• Follow Us

• Categories

  • Business Coaching
  • Call Center
  • Chat Time
  • Management
  • Meaningful Use
  • Outsourcing
  • Patient Satisfaction
  • Practice Revenue
  • Reform
  • Solution Blog
  • Staff Relations
  • Thought Processes

• Recent Posts

  • Meaningful Use Tip – You Must Update Policies & Procedures Before Attesting to Meaningful Use
  • Happy Valentine’s Day
  • Outsourcing Can Take the Burden Off Already Stretched Resources – An Interview with Jackie Alfonso of BACTES
  • Practice Manager Survey Results – Impact of Meaningful Use and Electronic Health Record Implementation
  • Are Providers in Need of a Line of Credit to Face Upcoming Challenges?

• Tags

  5010 accounts receivable attestation collection process David Neagle doctors documentation electronic health record employees Facebook goal setting healthcare consulting HIPAA ICD-10 increase revenue interviewing leadership listening meaningful use meaningful use deadlines media medical manager medical office medical practice medical practice management office manager Overwhelm Patient Relations patient satisfaction policies and procedures POMAA PQRI practice management practice manager practice marketing strategies practice operations practice policies provider Reform security social media staff turnover Stin Hansen success Twitter
• 

  

  

« Know Your Medical Practice Risks – Meaningful Use 15 | Home | Secrets to Registering and Attesting for Meaningful Use »

Your Policies and Procedures Are Incomplete If They Don’t Include a Security Risk Management Process

January 12, 2012

Patient privacy and confidentiality of medical records is protected by the department of Health & Human Services through the HIPAA Security Rule. And, if your practice is using Electronic Health Record technology (EHR) and/or attesting to Meaningful Use, well-documented Policies and Procedures are at the heart of the HIPAA Security Rule Administrative Guidelines.

The very first Administrative Standard refers to the prevention, detection, containment and correction of any security violations. As we’ve discussed over the last few weeks, if you are attesting to Meaningful Use, Measure 15 outlines the requirement of a security risk analysis that addresses potential security gaps and provides clear direction on managing and preventing security risks. Furthermore, this security management process must be documented and contained within the practice’s P&Ps. These P&Ps will assist you in meeting compliance standards and protecting you in the event of an audit.

We have developed a checklist to guide practices in a review and update of their P&Ps to ensure that they address all of the HIPAA Security Rule Standards. You can download a copy of this document on our website at www.practicemanagersolutions.com.

Beyond the requirements of the HIPAA Security Rule, P&Ps are important in establishing clear expectations of how various stakeholders interact with your practice. They guide you in the day-to-day operation of the practice including instructing staff members on how to perform various functions, establishing patient guidelines for everything from missed appointments to insurance payments, and give the practice manager objective means for evaluating and managing the effectiveness of the practice.

If you haven’t looked at your P&Ps lately, now is a good time to not only incorporate and/or update your security management process, but also determine how effectively they reflect the reality of your practice management. A good P&Ps manual will include at a minimum the following sections:

Patient & Staff Safety

Patient and staff safety is a primary concern in the medical practice.  Policies and procedures should exist for:

• Cleanliness of exam rooms
• Sterilization of medical equipment
• Availability of protective gear to prevent the spread of infectious disease

Insurance and Billing Procedures

Effective billing procedures will help ensure the financial viability of the practice. A policy should exist informing patients on how the billing process works, including what their responsibilities are in providing payment for services. The staff requires guidelines on how to process medical procedures for insurance payment through proper coding of procedures and effective interaction with insurance companies.  Procedures should exist for the collection of delinquent accounts, resolution of discrepancies and the appropriate write-off of uncollectable debt.

Human Resources Policies

Like any business, your practice has policies that outline employment practices for your staff.  Your P&Ps should clearly describe the policies for items such as:

• Vacation time
• Sick days
• Holidays
• Employment reviews
• Pay raises and pay scales

Administrative Functions

Administrative P&Ps define how the front office interacts with patients. It sets the initial tone for the patient experience. They should cover:

• Days and hours of operation
• After hours calls
• Appointment scheduling
• Maintenance of the waiting room
• Office opening and closing procedures
• Proper hand-off of patients to the medical staff

In summary, Policies and Procedures promote consistency in performance of all functions within the practice. They provide effective communication channels with staff and with patients, as well as third-party stakeholders such as insurance companies and labs. Inclusion of a robust security management process protects you in the event of a Meaningful Use audit. Regular review of your P&Ps should include staff to guarantee they accurately reflect the day-to-day realities of running the practice. A P&P review can guarantee that your communication materials, including your website, contain the most up-to-date policies for patients ensuring a calm and efficient patient experience.

Topics: Meaningful Use | No Comments »

Related Articles:

1. Know Your Medical Practice Risks – Meaningful Use 15
2. The 5 W’s to Implementing the Security Rules for Meaningful Use in Your Practice
3. Creating Practice Policies For Collecting Patient Payments

Comments

Name (required)

Mail (will not be published) (required)

Website