Follow Us Become a Fan of Practice Manager Solutions on Facebook Follow Rebecca on Twitter Follow Rebecca on LinkedIn Practice Manager Solutions on LinkedIn Practice Manager Solutions on GooglePlus Practice Manager Solutions RSS Feed

« | Home | »

Attestation Period Begins Today for 2013 Meaningful Use – Are You Ready?

October 3, 2013

Today is the beginning of the 90-day attestation period for Meaningful Use in 2013 which can be reported by February of 2014. Are you ready? If you are an eligible medical provider, you could qualify for incentive payments for Meaningful Use but not if you miss the deadline. To get started, I’ve put together a couple of tips that will help you achieve this goal.

meaningfuluseEveryone I work with knows that I am continually reminding anyone who has or is attesting to Meaningful Use that you can’t just attest that you’ve met the criteria of each measure – you must actually do what you say you’ve done – and most importantly be able to prove that you have met that criteria. To that end, here are some facts you’ll want to consider. You may have seen these warnings from me before but they are worth repeating.

  1. If you’re attesting to Meaningful Use Core Measure #15 – Conduct a Security Risk Assessment on your EHR system – you must actually complete the Security Risk Assessment. If you haven’t completed it, then DO NOT attest.
  2. It’s not enough to just conduct the Security Risk Assessment; you must also identify potential risks and create a plan for mitigating those risks.
  3. Your plan is worth nothing more than the piece of paper it is printed on unless you work through the list of corrective actions to ensure that vulnerabilities in your system are identified and addressed. Click to learn more about our Security Risk Assessment resource.
  4. Addressing risks is not a ”one time and you’re done” project. It is an evergreen project. You must continually assess your EHR and systems that use or access ePHI to identify potential future points of risk. Have a plan in place for continuous review, maintenance and corrective action.
  5. Have your Security Risk findings been incorporated into your HIPAA Compliance Manual? If not, then the intent of Core Measure #15 and most importantly the Omnibus Rule, has not been fully completed. Update your policy manual with your Security Risk Assessment findings and corrective actions. Be sure to include in your plan a continuous review timeframe. A fully documented HIPAA Security Compliance Manual is one of your best defenses in the event of an audit. A fully documented compliance manual addresses both HIPAA Privacy and HIPAA Security Policies and Procedures.
  6. Has your workforce been trained? Your workforce is your #1 leak to HIPAA non-compliance. Without proper training, they have the potential to harm your practice either intentionally or unintentionally by leaking information. Click here for helpful On Site Workforce Training resource.
  7. Finally, DO NOT attest (Did I say that already?) if you haven’t conducted a thorough and effective Security Risk Assessment and gone the extra steps to incorporate the findings into your policies. Plain and simple. You could be committing fraud and open your practice to potential corrective action costs and/or fines. Click here for Security Checklist.

 

As always, I am available to help you check this list of Meaningful Use attestation criteria off your list of things to do. Check out the links to helpful resources that I’ve included above and for more personalized help, you can contact me at info@practicemanagersolutions.com .

Share and Enjoy:

Topics: HIPAA Security Policies, Meaningful Use, Security Risk Assessment | No Comments »

Comments

Rebecca on Twitter
  • Patient Portal Adoption – A Case Study

    You might get some great ideas from one of my clients, an Endocrinology Specialist, from the experience they had with converting their patients to a patient portal. They were already using an Electronic Health Record (EHR) system, but were still mailing lab results to their patients. They were anxious to reduce expenses by implementing Secure Messaging through a patient portal. This case study has all the details including: Description of their process before the conversion Process they went through to convert their patients Results of the conversion Benefits of adopting a patient portal You might be surprised at the outcome […]

    KEEP READING »

From My Clients

“We could not have accomplished what we have without you...You are worth every penny we have paid.”

CEO, Cardio & Vascular Institute


Online Payment Solution