Follow Us Become a Fan of Practice Manager Solutions on Facebook Follow Rebecca on Twitter Follow Rebecca on LinkedIn Practice Manager Solutions on LinkedIn Practice Manager Solutions on GooglePlus Practice Manager Solutions RSS Feed

« | Home | »

Attestation Period Begins Today for 2013 Meaningful Use – Are You Ready?

October 3, 2013

Today is the beginning of the 90-day attestation period for Meaningful Use in 2013 which can be reported by February of 2014. Are you ready? If you are an eligible medical provider, you could qualify for incentive payments for Meaningful Use but not if you miss the deadline. To get started, I’ve put together a couple of tips that will help you achieve this goal.

meaningfuluseEveryone I work with knows that I am continually reminding anyone who has or is attesting to Meaningful Use that you can’t just attest that you’ve met the criteria of each measure – you must actually do what you say you’ve done – and most importantly be able to prove that you have met that criteria. To that end, here are some facts you’ll want to consider. You may have seen these warnings from me before but they are worth repeating.

  1. If you’re attesting to Meaningful Use Core Measure #15 – Conduct a Security Risk Assessment on your EHR system – you must actually complete the Security Risk Assessment. If you haven’t completed it, then DO NOT attest.
  2. It’s not enough to just conduct the Security Risk Assessment; you must also identify potential risks and create a plan for mitigating those risks.
  3. Your plan is worth nothing more than the piece of paper it is printed on unless you work through the list of corrective actions to ensure that vulnerabilities in your system are identified and addressed. Click to learn more about our Security Risk Assessment resource.
  4. Addressing risks is not a ”one time and you’re done” project. It is an evergreen project. You must continually assess your EHR and systems that use or access ePHI to identify potential future points of risk. Have a plan in place for continuous review, maintenance and corrective action.
  5. Have your Security Risk findings been incorporated into your HIPAA Compliance Manual? If not, then the intent of Core Measure #15 and most importantly the Omnibus Rule, has not been fully completed. Update your policy manual with your Security Risk Assessment findings and corrective actions. Be sure to include in your plan a continuous review timeframe. A fully documented HIPAA Security Compliance Manual is one of your best defenses in the event of an audit. A fully documented compliance manual addresses both HIPAA Privacy and HIPAA Security Policies and Procedures.
  6. Has your workforce been trained? Your workforce is your #1 leak to HIPAA non-compliance. Without proper training, they have the potential to harm your practice either intentionally or unintentionally by leaking information. Click here for helpful On Site Workforce Training resource.
  7. Finally, DO NOT attest (Did I say that already?) if you haven’t conducted a thorough and effective Security Risk Assessment and gone the extra steps to incorporate the findings into your policies. Plain and simple. You could be committing fraud and open your practice to potential corrective action costs and/or fines. Click here for Security Checklist.

 

As always, I am available to help you check this list of Meaningful Use attestation criteria off your list of things to do. Check out the links to helpful resources that I’ve included above and for more personalized help, you can contact me at info@practicemanagersolutions.com .

Share and Enjoy:

Topics: HIPAA Security Policies, Meaningful Use, Security Risk Assessment | No Comments »

Comments

Rebecca on Twitter

The Hidden Liability That Could Bite Your Physicians Hard

Few practice managers are aware that their retirement plan could hold one of the largest personal financial risks in their practice. To understand why, you need to learn the term “fiduciary.” A fiduciary is someone in a special position of trust on whom others rely. On a qualified retirement plan like a 401(k), 403(b) or cash balance plan, fiduciaries are those involved in decisions on the plan, including the plan trustees, committee members and usually the CEO, CFO and head of H.R. As practice manager, you may also be a fiduciary. One fiduciary is always named in the plan document, […]

KEEP READING »

From My Clients

“I have known Rebecca for the past 10 years, both professionally and personally, through our association in Sage Healthcare EMR implementation projects and as a consultant to NIIT Healthcare Technologies. I can attest to her outstanding professionalism and healthcare industry & practice knowledge. Her management support services are invaluable to her clients. Rebecca takes a personal interest in all she does and demonstrates a continual upbeat and positive attitude that is contagious to those around her. Her “go above and beyond approach” leads to complete client satisfaction. I would recommend Rebecca without reservation.”

Kathy Monnett, NIIT Healthcare Technologies


Online Payment Solution