Follow Us Become a Fan of Practice Manager Solutions on Facebook Follow Rebecca on Twitter Follow Rebecca on LinkedIn Practice Manager Solutions on LinkedIn Practice Manager Solutions on GooglePlus Practice Manager Solutions RSS Feed

Take Control of Your HIPAA Compliance Program

« | Home | »

Yes, Practice Manager, I’m Going on Record

November 15, 2012

I’m ending this year by going on record about Meaningful Use attestation – particularly Core Measure #15. Anyone who has worked with me knows that I am continually reminding practice managers who have or are attesting to Meaningful Use that you can’t just attest that you’ve met the criteria of each core measure – you must actually do what you say you’ve done. So, now I’m putting it in writing. I’ve said it before and I’m going to say it one more time:

  1. If you’re attesting to Meaningful Use Core Measure #15 – Conduct a Security Risk Assessment on your EHR system – you must actually complete the Security Risk Assessment. If you haven’t completed it, then DO NOT attest.
  2. It’s not enough to just conduct the Security Risk Assessment, you must also identify potential risks and create a plan for mitigating those risks.
  3. Your plan is worth nothing more than the piece of paper it is printed on unless you work through the list of corrective actions to ensure that every vulnerability in your system is identified and addressed.
  4. Addressing risks is not a one time and you’re done project. You must continually assess your EHR to identify potential future points of risk. You must have a plan for continuous review, maintenance and auditing activity logs.
  5. Have your Security Risk findings been incorporated into your HIPAA Compliance Manual? If not, then the intent of Core Measure #15 has not been fully completed. Update your policy manual with your processes and procedures. Be sure to include your plan for continuous review. A fully documented HIPAA Security Compliance Manual is one of your best defenses in the event of an audit.
  6. Has your workforce been trained? Your workforce is your #1 leak to HIPAA non-compliance. Without proper training, they have the potential to harm your practice either intentionally or unintentionally. This is a requirement under the HIPAA Security Rule.
  7. Finally, DO NOT attest if you haven’t conducted a thorough and effective Security Risk Assessment and gone the extra steps to incorporate the findings into your policies. Plain and simple. You could be committing fraud or worse willful neglect and open your practice to potential corrective action costs and/or fines.

I am here with resources to help you get each and every step of this process completed. In the event of an audit, I can help you with corrective actions, but I can’t help you stand in front of an auditor and explain why you didn’t do what you said you did. If you haven’t yet downloaded our HIPAA Security Risk Checklist, visit our website and download our FREE HIPAA Security Rule and Meaningful Use resources at www.practicemanagersolutions.com. Contact me at info@practicemanagersolutions.com today so we can make sure your practice is protected.

Share and Enjoy:

Topics: EHR Incentive, HIPAA Security Policies, Meaningful Use | No Comments »

Comments

Rebecca on Twitter

Transforming Diabetes for Your Patients’ Health: a conversation with Mary Costa and Nancy Ferris – Podcast 101

Mary Costa, a Registered Nurse and Certified Diabetes Educator is also the president and CEO of “Transform Your Diabetes Health”.  Nancy Ferris is a Lifestyle Breakthrough coach who specializes in helping individuals create maximum health and wellness.  As guests on the show, they explain their new site www.tydh.org which is offering ongoing education for diabetic patients and giving healthcare providers the educational tools and resources to support patients with diabetes. Mary Costa, a Registered Nurse and Certified Diabetes Educator has worked for one of the largest HMO’s in the country for nearly 30 years. She works exclusively with Adults who have diabetes: consulting, […]

KEEP READING »

From My Clients

“From our Facebook page:

The mission and vision at Practice Manager Solutions is to help individual providers stay independent and have the ability to grow their businesses.

Charlotte Rogers commented: And I can testify to this. She does an awesome job”

Charlotte Rogers


Online Payment Solution