Follow Us Become a Fan of Practice Manager Solutions on Facebook Follow Rebecca on Twitter Follow Rebecca on LinkedIn Practice Manager Solutions on LinkedIn Practice Manager Solutions on GooglePlus Practice Manager Solutions RSS Feed

« | Home | »

5 Common Issues Arising from a Security Risk Analysis

January 16, 2013

According to the Centers for Medicare and Medicaid Services (CMS), as of June 2012, they have paid over $1 billion to eligible professionals who have attested to Meaningful Use. That represents payments to over 55,000 physicians in 2011 and 2012. One of the congressional requirements of these bonus payments is post-payment auditing of hospitals and eligible professionals who attested that they met the requirements for those payments. As we’ve already seen, medical practices across the country have been receiving audit letters. In fact, one of our own clients recently received an audit letter after attestation.

EMR SecurityWhat’s the secret to protecting your medical practice from a Meaningful Use audit? Audits are random, so there’s no way to avoid an audit if your name is selected. You can however ensure that you can stand in front of an auditor with all of the appropriate answers to their questions and documentation proving that the core objectives were met.

This confidence starts by ensuring that you are completely truthful when attesting to Meaningful Use. Do not answer yes to any measure that you are not embracing 100%! Much of the audit focus (and resulting penalties) is on the security of electronic patient protected health information. That boils down to Core Measure #15 – Conduct a thorough Security Risk Assessment.

Your Security Risk Assessment will undoubtedly identify issues requiring follow up. You cannot answer ‘yes’ to Core Measure #15 unless you put together a plan for addressing those identified issues. Risks do not have to be resolved prior to attestation; however, you must have specific action steps documented prior to attestation. Here are a few common themes that arise during an effective Security Risk Assessment:

  1. Your biggest security leak comes from your workforce. Be sure that your staff is properly trained to protect your electronic patient information. CMS recommends that staff should be trained annually. Here are just a few issues you should address with your team:
    • Ensure that everyone in the practice understands the importance of protecting patient security. This includes logging out of computers when you leave your desk, ensuring that doors to the practice are not left propped open, covering patient information when someone comes to your workstation, etc.
    • Make sure that every staff member has his/her own unique username and password and that they do not share this information. This will allow you to create an audit trail and customize access to information on a need to know basis.
    • Many medical practices have a secure network within the office which provides protection when accessing data within that network. But, if you or your team access data from outside the secure network using devices such as Smartphones, tablet PCs or even a laptop over WIFI at the local coffee shop, that data is most likely not secure.[For more information about workforce training visit http://practicemanagersolutions.com/hipaa-security-workforce-training/

  2.  With the transmission of electronic patient data to a variety of providers, encryption is the key to ensuring that data cannot be accessed by any unintended recipient. This is particularly important for information that is sent by email.
  3. Do you have a reliable back-up power supply? You must have an emergency back-up plan that describes how to protect and access patient data in the event of a power outage.
  4. Are your policies documented in a HIPAA Compliant Policy Manual? If you are ever audited, an up-to-date compliance manual is a very good way to demonstrate your security plan and the policies that support patient data security.
  5. Are you ensuring that any sub-contractors who have access to patient data are aware of patient security issues; and do you have an up-to-date Business Associate Agreement in place with them?

 

Share and Enjoy:

Topics: EHR Incentive, HIPAA Security Policies, Meaningful Use | No Comments »

Comments

Rebecca on Twitter

Using Your Credit Card at Walmart May Cause Denial of Your Business Loan!

With recent changes in credit laws and lending guidelines, more and more doctors and dentists are asking questions regarding their credit scores and looking for solutions to obtain financing for their medical practice. The answer lies in optimizing their FICO credit score and developing business credit for their practice, separate from their personal credit. By optimizing their FICO credit score, doctors and dentists can not only increase their ability to get approved for financing, but also save money by lowering their interest rate. It’s important for practitioners to recognize that the FICO scoring model is actually an algorithm or a […]

KEEP READING »

From My Clients

“I have known Rebecca for the past 10 years, both professionally and personally, through our association in Sage Healthcare EMR implementation projects and as a consultant to NIIT Healthcare Technologies. I can attest to her outstanding professionalism and healthcare industry & practice knowledge. Her management support services are invaluable to her clients. Rebecca takes a personal interest in all she does and demonstrates a continual upbeat and positive attitude that is contagious to those around her. Her “go above and beyond approach” leads to complete client satisfaction. I would recommend Rebecca without reservation.”

Kathy Monnett, NIIT Healthcare Technologies


Online Payment Solution