Physicians engaging in compliance with standards established by the Health Insurance Portability and Accountability Act face uphill battles at their practices. Regulatory updates and technological advances shift faster than most facilities can evolve internal processes, leaving a wake of challenges to navigate with each transition.
It’s the 21st century, and we are all dependent on our electronic devices to help us with our everyday tasks… probably more so than we should be. Regardless, it’s important that you manage these devices properly. Today we’re going to run through a list of items you may not have thought about. Whether the practice or the employee owns the device, these controls need to be applied to meet HIPAA requirements. How to manage those pesky devices:
Editor’s note: At the end of 2014, we conducted a survey of small practices and billing companies on HIPAA compliance. When we asked respondents from medical practices if they had conducted a HIPAA-required risk analysis, only 33% said they had done one. Interestingly, the risk analysis required by HIPAA is very similar to the analysis required for Meaningful Use. In this post, Robert Peterson of ACR2 Solutions discusses inner workings of a Meaningful Use risk analysis.
My fiancée and I just returned from Spain. We had left our phones at home, as the purpose of this trip was to spend a few weeks focusing on one another while planning our future together and enjoying Spanish cuisine. Without a cell phone to distract our minds we spent the whole trip holding hands while perusing the markets during the day and enjoying the sunsets by night. At night, our faces were not glued to an iPhone screen, but rather absorbed in one another’s eyes throughout late dinners. When we got into bed, there was no temptation to seek a new Facebook post to troll.
Last week we spoke about choosing a HIPAA Security Officer. This week we are writing about how to identify your Business Associates and what are your responsibilities as a Covered Entity.
Being on the verge of a giant explosion of mobile technology in healthcare, it is wise for us to be mindful of what we will be collecting and analyzing. In the end, the primary goal is keeping people healthy and it will likely be a challenge to not get caught up in the buzz of gadgets or the sea of numbers, some of which will likely be completely unnecessary. Let’s explore some of the challenges ahead for adopting meaningful big data usage in healthcare.
Patient portal has been a buzzword in health technology for a few years now. Their popularity continues to increase, especially with the help from Meaningful Use Stage 2 requirements. An internet application that allows communication between patients and providers, patient portals offer a wealth of potential for increasing patient involvement in their healthcare. Notably, patients can access lab results, pay bills, access appointment notes, send/receive messages from the physician, and schedule visits. Eventually the applications will become commonplace, but who is using them right now?
This week we are talking about formulating your HIPAA Compliance Plan. First, why do you need a HIPAA Compliance Plan? This Plan will tell your employees, Business Associates and patients (and HHS, if they should come calling) how you secure Protected Health Information (PHI). Just as important is effectively communicating the plan to your staff.
In late 2014 NueMD released a study on HIPAA compliance in medical practices and billing companies. The survey indicated that 36% of medical practices weren’t aware there were updates to the HIPAA Law and only 38% were confident that their practice was actively implementing HIPAA compliance.
A recent survey of HIPAA compliance conducted by NueMD revealed a startling range of knowledge and compliance with HIPAA. Even though HIPAA has been around since 1996 and was updated to include the HITECH Act modifications in 2009, many medical practices revealed they were unaware of the full scope of HIPAA requirements, did not necessarily understand what they did know, or have not implemented full compliance programs.