Practice Management Alert
Keep Out of the Headlines by Protecting PHI
Question: In past issues of Practice Management Alert, I’ve read several articles on avoiding Health Insurance Portability and Accountability Act (HIPAA) violations due to protected health information (PHI) leaks. What are some of the real-world implications of not keeping PHI covered?
Pennsylvania Subscriber
Answer: There are frequent issues with HIPAA violations negatively affecting medical practices’ reputations and bottom lines. Often, these violations don’t make the news. This recent story about a major HIPAA breach, however, could serve as an object lesson on how important PHI security is for every medical practice.
The rundown: On March 17, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Feinstein Institute for Medical Research agreed to pay $3.9 million to settle potential HIPAA violations and will undertake a substantial corrective action plan (CAP) to bring its operations into compliance.
Feinstein is a biomedical research institute and not-for-profit corporation, sponsored by Northwell Health, Inc. located in Manhasset, N.Y.
In September 2012, Feinstein filed a breach report alerting that an unencrypted laptop computer containing the electronic PHI (ePHI) of 13,000 patients and research participants was stolen from an employee’s car. The ePHI included the research participants’ names, birth dates, addresses, Social Security numbers, diagnoses, laboratory results, medications, and other medical information.
Following the breach notification, OCR launched an investigation that revealed that Feinstein’s security management process was limited, incomplete and insufficient to address potential vulnerabilities to ePHI.
According to OCR, Feinstein also:
Best bet: Check your policies and procedures to ensure your practice doesn’t make a splash in the headlines, and be sure your safeguards to restrict access to authorized users only are solid.
Practice Management Alert
- Patient Relations:
Use Conversations, Online Tools to Gauge Patient Satisfaction
Get the most out of patient input by offering feedback options via several methods. Every medical [...] - Scheduling:
Keep Schedule Full With Cancellation Plan
Even a couple of unfilled appointment slots could cost thousands. When a patient calls and [...] - Training:
Get Staff on Board Before Floating Cancellation Solutions
Without everyone in the practice on board, your protocols might not work. There are several [...] - Clip & Save:
Follow These Markers to Ferret Out Chronic Migraine Diagnosis
Remember, ‘chronic’ is in the eye of the payer. Many medical practices, especially those involved [...] - You Be the Expert:
Look for Additional E/M on Unscheduled Procedure Encounters
Question: I am doing some light coding under the supervision of a senior coder. I was [...] - Reader Question:
Start Your ICD-10 Training with Root Work
Question: In addition to my duties as practice manager at our mid-sized medical practice, I am [...] - Reader Question:
Keep Out of the Headlines by Protecting PHI
Question: In past issues of Practice Management Alert, I’ve read several articles on avoiding Health Insurance [...] - Reader Question:
Sidestep 'Unprocessable' Denials With These Tips
Question: Due to staff reduction, I have been recruited into doing some coding. I’ve been able [...]
