Small Practice Fined $100,000 for Risk Analysis Breach!

Small Practice Fined $100,000 for Risk Analysis Breach!

An independent physician gastroenterology practice in Utah had to report a breach related to a dispute with a Business Associate to the Office for Civil Rights Department of HHS.

After the investigation into the breach, it was determined that the practice of Steven A. Porter, MD “had failed to complete an accurate and thorough risk analysis, and failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level” and therefore, has agreed to pay a $100,000 fine.

In addition to the monetary penalty, the practice is required to implement a Corrective Action Plan (CAP). According to the investigation resolution agreement, the practice agreed to conduct a thorough Risk Analysis, the Practice must develop a complete inventory of all its categories of electronic equipment, data systems, and applications that contain or store ePHI, which will then be incorporated into its Risk Analysis and must complete a Risk Management plan. They must also revise and implement actionable policies and procedures, all of which should have been in place prior to the breach incident.

Have you ever read such headlines and doubted whether a small Billing Company or independent physician practice actually ever face penalties?

According to the Resolution Agreement, the practice must also completely reinvent its Business Associate process, and implement a strict protocol to ensure it’s Business Associates are HIPAA Compliant. In addition to ensuring their Business Associate relationships are accurate, the entire staff must undergo security and privacy training that stresses the use of Business Associate services and applications, disclosures to Business Associates that require a Business Associates agreement, or other reasonable assurances in place to ensure that the Business Associate will and can safeguard the PHI and/or the ePHI. This puts immense pressure on the Business Associates, such as Billing Companies, to ensure that they are HIPAA Compliant, but also independent physician practices to ensure their Business Associates, “down the chain” are also compliant. This is also known as gaining Satisfactory Assurance of vendor HIPAA compliance.

What can you do?

As we have stressed before, it is important for you to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, a billing company, or another vendor, suspect a breach you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action. Keep in mind, a business associate is a ‘person’ or ‘entity’. This means there is no Billing Company too small or too large to comply with the Federal HIPAA regulations. Again, if you haven’t completed an accurate and thorough security risk assessment prior to that, you could also be penalized under ‘willful neglect’. This category alone is $50,000 per violation!

What we do is keep this from ever being a worry for you! In fact, we have a 100% audit pass rate! For example, Live Compliance has easy to understand HIPAA breach notification training. We perform your security risk assessment and manage all your requirements, including business associates, in a clean, organized cloud-based portal. Don’t risk your company’s future, especially when we are offering a FREE Organization Assessment to help determine your company’s status. It’s easy, call us at (980) 999-1585, email me jim@LiveCompliance.com or visit LiveCompliance.com

[ Contributed by Jim Johnson, President of Live Compliance ].

Reports – Nuisance or Necessity? 

Reports – Nuisance or Necessity? 

EZClaim Reports – Written by Stephanie Cremeans of EZClaim

Have you ever gone to leave for a meeting, you’re right on schedule or maybe even a couple of minutes early, you go to grab your keys – but they aren’t where they are supposed to be. You feel a mild wave of stress, ok … if they aren’t here they have to be in my jacket pocket. You reach in, nope – no keys. Now the stress turns to a sense of urgency, you have to leave, right now, but where are the keys? You start running through every possible place you may have stashed them – you dart from here to there, back and forth until you finally stop yourself. You take a second to calm yourself and retrace steps, you have your “a-ha” moment and walk directly to your keys.

If you are a report user – chances are you’ve experienced a similar scenario when you run your daily, weekly, or the dreaded month-end reports when something seems off. Report users depend on the integrity of their reports, they are the key to making decisions, tracking productivity, and understanding the overall health of the practice. Running a report that “just isn’t right” brings about the same feeling of losing your keys when it’s time to walk out the door. Much like the scenario above, you grasp at straws to figure out what went wrong – but it seems that report problems escalate the stress levels at warp speed! Next time that a report seems “wrong” try to stop yourself from diving into panic mode and take a minute to consider some logical problems that may be throwing those reports off. Yes, some of these suggestions seem so obvious, but just like the lost keys – we can miss the obvious when we are missing something so important. 

  • Start by making sure that you are running the correct report:
    • Are you comparing numbers from a previous period? If so, make sure you’re running the same report with the exact same criteria as the one which you are comparing.
    • What are you doing with the report? Is this for compiling information, is this a work tool? The answer may make a difference when looking for the correct report, in EZClaim a customized grid may even work better than a predefined report.
  • Check your dates:
    • Check the dates of the criteria you are using – is your data to be compiled by transaction date, created date, exported date? Are your dates too wide open or too limited?
    • Do you have transactions entered with incorrect dates? Future dates or a transposed number such as 2002 rather than 2020 can be overlooked, but cause problems with reporting.
  • Consider factors within the practice that would affect a big fluctuation for the period in question:
    • Were there providers on vacation or a holiday that affected practice volume?
    • Are there outstanding credentialing or enrollment issues that would have slowed or stopped payments?

If you don’t have a set of reports that you monitor, I highly recommend that you consider making this a priority in 2020. Watching specific data sets, or key performance indicators gives you the information you need to spot a problem before it is out of control. You can monitor provider and billing productivity easily, making sure your revenue is being collected in a timely manner. EZClaim provides several reports and customizable grids that can give you the details you need, right at your fingertips.

For tips and tricks and other helpful information about the EZClaim reports, visit our online help manual or contact EZClaim sales. You may also follow us on Facebook or LinkedIn to stay up to date with our most recent happenings!

Happy Holidays from EZClaim!

Happy Holidays from EZClaim!

Happy Holidays!

Written by Dan Loch of EZClaim – As with most people at this time of the year, I like to reflect a short time on the year gone by before I make plans for the next year. Each year is filled with experiences that shape who we are and where we are going next.

This was a very exciting year for EZClaim and for me in my first year as the VP of Sales, Marketing, and BD. I used this year to truly understand who EZClaim was, is today, and help to guide EZClaim into the future. EZClaim, as many of you know, has been around for over 22 years. We are a firm that values our customers and the support we give them over everything else. We are a support firm that sells software as we like to say.

This year we decided to announce that support would be ending at the end of 2020 for one of our most popular products, EZClaim Advanced. This does not mean people have to stop using a product they love. We want to make sure we can continue to offer great products on the latest technology so it is time for us to move on.

This year we hosted our very first User Group Meeting in our home town of Rochester, Michigan. It was an excellent opportunity to meet face to face with the people we support on a regular basis while making some new friends that are considering our solution. During this meeting, we interviewed some current customers along with many of the EZClaim staff. Please take a couple of minutes and watch some excerpts that talk about EZClaim’s history, support focus, and family focus that forms who we are from our interview with the EZClaim Founder and President, Al Nagy.

We started a Blog this year and for the first time added a Facebook page to go along with our LinkedIn profile. Our plan is to communicate about industry topics on the blog and these social channels to assist our vast customer and prospect network. We have a lot of knowledge built up over the long history of EZClaim and it is time we share it. The blog will feature topics from our partners as well. Please be sure to watch for posts every few days in 2020 and beyond. Please let us know if there are any specific topics you want us to hit as well. We are always looking for feedback.

We added some new partners in 2019 that nicely complement our solution and have the same drive for customer support we do. Live Compliance for all your HIPAA compliance needs, Elation Health EMR for “The Quarterbacks of Healthcare” as they like to say, and Alpha II for claim scrubbing. All the vendors we work with are listed on our partners page.

As we go into 2020, EZClaim will focus on EZClaim Online, another Premier platform product due out in quarter four. This expansion of our Premier platform offers additional flexibility in how our clients interact with our billing and scheduling platform. In addition to Online, we will continue to enhance Premier by introducing new features such as Claim Status Inquiry (CSI) and more.

Thank you for being part of the EZClaim family and taking the time to reflect on 2019 with me and think about an exciting 2020. Please take a moment of your time and watch the message from Al Nagy.

Please have a safe and joyful holiday with your friends and family.

But We’ve Always Done It This Way

But We’ve Always Done It This Way

Written by Stephanie Cremeans and Allison Close of EZClaim

What kind of device are you reading this on? Perhaps on your computer in the office or a laptop at the beach. Maybe a tablet or even a smartphone. Let’s think about that smartphone – isn’t it crazy how much it allows us to do? Anything from calls, texts, email, browsing the web, games, and even conduct business online. Now take a minute to rewind. Do you remember your first cell phone? Many of you may remember bag phones – with a cord and carrying case that you had to lug around. Then came the flip phones – first, they got smaller, then they got bigger, then they started adding cameras, data packages, and streaming capabilities. The cellphone market has been one of constant change, but we can all agree that technology has given us amazing tools to keep us connected, entertained, and productive!

Remember when smartphones started coming out? The “early adopters” were so excited to turn in their flip phones and begin taking advantage of everything the latest technology had to offer. We still see that excitement with pre-orders of the latest and greatest version of a new phone. However, many of us didn’t want to spend the money or take the time to learn these new devices; what we had worked just fine. We could make and receive calls, and we were pretty good at texting with a numeric keypad. At some point along the way, something caught our attention on that silly new gadget. Someone showed us a feature that made us think “hmm … maybe I would like that” or we found that our old device was showing its age and when we went to replace it, we had to upgrade to a phone with more bells and whistles than we would ever need. As time went on and you learned some tricks to help you out, the new device grew on you because it provided personal benefits. You realized that even though the flip phone was all you ever needed and it was what you always used, there is a new technology that worked, well, better.

Change can be scary. Especially when you don’t see the need for it. We often hear “but we’ve always done it this way” only to discover that each element of the current workflow was put into place by various decision-makers (provider, office manager, consultant) along the way, with no true coordination, minimal (if any) efforts to streamline or consolidate processes, and no regular evaluation mechanism to keep an eye on the big picture. We would like you to allow us to present our improved software, Premier. While what you have is already working, just the way you’ve always done it – what else could be waiting for you to make your process faster and smoother? The demonstration has no strings attached. No high-pressure pitch to move systems, we would just like an opportunity to show off the products we have worked so hard on to help your billing workflow with various integrations and many options for customization. We will be sunsetting our Advanced program at the end of 2020. Although the program may still be working perfectly for your practice, how do you know if it can be improved with Premier unless you take a look, see what’s there – even take it for a test drive with our Sandbox trial. We’re confident you will find that feature that will have you thinking, “hmm … maybe I would like that.”

We invite you to take a look at EZClaim Premier – participate in a demo or download your free 30-day trial.