5 Ways to Minimize HIPAA Liabilities

July 12th, 2019 - BC Advantage
Categories:   Acupuncture|Alternative   Allergy|Immunology   Anesthesia|Pain Management   Behavioral Health|Psychiatry|Psychology   Billing   Cardiology|Vascular   Chiropractic   Dental   Dermatology|Plastic Surgery   Emergency Medicine   Endocrinology   ENT|Otolaryngology   Gastroenterology   Home Health|Hospice   Internal Medicine   Laboratory|Pathology   Interventional Radiology   Neurology|Neurosurgery   Obstetrics|Gynecology   Oncology|Hematology   Optometry   Oral and Maxillofacial Surgery   Orthopedics   Pediatrics   Physical Medicine|Physical Therapy   Podiatry   Primary Care|Family Care   Pulmonology   Radiology   Rheumatology   Skilled Nursing   Urology|Nephrology  
0 Votes - Sign in to vote or comment.

Last year was historic for HIPAA enforcement. The HHS Office of Civil Rights collected a record $23.5 million in settlements and judgments against providers guilty of HIPAA violations. To avoid becoming part of that unwanted statistic, it’s important to pay extra close attention to five key areas of HIPAA vulnerability.

Take Advantage of Refresher Training
The best way to protect against liabilities is to continually educate and train staff. A practice may feel confident that it understands HIPAA. But while close to 90 percent of doctors believe their practices are fully compliant, at least 75 percent of them still have rudimentary questions about HIPAA. That indicates that the vast majority of providers can benefit from a HIPAA compliance refresher course. Participants should include everyone from top administrators to community volunteers. Training everyone with access to PHI isn’t just a good idea; it’s the law.

Encrypt Data
Any lost, stolen, or hacked electronic device containing protected patient information can be an expensive liability. All electronic PHI should be securely encrypted. That includes data communicated via email, text messages, and smartphone messaging apps. Even though an app like the popular WhatsApp may boast that it offers encryption, it may still lack proper authentication controls. Before using any text messaging service to communicate patient information, make sure the practice has a signed HIPAA-compliant business associate agreement with the service provider.

Control Devices
Most healthcare employees understand that they should never share passwords or log-in information. But these credentials should never even be written down. Another way that HIPAA violations frequently occur is because a computer screen is left on where unauthorized persons can see it. Front office staff and nurses may step away from a computer to handle an emergency, leaving the screen temporarily visible or photographable. Physicians sometimes make the mistake of leaving a laptop open at home, where others – including family members or friends – can see patient information. Those are innocent mistakes, but are still liabilities.

Secure Online Portals and Safeguard Paper Records
Paper records continue to represent potential liability as long as they exist. They must be securely handled and archived until shredded. Practices that have not transitioned from paper documents such as invoices and monthly statements can avoid HIPAA liability – and the effort that paper documents require – by going digital. Electronic records are easier to manage, search, store, and protect. There are fully compliant platforms that can safeguard patient records while also giving patients easier 24/7 access. That reduces liability and front office calls from patients. Patients gain greater control over their care with more transparency. A patient portal can also enhance doctor/patient interaction and communication.

Beware Social Media
Most healthcare workers know not to post photos of patients online. But sometimes sharing photos that don’t include patients can still be a liability because confidential information is accidentally included. Criminals often blow up photos that include a work station or home office, for example, to focus in on relatively obscure and minor details. A piece of paper or file in the background may contain PHI. That’s why it’s good policy to be extra vigilant regarding tweets, Facebook posts, and pictures uploaded to sites like Instagram. When in doubt, don’t upload it, share it, or talk about it.

###

Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.


Latest articles:  (any category)

How to Combat COVID-Related Risk Adjustment Losses with the Medicare Annual Wellness Exam
April 12th, 2021 - Aimee Wilcox, CPMA, CCS-P, CST, MA, MT, Director of Content
Identifying new ways to encourage Medicare beneficiaries to schedule and attend their Annual Wellness Exam (AWE) can be difficult, but the Open Enrollment period is a prime time for every payer to identify new beneficiaries and provide a reminder to both new and existing patients that this preventive service does ...
Failure to Follow Payer’s Clinical Staff Rules Costs Provider $273K
April 12th, 2021 - Wyn Staheli, Director of Research
Clinical staff (e.g., LPN, RN, MA) provide essential services which allow providers to leverage their time and improve reimbursement opportunities and run their practices more efficiently. There is, however, an ongoing question of how to appropriately bill for clinical staff time. This is really a complex question which comes down to code descriptions, federal or state licensure, AND payer policies. Failure to understand licensing and payer policies led a Connecticut provider organization down a path that ended in a $273,000 settlement with both federal and state governments.
Properly Reporting Imaging Overreads (Including X-Rays)
April 8th, 2021 - Aimee Wilcox CPMA, CCS-P, CST, MA, MT and Wyn Staheli, Director of Content Research
hile many provider groups offer some imaging services in their offices, others may rely on external imaging centers. When the provider reviews images performed by an external source (e.g., independent imaging center), that is typically referred to as an overread or a re-read. Properly reporting that work depends on a variety of factors as discussed in this article.
How Social Determinants of Health (SDOH) Data Enhances Risk Adjustment
March 31st, 2021 - Aimee Wilcox, CPMA, CCS-P, CST, MA, MT, Director of Content
The role of SDOH in overall patient care and outcomes has become a more common topic of discussion among healthcare providers, payers, and policymakers alike. All are attempting to identify and collect SDOH and correlate the data to patient management which is increasingly seen as necessary to address certain health disparities and identify exactly how SDOH affects patient health outcomes. Learn how to address this important subject.
Understanding Skin Biopsy Codes
March 23rd, 2021 - Christine Woolstenhulme, QCC, QMCS, CPC, CMRS
A biopsy is a procedure to obtain only a portion of a lesion for a pathologic exam. According to the AMA, "The use of a biopsy procedure code (e.g., 11102, 11103) indicates that the procedure to obtain tissue for pathologic examination was performed independently, or was unrelated or distinct from other ...
How Reporting E/M Based on Time May Lose Money
March 18th, 2021 - Aimee Wilcox, CPMA, CCS-P, CST, MA, MT, Director of Content
Just like math teachers who require students to show their work so they can see how the student reached their answer, providers are also required to "show their work" through the documentation process in the medical record. By the time a provider has reviewed the patient's subjective complaints (i.e., patient's ...
COVID-19 Vaccines
March 10th, 2021 - Christine Woolstenhulme, QCC, QMCS, CPC, CMRS
To accommodate the new COVID-19 immunizations the CPT editorial panel has approved 11 Category I codes. Watch for new and revised guidelines and parenthetical notes with these codes. For example; which administration codes should be used with the vaccine codes and the NCD codes applicable to the dose being administered. These ...



Home About Contact Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2021 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association