October 18, 2012
I see a trend among Practice Managers that is troubling me – many of them don’t want to take responsibility for any regulatory compliance issues. Instead, they’re looking for the easy way out with a “tell me what to do” mentality. Health care is not a “check box” profession. A doctor can run through a list of possible symptoms and questions but, to be really effective, he has to listen to his patients’ responses with caring and sensitivity to pick out the nuances that may lead to proper diagnoses and treatments. The same can be said for compliance with HIPAA regulations for patient Privacy and Security.
If, as the Practice Manager, you are also the Security Office at your medical practice, then you are the ONE person who is responsible for ensuring that you are appropriately protecting your patients’ e-PHI. You cannot rely on checklists downloaded from the Internet to help you meet regulatory compliance. Yes, you can use that checklist to identify the areas you need to address, but you must take responsibility to thoroughly examine, diagnose and treat any potential failures in your electronic patient information systems. You need to reach out and get the education you need to do this job well.
I see many practices attesting to Meaningful Use using a “check box’ mentality. They say things like: “My EMR vendor is taking care of my Security Risk Assessment.” This is just not possible. Practices go through the steps to attest, but they don’t put the systems in place to continue to follow the MU core measures. If you’re using an Electronic Medical Record, then your technology is completely documenting everything you are doing with your patients. If you intentionally or unintentionally breach that record, then the error will be forever documented. And, now that audits have begun, those errors can have big penalties.
So take the time to seek out resources, answers and support so that you have a well-documented compliance file that supports each and every attestation point on the CMS site. Demonstrate that appropriate systems are in place to maintain your EMR meaningful use by revising or creating policies that support the core measures.
There is a trend in America away from taking personal responsibility. Telling an auditor that ‘you didn’t know’ is not an appropriate defense. It puts you in the role of victim. There’s no power in being a victim. You have to be willing to take responsibility, stand up for your decisions and be confident that you are in control of your work product.
One of my mentors, David Neagle, says: “The way you do one thing is the way you do everything.” Don’t you want your story to be one of strength, effectiveness, personal responsibility and character?
Share and Enjoy: