Tag: Computer

Posted on

Skype With Patients? HIPAA Says “No Go”

Oklahoma medical board sanction against Thomas Trow, MD, sparked concern over the practices of telemedicine and telepsychiatry. Using Skype, Trow conducted online video appointments and prescribed controlled substances to a patient who ultimately succumbed to an overdose. Trow never saw the patient in person before prescribing the drugs. As a result, the Oklahoma medical board published a ruling on January 16 of this year, stating that telemedicine, “Technology must be HIPAA compliant.”

With growing excitement, doctors and patients are “seeing” each other online through a range of video chat technology platforms. In fact, healthcare innovation like telemedicine is vital to the changing landscape of patient demands and government-driven insurance. For many, the Oklahoma telemedicine ruling brings welcome clarification and an opportunity to educate providers about this new way of practicing HIPAA-compliant telemedicine.

“The last thing the U.S. healthcare system needs is to abandon the idea of telemedicine,” said Daniel Gilbert, president and CEO of CloudVisit Telemedicine. “The technology has tremendously positive implications for providers and patients. To lose out because of one platform — a platform that was never designed as a medical tool — would be real detriment.”

Since the Oklahoma ruling does not specifically cite any brand names, many physicians are left wondering, “Is Skype HIPAA compliant?” Skype’s privacy policy simply states that they, “will take appropriate organizational and technical measures to protect the personal data…” and owner, Microsoft Corp.’s Business Associate Agreement (BAA) explicitly omits Skype. To better understand Skype’s security, one must turn to the Health Insurance Portability and Accountability Act (HIPAA).

  • Telemedicine is a HIPAA-compliant method for patient appointments
  • Online video appointments must be conducted via a HIPAA-compliant telemedicine platform
  • Business Associate Agreement (BAA) must exist between the healthcare provider and the company responsible for the telemedicine technology
  • The BAA must guarantee the HIPAA compliance of all measures for security practices and data encryption
  • Providers must obtain informed patient consent prior to conducting online video appointments
  • In absence of a BAA and informed consent, Skype is not HIPAA compliant

“It’s important to keep in mind that Microsoft never intended Skype to be a medical tool,” reminds Gilbert. “Beyond significant HIPAA issues, Skype has many operational shortcomings. CloudVisit provides tools for scheduling and billing, plus treatment notes and more. Skype has none of these features.”

In fact, a search of the word “telemedicine” on the Skype website comes up empty. They do not claim to be HIPAA compliant, nor do they position themselves as a resource for the medical community.

As stated, healthcare practices and patients have a lot to gain from online video appointments. The right technology can be highly effective and appropriate for follow-up care, routine appointments, and mental health consultations once a provider-patient relationship is established in person.

CloudVisit Telemedicine provides a HIPAA-compliant telemedicine and telepsychiatry platform for scheduling, conducting, tracking, and billing online video appointments with patients. CloudVisit enters into a BAA with every client.

 

Originating Source
Posted on

This 5-Minute Video Could Save Your Practice

Almost every business uses a multi-function copy machine that copies, scans, prints and possibly faxes information. What most people don’t realize is that many of these machines have hard drives that store all information that the machine has access to. Think of these machines as computers that store a digital record of every copy it makes, every document it scans and every page it prints.

Copying patient information

If your organization copies insurance explanation of benefits (EOBs), patient insurance cards or uses a multi-function printer to print out letters to patients, all that information could be sitting on the hard drive of your copier. If this information is not properly destroyed before you return the machine to a leasing company, recycle the machine, sell the machine or throw the machine out; all that patient information might cause a HIPAA data breach.

Watch this video!

The below video from CBS news gives valuable information about the risks of copy machines.

Note: Affinity Health Plan who is featured in the video, received a $1,215,780 HIPAA fine (that’s right… $1.2 MILLION) because of one copy machine that contained 344,579 records with protected health information (PHI)

[youtube id=”TCKr5WgVVN8″ width=”600″ height=”350″]

Posted on

Independent Physicians Lag Behind with EHRs

Adoption and use of health IT increased significantly from 2009 to 2012, though there is a sizable gap between the adoption levels of large and small practices.

A study by The Commonwealth Fund measured changes in health IT use over that four-year period. The study found that the percentage of physicians able to electronically send prescriptions to pharmacies rose from 34% to 66% and electronic prescribing increased from 40% to 64% over that timeframe. Adoption of electronic records is where the difference between practice sizes was most pronounced: Only half of solo physicians use EMRs, while more than 90% of physicians in practices with 20 or more physicians do so.

A lack of resources is one explanation why independent physicians and smaller practices aren’t turning to health IT solutions at the same rate as larger ones. Independent physicians’ responses to an athenahealth Inc. survey reflected this sentiment. Fewer than half of independent physicians not associated with hospitals felt the financial and care benefits of EHRs exceeded the costs, while greater than half of their employed peers felt the same.

Independent physicians’ unwillingness to take on major business costs (including those associated with EHRs) is likely contributing to the shrinking number of independent doctors in the U.S. Statistics from Accenture show the percentage of independents sunk from 57% in 2000 to just 39% in 2012. A large majority (87%) of doctors cited business costs and expenses as a top concern and a reason why they’d consider abandoning their independent status.

A data brief from the National Center of Health Statistics (NCHS) focused on physicians’ widespread use of EHR technology. The NCHS data showed that in 2013 78% of all office-based physicians were using some type of EHR, an increase from  18%  in 2001 — something Karen Desalvo, national coordinator for health IT, noted in a recent blog post. Meaningful use incentives are driving many providers to adopt EHR systems. The NCHS brief reported that 69% of physicians intend to participate in the Medicaid or Medicare EHR incentive programs, though only 13% of them had EHR systems in place to support 14 of the 17 stage 2 core objectives. Those statistics represent a fear of independent physicians — adopting an EHR system without qualifying for reimbursement payments.

Posted on

What is Reasonable and Appropriate for Your Specific Environment

These days we deal with resistance and denial towards HIPAA compliance. There are many reasons given for incomplete or ineffective compliance programs. We have heard everything from long rambling rants against the government, claims of not applicable to me and plenty of “we don’t have the _____” (fill in: time, money, resources) to explain away the compliance gaps.

There is, however, one case that concerns me when we find it. A practice or business is given a standard list of HIPAA Security implementation recommendations. The problem is that the list of recommendations doesn’t always include a review of what is reasonable and appropriate for the specific environment. The result is a group frozen by fear, sticker shock or worse paying for services and equipment that may be overkill for them. The Security Rule explains in the General Rules section just what should be considered in determining what is reasonable and appropriate for a specific environment (emphasis added):

HHS recognizes that covered entities range from the smallest provider to the largest, multi-state health plan. Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a particular covered entity will depend on the nature of the covered entity’s business, as well as the covered entity’s size and resources.

Therefore, when a covered entity is deciding which security measures to use, the Rule does not dictate those measures but requires the covered entity to consider:

Its size, complexity, and capabilities,

Its technical, hardware, and software infrastructure,

The costs of security measures, and

The likelihood and possible impact of potential risks to e-PHI.

No, this doesn’t mean you can decide you are so small and the rules are too complex to follow them at all. That is definitely not what reasonable and appropriate means in this context. What it does mean, though, is that you can determine how to implement the standards, both required and addressable, but apply these considerations to your implementation plans.

Our approach is to always define the environment before defining the plan. The Security Risk Analysis is first in the list of requirements for a reason. But, keep in mind, that even the tasks performed in the Risk Analysis should be confirmed as reasonable and appropriate for your specific environment.

 

Reposted with permission from: http://smallproviderhipaa.com/2013/10/31/what-is-reasonable-and-appropriate-for-your-specific-environment/
Posted on

Worker’s Reluctant to Follow Company BYOD Policy

Even at companies with BYOD (bring-your-own-device) policies, users may still be reluctant to officially register their tablets and smartphones with IT, instead preferring to covertly access the network. That’s according to a new study that shows employees are concerned about losing their personal data if they officially register their devices with the IT organization at their company. To ensure compliance with policies, managed services providers (MSPs) may need to win over small and mid-sized businesses (SMBs) employees with promises to protect personal data.

Aruba Networks, Inc. (ARUN) conducted the survey of more than 3,000 employees around the world. American respondents, specifically, fear the loss of personal data more than other regions of the world, the study revealed. Around 66 percent of American respondents claimed that they fear the loss of data, compared to the 45 percent of Europeans and 40 of Middle Easterners who felt the same.

More than 50 percent of Americans said their IT department takes no steps to ensure the security of corporate files and applications on their personal devices, a concern that has forced many employees to keep personal devices away from IT departments. Seventeen percent of Americans have not told their employers that they use a personal device for work. If you think that’s frightening, keep reading.

Eleven percent of American respondents said they would not report a compromised device, while 36 percent said they would not report leaked data immediately.

According to the survey, these numbers come from a distrust of IT departments and employee fear about what IT may do with personal data. Forty-five percent of respondents in the United States worry about their IT department’s access to personal data.

Should MSPs include policies and guarantees to customers’ employees on personal data?

There need to be incentives from the company to persuade employees to follow BYOD policy.  Furthermore, there must be a culture of transparency and trust from IT to help calm the fears workers have.

Our Mobile Device Management (MDM) solutions allow our technicians and engineers the ability to monitor and manage the mobile device but they do not have access to personal items such as text messages or pictures.  If there is ever a question of what we can or can not do, we give the client a complete tour of our MDM platform.

The importance of a highly secure IT environment coupled with the lack of adherence of workers to BYOD policies gives rise to major concerns.  Companies of all sizes need to rethink their policies and procedures regarding BYOD.  Also, ensure the MSP or IT provider is trustworthy and operates in complete transparency.  The goal is to protect your company, your IT environment, your customers and your employees.

Companies, especially small businesses, that ignore BYOD are playing Russian roulette.  Everyday workers are using secure business networks to do things on their mobile devices which are highly unsecured and dangerous to the IT environment.  For some verticals, such as healthcare, these oversights can led to a breach and bring disastrous implications.

Want to have a discussion about protecting your business and your employees?  Give us a call find out how we can help.

Posted on

10 Reasons to Use CRM software Within Your Business

When it comes to using CRM software, there are a number of reasons why you want to use it. You need to do all you can to give your business the edge within the marketplace. Customer relationship management software allows you to focus more on your customers, which in turn will fuel your business for success.

1. More information. When you use CRM software, you have more information about your customers. This includes learning about where they are, what age category they fall into and much more.

2. More customer details. Customer details can help you reach out to customers at more times throughout the year. When you have their birthday and anniversary dates, you can send them emails and reminders, which will help your business be thought of in a more personable way.

3. Better demographic information. There is a lot of demographic information available within CRM software. You need to know who your target audience is. If you didn’t know it prior to using the software, you will by the time you have used it a few times because of the data it is collecting with each order that you take and with each new customer you establish.

4. Create marketing promotions. When you have more information about your customers, you can create more effective marketing promotions. This includes putting specific items on sale as well as deciding how you want to market to your customers – be it Facebook, mobile phones, direct mail or some other strategy.

5. Make suggestions. Suggestions can be made to customers when you use CRM software. When you see what the buying patterns are, you can use your inventory of products to determine what it is that they are likely to want. As you make suggestions, you can increase your sales and become more profitable.

6. Sell more. Suggestive selling is a great way to sell more. Just as restaurants use suggestive selling, you can do the same within your own business.

7. Compete with other businesses. You need to compete with the other businesses out there and CRM software helps you do that. Customers will stray to the competition from time to time – unless you are doing all you can to keep them focused on you and your business.

8. Stay on the brain. When you send more emails specifically for specific groups of people, you can stay on the forefront of your customers’ brains. This way they won’t drift off to go to other businesses throughout the year.

9. Customizable. When you use CRM software, it is customizable based upon what you need it for. You can even choose software that integrates into your other software, such as Microsoft Outlook. This ensures you aren’t entering the same information over and over again.

10. Easy to use. It’s also a good idea to use CRM software because it’s easy to use. When it’s easy, you and your entire staff can benefit from the information housed within the program.  When I started out in business I used a huge dry erase board, make-shift excel spreadsheets and a desk calendar to try to accomplish this.  It is so much easier now with good CRM tools.

For help finding the CRM tool that is right for your business, give us a call.