Archive | Cool Tools RSS feed for this section
Avoid Identity Theft and A/R Pileups: Create Your List of Red Flags Today
As part of your facility’s or practice’s compliance with the FTC’s Red Flag Rules, which go into effect in June 2010, you need to develop a list of “red flags” that represent risk factors for identity theft in health care. To do this, use a risk assessment process, review prior experiences, and investigate the Federal Register, said Duane Abbey, whose recent audio conference, “Achieve Red Flag Compliance,” gave medical professionals a toehold on this new federal compliance requirement. First, Abbey recommended, assess these typical risk factors for identity theft of health care, including: the types of accounts your patients have established with you; how insurance coverage can verify the patient’s identity; and the steps you take when you open an account for a patient. Review any past experiences, over the last 5 to 10 years, your facility or practice might have had…
Continue reading...An HIT Pro’s Guide to the CMS Web Site’s Greatest Hits
10. February 2010
Yeah, yeah, yeah. You’re a HIT Rock Star like all the rest of the folks who read this blog, but here’s the real question: Can you find your way around the Centers for Medicare and Medicaid Services Web site? If the mere thought of getting around the CMS web site makes you feel like a one-HIT wonder, take heart. CMS has come up with this handy sheet that highlights its top web destinations. And for your convenience, we’ve listed the CMS links here that HIT & EMR types will be looking for. CMS Acronym Finder: Talk Medicare lingo like the hepcat you are. E-prescribing: Who’s cool enough to be an ‘EP?’ Find out here. Electronic Billing & EDI Transactions. CMS Glossary: Take a magical mystery tour through Medicare mumbo jumbo — & finally understand what they’re talking about. HIPAA. Need I say more? It’s a…
Continue reading...Should You Handle Medical Privacy for Psychiatric Care Differently?
2. February 2010
Question: Our facility is going to offer psychiatric services to certain residents with mental health issues or psychiatric diagnoses.These services will be provided by outside psychiatrists and psychiatric nurse practitioners, and will include individual counseling and group therapy. Do we need to have more HIPAA privacy safeguards related specifically to the psychiatric services? If so, what might they be? Answer: As a first step, decide in consultation with the psychiatric professionals involved what records the facility will maintain, and what records only the psychiatric professional will maintain, advises Heather O. Berchem, an attorney with Murtha Cullina LLP, in New Haven, Conn. The distinction is important because the facility is responsible under HIPAA only for those records maintained by the facility. And the psychiatric professionals will be responsible for complying with HIPAA regarding records they maintain, she says. Important …
Continue reading...If a PHI Breach Fits One of These Exceptions, You May Be Home Free
27. January 2010
Include this information as part of your risk analysis. Knowing what doesn’t count as a breach under new HIPAA notification rules can help you weigh whether to report a disclosure of unsecured protected health information. The rules include four exceptions, as follows: Exception No. 1. An unintended acquisition, access or use of PHI by a person with authority to handle PHI who is acting in good faith. Also, “there’s no further acquisition, access or use of the PHI,” says attorney Kathryn Solley, with Atlanta law firm Seyfarth Shaw LLP.
Continue reading...Remote Workers? Protect PHI With This Sample Document
13. January 2010
Don’t have a policy for employees who work with PHI? We’ve got what you need to write one quickly. Your practice has tough decisions to make when allowing employees to handle patients’ private health information (PHI) while working from offsite locations. You may require encryption, you may prohibit them from working on their personal laptops when dealing with PHI, or you may even only allow remote work when it’s done for emergency reasons. But no matter what, you need to communicate your privacy expectations to your employees. Consider this sample document as a guide, contributed by Glenn Allen, information security director with Fairview Health Services in Minneapolis, Minn:
Continue reading...HIT Cool Tool: Help Staffers Combat PHI Security Breaches
2. December 2009
Train your health care staff with this checklist of 10 security incident warning signs. Would you bank on your staff’s ability to spot a security violation? Don’t gamble with your compliance program — use this list to help your staff see through security scams. You Could Be Experiencing A Security Incident If: • your application’s response time slows down significantly. • your passwords stop working. • a messages pops up asking for your personal information. • someone tries to coerce you into giving over your login information.
Continue reading...Quick Study: Health Reform Legislation Word Cloud
9. November 2009
Want a quick way to skim the Health Care Reform Bill in Congress? Here’s help. HR 3962: Affordable Health Care for America Act is 1,990 pages long, says attorney Bob Coffield a recent Health Care Law Blog post. To help you grasp the major themes quickly, Coffield has made a word cloud that captures words the bill mentions most frequently. Let’s hear it for a lawyer who actually likes to make things simple for the rest of us. Of interest to HIT types: The bill mentions the word ‘privacy’ 28 times, Coffield points out. ‘Insurance’ is mentioned 552 times, and ‘consumer’ crops up 36 times. Guess we know who has the most lobbyists. Access of larger version of Coffield’s word cloud here. Recent audio conference available on CD: Healthcare Reform — An Insider Discussion for Healthcare Professionals.
Continue reading...Medical Records Compliance: Train Your Staff to Handle Red Flags Rule
27. October 2009
Health care attorney shares 5 simple questions that test your staffers’ Red Flags Rules savvy. Around midnight this Saturday, things get interesting. The ghosts and goblins will be out, and the Red Flags Rule will finally come lurching in around midnight, like a slow-moving, regulatory Frankenstein. But like the misunderstood movie monster, the Federal Trade Commission’s Red Flags Rule doesn’t have to be scary — as long as you and your staff understand it, it should be able to play nice. And while “complying with this rule is not going to be burdensome,” you do need to make sure your health care staff are on the lookout for foul play, stresses Robert Markette with Gilliland & Markette in Indianapolis. Some of Markette’s advice is tailored to home health staffers, but most of it’s relevant to other health…
Continue reading...EHR Resource: Privacy Impact Assessment (PIA) Road Map
27. October 2009
Wondering exactly what a PIA is? We’ve got the short answer here, plus a link to a cool tool that will help you with your own PIA, pronto. A PIA is a risk mitigation tool that helps you prevent privacy problems before they occur, (unlike retrospective audits, which pinpoint past or existing breaches). PIAs evaluate whether a new HIT system or procedure complies with HIPAA. It helps ensure a good return on your EHR investment because it offers a systematic way to identify and remove any inherent risks. AUDIO TRAINING EVENT: Adopting Electronic Medical Records: Your Guide to Preparation, Pitfalls, and Performance, with Jim Sheldon-Dean. It’s vital to start a PIA as early as possible — ideally in the project initiation phase — to recognize any major issues embedded in a new system’s design before you implement it, stressed Erik Pupo, practice manager at Project Performance Corporation in McLean, Va., at…
Continue reading...HIPAA Staff Training Toolkit: EMR Snooping Can Land You in Court
5. July 2009
Comments Off
Anne Pressly. Photo Source: Wikipedia If you’re looking for some ‘don’t try this at home’ stories for your next privacy compliance staff training session, keep this little ‘lesson learned’ in your files. Snooping around a public figure’s medical records has been around since paper files. But these days, EMR systems make it much easier for health system administrators — and law enforcement officials — to nab folks who indulge in illicit snooping. Earlier this summer, prosecutors charged three health care workers at St. Vincent Infirmary Medical Center in Little Rock, Arkansas with improperly accessing the Anne Pressly’s medical records, the Associated Press reports. Anne Pressly was raped and murdered in October 2008 during a home invasion. The Little Rock news anchor’s death made national headlines, in part because she was a beautiful local celebrity who’d landed a bit…
Continue reading...- tower200: What concerns me most about the Government plan is...
- Jeffrey Zelmanow: To add to the answer, when considering identifiers...
- Jake @ social work jobs: Switching to a better networked system is a huge r...
- Mia: Just wondering whether there will be an interface ...
- Chuck Everett: I don't agree that the iPad will "jump-start" EMR ...
- Industry Group Announces Top 5 HIT Companies for 2010
- OCR May Expand Accounting of Disclosures under HIPAA
- EMR Use Might Distract Clinicians from Patient Interaction
- HHS Online Data Breach List Thrives
- Most Hospital CIOs Cite EMR as Top Priority
- HIT: Just in Time to Cure the Recession?
- HHS Pumps More Money into HIT Adoption Efforts
- Consumers Called to Contribute to ‘Meaningful Use’ Definition
- DEA Clears One Hurdle to “Meaningful Use” of EHR
- Study Shows File-Sharing Can Kill Your PHI Security Softly
18. February 2010
0 Comments