5 Ways to Minimize HIPAA Liabilities

July 12th, 2019 - BC Advantage
Categories:   Acupuncture|Alternative   Allergy|Immunology   Anesthesia|Pain Management   Behavioral Health|Psychiatry|Psychology   Billing   Cardiology|Vascular   Chiropractic   Dental   Dermatology|Plastic Surgery   Emergency Medicine   Endocrinology   ENT|Otolaryngology   Gastroenterology   Home Health|Hospice   Internal Medicine   Laboratory|Pathology   Interventional Radiology   Neurology|Neurosurgery   Obstetrics|Gynecology   Oncology|Hematology   Optometry   Oral and Maxillofacial Surgery   Orthopedics   Pediatrics   Physical Medicine|Physical Therapy   Podiatry   Primary Care|Family Care   Pulmonology   Radiology   Rheumatology   Skilled Nursing   Urology|Nephrology  

Last year was historic for HIPAA enforcement. The HHS Office of Civil Rights collected a record $23.5 million in settlements and judgments against providers guilty of HIPAA violations. To avoid becoming part of that unwanted statistic, it’s important to pay extra close attention to five key areas of HIPAA vulnerability.

Take Advantage of Refresher Training
The best way to protect against liabilities is to continually educate and train staff. A practice may feel confident that it understands HIPAA. But while close to 90 percent of doctors believe their practices are fully compliant, at least 75 percent of them still have rudimentary questions about HIPAA. That indicates that the vast majority of providers can benefit from a HIPAA compliance refresher course. Participants should include everyone from top administrators to community volunteers. Training everyone with access to PHI isn’t just a good idea; it’s the law.

Encrypt Data
Any lost, stolen, or hacked electronic device containing protected patient information can be an expensive liability. All electronic PHI should be securely encrypted. That includes data communicated via email, text messages, and smartphone messaging apps. Even though an app like the popular WhatsApp may boast that it offers encryption, it may still lack proper authentication controls. Before using any text messaging service to communicate patient information, make sure the practice has a signed HIPAA-compliant business associate agreement with the service provider.

Control Devices
Most healthcare employees understand that they should never share passwords or log-in information. But these credentials should never even be written down. Another way that HIPAA violations frequently occur is because a computer screen is left on where unauthorized persons can see it. Front office staff and nurses may step away from a computer to handle an emergency, leaving the screen temporarily visible or photographable. Physicians sometimes make the mistake of leaving a laptop open at home, where others – including family members or friends – can see patient information. Those are innocent mistakes, but are still liabilities.

Secure Online Portals and Safeguard Paper Records
Paper records continue to represent potential liability as long as they exist. They must be securely handled and archived until shredded. Practices that have not transitioned from paper documents such as invoices and monthly statements can avoid HIPAA liability – and the effort that paper documents require – by going digital. Electronic records are easier to manage, search, store, and protect. There are fully compliant platforms that can safeguard patient records while also giving patients easier 24/7 access. That reduces liability and front office calls from patients. Patients gain greater control over their care with more transparency. A patient portal can also enhance doctor/patient interaction and communication.

Beware Social Media
Most healthcare workers know not to post photos of patients online. But sometimes sharing photos that don’t include patients can still be a liability because confidential information is accidentally included. Criminals often blow up photos that include a work station or home office, for example, to focus in on relatively obscure and minor details. A piece of paper or file in the background may contain PHI. That’s why it’s good policy to be extra vigilant regarding tweets, Facebook posts, and pictures uploaded to sites like Instagram. When in doubt, don’t upload it, share it, or talk about it.

###

Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.


Latest articles:  (any category)

COVID Vaccine Coding Changes as of November 1, 2023
October 26th, 2023 - Wyn Staheli
COVID vaccine changes due to the end of the PHE as of November 1, 2023 are addressed in this article.
Medicare Guidance Changes for E/M Services
October 11th, 2023 - Wyn Staheli
2023 brought quite a few changes to Evaluation and management (E/M) services. The significant revisions as noted in the CPT codebook were welcome changes to bring other E/M services more in line with the changes that took place with Office or Other Outpatient Services a few years ago. As part of CMS’ Medicare Learning Network, the “Evaluation and Management Services Guide” publication was finally updated as of August 2023 to include the changes that took place in 2023. If you take a look at the new publication (see references below),....
Can We Score Interpretation of an EKG Towards E/M Medical Decision Making?
October 10th, 2023 - Aimee Wilcox
When EKGs are performed in the facility setting or even in the physician's office, what are the requirements for reporting the service and who gets credit for scoring data points for Evaluation and Management (E/M) medical decision making (MDM)? Let's take a look at a few coding scenarios related to EKG services to get a better understanding of why this can be problematic.
Accurately Reporting Signs and Symptoms with ICD-10-CM Codes
October 5th, 2023 - Aimee Wilcox
Coders often find themselves unsure of when to report a sign or symptom code documented in the medical record. Some coders find their organization has an EHR that requires a working diagnosis, which is usually a sign or symptom, be entered to order a test or diagnostic study or image. Understanding the guidelines surrounding when signs and symptoms should be reported is the first step in correct coding so let's take a look at some scenarios.
The 2024 ICD-10-CM Updates Include New Codes for Reporting Metabolic Disorders and Insulin Resistance
September 19th, 2023 - Aimee Wilcox
Diabetes is a chronic disease that just seems to consistently be increasing instead of improving resulting in a constant endeavor by medical researchers to identify causal effects and possible treatments. One underlying or precipitating condition that scientists have identified as a precipitating factor in the development of diabetes is insulin resistance, which is a known metabolic disorder. As data becomes available through claims reporting, additional code options become possible with ICD-10-CM.
Documenting and Reporting Postoperative Visits
September 12th, 2023 - Aimee Wilcox
Sometimes we receive questions regarding documentation requirements for specific codes or coding requirements and we respond with information and resources to support our answers. The following question was recently submitted: Are providers required to report postoperative services on claims using 99024, especially if there is no payment for that service? What documentation is required if you are reporting an unrelated Evaluation and Management (E/M) service by the same physician during the postoperative period? 
Understanding Gastroesophageal Reflux Disease and ICD-10-CM Coding
August 22nd, 2023 - Aimee Wilcox
Gastroesophageal reflux disease or GERD for short, is a disease that impacts millions of Americans on a weekly basis. Symptoms are uncomfortable, as are some of the tests used to diagnose it, but understanding the disease, tests, and treatments helps us better understand how to code the disease using ICD-10-CM codes.



Home About Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2023 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association