June 26, 2013
You know – I’m asked ‘How often should I perform my security risk assessment in my practice?’ and the answer to that is the risk assessment should be performed periodically and for most practices periodic means annually. If you are doing it for the first time for Meaningful Use Core Measure #15, then you would carry through and annually – that would start your annual testing and analysis and you would do that every year thereafter to meet compliance standards in accordance with your policies. In addition to that, when something changes – you have a technical change such as a new system, router, server, or something changes in your technical setup of your system, computer systems, or electronic records system – when something changes, you want to perform another risk analysis at that time to determine if there is any risk to be mitigated there.
June 12, 2013
Business associates must complete the same HIPAA compliance steps as their covered entity. Watch our video tip below for more details about what’s needed to meet the requirements.
June 5, 2013
While helping medical Practice Managers with HIPAA security risk assessments, I have noticed that many small, independent medical practices are struggling with the costs in time, money and staff to be compliant with all the HIPAA regulations. Unlike large healthcare organizations, a small practice does not have the dedicated privacy and security staff to handle the implementation of HIPAA requirements, but they are subject to the same huge fines and penalties that result if they fail to protect their patient’s health information from a security breach.
To help our clients better manage the cost of compliance, we are now able to offer a HIPAA compliance membership site called PrivacyPro™. This is a cost-effective, do-it-yourself approach that allows member practices to monitor their own compliance using the latest technology through a secure, password-protected web portal.
Through PrivacyPro™ Practice Managers can perform their own annual Security Risk Assessment and Workforce Training; with the peace of mind that there is always an experienced, HIPAA security specialist within reach to provide guidance and support. All members of PrivacyPro™ receive assistance in setting up the system. Ongoing support and an option to have a compliance specialist maintain the system for the medical practice is also available for an additional fee. Other features of PrivacyPro™ include HIPAA privacy and security templates, Business Associate tracking, HIPAA training materials for workforce training needs and wrongful disclosure tracking.
With the September 23 deadline fast approaching, PrivacyPro™ can help Practice Managers and administrators to accomplish the monumental task of HIPAA compliance with much less cost and no intervention or outsourcing unless you choose additional support. This is even an affordable option for Business Associates who must meet the same regulatory requirements as covered entities by the September 23rd deadline.
To learn more about PrivacyPro™, the Physician Office HIPAA Compliance program, please call Practice Manager Solutions at 866-492-0481 or visit the PrivacyPro™ page at http://practicemanagersolutions.com/take-control-of-your-hipaa-compliance-program/.
May 1, 2013
Last week we had another great group of practice managers for our HIPAA Compliant Policy Writing Intensive workshop. One of the side benefits of getting different practices together in one setting is to find out what their challenges are and share some of the issues they’re facing. A couple of questions came up that involved data security, specifically data transmitted by email:
How do I securely email when I don’t have a patient portal yet?
My patients are trying to email protected information to me. How do I stop that and give them a secure way to send their information?
Back in February we did a post on QuickDrop which allows users to securely send and receive files of any size and type on mobile devices such as tablets and smartphones. Today I’d like to tell you about a product called Enlocked which specifically addresses the email security issue.
Enlocked is a secure cloud-based messaging service that allows medical practices to communicate with patients via encrypted email. There are two ways for patients to view messages with Enlocked: 1) they can download an encryption app to decode emails, or 2) they can be sent a message letting them know that they have an email that they can view via Enlocked’s secure website. Enlocked is promoted by Physician’s Practice and is just one of many new ways that the IT industry is helping medical practices to be HIPAA compliant. Learn more about Enlocked on their website at https://www.enlocked.com/Home.html.