Training for Compliance & HIPAA Privacy and Security

Medical Auditing Solutions LLC launched the Compliance University in September 2011 and is please to announce that for 6 of the programs we have received Continuing Education Credits by Texas Occupational Therapist Association (TOTA) (15 hours) , Texas Board of Professional Counselors (6 hours minimum) , and BOC USA (9.5 hours).

What are you waiting for?  You have to train staff annually on compliance program requirements, fraud and abuse, billing,privacy and security. You have to be able to prove this training was given.  Does your staff have time to develop, track and update?  Did you know the OIG is auditing for these policies, training, sanction checks, and more in 2013 for providers that $5M in annual collections from Medicaid programs?  Did you know that OCR is auditing all types and sizes of healthcare providers from HIPAA privacy and security in 2012 and years to come?  Did you know the state inspector generals and health and human services will be auditing for these policies as well?  We can help you will all aspects of your compliance and HIPAA programs.

These requirements apply to all healthcare providers, DME, home health, physicians, and dental providers.  The size of your business does not matter for HIPAA.  As of  February 2013 for Compliance applies to all as well.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Advertisement

HITECH Compliance & Implementation Tips Happy Hour

Starts:	Wednesday October 27, 2010, 05:30PM CDT
Ends:	Wednesday October 27, 2010, 07:00PM CDT
Event Type:	Conference
Location:	BlackFinn 4440 Beltline Rd Addison, TX  US
Intended for:	Physicians, Office Managers, Information Technology Managers, Privacy Officers, Health Care Attorneys, Owners, Upper Management, Senior Level Management
Industry:	hospital, physician, dental, pharmacy, DME, home health care
RSVP:	kpearson@marjencapital.com or angela@medicalauditingsolutions.com
Organization:	Marjen Technology Group & Medical Auditing Solutions LLC

This event is exclusively for health care providers and health care attorneys due to the content of the program. Please RSVP as seating is limited to 35.

HIPAA HITECH Happy Hour Drink Coupons & Appetizers Provided

We will provide a short presentation on new HITECH HIPAA highlights 6:00pm-6:30pm allowing time for Q&A

Topics:  Meaningful Use, What is Encrypted, and Tips to encryption without breaking the bank

Speakers:   Karen Pearson & Raj Croager Marjen Technology Group

Angela Miller Medical Auditing Solutions LLC

There will be prizes worth showing up for such as a new WatchGuard firewall that protects PHI before it leaves and Consulting Certificates.

MARJEN Technology Group is a privately held technology services company located in Arlington, Texas, bringing over two decades of experience to Dallas/Fort Worth area businesses.  Our mission is to bring enterprise class technology and services, at affordable prices, to small and medium size businesses.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Security Tips to help with HITECH Compliance

Here are some tips for added security, but this is not a substitute for using an IT person, who is familiar with HITECH/Red Flag Regulations.  Remember, encryption prevents the need to report disclosures to HHS and avoids penalties.  These are not the only solutions, so no matter what it is crucial to find encryption solutions.  These are the ones I have implemented although I rarely have more than a patient name in reports and do not have more than a patient name or account number in audit reports. 

Prior to starting any process and for your business sanity, ensure you have a current backup of your system.  Remember, onsite backup should have enough “disks” to rotate for several weeks.  Also they do need to be replaced periodically because they can fail after they have been used repeatedly.  There are many free or inexpensive options for offsite and automatic backups including Carbonite, Mozy, Amazon S3, Rackspace and others.  The Jungledisk interface which backs up to Amazon’s S3 or Rackspace is an automatic backup that is thoughtless and has saved my butt many times. These also permit you a second “drive” that can function as a network drive if you need to work on a document while you are away from your office; although you do need internet access.

Security software can be vastly expensive and still not catch viruses.  I use AVG for small business which is about $50/year.  AVG has a firewall plus I have a network firewall.  If you use a wireless network, make sure your settings are the highest or newest released, as of the moment that will be WPA2. I changed my own settings so it is relatively easy.  I have had great luck with AVG from a protection standpoint.  This does not bog down my system so I have to push molasses up hill.  The processing speed is barely impacted.

Truecrypt is a hard drive encryption program that is free for home and small businesses.  The company price is very inexpensive!  It has 256-bit encryption and most banks use 128-bit so should be good protection.  This is pretty simple although, I would recommend using the IT specialist I mentioned.  Now, you will have to consider whether to encrypt the entire drive or part of the drive, it will impact processing speed.  If you have an extensive number of employees I would recommend the entire drive because you cannot ensure they will save documents with PHI in the encrypted drive.  You will also need a 20+ digit password for each computer that can be remembered.

The browser FireFox has 256-bit encryption while Internet Explorer has 128-bit encryption.  Firefox is a little different but not terribly noticeable and now it is all I use.  Firefox is also a free browser.

Myfax is an “internet” fax that will send you notifications via email.  There faxes are PGP encrypted; however, what I learned was you need to receive a email notification, login to your account, and download the file direct to your computer.  If it comes as an attachment to your email then the PGP encryption is void.  The cost is about $10/month for home or small business, but the corporate account is not expensive.

Cutepdf Professional costs about $50.00 you can print documents to pdf (this is in the free version) but if you need to send that document to your consultant or CPA the professional version allows for password protection as well.  You would not put the password in the same package as the CD or in the same email.  It will allow you to open a PDF and make a text box for notes that will print out.  So you do not have to recreate the information then add notes in another tool.  This may be more depending on the number of licenses you need.

When printing and saving reports from your billing system, you can export to excel or similar file, leave the patient account number or patient name only but take out address, and other identifying information that will identify 1 specific person.  These will be HIPAA compliant if all Patient specific information is removed.

Ensure staff understands they cannot place PHI or patient financial information in an email.  Having an email encryption program may not be the solution right now because if you use for example PGP email encryption the receiver of the email must have the same email encryption program and the key code (password if you will).  This may be problematic for awhile.  So this is why I want to give you some other options.  One such one is Hushmail which is a 1028bit online e-mail service, where your e-mail never leaves their servers, and so remains encrypted end to end.  But both sender and receiver have to have accounts (though they do have a free option, you must use it regularly though).

I understand processes, but the inner working of IT I utilize experts.  I am not affiliated with nor promote any specific product, these are only suggestions.  I hope you will subscribe to my blog as well as provide comments.  I use this to broadcase updates and tips to help you run your business.  If you need help with your IT network solutions, here is a  contact that works on my office equipment and they can work with clients nationally.  A big thank you to Glenn for helping me with the correct lingo!

Glenn Kimball         GWK Technologies           

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Social Media Security and Privacy

Social Media sites are becoming a way of communicating with the world.  Remember, no matter what social media site you are using whether it is an instant message, website profile, social network or skype or similar sites, your communication can be viewed or intercepted.  If you have any of these social media profiles, do not publish your address, DOB, or any other information that could be used to steal your identity, break into your home, stalk you or your children.  Use the incorporation date of your business or a combination of information and chose not to publish your address and DOB.  Ensure you obtain your free annual credit report to review for accuracy.  There are also programs that will monitor your credit activity for potential theft.

Publishing any personal information can lead to not only credit or financial fraud but health care fraud also.  Protect your information.

Remember, this method to communicate with patients is not with HIPAA, HITECH and Red Flag rules if you are exchanging any credit, financial or other personally identifiable information whether health or otherwise.

As a note, you can find us on all Social Media sites: Facebook, Myspace, Linkedin, Plaxo, Twitter.  We do submit blogs through these sites and occasional other notes so you can stay updated through status notifications.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

What’s New with HITECH HIPAA Rules?

Are you wandering what in the heck is HITECH and how this impacts your business?  Let’s do a very simple review of the increased accountability and higher penalties.  All existing HIPAA requirements are unchanged; however, if you have not effectively implemented HIPAA policies, training, compliance auditing, and security within your office it is crucial to get busy.  The penalties are as substantial as with penalties associated with billing non-compliance.

With the new HITECH requirements:

1. The privacy and security requirements and penalties extend to the business associates,
2. Establish a mandatory reporting requirement for any breach by covered entities and business associates of unencrypted data,
3. Creates new privacy requirements for covered entities and the business associates which include accounting requirements for the electronic health records, restrictions on marketing and fundraising activities, and others,
4. Creates new criminal and civil penalties for non-compliance which are substantially more than in the past,
5. Establishes a federal audit protocol to ensure compliance, it is no longer complaint driven audits.

This means you need to cover your back-side through a proactive HIPAA security & privacy audit.  It will be much cheaper to pay a little up front for protection than be hit with the outrageous penalties plus face criminal and/or civil action.  I have included a short check list for the basics:

1. Do you have Privacy Notice of Uses and obtain a Signed Acknowledgement for them?
2. Do you obtain a Authorization to Release information to spouses or any other party prior to sharing information?
3. Does each employee have a unique username and password to the EMR or billing system?
4. If you have a patient portal, how often do you require them to change their username and password?
5. Are patient files stored in a locked file cabinet or locked room at the end of the day?
6. Do you obtain business associate agreements for vendors that work with your company?
7. Do you have annual HIPAA training?
8. Do you have an annual security audit for all systems access and back-end IT fields?
9. Do you have annual privacy compliance audits, which is more patient “chart” related?
10. Are all your programs and network encrypted with the latest or highest encryption possible?

This is a short list of areas for HIPAA Compliance but is not all inclusive.  If you have answered no to any of the above questions, it is very important that you improve those areas to prevent costly penalties.   The penalties associated with unauthorized disclosures or breaches of information can be as severe as penalties associated with false/erroneous billing.  We can help you get in compliance.  You may be doing some of these things but don’t have the policies to back it up.  It is important as with any compliance program to have written policies and procedures, implement the program, have on going training, periodic audits to test policies, and options for reporting potential violations or concerns.  All of these actions will show best efforts and mitigate exposure becoming criminal and/or penalties that may be associated with any breach.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back end collections. You can visit our website at Medical Auditing Solutions LLC.