New HIPAA Regulations 2020-2022 and beyond

New HIPAA Regulations 2020-2022 and beyond

On January 21, 2021, OCR published a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. OCR says, the goal is to “support individuals’ engagement in their health care, remove barriers to coordinated care, and decrease regulatory burdens on the health care industry, while continuing to protect individuals’ health information privacy interests.” New regulations under consideration are centered around how substance abuse and mental health information records are protected. In addition, the HITECH Act called for an increase in penalties for non-compliance with the HIPAA.

In this article we will address the most recent changes to HIPAA and discuss which rules may have an impact on 2022 and beyond.

2020 CARES Act

2020 CARES Act aligned 42 CFR Confidentiality of Substance Use Disorder Patient Records (Part 2) regulations more closely with HIPAA as well. The CARES Act improves 42 CFR Part 2 regulations by expanding the ability of healthcare providers to share the records of individuals with substance abuse disorder, but also tightens the requirements in the event of a breach of confidentiality.

In short, rather than having to obtain a consent form for the SUD patient, and state the specific parties of whom information will be shared, patients can now give broad consent. It’s been suggested that HHS is considering changes to 42 CFR Part 2 regulations in 2022 to “to protect the privacy of substance abuse disorder patients who seek treatment at federally assisted programs to improve the level of care that can be provided.”

2021 HIPAA Safe Harbor Law

The HIPAA Safe Harbor Bill now instructs HHS to take into account the cybersecurity best practices that a HIPAA-regulated entity has adopted in the 12 months preceding any data breach.
“The bill also requires the HHS to decrease the length and extent of any audits in response to those breaches if industry security best practices have been implemented” says HHS.

21st Century Cures Act

The Cures Act called for the HHS to create a new Rule that would improve the flow of healthcare data between providers, patients, and developers of Health IT. Implementing reasonable and necessary activities that do not constitute information blocking, the implementation of these provisions will advance interoperability and support the access, exchange, and use of electronic health information.

Final Rule Expected on Proposed Changes to the HIPAA Privacy Rule

According to HHS, “the proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the Opioid and COVID-19 public health emergencies; and reducing administrative burdens on HIPAA covered health care providers and health plans, while continuing to protect individuals’ health information privacy interests.”

The proposed new HIPAA regulations announced by OCR in December 2020 are as follows:

  • Allowing patients to inspect their PHI in person and take notes or photographs of their PHI.
  • Changing the maximum time to provide access to PHI from 30 days to 15 days.
  • Requests by individuals to transfer ePHI to a third party will be limited to the ePHI maintained in an EHR.
  • Individuals will be permitted to request their PHI be transferred to a personal health application.
  • States when individuals should be provided with ePHI at no cost.
  • Covered entities will be required to inform individuals that they have the right to obtain or direct copies of their PHI to a third party when a summary of PHI is offered instead of a copy.
  • Healthcare providers and health plans will be required to respond to certain records requests from other covered health care providers and health plans, in cases when an individual directs those entities to do so under the HIPAA Right of Access.

…to name a few.

At Live Compliance, we make checking off your compliance requirements extremely simple.

  • Reliable and Effective Compliance
  • Completely online, our role-based courses make training easy for remote or in-office employees.
  • Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.
  • Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real time.
  • Electronic, prepared document sending and signing to employees and business associates.

 

Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email Support@LiveCompliance.com or visit www.LiveCompliance.com

Have You Performed a Security Risk Assessment?

Have You Performed a Security Risk Assessment?

Have you performed and identified your organization’s vulnerabilities with a Security Risk Assessment this year?

We understand that achieving and maintaining compliance is a delicate matter as it requires auditing, constant supervision, good staffing, adequate policies, and procedures, along with excellent reporting and investigation of any issues.

The process of assessing and maintaining compliance to any standard is the same, irrespective of the industry but especially when HIPAA compliance is required:

1. Start with a complete understanding of all the rules that you are expected to follow.
2. Establish internal policies and procedures to ensure your organization follows the rules.
3. Regularly check and assess whether or not your organization is following the rules.
4. Address issues whenever you discover the rules are not being followed.
5. Document everything.
6. Perform accurate and thorough Security Risk Assessment(s)

Are you unsure or not clear on what your organization is required to do?

THINGS TO CONSIDER:
● A Security Risk Assessment will target vulnerabilities related to what is potentially exposing Protected Health Information. Correct any potential risks identified within your Technical, Administrative, and Physical deficiencies.
● A Security Risk Assessment should be completed at least twice a year to target vulnerabilities
● Your policies and procedures should be thorough and accurate and reflect the Corrective Action Plan that is determined by the Security Risk Assessment and remediation steps should be taken to correct any deficiencies or vulnerabilities found.
● Workforce training should reflect the organization’s HIPAA Policies and Procedures

Would you like to schedule a compliance team meeting phone conference? If so, please contact support@livecompliance.com or at (980) 999-1585, and one of our compliance support team members will reach out to you.


ABOUT EZCLAIM:
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.

Identify Your Organization’s Vulnerabilities

Identify Your Organization’s Vulnerabilities

Have you performed and identified your organization’s vulnerabilities with a Security Risk Assessment this year? We understand that achieving and maintaining compliance is a delicate matter as it requires auditing, constant supervision, good staffing, adequate policies, and procedures, along with excellent reporting and investigation of any issues.

The process of assessing and maintaining compliance to any standard is the same, irrespective of the industry but especially when HIPAA compliance is required:

1. Start with a complete understanding of all the rules that you are expected to follow.
2. Establish internal policies and procedures to ensure your organization follows the rules.
3. Regularly check and assess whether or not your organization is following the rules.
4. Address issues whenever you discover the rules are not being followed.
5. Document everything.
6. Perform accurate and thorough Security Risk Assessment(s)

Are you unsure or not clear on what your organization is required to do?

THINGS TO CONSIDER:

● A Security Risk Assessment will target vulnerabilities related to what is potentially exposing Protected Health Information. Correct any potential risks identified within your Technical, Administrative, and Physical deficiencies.

● A Security Risk Assessment should be completed at least twice a year to target vulnerabilities

● Your policies and procedures should be thorough and accurate and reflect the Corrective Action Plan that is determined by the Security Risk Assessment and remediation steps should be taken to correct any deficiencies or vulnerabilities found.

● Workforce training should reflect the organization’s HIPAA Policies and Procedures

Would you like to schedule a compliance team meeting phone conference? If so, please contact support@livecompliance.com or at (980) 999-1585 and one of our compliance support team members will reach out to you.


ABOUT EZCLAIM:
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.

Dark Web Breaches: Steps you can take, to avoid being a victim

Dark Web Breaches: Steps you can take, to avoid being a victim

It’s no secret that the Dark Web is a scary place to lose your information, but what if it affected your entire company? Medical Records information sells anywhere from $1-$1000 by identity thieves!

What is a “breach” and where has the data come from?

A “breach” is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. Data breaches are becoming more common and sometimes out of your control.

How can you protect yourself and/or your organization?

  1. Carefully monitoring where you store and enter your passwords can be extremely beneficial to help minimize the risk of a hack and keeping personal or patient information protected.
  2. Routine password changes and monitoring where you store and enter your passwords, can be extremely beneficial to help reduce the risk of becoming a victim to a hacker. Passwords should be long, unique in characters, capitalization, and alphanumerical.

If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

Firefox Monitor says, “Your password is your first line of defense against hackers and unauthorized access to your accounts. The strength of your passwords directly impacts your online security.”

Live Compliance can help. Live Compliance aggregates breaches and enables you to assess where their personal data has been exposed. Dark Web scanning is built right into the Live Compliance portal. Keep an eye on employees whose information was involved in a breach (and where the breach took place), and the suggested next steps to take.

What can I do to ensure this doesn’t happen to me or my organization?

At Live Compliance, we make checking off your compliance requirements extremely simple.

  • Reliable and Effective Compliance
  • Completely online, our role-based courses make training easy for remote or in-office employees.
  • Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required, but is a useful tool to expose potential vulnerabilities, including those such as Password Protection.
  • Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real time.
  • Electronic, prepared document sending and signing to employees and business associates.

Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email me, Jim Johnson at Jim@LiveCompliance.com or visit www.LiveCompliance.com

For more information about DarkWeb breaches please contact us at (980) 999-1585 or email us at support@livecompliance.com

[Contribution by Jim Johnson at Live Compliance]

How to Improve Medical Billing Revenues

How to Improve Medical Billing Revenues

It IS POSSIBLE to improve medical billing revenues, and here are a few ways to do just that.

Healthcare practitioners, whether established or just starting out, have many overwhelming tasks: Managing a practice; Seeing patients; Working to staying up-to-date on administrative tasks; The whole host of compliance at the federal, state, and local level; and Overseeing the billing.

One of these that can lead to loss of revenue is not properly managing the medical billing, which can also lead to HIPAA fines and rejected claims. However, there is a solution: a medical billing system that balances the budget and optimizes revenues of medical practice.

EZClaim, an expert in the medical billing software market since 1997, provides a solution that improves the efficiency of an office’s billing process in many ways. The following are the primary reasons.

Reduce Coding Errors
Medical procedures become codes, codes become claims, and claims become revenue. Any error in this process can make claims to be denied, your workload can be increased, and revenue can be lost. To help in avoiding errors, it is essential to use billing software that offers the easiest implementation and access to descriptive diagnosis and treatment codes. EZClaim’s medical billing solution offers ease-of-use in coding, billing, and strong partnerships with Clearinghouses which act as an additional ‘safety net’ for catching errors.

Administrative Support
Most medical practices are a small team of people tackling a wide range of tasks, so when one cannot understand the function of the billing software, accessing reliable support is very important. EZClaim prides itself on having dedicated support experts available, and that was how the company was established. Founder and President Al Nagy has said, since day one, “We are a support company that happens to sell medical billing software.”

Maintain Industry Compliance
It is important to recognize that industry compliance and a practice’s revenue go hand-in-hand. Filing and batching inaccurate and non-HIPAA compliant claims can often be traced back to an outdated healthcare revenue management system. Conquering these tasks requires a focus on multiple fronts: A properly trained billing team, clear office procedures, patient payment policies, and a reliable medical billing company. These are all ways to help buttress against non-compliance and rejected claims.

Streamline Workflow
Recently, a study was done that showed almost 80% of medical bills contain errors. These incorrect medical claims often end up as lost revenue originally, not to mention the additional cost of resubmissions and collections. One of the best ways to resolve this problem for your practice is to make use of both well-trained, experienced billers and coders, combined with a competent medical billing solution that aids in catching these errors. EZClaim software features a library of standard validation, the ability to add custom validation, and integrates with Alpha II for full claim scrubbing.

Follow up
Errors will and do occur, so establishing a system for follow-up on all denials will close the loop and protect against lost revenue. Being consistent with the follow-up process, and having a medical billing solution that tracks these things will help close that gap.

Collections
Finally, probably the most important aspect that optimizes a practice’s revenue is to get paid. Portals and payment collection systems definitely help with this, but having collections integrated into the medical billing system is, of course, the best. EZClaim has pain-free payment processing integrated into their solution, called EZClaimPay. It solves all the problems associated with payment processing: Bank deposits, reconciliation, statements, changing fees, and ‘finger-pointing’ when there is a problem. EZClaimPay’s robust platform will greatly increase a practice’s collections success, and improve their revenue.

———————————-

ABOUT EZCLAIM:
EZClaim is a medical billing and scheduling software company that provides a best-in-class product, with correspondingly exceptional service and support, and can help improve medical billing revenues. To learn more, visit their website, e-mail them at sales@ezclaim.com, or call a representative today at 877.650.0904.

[ Photo credit: Studioarz ]