Health Information Compliance Alert
Establish Upfront Medical Device Management Responsibility
PDF
Question: Our practice is exploring providing remote patient monitoring (RPM) devices, such as continuous glucose monitors (CGMs), to our patients, so physicians can easily track the patients’ levels between visits. Who is responsible for the security of the devices? AAPC Forum Participant Answer: Ultimately, the healthcare provider has final responsibility for their environment. Whether you’re implementing RPM devices, offering telehealth services, or allowing employees to use a VPN to work remotely, the healthcare provider needs to take the necessary steps to ensure the security of any devices connecting to their network. The provider’s goal is to ensure all compliance standards are met, address all legal and regulatory issues, and thoroughly document all technological and data security policies and procedures. Your organization should make sure a robust data governance paradigm exists in the information security protocols for telehealth and RPM devices. NIST and ISO standards are great for establishing policies and procedures, but they aren’t mandated in the healthcare space. As a result, telehealth and RPM devices can be compromised, if not properly secured. Your organization needs to be prepared if those devices are compromised. “The most important policy that every organization requires is a data breach policy. That is when to notify the appropriate authority when a data breach has occurred,” says Eddie Hearns, MA, CPMA, CPC, Approved Instructor, of OLDME CPC LLC.
Health Information Compliance Alert
- Case Study:
Know the Rules on the Secure Disposal of PHI
Hint: Ignoring the HIPAA requirements can land you in hot water. Protecting your patients’ personal [...] - HIPAA Compliance:
Add This Expert Advice to Your PHI Disposal Wheelhouse
Tip: Train staff accordingly. You can cut down on protected health information (PHI) disposal faux [...] - Cybersecurity:
Alert Leadership to the Risks of Cyberattack
Communication is key to circumventing IT issues. Whether you’re the chief information security officer (CISO) [...] - Report Highlights Healthcare’s Popularity With Hackers
Statistics show that health data breaches continue to skyrocket. If you aren’t prioritizing data security [...] - Ransomware:
Thwart Zeppelin Ransomware Risks With Knowledge and Management
Hint: Feds offer a plethora of tools and tips to combat cyberattacks. During the pandemic, [...] - Reader Questions:
Establish Upfront Medical Device Management Responsibility
Question: Our practice is exploring providing remote patient monitoring (RPM) devices, such as continuous glucose [...] - Industry Notes:
New GAO Report Gives Update on National Cybersecurity Office
With data breach woes in the news, you may be wondering what the feds are [...] - Industry Notes:
OIG Homes In on Cybersecurity at Organ Procurement and Transplantation Network
As one of the nation’s top enforcement agencies, the HHS Office of Inspector General (OIG) [...] - Industry Notes:
Figure Out If You’re a CE With Handy Tool
If you’re not sure whether you’re a covered entity (CE) and privy to the HIPAA [...] - Industry Notes:
CMS Offers PI Help With Updated FAQs
With federal policies constantly evolving, your organization may be looking for answers and updates about [...]