Monthly Archives: May 2014

Where Does it Hurt?

“Where does it hurt?” is a common question caregivers may ask their patients. But when was the last time that question was posed to the caregivers themselves? According to Athena Health’s CEO Jonathan Bush, in a special keynote address on common physician pain points, that’s exactly what we as an industry and as a country need to do more often.

When was the last time your practice had a checkup?

When was the last time you took a close look at your business?

The coming years will be fraught with responsibilities for healthcare providers. There is the approaching transition to ICD-10, and a multitude of incentive programs for EHR adoption, electronic prescribing, quality reporting, and many others.

There is a great push to improve quality of care and improve clinical documentation by physicians and other clinicians. “Documentation is not taught in medical school, so the whole process and concept of painting the accurate picture is kind of new,” observes Lou Ann Widemann, Director of Practice Excellence at AHIMA.

Start looking at your practice, assess what you do and see, then develop a strategy to correct the problems.

HIPAA: Technology Missteps

The following are a few real-world examples of the consequences practices, health systems, and health plans have faced due to technology missteps:

  • A $1.2 million settlement with HHS for failing to erase photocopier hard drives containing electronic protected health information (ePHI).
  • A $50,000 settlement with HHS after a laptop containing unencrypted ePHI is stolen.
  • A $100,000 settlement with HHS after posting surgery and appointment schedules on a publicly accessible Internet calendar.
  • Immeasurable reputation damage after a USB flash drive containing ePHI is lost and patients and the local media are notified.

According to experts, here are some of the biggest technology mistakes physician practices make:

  • Storing ePHI on local devices
  • Failing to encrypt and password protect mobile devices
  • E-mailing unencrypted ePHI
  • Using personal or patient-provided thumb drives
  • Discarding fax machines, scanners, or printers without shredding hard drives
  • Failing to back up ePHI securely

Many breaches occur when mobile devices containing unencrypted ePHI are stolen or misplaced. It is difficult for practices to control personal mobile device use, and users are more hesitant to implement security safeguards. Practices must train physicians and staff on appropriate mobile device use, and experts recommends requiring staff to sign a mobile device use agreement. In addition, physicians and staff should avoid sending emails with patient information to their personal email addresses.

To comply with the HIPAA Security Rule, practices must establish procedures to create and maintain retrievable exact copies of ePHI. To ensure backup data is secure, experts recommend that small practices consider storing ePHI in a fireproof safe or move it to the cloud.

If your practice is not using the right technology in the right way, it could be setting itself up for a HIPAA violation. Your practice should consider conducting a risk analysis to determine areas that violate the HIPAA Security Rule.