All posts by dustin

HIPAA OMNIBUS RULE QUICK CHECKLIST of REQUIREMENTS

 

To view this comprehensive guide simply click on the image below to read online or download as a pdf file.

Hipaa Omnibus Rule Checklist of Requirements

HIPAA OMNIBUS RULE QUICK CHECKLIST of REQUIREMENTS provides you with a valuable resource to explore HIPAA Requirements and cross reference them against the notes provided.

For additional guidance with this checklist as it applies to your dental setting,
please feel free to contact us for a Discovery Meeting: 941-587-2864

Everything you need to know about the HIPAA PHASE 1 and PHASE 2 AUDITS

 

Did you know? HIPAA Audits are now being conducted in healthcare settings and this may affect your dental office! Watch the video below to get more details and visit the HHS.gov links—Most of all–get prepared!
Office of Civil Rights / The Department of Health & Human Services in 2016 will launch an email campaign to randomly choose healthcare facilities and email them a PHASE 1 HIPAA Survey/ Questionnaires. These surveys request detailed—sometimes financial information about your healthcare facilities’ HIPAA Practices. Take a look at this survey (by clicking the link above). It includes a multitude of questions that pertain to your revenue and income! The survey is overtly focused on income–which might make you wonder: “What else will the government do with this information?”
Nonetheless, HHS/OCR will send these HIPAA PHASE One email surveys to healthcare offices—which will allow you 10 days to respond. If you do not respond to the survey, OCR will use public info to create its audit subject pool. Keep in mind the questionnaire is pretty lengthy.
If you get thrown into the “HIPAA Pool” then your healthcare facility can be subject to a HIPAA Audit. This is a live HIPAA inspection of your facility conducted by an office HIPAA Auditor. This is the PHASE II IN-OFFICE HIPAA AUDIT. Those HIPAA Auditor can return! Or request ongoing information for up to 18 months and bring your facility fines ranging from $10K to $150K for non-compliance.
So what do you do? Make sure you have your facility is HIP to the new HIPAA Hype! Have in place a comprehensive HIPAA Program, that includes:
· HIPAA Omnibus Rule Employee Training with Proof-of-Training Certificate
· Updated HIPAA Manual written to the Omnibus Rule Standards
· (8) Updated HIPAA Forms—for use in your dental office
· A written Risk Assessment / Analysis Plan for your office
The Risk Assessment/ Analysis Plan is super important. It is a lengthy report that you must create for your healthcare setting that will detail your Administrative, physical and Technical aspects of your HIPAA Risks & Safeguards. Is will entail a lot of time and attention—but once you have it completed, you can use that one for a template to update regularly (as that is required as well!).
If you are having trouble wrapping your head around all of this, feel free to email or call us for some clarification or guidance. We are HIPAA Healthcare Coaches who are happy to help you get educated and organized with regards to these very robust HIPAA Omnibus Rules and the new PHASE I & II Audits.
Don’t risk getting lost and tangled in an extensive HIPAA Audit. Update your HIPAA Manual & Protocols based on this valuable insight.

HIPAA REALITY CHECK: (2) COMMON NIGHTMARES THAT EVERY DENTAL OFFICE SHOULD KNOW ABOUT

 

Everything changes. This is astoundingly true when it comes to HIPAA protocols in the dental office! Technology leads and speeds our communication age but opens up a free-for-all for identity thieves & computer hackers. If you invest the next 5-minutes in reading this article, it will provide valuable insight that could prevent poor judgment & common HIPAA mistakes that may unknowingly be happening at your dental office.

HIPAA is the new “canker sore” of the dental industry. It’s problematic and many times (breaches) can originate without notice. Then they rage with fury when the HIPAA Auditor comes to inspect the Privacy & Security Practices within your office.

This is especially true with regards to Patient Protected Health Information (PHI). The coveted “matching social security number + date of birth” is the grand prize in the underworld of identity pirates. And dental offices can make the bootie even grander with patient data that is ripe & readily accessible. Even opening an innocent email can land you in scalding water.

Below are (2) real-life situations to remedy within your office. Whether you are already HIPAA Omnibus Rule Savvy (having updated all of your HIPAA protocols since 2013) or if you need to have a HIPAA update & overhaul to these new standards, the following incidents will help you understand how to properly prepare your dental team for current-day HIPAA success:

THE RANSOMWARE SCARE
One morning Rita the receptionist sat down at her desk to start her workday, as she always did by sorting through her email. Everyone else was settling into their operatories and beginning patient care. Her Outlook™ launcher started to open, but as she started to navigate, she couldn’t. Her computer locked up. She went to re-boot, but couldn’t. Things were locked up. A yell came from the hygienist, and then the doctor and then the assistant: “What’s going on with the computers?”, each clinician howled.

It was a ransomware attack. Ransomware is a type of computer trojan horse virus that is launched by either opening a file or clicking on a link. Ransomware thieves commonly present these viruses in unsuspecting emails that look normal, but lock you out of your own computers. They will paralyze and stop your dental practice, many times for days. The email will come in auspiciously from a company or individual that you recognize. The first Ransomware used email sent, supposedly, from either FedEx or UPS saying: “They tried to deliver a package and to please click on a link to reschedule”. The instant that the link is clicked on the Ransomware is launched and it is too late. Your computers lock down. More recently email that looks as if are from a patient asking you to ‘click-a-link’ again, the Ransomware is launched.

What’s the pay off? Ransomware thieves are looking for money, in the form of bit-coins, which are a form of untraceable internet currency. In 2015, there were an estimated 5M pieces of ransomware. The bandits are looking for $500-$1000 in bit-coin ransom per attack. This is big business in the felonious world of internet hacking malefactors. And it can happen to anyone or any business. For the unsuspecting dental office, most computer lockdowns will paralyze then destroy office functions, for days, weeks and many times cause irreparable damage.

What’s the prevention? There needs to be a technology break through that allows the defense against these viruses. In the meantime, Best Practices will have you using a Business Continuity System (BCS)(from DDS Rescue™) that acts as a unique safeguard. The BCS protects your office functions, as it can instantly perform as a virtualized office server. This is something no other providers can thus far offer. When your computers lock, DDS Rescue™ can be called and the virtualized office server is activated. Then your IT tech can “scrub” your server of all corruptions and repopulate your original server.

BACK UP DRIVES THAT BITE BACK
Dr. Detailed liked to keep his pulse on all of the “going-ons” within the practice. He needed to be “in-the-know” & “in control” of business at all times and kept important practice information within his reach deliberately.
Every day at the close of business, Dr. Detailed had the same routine. He would pick up the deposit envelope from his receptionist, reach under his desk, pop- the data back-up drive out of the server tower, carry both to his car and speed off to the bank’s night depository.

On Saturday morning, he took the back-up drive with him, laid it on the front seat and headed to the office. He worked in his lab all morning. Then realized he left the back up drive on his front seat. The car was locked but now glass was smashed everywhere and he searched and searched but the back-up drive was gone. He called the police.

“Why would this happen? he asked. The officer replied, “Could be kids, could be more. Recently there have been a string of attacks on Healthcare offices. Identity Thieves seeking patient information. Especially Social Security Numbers that match to Birth Dates. Why are you still using a take-along removable disk drive for your data?” Questioned the officer. Dr. Detailed nervously stammered, “Ah—I—was going to change…but –I –ah…. Couldn’t decide, didn’t want to change over— who would want my patient data? I’m—- I’m—-I’m just a dentist!” he growled.

“Well Dr. Detailed, How many patient records would you say were on that back-up drive?”

“2431 active patients and 107 inactive, Dr. Detailed — managed to mumble.

Have a seat Doctor— this report is going to take a while.

That weekend was a whirlwind of research for Dr. Detailed. He talked to Police Officers, HIPAA lawyers and realized that he would have to report this to all 2538 patients, to the Department of Health & Human Services in a formal on-line report and also announce this to the public via the media.

His legal retainer was $20,000. The HIPAA Audit he was warned, could last up to 18 months. Fines start at $10,000 and can run up into the $1M mark. He learned that 48 % of HIPAA Breaches come from theft of devices.

The next 12 months were life changing. Dr. Detailed’s practice started to dry up. There wasn’t much to micro manage. His HIPAA Fines were upwards of $300K and his legal fees just as much. He wished daily that he would have done his homework and listened to this dentist friends that were choosing more resourceful and secure Daily Data Back-Up options that measured up to the new HIPAA Omnibus Rule protocols that called for “offsite & encrypted” daily data back-up copies.

What’s the prevention? Getting educated about these new HIPAA Omnibus Rules is key. They impact most all of your day-to-day business functions and every employee has to be educated to understand these new laws. Then align in accordance with these laws. This requires employee training, updating paperwork / forms and revising all office protocols— which includes software, internet and email activities too. Begin by aligning your dental team with HIPAA experts. You will need HIPAA educators, form paperwork providers, IT, software data back up integration companies. These new HIPAA Omnibus Rules are nothing to take lightly. Enlightenment to the laws is the first step.

For more information or to get HIPAA Omnibus Rule answers, you can reach out to:

JILL OBROCHTA RDH, OSHA & HIPAA Dental Industry Educator,
jill@dentalenhancements.com 941-587-2864

Steve White 39 year industry veteran
swhite@ddsrescue.com (800) 998-9048 ext. 107

Your Reception Desk: #1 Landmine for HIPAA Indiscretions…

 

Did you know…

HIPAA audits for the dental practices continue to rise. Patient complaints are the number one reason you may be targeted and chosen for a HIPAA audit. The employee that most commonly sparks these reports? Your reception team. And it’s typically not because they are not dedicated, conscientious employees. It’s because they may not be HIPAA savvy enough…

Since 2013, under the new HIPAA Omnibus Rules, lack of understanding these new HIPAA laws and required business protocols, use of improper verbal skills, use of obsolete HIPAA forms and lack of providing a private patient “check-in and check-out” experience, all can lead to HIPAA havoc. These days, patients commonly leave a healthcare facility and report HIPAA violations right from their phones in your parking lot! This leads to insidious HIPAA audits and can also be the source of hefty penalties and fines.

($10,000 – $1.5M)

Dentists and Office Managers should take heed: The way you’ve operated your front desk historically, may not be serving you properly in today’s threatening HIPAA Privacy Climate. New HIPAA Omnibus Rules demand the attention and proper business execution from your reception team. Several easy-to-implement tactics can protect your dental practice from HIPAA violations, and help you avoid an audit.

Dentists & Office Managers, join us for an informative, free ‘Watch Anytime’ webinar, that is sure to provide an enlightening outlook at how you approach HIPAA protocols within your dental practice. Solutions for updates will also be reviewed. Watch now…

Now take the HIPAA Survival – Risk Assessment Questionnaire to find out how you score
[wp_simple_survey id=”2″]