This month in the United States, the holidays are kicking off with Thanksgiving. Each November, family and friends gather to give thanks, eat good food and watch football. Here at HCP, we wanted to let you know that 10 things that top our list of things we are grateful for this year.
- MIPS Transition Year
While CMS has released the final rule for MIPS for 2018, we are grateful that 2017 was a transition year. Organizations were able to pick their pace on their participation level and have time to put process in place to track performance measures. If you still need help determining your participation level and have any other questions regarding MIPS, please let us know.
- Strong PasswordsDid you know that one of the top causes of a breach is a weak or easy to guess password? The news is constantly reporting of data breaches in various industries, including healthcare. A strong password is the easiest way to protect yourself and your organization from malicious attacks. A strong password is one that at a minimum:
- Is 8 characters in length
- Is difficult to guess
- A combination of alphabetic, mixed case, numeric and punctuation characters
- Online Breach Reporting
The days of putting together a list of breaches and sending them off to the Secretary of the Department of Health and Human Services (HHS) is over. Now, the reporting process is handled electronically.To make it even easier, Healthcare Compliance Pros has an online Breach Log that can be used to submit suspected breaches for breach determination and mitigation, or as a place to store all suspected breaches. You also get access to our expert compliance staff to guide you along the way. If you don't have access to this great compliance support tool, please contact us for more information.
- Security Risk Analysis
A HIPAA Security Risk Analysis (SRA) should be conducted, at a minimum, on an annual basis. To comply with HIPAA, organizations must continue to review, correct or modify, and update security protections. While checklists are helpful for organizations, they are lacking in meeting the requirements for a systematic risk analysis. Think of security risk analysis as an action plan for protecting patient privacy, and a process of identifying and examining potential threats and vulnerabilities to protected health information. This is arguably the most important step an organization can take towards implementing safeguards that mitigate or lower risks to your ePHI. If you need help with your SRA process, please let us know. And remember, SRAs need to be submitted to HCP for review by Dec 15th to ensure completion by the end of the year.
- Bring Your Own Device Policies
The use of mobile devices, cell phones, smartphones, and tablets has become commonplace within the medical field workplace. Most practice administrators would agree that there is a pressing need to support the Bring Your Own Device (BYOD) movement, but many are confronted with finding real-life BYOD solutions. A BYOD policy is an opportunity to maximize employee satisfaction and productivity, but care must be taken to create a secure environment for users of personal devices in the workplace. If you have any questions about creating a BYOD policy for your organization, please let us know.
- Social Media
Social Media is an ever-growing presence in not only your patients' lives but the running of your practice. It is common for healthcare practices to have a website, Facebook profile, twitter account, etc. Patients are getting referrals from friends and neighbors for their healthcare needs and it's often done through Social Media. However, for the healthcare organization, navigating the dos and don'ts of social media can be daunting. HCP took on this topic and created a series of articles directly related to navigating the ins and out of social media and how to use social media to benefit your organization. Please search 'social media' in our Compliance Insider archives for the full series of article. Or if you have specific questions, reach out to one of our compliance specialists.
- Encrypted and Unencrypted Electronic Communications
Encrypted email is considered safe and provides adequate protection of health information being sent and received electronically. Encrypted email has several benefits such as hiding the content from an eavesdropper, the use of a digital signature mechanism and the use of a secret private key to decrypt messages. Encryption is preferred when communicating electronically. However, covered entities are permitted to send individuals unencrypted emails if they have advised the individual of the risk, and the individual still prefers the unencrypted email. If individuals are notified of the risks and still prefer unencrypted email, the individual has the right to receive protected health information in that way, and covered entities are not responsible for unauthorized access of protected health information while in transmission or for safeguarding information once delivered to the individual.
- Corporate Compliance Training
For any organization who participates in Medicare programs, initial training and education on Corporate Compliance should be completed during the orientation process for new employees and all employees should complete annual refresher training thereafter. Additionally, organizations who participate in Medicare Part C and/or D may be required to complete fraud, waste, and abuse training. In addition, all entities contracted to perform work related to Medicare programs are required to have appropriate policies and procedures to address fraud, waste, and abuse. We review and update these modules as necessary on an annual basis. If you are unsure what courses your organization should be taking, please ask. We'll be happy to help.
- Great Employees
We are grateful for employee who are helpful, friendly, experienced and knowledgeable. They truly care about the work they do and are passionate about making a difference for our clients. From account changes to compliance question, from SRAs to training modules, they are only a phone call or email away so don't hesitate to reach out for any reason.
- Unbeatable Clients
We don't mean to brag but at HCP, we have the greatest clients in the world. We have organizations of every specialty, size, and location. Each one challenges us and helps us improve ourselves, our products, our knowledge and our company every day. Most of all this year, we are thankful for the opportunity to serve you and help make your practices more successful. Please let us know if there is anything we can do to help.