HIPAA

Policy as Protection

Posted on April 25th, 2012 by Dexcomm

Given all of the  legislation and the large number of mobile devices on the market and in our businesses today, it has become difficult for physician offices and their business associates to manage all of the devices.  Everything from a USB flash drive to an electronic tablet or even a camera phone has become potential sources of a PHI breach.  It is important that you craft a mobile device policy that allows you to reasonably meet all of the rules.  Having this policy in place and administered will allow you to sleep at night knowing that you have done the due diligence and what is required by law.

Is your practice looking for a generic mobile policy?

Contact us.Doctor experiencing tension headache

Email Us

We would love to hear from you! Please fill out this form and we will get in touch with you shortly.

60k’ HITECH Overview

Posted on April 18th, 2012 by Dexcomm

The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law as part of the American Recovery and Reinvestment (ARRA) Act of 2009. The main focus of HITECH was to encourage the use of health information technology. Several changes were made with this legislation, including that business associates are now subject to the same requirements as covered entities.  Not only do you have to comply with all of the HIPAA rules but now your answering service, CPA, attorney and other professional service organizations, that may see PHI, also have to comply.  Penalties have increased and are now being levied.  Fines range from $100 in a “did not know” offense to $1,500,000 for “willful neglect”.  If a breach does happen that is over 500 records, the media must be notified.  Finally, each State Attorney General may now prosecute separately from the Department of Health and Hospitals Secretary (HHS) making fines a serious issue in the event of a breach.

So what is protected under the Privacy Rule?

Posted on April 16th, 2012 by Dexcomm

Binary globeElectronic Protected Health Information (EPHI) is any “individually identifiable health information maintained in electronic media or transmitted or maintained in any other form or medium”.  As you can imagine, that could include everything from a patient’s name to private medical history.  Basically, anything that would identify someone.  Any number of pieces of EPHI could be on a mobile device in order for a physician to serve his or her patient.  Due to sensitivity of the information, it must be secured.

Physical Safeguard Tips

Posted on April 13th, 2012 by Dexcomm

Just like anything Laptop and Stethoscopeyou want to protect, keep it in a safe location. Around your office make sure that all devices are locked in a drawer or in an office when not in use and never leave unattended.  When outside of your office make sure the device is either always with the person responsible for it or in a secure location such as a glove box or car trunk. It only takes a second for someone to grab such a small item. Remember if the item is lost or stolen, report it immediately! Don’t forget other items like USB flash drives, memory/smart cards, CDs, DVDs, PDAs, remote access devices and security hardware.

Technical Safeguard Tips

Posted on April 11th, 2012 by Dexcomm

Question Mark Key on Computer KeyboardIf the electronic PHI is stored and transmitted in encrypted form, then how you would handle the security breach drastically changes. Any data can be encrypted.  Encryption is a process that converts plain text into cipher text which is unreadable to any unintended entity that has accessed the file without “permission.” It works by using a mathematical algorithm called keys that code and decode the cipher text. This process is performed by computer programs or specific hardware designed for this purpose.

HHS states that any HIPAA compliant entity is not exempt from the breach notification requirements if the entity keeps the keys on the same device as the encrypted data. Ask your vendor before selecting your encryption product. Keys can be stored on a USB flash drive, a key server or be regenerated as needed. For more information visit HIPAA Security Rule FAQ Regarding Encryption. On your computer, programs such as Microsoft® Encrypting File System (EFS) are built-in encryption programs that are easy to use by just changing the properties of the folder. Click here for a full list of programs.

The same protection extends to your mobile devices which should also be password protected. Change your passwords regularly: at least every 90 days.  Any EPHI that is utilized or stored on a mobile device must also be encrypted including; accessing a web portal on the mobile devices web browser, SMS/text message, email or images.

Administrative Safeguard Tips

Posted on April 9th, 2012 by Dexcomm

Laptop chain lockedStart by taking an inventory of all of the devices within your practice that are used to access and/or store EPHI. We recommend including what the device is intended for in regards to use/access to EPHI. Make sure to include the operating system the device is using. Remember your inventory will need regular updating depending on changes in employment and system updates. Tip: Set reminders in your calendar.

Review your practice’s policies to make sure they encompass mobile devices. Training and enforcement is, as always, the key to your practice’s success.

60k’ HIPAA Overview

Posted on April 5th, 2012 by Dexcomm

The guidance that started as an attempt for consumers to keep their health information private and make their insurance portable has become a large legislative issue. Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 and updated in 2000, 2002, 2003, 2004, 2005 and 2006! Congress realized that the advancements in technology called for additional legislation to protect the privacy of an individual’s health information known as Protected Health Information (PHI). The Privacy Rule sets standards to protect PHI transmitted electronically by three covered entities; health plans, health care clearing houses and health care providers. The Security Rule outlines safeguards (administrative, physical and technical) for protecting the confidentiality, integrity and availability of all electronic PHI created, received, maintained or transmitted. The Office for Civil Rights oversees and enforces the Privacy Rule and the Security Rule.

HIPAA violations at your fingertips

Posted on April 3rd, 2012 by Dexcomm

Multiple mobile device usersThe amount of Protected Health Information (PHI) that could be on your employee’s phone is staggering. Access to the protected information can be as easy as unlocking a smart phone. Mobile devices collect and contain PHI such as a patient’s name and phone number or a picture of a patient’s wound while they were in the office for a routine visit. Are you prepared for a situation as simple as a member of your staff answering a call on their cell phone? Who has access to this information? When the employee is at home and their 14-year-old is playing with the mobile device and sees a text message containing PHI, you now have a HIPAA violation and a possibility of the daughter seeing a name she recognizes and placing the information on Facebook, Twitter or any social media they may be associated with.

E-Prescribing: it can save you money

Posted on November 24th, 2011 by Bill
e-Prescribing

e-Prescribing

Lately, we have put a lot of blogs up about smart phones and how they integrate into the medical community. One of the most important ways that they can make health-care provider’s lives much easier is through E-prescribing. A lot of doctors and health agencies have already implemented some form of sending prescriptions via an electronic service, citing the ease of use and timesaving aspects that electronic prescriptions offer. However, that isn’t all that E-prescription can do for you; it can also save you money.

 

New governmental initiatives are pushing for modernization of data maintenance across the board in the medical services, including prescriptions. In order to accomplish this, the federal government passed the HITECH Act in 2009. This act offers incentive payments to physicians through Medicare and Medicaid if they use electronic prescriptions for more than 40% of their prescriptions, not including those for controlled substances.

 

Government incentives are direct ways in which E-prescribing can cut costs. There are, however, many indirect ways that handling your prescriptions electronically can reduce your overhead. The most important of these is in the time saved. “time is money” is a cliché for a reason. Although it may seem quicker to just write out a prescription by hand, this is not the case. In fact, one third of all hand-written prescriptions necessitate a phone call from the pharmacy for clarification. To put this in more stark relief, the Medical Group Management Association estimates that, on average, medical practices receive fifty phone calls a day from pharmacies. These calls are disruptive to workflow, and thus consume time.

 

Furthermore, E-prescribing makes more efficient use of the physician’s time. Electronic prescription systems contain databases and programs that account for drug interactions and contra-indications, which means that the physician does not have to. Over time, this increases efficiency and productivity, and both add up to dollars saved. In one study, published in 2007, a group practice of thirteen physicians claimed that by transferring their records completely to an electronic format, they saved 1 million dollars in the first year and a half. Considering that this included the cost of implementing the system, that is an impressive saving (especially when you take into account that this does not include the federal reimbursement mentioned above).

 

For more on E-prescription, read Electronic Prescribing: Building, Deploying and Using E-prescribing to Save Lives and Save Moneyput out by the Center for Health Transformation. For more information on the HITECH Act, see Electronic Prescription Is Safe And Efficient, However Hurdles Remain.

Can smart phones actually help people?

Posted on November 2nd, 2011 by Noah
eye exam via smart phone

eye exam via smart phone

Dexcomm has been in the communications industry since the 1950’s and over that time we have always strived to stay on top of the amazing changes in communications technology.  We were the first telephone answering service in the state to be able to receive and deliver emails.  We offer sms, email, and fax delivery, web based on call management,  and are currently bringing onboard a completely secure and HIPAA compliant smart phone app that will allow medical practices to communicate all their messages in a private and encrypted environment.

 

Our secure messaging app for smart phones is an one example of great leaps in technology.  Another example aimed at helping people around the world is featured in the following video.  Netra has developed an app, and cheap ($2) accessory to the smart phone that can provide quick and accurate eye exams.  The impact that this development could have for children around the world, in developed and undeveloped countries alike is amazing.

 

 

Page 1 of 212