Archive | Cool Tools RSS feed for this section

Use Role-Based Access Control to Limit PHI Leaks

21. April 2010

0 Comments

Stop unauthorized PHI disclosures before they start with ‘RBAC.’ If you don’t limit the amount of confidential data your staff can access, how can you ensure that unauthorized disclosures of medical information don’t occur, in violation of HIPAA? One way is to implement a Role-Based Access Control (RBAC) model to determine who has access to your organization’s medical data files. We’ll show you how to get started.

Continue reading...

Physiology in a Chip: FCC Proposes Wireless Body-Sensor System

14. April 2010

0 Comments

Wiis and Nintendos could serve medical patients a different purpose in the future. Physicians and other medical personnel may soon be using wireless device systems to monitor a patient’s health away from the confines of a health care facility, Computerworld reports. If the national broadband plan of the Federal Communications Commission gets the feds’ nod, the medical world could very well see the dawning of a new era in health care IT. The proposal states that FCC would allocate radio spectrum for new medical body area networks (MBANs), which would serve as a gateway for wireless body-sensor networks to monitor physiological information (e.g., temperature, pulse, blood glucose level, blood pressure, and respiratory health), collect the data, and transmit a report to a remote location. “While the FCC plan calls for first using the MBAN spectrum only in hospitals, medical instrument vendors say…

Continue reading...

Avoid Identity Theft and A/R Pileups: Create Your List of Red Flags Today

18. February 2010

0 Comments

As part of your facility’s or practice’s compliance with the FTC’s Red Flag Rules, which go into effect in June 2010, you need to develop a list of “red flags” that represent risk factors for identity theft in health care. To do this, use a risk assessment process, review prior experiences, and investigate the Federal Register, said Duane Abbey, whose recent audio conference, “Achieve Red Flag Compliance,” gave medical professionals a toehold on this new federal compliance requirement. First, Abbey recommended, assess these typical risk factors for identity theft of health care, including: the types of accounts your patients have established with you; how insurance coverage can verify the patient’s identity; and the steps you take when you open an account for a patient. Review any past experiences, over the last 5 to 10 years, your facility or practice might have had with identity theft…

Continue reading...

An HIT Pro’s Guide to the CMS Web Site’s Greatest Hits

10. February 2010

0 Comments

Yeah, yeah, yeah. You’re a HIT Rock Star like all the rest of the folks who read this blog, but here’s the real question: Can you find your way around the Centers for Medicare and Medicaid Services Web site? If the mere thought of getting around the CMS web site makes you feel like a one-HIT wonder, take heart. CMS has come up with this handy sheet that highlights its top web destinations. And for your convenience, we’ve listed the CMS links here that HIT & EMR types will be looking for. CMS Acronym Finder: Talk Medicare lingo like the hepcat you are. E-prescribing: Who’s cool enough to be an ‘EP?’ Find out here. Electronic Billing & EDI Transactions. CMS Glossary: Take a magical mystery tour through Medicare mumbo jumbo — & finally understand what they’re talking about. HIPAA. Need I say more?…

Continue reading...

Should You Handle Medical Privacy for Psychiatric Care Differently?

2. February 2010

0 Comments

Question: Our facility is going to offer psychiatric services to certain residents with mental health issues or psychiatric diagnoses.These services will be provided by outside psychiatrists and psychiatric nurse practitioners, and will include individual counseling and group therapy. Do we need to have more HIPAA privacy safeguards related specifically to the psychiatric services? If so, what might they be? Answer: As a first step, decide in consultation with the psychiatric professionals involved what records the facility will maintain, and what records only the psychiatric professional will maintain, advises Heather O. Berchem, an attorney with Murtha Cullina LLP, in New Haven, Conn. The distinction is important because the facility is responsible under HIPAA only for those records maintained by the facility. And the psychiatric professionals will be responsible for complying with HIPAA regarding records they maintain, she says. Important …

Continue reading...

If a PHI Breach Fits One of These Exceptions, You May Be Home Free

27. January 2010

0 Comments

Include this information as part of your risk analysis. Knowing what doesn’t count as a breach under new HIPAA notification rules can help you weigh whether to report a disclosure of unsecured protected health information. The rules include four exceptions, as follows: Exception No. 1. An unintended acquisition, access or use of PHI by a person with authority to handle PHI who is acting in good faith. Also, “there’s no further acquisition, access or use of the PHI,” says attorney Kathryn Solley, with Atlanta law firm Seyfarth Shaw LLP.

Continue reading...

Remote Workers? Protect PHI With This Sample Document

13. January 2010

1 Comment

Don’t have a policy for employees who work with PHI? We’ve got what you need to write one quickly. Your practice has tough decisions to make when allowing employees to handle patients’ private health information (PHI) while working from offsite locations. You may require encryption, you may prohibit them from working on their personal laptops when dealing with PHI, or you may even only allow remote work when it’s done for emergency reasons. But no matter what, you need to communicate your privacy expectations to your employees. Consider this sample document as a guide, contributed by Glenn Allen, information security director with Fairview Health Services in Minneapolis, Minn:

Continue reading...

HIT Cool Tool: Help Staffers Combat PHI Security Breaches

2. December 2009

0 Comments

Train your health care staff with this checklist of 10 security incident warning signs. Would you bank on your staff’s ability to spot a security violation? Don’t gamble with your compliance program — use this list to help your staff see through security scams. You Could Be Experiencing A Security Incident If: • your application’s response time slows down significantly. • your passwords stop working. • a messages pops up asking for your personal information. • someone tries to coerce you into giving over your login information.

Continue reading...

Quick Study: Health Reform Legislation Word Cloud

9. November 2009

1 Comment

Want a quick way to skim the Health Care Reform Bill in Congress? Here’s help. HR 3962: Affordable Health Care for America Act is 1,990 pages long, says attorney Bob Coffield a recent Health Care Law Blog post. To help you grasp the major themes quickly, Coffield has made a word cloud that captures words the bill mentions most frequently. Let’s hear it for a lawyer who actually likes to make things simple for the rest of us. Of interest to HIT types: The bill mentions the word ‘privacy’ 28 times, Coffield points out. ‘Insurance’ is mentioned 552 times, and ‘consumer’ crops up 36 times. Guess we know who has the most lobbyists. Access of larger version of Coffield’s word cloud here. Recent audio conference available on CD: Healthcare Reform — An Insider Discussion for Healthcare Professionals.

Continue reading...

Medical Records Compliance: Train Your Staff to Handle Red Flags Rule

27. October 2009

0 Comments

Health care attorney shares 5 simple questions that test your staffers’ Red Flags Rules savvy. Around midnight this Saturday, things get interesting. The ghosts and goblins will be out, and the Red Flags Rule will finally come lurching in around midnight, like a slow-moving, regulatory Frankenstein. But like the misunderstood movie monster, the Federal Trade Commission’s Red Flags Rule doesn’t have to be scary — as long as you and your staff understand it, it should be able to play nice. And while “complying with this rule is not going to be burdensome,” you do need to make sure your health care staff are on the lookout for foul play, stresses Robert Markettewith Gilliland & Markettein Indianapolis. Some of Markette’s advice is tailored to home health staffers, but most of it’s relevant to other health…

Continue reading...