Archive | HIT Help Desk RSS feed for this section

HIPAA Compliance: Practical Breach Notification Tips

27. January 2010

0 Comments

If a breach involves 500+ people, here’s what your health care organization will suffer. Picture this: A nurse hands a patient someone else’s discharge papers but promptly discovers the error and retrieves the protected health information. Would your health care organization have to report that as a breach of unsecured PHI under HIPAA notification rules? The answer: It depends. The scenario wouldn’t constitute a breach — “if the nurse can reasonably conclude that the patient couldn’t have read or otherwise retained the information,” according to the Health & Human Services’ (HHS) interim final rule implementing the new requirements. But suppose the patient turned the corner and was out of sight momentarily and the discharge orders included “a sensitive diagnosis such as HIV, and the facility was in a small community”— or the nurse had reviewed the discharge  orders with the patient, says Chicago attorney Michael Roach. Those scenarios could trigger the notification requirements, he…

Continue reading...

Follow These 3 Tips to Protect PHI

19. January 2010

0 Comments

Hint: Paper files can be breached just as easily as electronic files. You may be sure that you’ve dotted all of your i’s and crossed all of your t’s, but if you miss even a small piece of the privacy puzzle, you can compromise your entire system. Take a look at these three reminders to ensure that you’re starting 2010 with your privacy program on the right foot: 1. Don’t Let Paper Get Lost in the Shuffle. You may think of patient privacy exclusively in terms of protecting electronic patient data, but paper files are just as likely to be compromised. “With the advent of the HITECH changes, breaches occurring with paper records will be treated the same way as electronic data,” says Gregory Michaels, manager of security and compliance solutions at BluePrint Healthcare IT in Cranbury, N.J.

Continue reading...

Hospitals Find New HIT Issues in OIG’s 2010 Work Plan

13. January 2010

0 Comments

Watch out. If your hospital breaches 1,000 records, you face a whopping $282,000 fine. Hospitals that read the HHS OIG’s 2010 Work Plan carefully will find an important clue about how to handle health information technology in the future. And it’s buried in a very real and present threat, so read on to find out how to not only avoid penalties from CMS in the present but also prepare for ARRA’s “meaningful use” requirement, which CMS announced on Dec. 30 will be tied to quality data. Reporting quality data and portable device compliance under HIPAA are two hot areas for hospitals in 2010, according to Jim Sheldon-Dean, director of compliance services at Lewis Creek Systems, who gave a recent audio presentation titled “OIG 2010 Work Plan for Hospitals.” And that makes sense, given CMS’s yoking of…

Continue reading...

Got Remote Employees? Get These PHI Safeguards

6. January 2010

0 Comments

Health system puts over a million records at risk. If you’ve been putting privacy compliance on the back burner, it’s time to bring it up front again. Investigators are paying attention, and you should, too. Last year, for example, officials of a health system in Connecticut announced that an unencrypted hard drive with about 1.5 million patients’ information on it was stolen, potentially subjecting that protected health information (PHI) to abuse. Stories like this are certainly eyecatching — and add to that the new focus in privacy with the introduction of the HITECH act — and you can be sure that patient privacy is gearing up to take center stage. And with employees taking work home and bringing laptops or cell phones with them to the office, you should be sure that your office’s security is tight. Next: Practical encryption tips …

Continue reading...

Put All Your Hospital’s Data Security Policies in One Place

16. December 2009

0 Comments

Make sure your security compliance program has these 4 policies. Once your hospital has created an information security management process, you are ready to create the rest of the policies and procedures that will help you comply with HIPAA security regulations. Jim Sheldon-Dean, director of compliance services with Lewis Creek Systems LLC, told participants in a recent audio conference that your hospital’s policies and procedures must reflect what your real operations are.

Continue reading...

Physician Practices Follow 3 Simple Steps To Enter the E-Prescribing Era

9. December 2009

0 Comments

Find out what percentage bonus you’ll receive from Medicare. Can your physician afford not to adopt e-prescribing? If your practice still hasn’t applied electronic prescription processes, then you could be missing out on a two percent Medicare bonus — as well as preventing prescription errors and lowering consumer costs.Follow these three simple steps to ensure an easy transition. Background: Payers and health plans have pushed for new incentives for electronic prescription this year. For instance, beginning January 2009, Medicare has paid doctors a bonus if they swapped their prescription pads over to e-prescribing. Several private health plans also have offered extra payments along with free equipment (i.e., digital handheld devices).

Continue reading...

Your Hospital’s Quick Start Guide to Information Security Management

9. December 2009

0 Comments

Do you have a security compliance plan? Take these 5 steps first. Hospitals are understandably spending much time and money these days trying to prepare or go live with an electronic medical records system, but don’t forget that interconnected health records bring a new threat to data security. If you don’t want your facility in tomorrow’s headlines, make sure you have an information security process in place that will guide you if and when you experience data breaches. “In the future, with interconnected health records, when you can go into hospital and they can call up your records from across country, what if a chunk of it is fraudulent?” asked Jim Sheldon-Dean, director of compliance services with Lewis Creek Systems LLC, in a recent audio conference. “The importance of getting this right cannot be overstated.” The possible repercussions of…

Continue reading...

Piecemeal Approach Might Avoid Stark Problems with EMR Incentives

8. December 2009

0 Comments

If you’re a physician practice and you’re ready to line up for American Recovery and Reinvestment Act of 2009 money to help you adopt a system for electronic medical records (EMR), don’t forget Stark and the fraud and abuse laws when you set up your agreements with hospitals and vendors. In a recent webinar, “EMR: Meeting Stark, F&A and ARRA Mandates,” Wayne Miller, a lawyer with the Compliance Law Group in Los Angeles, said that financing continues to be a roadblock to implementation of EMR systems. At this point, only 10% of hospitals and 20% of physicians offices have adopted them, according to Miller. “Even with stimulus money, adoption of EMR is very low,” he pointed out. “It is not exploding as people expected.” Because of the economy, there are fewer opportunities for providers to get the money they need to set…

Continue reading...

HIT Staffing: Do We Need IT Experts or Health Care Experts?

18. November 2009

0 Comments

Or do we need both? Training & teamwork strategies that bridge the divide. Refugees from the technology and financial busts are flooding into health care to get their share of stimulus billions, but health care providers won’t get their money’s worth unless they build collaborative teams who really understand what the ‘H’ means in HIT. If you read IT industry news, you come away with the impression that IT professionals with no health care setting experience have all they need to ‘fix’ HIT. A recent ‘Career Tips’ article for IT professionals who want to get into health care is an example. Between 50,000 and 100,000 new HIT jobs will sprout up by 2015, says Information Week, an IT industry trade publication that’s been around for years. “If you’re considering a career path into health IT — but have limited have previous experience working in clinical environments,…

Continue reading...

STRATEGIES: Bridge the IT-Clinician Gap with 3 Field-Tested Tactics

4. November 2009

0 Comments

Don’t forget this crucial step AFTER implementation. You can spend stimulus cash on a shiny new information technology system but it’ll be money down the drain if you don’t bring your staff on board. Glide over implementation speed bumps by engaging staff in the process and head off resistance to change. Avoid this: Across all sectors, 40 percent of IT projects fail or are abandoned, related Linda Reed, RN, MBA, VP/CIO of Atlantic Health in Morris Plains, N.J., at the April Healthcare Information and Management Systems Society (HIMSS) conference in Chicago. Often, failure stems from an inadequate project management process or improper alignment with the organization’s culture. Beat the statistics with these threestrategies for bringing IT, vendors, and staff closer together. 1. Gauge Staff’s Readiness Assessing staff’s readiness to transition to a new technology is really a “code word” for gauging resistance, said Reed.

Continue reading...