Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Weekly eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!
EMAIL ADDRESS



Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!
COMPLIANCE

Fraud recoveries grow as feds target telemedicine and COVID-19 add-on test scams

Despite the COVID-19 pandemic and continued sequestration of enforcement funds, the federal Health Care Fraud and Abuse Control Program (Program) reversed recent trends and recovered more money in FY 2020 than it had the year before. In fact, recoveries for the year reached nearly $3.1 billion, the highest return since 2016. Here’s a briefing for medical office managers on the July 14 OIG report and what it says about the current state of federal health care fraud enforcement. ROI increases for second year in a row The Program was created as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) under the joint direction of the Attorney General and HHS Secretary, acting through the OIG, to coordinate federal, state and local law health care fraud and abuse… . . . read more.

CYBERSECURITY

Healthcare data breaches hit a new high in first half of 2021

While healthcare data breaches have become an all-too-common occurrence, the problem seems to be getting worse. According to the HHS’ Office for Civil Rights (OCR), there have already been 360 federally reported data breaches involving health information in the first half of 2021, the highest total for the first six months of a year since the government began tracking this data over a decade ago. Protected health information of nearly 23 million patients have been exposed as a result of this breach-fest. By comparison, there were 270 reported breaches involving 8 million patients in all of 2020. The breaches are getting bigger  The OCR tracks breaches across all industries. But, as in past years, healthcare was the number one culprit in the first half of 2021, accounting for 162, or… . . . read more.

HIPAA

Could your organization’s website reveal your HIPAA non-compliance?

By Danika Brinda Did you know that your organization’s website can reveal to the world that you are out of compliance with HIPAA? A quick look at your organization’s website could reveal to a HIPAA auditor that your organization is struggling with HIPAA compliance. Wondering what I am referring to? The Notice of Privacy Practices! The regulations state that your organization must ensure that the most current version of your Notice of Privacy Practices is posted on the organization’s website (if one exists). Here is the specific language of the regulations: CFR 164.520(c)(3)(i) – A covered entity that maintains a website that provides information about the covered entity’s customer services or benefits must prominently post its notice (of privacy practices) on their website and make the notice available electronically through their website. Go… . . . read more.

COMPLIANCE

New HHS policy makes your office potentially liable for LGBTQ discrimination

While it doesn’t directly relate to billing and reimbursement, federal civil rights laws have an impact on certain aspects of healthcare operations. These laws ban your office from discriminating on the basis of protected personal characteristics, including sex. So, compliance managers need to be aware that on May 10, the Department of Health and Human Services (HHS) issued an important bulletin affecting how the ban on sex discrimination will be enforced from now. Specifically, sex discrimination will go beyond just a person’s sex or gender but also their sexual orientation and/or gender identity. Here’s a rundown of the law and how it might affect your operations. Federal Discrimination Law, 101 The U.S. Civil Rights Act of 1964 makes it illegal to discriminate in different aspects of public activity, including employment and… . . . read more.

TOOL

HIPAA compliance checklist

Having a complete HIPAA compliance program is important to your organization. Run through this HIPAA compliance checklist to see if you have your foundation of HIPAA compliance in place and easily retrievable. HIPAA Policies and Procedures HIPAA privacy policies, procedures, and forms HIPAA security policies, procedures, and forms HIPAA Breach Notification policy and procedure Most recent Notice of Privacy practices Privacy officer’s job responsibilities and contact information Security officer’s job responsibilities and contact information HIPAA workflows and evidence of compliance Most recent HIPAA Risk Analysis Most current HIPAA risk mitigation/risk management documentation Business Associate agreements with list of Business Associates Workforce HIPAA training, periodic HIPAA updates, HIPAA training log Password policies by system Workstation security practices (anti-virus, password requirement, password timeframes, workstation use, etc.) HIPAA documentation specific to the organization… . . . read more.

HIPAA

New OCR data shed light on the costs of privacy noncompliance

HIPAA enforcement isn’t nearly as fat a cash cow as enforcement of False Claims Act (FCA) and other healthcare fraud laws is, it still takes a lot of money out of the pockets of providers and into the hands of the federal government. But tracking the economics of HIPAA enforcement is tough because the government doesn’t publish data on HIPAA recovery amounts the way it does with the FCA. However, new data from the HHS Office of Civil Rights (OCR) has recently emerged that offers some rare insight into the dollars and cents of HIPAA enforcement over the past two decades. Here are some of the key figures, which encompass April 2003, when HIPAA first began being enforced, through 2020: $129,722,482: Total amount of civil penalties and settlements collected by… . . . read more.

How to keep your email compliant with HIPAA

By Ron Slyker bio If you are a medical office manager, you have more than likely heard the term “HIPAA compliance.” Most relate it to the protection of patient health information (PHI) within the office, but HIPAA compliance extends beyond internal communications. Ensuring email is HIPAA compliant is one of the most overlooked components of HIPAA compliance. A common misunderstanding is that an email is secure when you are sending it. Nevertheless, if the right protective layers are not configured, this is not the case. HIPAA compliant email communication is a necessity in today’s technical environment. Encryption Email Encryption is almost always mandatory to be HIPAA Compliant. Simply put, when an email is encrypted, the contents are masked to everyone but the recipient. There are two types of encryption: Transport… . . . read more.

COVID-19

What do I say to patients who ask about my team’s vaccination status?

By Paul Edwards bio As vaccinations continue to be distributed to more and more members of the American workforce, one of the recurring questions we are getting concerns how to respond to patients who ask about whether or not your team has been vaccinated. Patients might pose this question over the phone before their scheduled appointment, or might ask it to one of your employees during their visit. Your employees’ health information is protected In response to such a question, it’s important to remember that your employees’ personal health information is protected in just the same way as your patients’ health information. Therefore, it is generally not a good idea to offer information to your patients that might expose any of your employees’ inability (or unwillingness) to get vaccinated. If… . . . read more.

COMPLIANCE

What medical office managers need to know about HIPAA

By Jordan MacAvoy bio The Health Information Portability and Protection Act (HIPAA) was enacted in 1996. The regulation stipulates standards that healthcare organizations and vendors must adhere to when it comes to patients’ protected health information (PHI). HIPAA-beholden organizations must secure their PHI for them to gain compliance status. Healthcare organizations and their vendors must appoint a HIPAA manager to oversee the implementation of the compliance program. If your organization has any HIPAA obligations and you get selected for this role, you should be aware of those regulations and what they mean to your business. Here’s what you should know as an office manager. Who are the covered entities? “Covered entities” refer to health insurers, healthcare providers, and any other professional individuals/organizations that handle patients’ medical information in the course… . . . read more.

Telecommuting

Cybersecurity risks rise when medical admin staff work from home

By Ron Slyker The number of people who work from home has slowly increased from year to year. In 2020 that number skyrocketed as companies including medical offices were forced to implement telecommuting policies. Making the transition from traditional office to home office has brought some challenges, but arguably the most challenging aspect of the process has been maintaining cybersecurity. Now in 2021 the need for remote worker security is more important than ever. Keep yourself safe with network security assessments Employees who work from home are more susceptible to cyber threats than employees who work in the office. The reason is businesses can afford enterprise-level cybersecurity services. The average home not only does not have access to this level of security but may also lack basic security measures. When working from… . . . read more.


(-0)