HIPAA’s Security Rule requires covered entities to designate one person to be responsible for the development and implementation of policies and procedures that safeguard electronic protected health information. Nearly all organizations implemented measures to manage privacy in oral, written, and electronic media. However, as healthcare organizations and their business associates, inspired by the HITECH Act (stimulus package) respond to forthcoming financial incentives to adopt electronic health record (EHR) software, the need to beef up your security measures. So what should you look for in your Security Official? For starters, you need someone who understands clinical and billing workflows, recognizes that in the past some clinicians have communicated with patients via…
Author: Carolyn Hartley
Are You Subject to HIPAA Privacy Rules when Publishing Confidential Health Information on a Social Network?
It’s unlikely the social networking sites are health care providers, so HIPAA’s privacy rule doesn’t apply; but other privacy business practices are likely to affect you. First, tackle the HIPAA Privacy question by responding to the following questions. » Are you a healthcare provider that conducts transactions electronically? » Are you a healthcare clearinghouse? (Do you process healthcare claims?) » Are you a health plan? (insurance payer) If you answered no to these questions, you are not a covered entity under HIPAA’s Privacy Rule. That said, you probably are more concerned about users sharing health information online that if stolen, could be used in identity theft. Consumers (patients) often use…
What Does the HITECH Act Mean to You?
Even though the US Senate is likely to pass the stimulus package in the next day or two, the House and Senate still have to come to an agreement on their funding differences. The HITECH Act is still holding its own with some possible additions to the $20 billion agreed upon by the House. Key words used by both House and Senate are “meaningful use” and “shovel ready”. In other words, everything is set in place ready to go, but just needs money to get it off the ground. You’ve made a decision on your health IT system, you’ve completed your readiness assessments, and you’ve built a strategy to move…
What Should I Know About Interfaces?
A key quality of care benefit of an EHR is its ability to create, send out and track the provider’s orders and then electronically review and route the results of those orders into the patient’s record. Due to many national efforts, HL7 standard language is used to create these interfaces. When the interfaces communicate back and forth with your EMR, results can be provided to the clinician for review prior to posting into the patient record. Some specialties receive as much as 70 percent of health care information from outside sources, including information from hospitals, labs, diagnostic imaging centers, payers, referring physicians, patients and pharmacies. The most common interfaces to…
How Should We Run Background Checks on Our Staff?
Clearance and Background Checks is an addressable standard under HIPAA’s Security Rule, which means that your organization may authorize a background check for any new employee or existing workforce member who engages in activities that cause the Security Official to question clearances. As part of your compliance activities, you already determined the risks your workforce presents to your practice, and you assigned one person to own/manage this risk As part of your clearance procedures, determine which of the following you will do: » Require a written application for employment. » Require written proof of citizenship or resident alien status. » Confirm prior employment history. » Request professional/personal references and contact…
What EMR System is Best for My Practice?
Your most important question in purchasing an EMR is to ask the vendor how many specialties your size and using your practice management system have purchased this software. EMR vendors know who would be a good customer. Some vendors, for example, are better suited for a practice of 25 to 75 physicians. Others specialize in the 3 to 8 physician groups, while others provide a solution for just one specialty. You can quickly learn whether the vendor is a good fit for you by asking them to respond to a one-page Request for Information (RFI). Send the RFI to your top five vendors and ask them to respond within 30…
Should Our Practice Hire an IT Person to Assist With our HIT Transition?
Vendors will provide you with a list of implementation activities for which you are responsible to complete on time. During the next 24 months as more physicians participate in reimbursement incentives, it will be critical for you to stay on schedule, or even ahead of schedule and keep your go-live date in the queue. The rule of thumb is based on the principle of threes. If there are three or fewer physicians in your practice, you should hire a part time consultant to coach an internal person through the implementation process. After your implementation, the consultant can hand off the day-to-day IT management to an internal person who also should…