Health Information Compliance Alert

Quality First:

Don't Skimp on Your Health IT

Published on Thu Feb 16, 2017

PDF

Ask these seven questions of your vendor upfront before buying into a plan.

If your practice-compliance arrangement was put together after a cursory reading of the HIPAA rules on the HHS website, then you may want to rethink your system. Oftentimes, the OCR advice after a breach suggests that if a plan was in place beforehand, a fine could have been avoided.

Remember: A superficial understanding of health IT and HIPAA isn’t going to protect you or your practice should you experience violation. “A robust compliance plan must include relevant, mandatory policies and procedures, as well as an evolving and up-to-date risk analysis in order to maintain compliance,” explains John E. Morrone, Esq, a partner at Frier Levitt Attorneys at Law in Pine Brook, NJ.

Qualified personnel only. CMS keeps upping the bar on CEHRT with the hope the new advancements will improve healthcare, but if you’re not in the know, the new ideologies can impede the care you give, your office workflow, and your bottom line.

“As technology advances and more and more healthcare data pours into the system, it becomes even more critical that covered entities and business associates have experienced and qualified technology providers supporting their compliance efforts,” warnsMorrone. “The emergence of technologies such as telehealth and wearables create additional challenges for IT professionals. Moreover, the ever increasing use of ‘patient portals’ that allow patients direct access to their medical records create additional entry points for unauthorized access to protected health information.”

If you are in the market for a new vendor, consider asking these questions to ensure your partnership is HIPAA-compliant:

What administrative, physical, and technical safeguards do you have in place to protect ePHI?
What is your HIPAA-compliance record?
Are you willing to enter into a Business Associate Agreement?
What tools and services do you offer? (24/7 customer service, audit assistance, authentication advice, education, and more)
What kind of training and vetting do your employees undergo?
What are your policies, procedures, and protocols for everyday HIPAA compliance but also in case of a breach?
What is the overall cost?

Consider this: One size does not fit all in the case of technical support. Look for a vendor that meets the demands of your practice and your wallet.

Health Information Compliance Alert

Case Study:
Secure Your Devices or Risk Hefty Penalties
Lost phone? It better be encrypted, OCR case suggests. Just because a laptop is password-protected [...]

Quality First:
Don't Skimp on Your Health IT
Ask these seven questions of your vendor upfront before buying into a plan. If your [...]

Data Security:
Lack of Cybersecurity Skills Often Leads to Digital Mayhem
When your EHR system is under siege, the losses are more than just financial. Hackers [...]

Clip And Save:
Is Your Office HIPAA Plan Up-To-Date?
Consider these tips as you reevaluate your compliance priorities. If the flip phone was the [...]

Be Part of the Cyber Dialogue with This Handy Cheat Sheet
Master these terms to understand the basics of cybersecurity. If your knowledge of a virus [...]

3, 2, 1 — Activate! Do You Know How to Spot A Cyber Hack?
Sorry, you’ve got malware. Do you ever feel just off? That’s how a computer feels [...]

Enforcement News:
How Do You Feel About Your Cyber Health? NIST Wants to Know
Whether you are feeling stellar about your office IT health or you’ve just reported a [...]

View All