5 Ways to Minimize HIPAA Liabilities

July 12th, 2019 - BC Advantage
Categories:   Acupuncture|Alternative   Allergy|Immunology   Anesthesia|Pain Management   Behavioral Health|Psychiatry|Psychology   Billing   Cardiology|Vascular   Chiropractic   Dental   Dermatology|Plastic Surgery   Emergency Medicine   Endocrinology   ENT|Otolaryngology   Gastroenterology   Home Health|Hospice   Internal Medicine   Laboratory|Pathology   Interventional Radiology   Neurology|Neurosurgery   Obstetrics|Gynecology   Oncology|Hematology   Optometry   Oral and Maxillofacial Surgery   Orthopedics   Pediatrics   Physical Medicine|Physical Therapy   Podiatry   Primary Care|Family Care   Pulmonology   Radiology   Rheumatology   Skilled Nursing   Urology|Nephrology  

Last year was historic for HIPAA enforcement. The HHS Office of Civil Rights collected a record $23.5 million in settlements and judgments against providers guilty of HIPAA violations. To avoid becoming part of that unwanted statistic, it’s important to pay extra close attention to five key areas of HIPAA vulnerability.

Take Advantage of Refresher Training
The best way to protect against liabilities is to continually educate and train staff. A practice may feel confident that it understands HIPAA. But while close to 90 percent of doctors believe their practices are fully compliant, at least 75 percent of them still have rudimentary questions about HIPAA. That indicates that the vast majority of providers can benefit from a HIPAA compliance refresher course. Participants should include everyone from top administrators to community volunteers. Training everyone with access to PHI isn’t just a good idea; it’s the law.

Encrypt Data
Any lost, stolen, or hacked electronic device containing protected patient information can be an expensive liability. All electronic PHI should be securely encrypted. That includes data communicated via email, text messages, and smartphone messaging apps. Even though an app like the popular WhatsApp may boast that it offers encryption, it may still lack proper authentication controls. Before using any text messaging service to communicate patient information, make sure the practice has a signed HIPAA-compliant business associate agreement with the service provider.

Control Devices
Most healthcare employees understand that they should never share passwords or log-in information. But these credentials should never even be written down. Another way that HIPAA violations frequently occur is because a computer screen is left on where unauthorized persons can see it. Front office staff and nurses may step away from a computer to handle an emergency, leaving the screen temporarily visible or photographable. Physicians sometimes make the mistake of leaving a laptop open at home, where others – including family members or friends – can see patient information. Those are innocent mistakes, but are still liabilities.

Secure Online Portals and Safeguard Paper Records
Paper records continue to represent potential liability as long as they exist. They must be securely handled and archived until shredded. Practices that have not transitioned from paper documents such as invoices and monthly statements can avoid HIPAA liability – and the effort that paper documents require – by going digital. Electronic records are easier to manage, search, store, and protect. There are fully compliant platforms that can safeguard patient records while also giving patients easier 24/7 access. That reduces liability and front office calls from patients. Patients gain greater control over their care with more transparency. A patient portal can also enhance doctor/patient interaction and communication.

Beware Social Media
Most healthcare workers know not to post photos of patients online. But sometimes sharing photos that don’t include patients can still be a liability because confidential information is accidentally included. Criminals often blow up photos that include a work station or home office, for example, to focus in on relatively obscure and minor details. A piece of paper or file in the background may contain PHI. That’s why it’s good policy to be extra vigilant regarding tweets, Facebook posts, and pictures uploaded to sites like Instagram. When in doubt, don’t upload it, share it, or talk about it.

###

Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.


Latest articles:  (any category)

Reporting Modifiers 76 and 77 with Confidence
April 18th, 2023 - Aimee Wilcox
Modifiers are used to indicate that a procedure has been altered by a specific circumstance, so you can imagine how often modifiers are reported when billing medical services. There are modifiers that should only be applied to Evaluation and Management (E/M) service codes and modifiers used only with procedure codes. Modifiers 76 and 77 are used to identify times when either the same provider or a different provider repeated the same service on the same day and misapplication of these modifiers can result in claim denials.
Five Documentation Habits Providers Can Use Implement to Improve Evaluation & Management (E/M) Scoring
April 11th, 2023 - Aimee Wilcox
Provider education on E/M coding updates is vital to the success of any organization, but how do you whittle down the massive information into bite-sized pieces the providers can learn in just a few minutes? Check out the five steps we have identified to teach providers in just a few minutes that can significantly impact and improve coding outcomes.
Second Quarter 2023 Updates are Different This Year
April 6th, 2023 - Wyn Staheli
The second quarter of 2023 is NOT business as usual so it is important to pay attention to ensure that organizational processes and training take place to avoid mistakes. Not only have ICD-10-CM coding updates been added to the usual code set updates (e.g., CPT, HCPCS, ICD-10-PCS), but the end of the COVID-19 Public Health Emergency will bring about changes that will also take place during the quarter (but not on April 1, 2023.
7 Measures Developed by the HHS Office of Inspector General (OIG) to Identify Potential Telehealth Fraud
March 28th, 2023 - Aimee Wilcox
A recent review of telehealth services reported in Medicare claims data during the pandemic where these seven measures for identifying suspected fraud, waste, and abuse were applied, revealed more than a thousand Medicare providers potentially committed fraud during this period. What are the measures the OIG applied during their review, and how will that impact future telehealth guidelines moving forward?
MUEs and Bilateral Indicators
March 23rd, 2023 - Chris Woolstenhulme
MUEs are used by Medicare to help reduce improper payments for Part B claims. This article will address the use of the National Correct Coding Initiative (NCCI) and Medically Unlikely Edits (MUEs) and how they are used by CMS.
It is True the COVID-19 PHE is Expiring
March 16th, 2023 - Raquel Shumway
The COVID-19 PHE is Expiring, according to HHS. What is changing and what is staying the same? Make sure you understand how it will affect your practice and your patients.
Billing Process Flowchart
March 2nd, 2023 -
The Billing Process Flowchart (see Figure 1.1) helps outline the decision process for maintaining an effective billing process. This is only a suggested work plan and is used for demonstration purposes to illustrate areas which may need more attention in your practice’s policies and...



Home About Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2023 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association