The noncompliance of HIPAA security rules has had huge consequences for an IT and health information management company.
CHSPSC LLC, (“CHSPSC”) has agreed to pay over $2 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), for the breach of Protected Health Information (PHI). The Business Associate was notified by the Federal Bureau of Investigation (FBI) that it had traced a cyber-hacking group’s advanced persistent threat into CHSPSC’s information system.
After OCR ‘s investigation, it was found that CHSPSC had “longstanding, systemic noncompliance with the HIPAA Security Rule including failure to conduct a risk analysis, and failures to implement information system activity review, security incident procedures, and access controls.” The large health system provided various Business Associate services, including IT and health information management, to hospitals and physician clinics. These violations could have easily been avoided! OCR Director Roger Severino said, “The healthcare industry is a known target for hackers and cyber-thieves. The failure to implement the security protections required by the HIPAA Rules, especially after being notified by the FBI of a potential breach, is inexcusable.”
In addition to the monetary penalty, the Business Associate will be required to complete a “robust” Corrective Action Plan (CAP) with monitoring activity for at least the next two years. CHSPSC will also be required to do the following:
• Implement technical policies and procedures to allow access only to those persons or software programs that have been granted access rights to information systems maintained
• Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports
• Conduct accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI
All this shows that ANYONE can face HUGE penalties, and they would most likely bankrupt a small billing company or an independent physician practice.
So, based on this specific example, it is VERY important to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, a billing company, or other vendor, suspect a breach, you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action.
Keep in mind, a Business Associate is a ‘person’ or ‘entity’. This means that ALL billing companies—large or small—need to comply with the Federal HIPAA security rules and regulations. So, if your company has not completed an accurate and thorough security risk assessment, there is a possibility that you could be penalized under ‘willful neglect’. (This category alone gas a fine of $50,000 per violation!)
So then, what can be done to ensure this doesn’t happen to my billing company or my organization? Well, one of EZClaim’s partners, Live Compliance, can make determining your compliance requirements extremely simple:
• Completely online, Life Compliance’s role-based courses make training easy for remote or in-office employees
• Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.
• Policies and procedures are curated to fit your organization, ensuring employees are updated on all workstation use and security safeguards in or out of the office. Update is in real time.
• Electronic, prepared document sending and signing to employees and business associates
So, don’t risk your company’s future, especially when Life Compliance is offering a FREE Organization Assessment to help determine your company’s status. Either call Life Compliance at 980.999.1585, visit LiveCompliance.com to schedule an assessment, or e-mail Jim Johnson.
[ Article contributed by Jim Johnson of Live Compliance ]
EZClaim is a medical billing and scheduling software company that provides a best-in-class product, with correspondingly exceptional service and support, and can help improve medical billing revenues. To learn more, visit their website, e-mail them at firstname.lastname@example.org, or call a representative today at 877.650.0904.
The SIX KEYS to sustaining your practice through the COVID-19 pandemic are online payments, Telehealth, automation tools, cyber protection, financial aid, and a good patient experience.
When Coronavirus first started to impact medical practices across the country, providers quickly put temporary solutions in place to ensure they were still able to see patients safely. As the pandemic endured, some of these “temporary” solutions became a “normal” part of doing business. While we can’t predict exactly how COVID-19 will affect us in the future, one thing is becoming clearer every day: Some of the changes that have been made the past few months will shape how healthcare is managed after the global health crisis is over.
So, it’s time to start thinking long-term with your COVID-19 strategy. Here are six ‘keys’ for sustaining your practice right now that will continue to be important after the pandemic is over.
1. ONLINE PAYMENTS
Most businesses already process a good amount of their payments online (including EZClaim), but healthcare has been slow to adapt in this area. Practices no longer have the luxury of taking their time adopting digital payment options. It’s time to give patients what they’ve been wanting for years: the ability to pay their bills online.
Because the pandemic is still with us, contactless payments have surged. No-touch payments are an easy way to reduce the spread of germs, and most people already have the tools they need to complete these types of payments: phones, computers, and credit cards.
Online payments are encouraged even when you’re meeting patients in the office. EZClaim customers can easily facilitate this with LinkPay. The process is easy and can be done once an appointment is made.
Here’s LinkPay in three simple steps:
1) Create customized payment link with required amount
2) Email or text the link to patient before their visit
3) Patient pays the required amount, which is immediately confirmed and processed
COVID-19 demanded contactless payments for safety, but now patients now expect them for convenience. Medical practices will need online payments if they are to stay relevant in the future.
Telehealth threw providers a lifeline when patients stopped coming into the office. The government acted quickly to relax Telehealth reimbursement policies so providers would be paid just as much for a Telehealth visit as they would for an in-office visit.
Congress is hoping to make these changes permanent. Whether they succeed or not, plan on keeping Telehealth as an option for your patients. Because Telehealth is not just useful during a pandemic, it’s great during normal life, too. Not all visits require an in-person encounter, and patients of all ages can benefit from the convenience of not having to physically leave their homes to get the medical care they need.
Patients have become used to having Telehealth as an option. Keeping it as an option going forward will set you apart from other practices.
3. AUTOMATION TOOLS
Chances are you are working with fewer people than normal. So, with less people to handle your billing and payments, your best option is to automate whatever you can.
This could mean setting up AutoPay for patients you see regularly, so they don’t have to manually pay their bill every time. It could also mean setting up a payment plan, in which a fixed amount will be paid automatically every month until the balance is paid off. It could also mean outsourcing your collections.
Automation doesn’t mean you lose control. Rather, it gives your staff more time to manage other essential operations. EZClaim customers have all of these automation options available to them through BillFlash.
4. CYBER PROTECTION
With digital tools becoming more prevalent, it is more important than ever to make sure your systems are protected. Hackers are out in full force right now, so it is imperative that you have proper malware and anti-virus software in place to protect your practice, your patients, and your employees. Do your homework on the tech companies you work with, too. Protecting your practice and your patients should be a top priority!
Of course, your staff will need to be up-to-date on HIPAA protocols, as well. Make sure you are doing everything you need to to protect patient privacy online as well as offline.
5. FINANCIAL AID
Some practices are struggling financially and may need government aid to get them through the current crisis. Keep an eye on government funds that are available and stay informed on their different requirements.
If you haven’t already, consider applying for a line of credit. This is standard operating procedure—even during normal times—and can help protect you from further financial disruptions in the future. No one knows how long this pandemic will last, so having a line of credit to fall back on during the coming months and years could be a game changer for your practice.
6. A GOOD PATIENT EXPERIENCE
Above all, you need happy patients. That is true whether we are in a recession or not. Happy patients are more likely to pay their bills, more likely to return for future care, and more likely to recommend you to family and friends.
So, as you make some of the changes you made during the pandemic permanent, make sure you are still doing the little things to ensure a positive patient experience. These include:
• Keep wait times short
• Maintain eye contact during visits to assure patients that you care
• Be transparent about payment expectations and insurance, as well as what you’re doing to keep patients and staff safe
• Allow patients to pay using their preferred payment method
• Offer payment plans in lieu of paying large bills in one lump sum
A positive patient experience will be key in bringing your patients back to the office as the global health crisis continues.
NexTrust from BillFlash offers a variety of innovative billing and payments solutions for EZClaim customers. Visit billflash.com or e-mail them at Sales@BillFlash.com to learn more about how you can get paid more, get paid faster, and ensure you have the online tools you need to thrive during the pandemic.
For details and features about EZClaim’s medical billing software, or the other partners they have integrated into their billing solution, visit their website.
[ Written by Kathy Scott, Marketing Manager at BillFlash and NexTrust, Inc. ]