Practice Management Alert

Clip and Save:

Ensure HIPAA Compliance with 7 EHR Development Questions

Published on Thu May 28, 2015

Don’t stop with security checks.

With more and more practices moving to electronic health records (EHR), the opportunities for HIPAA violations increase. Don’t let your practice become one of the HIPAA violation case studies. Posing the right questions to the developers setting up your EHR system it crucial to protect your practice.

Ask your EHR vendor or health IT developer the following questions, according to the HHS Office of the National Coordinator for Health Information Technology’s (ONC) newly updated “Guide to Privacy and Security of Electronic Health Information” (go to www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf).

1. When my health IT developer installs its software for my practice, does its implementation process address the security features listed below for my practice environment?

ePHI encryption

Auditing functions

Backup and recovery routines

Unique user IDs and strong passwords

Role- or user-based access controls

Auto time-out

Emergency access

Amendments and accounting of disclosures

2. Will the health IT developer train my staff on the above features so my team can update and configure these features as needed?

3. How much of my health IT developer’s training covers privacy and security awareness, requirements and functions?

4. How does my backup and recovery system work?

Where is the documentation?

Where are the backups stored?

How often do I test this recovery system?

5. When my staff is trying to communicate with the health IT developer’s staff, how will each party authenticate its identity? For example, how will my staff know that an individual who contacts them is the health IT developer representative and not a hacker trying to pose as such?

6. How much remote access will the health IT developer have to my system to provide support and other services? How will this remote access be secured?

7. If I want to securely email with my patients, will this system enable me to do that as required by the HIPAA Security Rule?

Resource: For a full interview template for questioning health IT developers, go to www.healthit.gov/sites/default/files/privacy-security/Questions-for-EHR-Developers-2015-04.pdf.

Practice Management Alert

Coding News You Can Use:
Stop Searching for X Modifier Clarification From CMS - For Now
CMS reps say you can stick with modifier 59 for the time being. When new [...]

Compliance:
Bust 10 Compliance Myths to Keep Your Practice On the Up and Up
Don’t fall victim to these misconceptions that could cost your practice. As a practice manager, [...]

Clip and Save:
Ensure HIPAA Compliance with 7 EHR Development Questions
Don’t stop with security checks. With more and more practices moving to electronic health records [...]

Reader Questions:
Stick to Most Definitive ICD-10 Code
Question: Though there are many crosswalks between ICD-9 to ICD-10, there are many codes that do [...]

Reader Questions:
Step Up Your Multi-tasking Ability
Question: As a practice manager I have a lot of different tasks to juggle in a [...]

Reader Questions:
Consider Patient Satisfaction in New vs. Established
Question: If one of our family physicians referred a patient to one of our nurse practitioners [...]

Reader Questions:
Stay Secure with Both 'Patches' and 'Updates'
Question: Are “patches” and “updates” to computer software and security programs the same thing? If not, [...]

What Would You Do? Modifiers vs. ICD-10 Specificity
Question: I have heard the ICD-10 codes are expanded and more specific than ICD-9 codes. One [...]

View All