Follow Us Become a Fan of Practice Manager Solutions on Facebook Follow Rebecca on Twitter Follow Rebecca on LinkedIn Practice Manager Solutions on LinkedIn Practice Manager Solutions on GooglePlus Practice Manager Solutions RSS Feed

« | Home | »

Yes, Practice Manager, I’m Going on Record

November 15, 2012

I’m ending this year by going on record about Meaningful Use attestation – particularly Core Measure #15. Anyone who has worked with me knows that I am continually reminding practice managers who have or are attesting to Meaningful Use that you can’t just attest that you’ve met the criteria of each core measure – you must actually do what you say you’ve done. So, now I’m putting it in writing. I’ve said it before and I’m going to say it one more time:

  1. If you’re attesting to Meaningful Use Core Measure #15 – Conduct a Security Risk Assessment on your EHR system – you must actually complete the Security Risk Assessment. If you haven’t completed it, then DO NOT attest.
  2. It’s not enough to just conduct the Security Risk Assessment, you must also identify potential risks and create a plan for mitigating those risks.
  3. Your plan is worth nothing more than the piece of paper it is printed on unless you work through the list of corrective actions to ensure that every vulnerability in your system is identified and addressed.
  4. Addressing risks is not a one time and you’re done project. You must continually assess your EHR to identify potential future points of risk. You must have a plan for continuous review, maintenance and auditing activity logs.
  5. Have your Security Risk findings been incorporated into your HIPAA Compliance Manual? If not, then the intent of Core Measure #15 has not been fully completed. Update your policy manual with your processes and procedures. Be sure to include your plan for continuous review. A fully documented HIPAA Security Compliance Manual is one of your best defenses in the event of an audit.
  6. Has your workforce been trained? Your workforce is your #1 leak to HIPAA non-compliance. Without proper training, they have the potential to harm your practice either intentionally or unintentionally. This is a requirement under the HIPAA Security Rule.
  7. Finally, DO NOT attest if you haven’t conducted a thorough and effective Security Risk Assessment and gone the extra steps to incorporate the findings into your policies. Plain and simple. You could be committing fraud or worse willful neglect and open your practice to potential corrective action costs and/or fines.

I am here with resources to help you get each and every step of this process completed. In the event of an audit, I can help you with corrective actions, but I can’t help you stand in front of an auditor and explain why you didn’t do what you said you did. If you haven’t yet downloaded our HIPAA Security Risk Checklist, visit our website and download our FREE HIPAA Security Rule and Meaningful Use resources at www.practicemanagersolutions.com. Contact me at info@practicemanagersolutions.com today so we can make sure your practice is protected.

Share and Enjoy:

Topics: EHR Incentive, HIPAA Security Policies, Meaningful Use | No Comments »

Comments

Rebecca on Twitter
  • Does Your EHR Allow for Easy Customization?

    We want to thank Mark Shriro, Marketing Director of Jag Products, LLC  for providing us with this very valuable and interesting article. As your medical or behavioral healthcare practice evolves, your EHR software must adapt to changes in your workflow and documentation.  With most software solutions, that process can take many months because it relies on the vendor’s programmers to understand and implement your requests – often at considerable expense to you.   Some programs even restrict users to predefined templates and terminology. If it’s almost impossible for you to tailor your current software so it meets your exact needs, it […]

    KEEP READING »

From My Clients

“(As a consultant)...You make my work easy.”

Jim LaMar, Alliance Solutions Group


Online Payment Solution