- Utilizing Medical Malpractice Data to Mitigate Risks and Reduce Claims
- Industry News
- Access and Reimbursement
- Law & Malpractice
- Coding & Documentation
- Practice Management
- Finance
- Technology
- Patient Engagement & Communications
- Billing & Collections
- Staffing & Salary
Tips for staying off the HIPAA naughty list
Appreciating how to avoid an enforcement action under the Right of Access Initiative, as well as mitigating cyberattacks with HHS’s cybersecurity resource website.
Just in time for the Holiday Season, HHS Office for Civil Rights (“OCR”) announces five separate resolutions as part of its HIPAA Right of Access Initiative. This initiative focuses on providers and health plans who fail to provide individuals with the ability to view and receive copies of their protected health information (“PHI”) within 30 days unless an extension is provided. Importantly, the 30 day timeframe applies under federal HIPAA, states may have shorter timeframes to provide patients with their medical records. Here’s a recap of the five resolutions:
- Advanced Spine & Pain Management (Ohio) – paid OCR $32,150 and agreed to take corrective actions that include two years of monitoring;
- Denver Retina Center (Colorado) – paid OCR $30,000 and agreed to take corrective actions that includes one year of monitoring;
- Robert Glaser, MD (New York) – OCR issued a civil monetary penalty of $100,000 after Dr. Glaser failed to cooperate with OCR’s investigation and waived his right to a hearing;
- Rainrock Treatment Center, LLC (Oregon) - paid OCR $160,000 and agreed to take corrective actions that includes one year of monitoring; and
- Wake Health Medical Group (North Carolina) - paid OCR $10,000 and agreed to take corrective actions.
To stay on OCR’s “nice list” providers should have adequate policies and procedures that staff are trained on, log the initial request date, and comply with both state and federal timeframes. If an extension is needed, notify the patient or representative.
Established under the Cybersecurity Act of 2015, the 405(d) program was established. On December 1st, HHS delivered a holiday gift – a new website - 405(d) Aligning Health Care Industry Security Approaches Program, which offers healthcare providers and public health officials cybersecurity and patient safety resources, as well as best practices. “Absence of Cybersecurity is a(n) Enterprise Risk, Patient Risk, Organization Risk, [and] Provider Risk.” Said another way, the 405(d) program’s motto that “Cyber Safety is Patient Safety” provides a variety of different resources, including cybersecurity posters, infographics, and a bi-monthly newsletter.
In sum, to avoid the ransomware Grinch, remain vigilant because ransomware criminals are ramping up.
Asset Protection and Financial Planning
December 6th 2021Asset protection attorney and regular Physicians Practice contributor Ike Devji and Anthony Williams, an investment advisor representative and the founder and president of Mosaic Financial Associates, discuss the impact of COVID-19 on high-earner assets and financial planning, impending tax changes, common asset protection and wealth preservation mistakes high earners make, and more.
How to reduce surprise billing in your practice
November 15th 2021Physicians Practice® spoke with Kristina Hutson, a product line developer at Availity, about surprise billing events in independent healthcare practices and what owners and administrators can do to reduce the likelihood of their occurrence.
