joint direction of the Attorney General and HHS Secretary, acting through the OIG, to coordinate federal, state and local law health care fraud and abuse… . . . read more.

Tagged With: , ,
CYBERSECURITY

Healthcare data breaches hit a new high in first half of 2021

August 8, 2021 by

While healthcare data breaches have become an all-too-common occurrence, the problem seems to be getting worse. According to the HHS’ Office for Civil Rights (OCR), there have already been 360 federally reported data breaches involving health information in the first half of 2021, the highest total for the first six months of a year since the government began tracking this data over a decade ago. Protected health information of nearly 23 million patients have been exposed as a result of this breach-fest. By comparison, there were 270 reported breaches involving 8 million patients in all of 2020. The breaches are getting bigger  The OCR tracks breaches across all industries. But, as in past years, healthcare was the number one culprit in the first half of 2021, accounting for 162, or… . . . read more.

Tagged With: , ,
HIPAA

Could your organization’s website reveal your HIPAA non-compliance?

July 8, 2021 by

By Danika Brinda Did you know that your organization’s website can reveal to the world that you are out of compliance with HIPAA? A quick look at your organization’s website could reveal to a HIPAA auditor that your organization is struggling with HIPAA compliance. Wondering what I am referring to? The Notice of Privacy Practices! The regulations state that your organization must ensure that the most current version of your Notice of Privacy Practices is posted on the organization’s website (if one exists). Here is the specific language of the regulations: CFR 164.520(c)(3)(i) – A covered entity that maintains a website that provides information about the covered entity’s customer services or benefits must prominently post its notice (of privacy practices) on their website and make the notice available electronically through their website. Go… . . . read more.

Tagged With: , ,
COMPLIANCE

New HHS policy makes your office potentially liable for LGBTQ discrimination

May 24, 2021 by

While it doesn’t directly relate to billing and reimbursement, federal civil rights laws have an impact on certain aspects of healthcare operations. These laws ban your office from discriminating on the basis of protected personal characteristics, including sex. So, compliance managers need to be aware that on May 10, the Department of Health and Human Services (HHS) issued an important bulletin affecting how the ban on sex discrimination will be enforced from now. Specifically, sex discrimination will go beyond just a person’s sex or gender but also their sexual orientation and/or gender identity. Here’s a rundown of the law and how it might affect your operations. Federal Discrimination Law, 101 The U.S. Civil Rights Act of 1964 makes it illegal to discriminate in different aspects of public activity, including employment and… . . . read more.

Tagged With: , , ,
TOOL

HIPAA compliance checklist

May 14, 2021 by

Having a complete HIPAA compliance program is important to your organization. Run through this HIPAA compliance checklist to see if you have your foundation of HIPAA compliance in place and easily retrievable. HIPAA Policies and Procedures HIPAA privacy policies, procedures, and forms HIPAA security policies, procedures, and forms HIPAA Breach Notification policy and procedure Most recent Notice of Privacy practices Privacy officer’s job responsibilities and contact information Security officer’s job responsibilities and contact information HIPAA workflows and evidence of compliance Most recent HIPAA Risk Analysis Most current HIPAA risk mitigation/risk management documentation Business Associate agreements with list of Business Associates Workforce HIPAA training, periodic HIPAA updates, HIPAA training log Password policies by system Workstation security practices (anti-virus, password requirement, password timeframes, workstation use, etc.) HIPAA documentation specific to the organization… . . . read more.

Tagged With: , , ,
HIPAA

New OCR data shed light on the costs of privacy noncompliance

May 2, 2021 by

HIPAA enforcement isn’t nearly as fat a cash cow as enforcement of False Claims Act (FCA) and other healthcare fraud laws is, it still takes a lot of money out of the pockets of providers and into the hands of the federal government. But tracking the economics of HIPAA enforcement is tough because the government doesn’t publish data on HIPAA recovery amounts the way it does with the FCA. However, new data from the HHS Office of Civil Rights (OCR) has recently emerged that offers some rare insight into the dollars and cents of HIPAA enforcement over the past two decades. Here are some of the key figures, which encompass April 2003, when HIPAA first began being enforced, through 2020: $129,722,482: Total amount of civil penalties and settlements collected by… . . . read more.

Tagged With: ,

How to keep your email compliant with HIPAA

March 12, 2021 by

By Ron Slyker bio If you are a medical office manager, you have more than likely heard the term “HIPAA compliance.” Most relate it to the protection of patient health information (PHI) within the office, but HIPAA compliance extends beyond internal communications. Ensuring email is HIPAA compliant is one of the most overlooked components of HIPAA compliance. A common misunderstanding is that an email is secure when you are sending it. Nevertheless, if the right protective layers are not configured, this is not the case. HIPAA compliant email communication is a necessity in today’s technical environment. Encryption Email Encryption is almost always mandatory to be HIPAA Compliant. Simply put, when an email is encrypted, the contents are masked to everyone but the recipient. There are two types of encryption: Transport… . . . read more.

Tagged With: ,
COVID-19

What do I say to patients who ask about my team’s vaccination status?

February 21, 2021 by

By Paul Edwards bio As vaccinations continue to be distributed to more and more members of the American workforce, one of the recurring questions we are getting concerns how to respond to patients who ask about whether or not your team has been vaccinated. Patients might pose this question over the phone before their scheduled appointment, or might ask it to one of your employees during their visit. Your employees’ health information is protected In response to such a question, it’s important to remember that your employees’ personal health information is protected in just the same way as your patients’ health information. Therefore, it is generally not a good idea to offer information to your patients that might expose any of your employees’ inability (or unwillingness) to get vaccinated. If… . . . read more.

Tagged With: , , , , ,

(-0)