An independent physician gastroenterology practice in Utah had to report a breach related to a dispute with a Business Associate to the Office for Civil Rights Department of HHS.
After the investigation into the breach, it was determined that the practice of Steven A. Porter, MD “had failed to complete an accurate and thorough risk analysis, and failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level” and therefore, has agreed to pay a $100,000 fine.
In addition to the monetary penalty, the practice is required to implement a Corrective Action Plan (CAP). According to the investigation resolution agreement, the practice agreed to conduct a thorough Risk Analysis, the Practice must develop a complete inventory of all its categories of electronic equipment, data systems, and applications that contain or store ePHI, which will then be incorporated into its Risk Analysis and must complete a Risk Management plan. They must also revise and implement actionable policies and procedures, all of which should have been in place prior to the breach incident.
Have you ever read such headlines and doubted whether a small Billing Company or independent physician practice actually ever face penalties?
According to the Resolution Agreement, the practice must also completely reinvent its Business Associate process, and implement a strict protocol to ensure it’s Business Associates are HIPAA Compliant. In addition to ensuring their Business Associate relationships are accurate, the entire staff must undergo security and privacy training that stresses the use of Business Associate services and applications, disclosures to Business Associates that require a Business Associates agreement, or other reasonable assurances in place to ensure that the Business Associate will and can safeguard the PHI and/or the ePHI. This puts immense pressure on the Business Associates, such as Billing Companies, to ensure that they are HIPAA Compliant, but also independent physician practices to ensure their Business Associates, “down the chain” are also compliant. This is also known as gaining Satisfactory Assurance of vendor HIPAA compliance.
What can you do?
As we have stressed before, it is important for you to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, a billing company, or another vendor, suspect a breach you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action. Keep in mind, a business associate is a ‘person’ or ‘entity’. This means there is no Billing Company too small or too large to comply with the Federal HIPAA regulations. Again, if you haven’t completed an accurate and thorough security risk assessment prior to that, you could also be penalized under ‘willful neglect’. This category alone is $50,000 per violation!
What we do is keep this from ever being a worry for you! In fact, we have a 100% audit pass rate! For example, Live Compliance has easy to understand HIPAA breach notification training. We perform your security risk assessment and manage all your requirements, including business associates, in a clean, organized cloud-based portal. Don’t risk your company’s future, especially when we are offering a FREE Organization Assessment to help determine your company’s status. It’s easy, call us at (980) 999-1585, email me jim@LiveCompliance.com or visit LiveCompliance.com
[ Contributed by Jim Johnson, President of Live Compliance ].
EZClaim Reports – Written by Stephanie Cremeans of EZClaim
Have you ever gone to leave for a meeting, you’re right on schedule or maybe even a couple of minutes early, you go to grab your keys – but they aren’t where they are supposed to be. You feel a mild wave of stress, ok … if they aren’t here they have to be in my jacket pocket. You reach in, nope – no keys. Now the stress turns to a sense of urgency, you have to leave, right now, but where are the keys? You start running through every possible place you may have stashed them – you dart from here to there, back and forth until you finally stop yourself. You take a second to calm yourself and retrace steps, you have your “a-ha” moment and walk directly to your keys.
If you are a report user – chances are you’ve experienced a similar scenario when you run your daily, weekly, or the dreaded month-end reports when something seems off. Report users depend on the integrity of their reports, they are the key to making decisions, tracking productivity, and understanding the overall health of the practice. Running a report that “just isn’t right” brings about the same feeling of losing your keys when it’s time to walk out the door. Much like the scenario above, you grasp at straws to figure out what went wrong – but it seems that report problems escalate the stress levels at warp speed! Next time that a report seems “wrong” try to stop yourself from diving into panic mode and take a minute to consider some logical problems that may be throwing those reports off. Yes, some of these suggestions seem so obvious, but just like the lost keys – we can miss the obvious when we are missing something so important.
Start by making sure that you are running the correct report:
Are you comparing numbers from a previous period? If so, make sure you’re running the same report with the exact same criteria as the one which you are comparing.
What are you doing with the report? Is this for compiling information, is this a work tool? The answer may make a difference when looking for the correct report, in EZClaim a customized grid may even work better than a predefined report.
Check your dates:
Check the dates of the criteria you are using – is your data to be compiled by transaction date, created date, exported date? Are your dates too wide open or too limited?
Do you have transactions entered with incorrect dates? Future dates or a transposed number such as 2002 rather than 2020 can be overlooked, but cause problems with reporting.
Consider factors within the practice that would affect a big fluctuation for the period in question:
Were there providers on vacation or a holiday that affected practice volume?
Are there outstanding credentialing or enrollment issues that would have slowed or stopped payments?
If you don’t have a set of reports that you monitor, I highly recommend that you consider making this a priority in 2020. Watching specific data sets, or key performance indicators gives you the information you need to spot a problem before it is out of control. You can monitor provider and billing productivity easily, making sure your revenue is being collected in a timely manner. EZClaim provides several reports and customizable grids that can give you the details you need, right at your fingertips.
Written by Dan Loch of EZClaim – As with most people at this time of the year, I like to reflect a short time on the year gone by before I make plans for the next year. Each year is filled with experiences that shape who we are and where we are going next.
This was a very exciting year for EZClaim and for me in my first year as the VP of Sales, Marketing, and BD. I used this year to truly understand who EZClaim was, is today, and help to guide EZClaim into the future. EZClaim, as many of you know, has been around for over 22 years. We are a firm that values our customers and the support we give them over everything else. We are a support firm that sells software as we like to say.
This year we decided to announce that support would be ending at the end of 2020 for one of our most popular products, EZClaim Advanced. This does not mean people have to stop using a product they love. We want to make sure we can continue to offer great products on the latest technology so it is time for us to move on.
This year we hosted our very first User Group Meeting in our home town of Rochester, Michigan. It was an excellent opportunity to meet face to face with the people we support on a regular basis while making some new friends that are considering our solution. During this meeting, we interviewed some current customers along with many of the EZClaim staff. Please take a couple of minutes and watch some excerpts that talk about EZClaim’s history, support focus, and family focus that forms who we are from our interview with the EZClaim Founder and President, Al Nagy.
We started a Blog this year and for the first time added a Facebook page to go along with our LinkedIn profile. Our plan is to communicate about industry topics on the blog and these social channels to assist our vast customer and prospect network. We have a lot of knowledge built up over the long history of EZClaim and it is time we share it. The blog will feature topics from our partners as well. Please be sure to watch for posts every few days in 2020 and beyond. Please let us know if there are any specific topics you want us to hit as well. We are always looking for feedback.
We added some new partners in 2019 that nicely complement our solution and have the same drive for customer support we do. Live Compliance for all your HIPAA compliance needs, Elation Health EMR for “The Quarterbacks of Healthcare” as they like to say, and Alpha II for claim scrubbing. All the vendors we work with are listed on our partners page.
As we go into 2020, EZClaim will focus on EZClaim Online, another Premier platform product due out in quarter four. This expansion of our Premier platform offers additional flexibility in how our clients interact with our billing and scheduling platform. In addition to Online, we will continue to enhance Premier by introducing new features such as Claim Status Inquiry (CSI) and more.
Thank you for being part of the EZClaim family and taking the time to reflect on 2019 with me and think about an exciting 2020. Please take a moment of your time and watch the message from Al Nagy.
Please have a safe and joyful holiday with your friends and family.
Written by Stephanie Cremeans and Allison Close of EZClaim
What kind of device are you reading this on? Perhaps on your computer in the office or a laptop at the beach. Maybe a tablet or even a smartphone. Let’s think about that smartphone – isn’t it crazy how much it allows us to do? Anything from calls, texts, email, browsing the web, games, and even conduct business online. Now take a minute to rewind. Do you remember your first cell phone? Many of you may remember bag phones – with a cord and carrying case that you had to lug around. Then came the flip phones – first, they got smaller, then they got bigger, then they started adding cameras, data packages, and streaming capabilities. The cellphone market has been one of constant change, but we can all agree that technology has given us amazing tools to keep us connected, entertained, and productive!
Remember when smartphones started coming out? The “early adopters” were so excited to turn in their flip phones and begin taking advantage of everything the latest technology had to offer. We still see that excitement with pre-orders of the latest and greatest version of a new phone. However, many of us didn’t want to spend the money or take the time to learn these new devices; what we had worked just fine. We could make and receive calls, and we were pretty good at texting with a numeric keypad. At some point along the way, something caught our attention on that silly new gadget. Someone showed us a feature that made us think “hmm … maybe I would like that” or we found that our old device was showing its age and when we went to replace it, we had to upgrade to a phone with more bells and whistles than we would ever need. As time went on and you learned some tricks to help you out, the new device grew on you because it provided personal benefits. You realized that even though the flip phone was all you ever needed and it was what you always used, there is a new technology that worked, well, better.
Change can be scary. Especially when you don’t see the need for it. We often hear “but we’ve always done it this way” only to discover that each element of the current workflow was put into place by various decision-makers (provider, office manager, consultant) along the way, with no true coordination, minimal (if any) efforts to streamline or consolidate processes, and no regular evaluation mechanism to keep an eye on the big picture. We would like you to allow us to present our improved software, Premier. While what you have is already working, just the way you’ve always done it – what else could be waiting for you to make your process faster and smoother? The demonstration has no strings attached. No high-pressure pitch to move systems, we would just like an opportunity to show off the products we have worked so hard on to help your billing workflow with various integrations and many options for customization. We will be sunsetting our Advanced program at the end of 2020. Although the program may still be working perfectly for your practice, how do you know if it can be improved with Premier unless you take a look, see what’s there – even take it for a test drive with our Sandbox trial. We’re confident you will find that feature that will have you thinking, “hmm … maybe I would like that.”
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
__cf_bm
30 minutes
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
CONSENT
2 years
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk
5 months 27 days
HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
messagesUtk
5 months 27 days
HubSpot sets this cookie to recognize visitors who chat via the chatflows tool.
utm_campaign
past
Google Ad Services sets this cookie to store session campaign value if present.
utm_content
past
This cookie is used for storing the session content value if present.
utm_source
past
This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
utm_term
past
This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_3010814_1
1 minute
Set by Google to distinguish users.
_gcl_au
3 months
Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__hssc
30 minutes
HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc
session
This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
__hstc
5 months 27 days
This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
IDE
1 year 24 days
Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie
15 minutes
The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
utm_medium
past
This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
VISITOR_INFO1_LIVE
5 months 27 days
A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC
session
YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
_fbp
3 months
This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
