Resources

Do you know what a HIPAA Security Risk Analysis entails? Do you know the difference between the Evaluation Standard (§164.308(a)(8)) under the HIPAA Security Administrative section and the HIPAA Security Risk Analysis Standard (§164.308(a)(1)(ii)(A)) under the same section? Do you have an idea of the expertise needed to conduct a HIPAA Security Risk Analysis?

Let’s just start with something basic: is the proper terminology to use when talking about this topic a Security Risk Analysis or a Security Risk Assessment? Even under the Department of Health and Human Services guidance you can find both terms use and referring to the…

In a recent enforcement action, Office for Civil Rights (OCR) emphasized the importance of proactive security measures to protect electronic protected health information (ePHI) in accordance with the HIPAA Privacy and Security Rules.

What is MACRA?

MACRA is the acronym for the Medicare Access and CHIP Reauthorization Act of 2015.  The legislation sets a roadmap for the future of physician reimbursement from Medicare.

By now we hope that all healthcare professionals and organizations recognize the term MACRA and what it really means. Yet, it seems that the majority of the affected population still fails to understand the importance of this term and the fact that they are running out of time to prevent a future reduction in payments.

MACRA is all about numbers and while the options are daunting the beauty of the system is that Providers and organizations have choices as it relates to the measures they will be accountable for. For example, under the quality measure we only have to choose…

Last year, health data breaches affected more than 27 million patient records.

The healthcare industry was the victim of 88% of all ransomware attacks in U.S. industries last year, according to Solutionary, an NTT Group security company.

Children’s Medical Center of Dallas was recently fined $3.2 million over HIPAA violations.

We do not want to scare anyone, but cybersecurity is a real thing and based on the frequency of these attacks and their consequences we need to consider cybersecurity an important part of our daily routine.

Let’s look at this from another angle, under the Health Insurance Portability and Accountability…

There are different views as we discuss marketing activities in the healthcare arena. Yet, while some may even consider marketing healthcare services unethical the reality of the situation is that technology changes are forcing us to rethink strategies in terms of how to capture customers and run a successful business.

Marketing itself is a tricky area as you can throw money at it and never get the desired outcome. Another point to consider is that there is no such a thing as a sure-fire method that will work for everyone every time. Last, no marketing campaign can be allowed to…

Effective January 1, 2016, Medicare revised its “incident to” billing rules requiring that incident to services are billed under the physician who directly supervises the auxiliary personnel (i.e. the person performing the incident to service).

Most incident to services require direct supervision (defined below) of auxiliary personnel providing the incident to services.  When a physician’s billing number is used on a claim form, the physician is stating that he or she performed the service or directly supervised the auxiliary personnel performing the service.

What is FIPA?

FIPA is a law that went into effect July 1, 2014.  FIPA was enacted to protect the  security of confidential and personal information.  FIPA requires certain entities, referred to as “covered entities,” to report breaches of personal information to Florida’s Department of Legal Affairs.   Covered entities are also responsible for reporting breaches of their third party agents.  With the prevalence of hacking, data mining, and other activities that routinely threaten the security of electronic data, it is important for Florida businesses to understand their obligations under FIPA, establish policies and procedures to timely handle and report data breaches, and ensure that their third party agents report data breaches upstream so the covered entity can meet its reporting obligations.  FIPA also contains requirements for disposing of customer records.

Who must comply with FIPA?

    FIPA applies to “covered entities,” which means a sole proprietorship, partnership, corporation, limited liability company, trust, estate, cooperative, association, or other commercial entity that

NEW HHS GUIDANCE SUGGESTS EMR VENDORS AND OTHER BUSINESS ASSOCIATES CANNOT HOLD PROTECTED HEALTH INFORMATION HOSTAGE

The Department of Health and Human Services (“HHS”) recently issued guidance regarding the practice of a Business Associate cutting off a Covered Entity’s access to Protected Health Information (“PHI”). This may occur when a healthcare provider refuses to pay its electronic medical records (“EMR”) vendor or when the provider decides to switch vendors. The EMR vendor may cut off access to the EMR and the Covered Entity is left without access to its patients’ records.