HIPPA Archives - EZClaim

How to Spot, Avoid and Report Malware

Jul 12, 2022 | Live Compliance, Partner

Whether you’re a one-person billing company or a multi-location organization, it’s possible that you’ve seen or heard of Malware and the potential risks associated with it and how it can cause major downtime and potential HIPAA violations due to breached information.

Criminals use malware to steal personal information, send spam, and commit fraud. Malware includes viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads.

Here are a few, high-level quick steps you can take to spot and avoid Malware.

First, let’s talk security software.

Install and update security software, and use a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS X) to update automatically, and don’t forget to Back up your data regularly. Strong security software can prevent a hack or scam before it happens. You should install well-known software directly from the source. Sites that offer lots of different browsers, PDF readers, and other popular software for free are more likely to include malware. Read each screen when installing new software. If you don’t recognize a program or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.

Don’t change your browser’s security settings and pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.

Next, watch what you’re clicking on.

Instead of clicking on a link in an email, type the URL of a trusted site directly into your browser. Scammers send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a scam site. Don’t open attachments in emails unless you know who sent it and what it is. Opening the wrong attachment — even if it seems to be from friends or family — can install malware on your computer.

Avoid clicking on pop-ups or banner ads about your computer’s performance! Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.

Your computer may be infected with malware if it:

- slows down, crashes or displays repeated error messages
- won’t shut down or restart
- serves a multitude of pop-ups
- serves inappropriate ads or ads that interfere with page content
- won’t let you remove unwanted software
- injects ads in places you typically wouldn’t see them, such as government websites
- displays web pages you didn’t intend to visit, or sends emails you didn’t write

Other warning signs of malware include:

- new and unexpected toolbars or icons in your browser or on your desktop
- unexpected changes in your browser, like using a new default search engine or displaying new tabs you didn’t open
- a sudden or repeated change in your computer’s internet home page
- a laptop battery that drains quicker than it should

At Live Compliance, we make checking off your compliance requirements extremely simple.

Reliable and Effective Compliance
Completely online, our role-based courses make training easy for remote or in-office employees.
Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as Password Protection.
Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
Electronic, prepared document sending and signing to employees and business associates.

Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email me, Jim Johnson at Jim@LiveCompliance.com or visit www.LiveCompliance.com

For more information about DarkWeb breaches please contact us at (980) 999-1585 or email us at support@livecompliance.com

New HIPAA Regulations 2020-2022 and beyond

Feb 14, 2022 | Live Compliance, Partner

On January 21, 2021, OCR published a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. OCR says, the goal is to “support individuals’ engagement in their health care, remove barriers to coordinated care, and decrease regulatory burdens on the health care industry, while continuing to protect individuals’ health information privacy interests.” New regulations under consideration are centered around how substance abuse and mental health information records are protected. In addition, the HITECH Act called for an increase in penalties for non-compliance with the HIPAA.

In this article we will address the most recent changes to HIPAA and discuss which rules may have an impact on 2022 and beyond.

2020 CARES Act

2020 CARES Act aligned 42 CFR Confidentiality of Substance Use Disorder Patient Records (Part 2) regulations more closely with HIPAA as well. The CARES Act improves 42 CFR Part 2 regulations by expanding the ability of healthcare providers to share the records of individuals with substance abuse disorder, but also tightens the requirements in the event of a breach of confidentiality.

In short, rather than having to obtain a consent form for the SUD patient, and state the specific parties of whom information will be shared, patients can now give broad consent. It’s been suggested that HHS is considering changes to 42 CFR Part 2 regulations in 2022 to “to protect the privacy of substance abuse disorder patients who seek treatment at federally assisted programs to improve the level of care that can be provided.”

2021 HIPAA Safe Harbor Law

The HIPAA Safe Harbor Bill now instructs HHS to take into account the cybersecurity best practices that a HIPAA-regulated entity has adopted in the 12 months preceding any data breach.
“The bill also requires the HHS to decrease the length and extent of any audits in response to those breaches if industry security best practices have been implemented” says HHS.

21st Century Cures Act

The Cures Act called for the HHS to create a new Rule that would improve the flow of healthcare data between providers, patients, and developers of Health IT. Implementing reasonable and necessary activities that do not constitute information blocking, the implementation of these provisions will advance interoperability and support the access, exchange, and use of electronic health information.

Final Rule Expected on Proposed Changes to the HIPAA Privacy Rule

According to HHS, “the proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the Opioid and COVID-19 public health emergencies; and reducing administrative burdens on HIPAA covered health care providers and health plans, while continuing to protect individuals’ health information privacy interests.”

The proposed new HIPAA regulations announced by OCR in December 2020 are as follows:

Allowing patients to inspect their PHI in person and take notes or photographs of their PHI.
Changing the maximum time to provide access to PHI from 30 days to 15 days.
Requests by individuals to transfer ePHI to a third party will be limited to the ePHI maintained in an EHR.
Individuals will be permitted to request their PHI be transferred to a personal health application.
States when individuals should be provided with ePHI at no cost.
Covered entities will be required to inform individuals that they have the right to obtain or direct copies of their PHI to a third party when a summary of PHI is offered instead of a copy.
Healthcare providers and health plans will be required to respond to certain records requests from other covered health care providers and health plans, in cases when an individual directs those entities to do so under the HIPAA Right of Access.

…to name a few.

At Live Compliance, we make checking off your compliance requirements extremely simple.

Reliable and Effective Compliance
Completely online, our role-based courses make training easy for remote or in-office employees.
Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.
Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real time.
Electronic, prepared document sending and signing to employees and business associates.

Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email Support@LiveCompliance.com or visit www.LiveCompliance.com

Identify Your Organization’s Vulnerabilities

Nov 24, 2021 | Live Compliance, Partner

Have you performed and identified your organization’s vulnerabilities with a Security Risk Assessment this year? We understand that achieving and maintaining compliance is a delicate matter as it requires auditing, constant supervision, good staffing, adequate policies, and procedures, along with excellent reporting and investigation of any issues.

The process of assessing and maintaining compliance to any standard is the same, irrespective of the industry but especially when HIPAA compliance is required:

1. Start with a complete understanding of all the rules that you are expected to follow.
2. Establish internal policies and procedures to ensure your organization follows the rules.
3. Regularly check and assess whether or not your organization is following the rules.
4. Address issues whenever you discover the rules are not being followed.
5. Document everything.
6. Perform accurate and thorough Security Risk Assessment(s)

Are you unsure or not clear on what your organization is required to do?

THINGS TO CONSIDER:

● A Security Risk Assessment will target vulnerabilities related to what is potentially exposing Protected Health Information. Correct any potential risks identified within your Technical, Administrative, and Physical deficiencies.

● A Security Risk Assessment should be completed at least twice a year to target vulnerabilities

● Your policies and procedures should be thorough and accurate and reflect the Corrective Action Plan that is determined by the Security Risk Assessment and remediation steps should be taken to correct any deficiencies or vulnerabilities found.

● Workforce training should reflect the organization’s HIPAA Policies and Procedures

Would you like to schedule a compliance team meeting phone conference? If so, please contact support@livecompliance.com or at (980) 999-1585 and one of our compliance support team members will reach out to you.

ABOUT EZCLAIM:
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.

HIPAA Training Standards Businesses Need to Know

Sep 21, 2021 | Live Compliance, Partner

Per the HIPAA Privacy Rule and HIPAA Security Rule, both Covered Entities and Business Associates, must require HIPAA training for all workforce members that access protected health information (PHI) or electronically protected health information (e-PHI) in any of its forms and should be provided “as necessary and appropriate for the members of the workforce to carry out their functions within the [organization].”

According to the Rule, training must be provided “to each new member of the workforce within a reasonable period of time after the person joins the covered entity’s workforce.” Along with all other annual compliance requirements, HIPAA training is arguably the most important. Your workforce members are your first line of defense in the event of a Breach and must be able to identify your organization’s designated HIPAA Security Officer, and have a firm understanding of the HIPAA Privacy and Security Rule. Training should also highlight the organization’s Technical, Administrative, and Physical Safeguard objective security requirements. It is best practice to provide ongoing security awareness training and, in addition to the mandatory annual training, the Privacy Rule also highlights what’s known as “periodic” training. The goal is to ensure workforce member’s knowledge of HIPAA compliance is not forgotten.

The HIPAA Privacy Rule states that “An [organization] must document that the training as described [in the HIPAA Text] has been provided.” Failing to do so will be seen as “willful neglect” and will result in HIPAA violations including monetary penalties as high as $1.5 million dollars. A minor violation may only result in a corrective action plan requirement, whereas a significant data breach attributable to a lack of training will be viewed more seriously.

At Live Compliance, we make checking off your compliance requirements extremely simple.

- - Completely online, our role-based courses make training easy for remote or in-office employees.
  - Short informative video trainings to meet periodic training requirements
  - Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as Password Protection.
  - Policies and Procedures are curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
  - Electronic, prepared document sending and signing to employees and business associates.

Call us at (980) 999-1585 or visit www.LiveCompliance.com.

4 Steps to Designing a Superior Patient Experience

Aug 19, 2021 | Partner

Designing a Superior Patient Experience

We live in a world of increasingly lofty consumer expectations—one where 44% of U.S. consumers will switch to a competitor following a poor customer service experience.

The medical industry is no exception to this trend.

In a study by PatientPop, 58 percent of Gen Z, Millennials, and Gen Xers, as well as 63 percent of individuals 55 and older, said that responsiveness to follow-up questions via email or phone outside of the appointment is critical or very important to overall satisfaction.

Patients want more than just excellent care from their healthcare providers. They expect easy access to medical records, convenient online scheduling and appointment reminders, prompt responsiveness, and painless ways to contact your office—24/7/365. And they’re also seeking compassionate and knowledgeable representatives who are willing to provide caring and accurate resolutions to their issues.

As a medical provider, you should not only focus on bringing in new patients but also continually strive to improve patient retention. Growth in customer retention rates by 5 percent can increase profitability anywhere from 25 to 95 percent, after all.

So how do you design an experience that increases patient satisfaction and retention? Let’s dive in.

1: Make Prompt Call Answering & Convenient Appointment Scheduling A Priority

As we mention above, patients want—and nowadays expect—your office to answer quickly as well as provide effective and swift resolutions to their health matters. But in a busy office, the staff is often focused on dealing with patients. Even front desk and administrative teams can become inundated with in-office tasks at a busy practice, leaving calls, messages, and emails unanswered.

A superior patient experience starts with prompt call answering and convenient appointment scheduling—a service that’s available to your patients whenever they need you, including weekends and holidays, and answers every call addresses delicate patient concerns with empathy, and schedules appointments quickly. If your staff is struggling to keep up with demand, consider outsourcing your phone answering and appointment scheduling. Not only will this improve patient satisfaction, but it also brings a sense of work-life balance to internal staff and allows you and your team to focus on what you do best; caring for patients.

2: Streamline and Perfect Your Patient Intake Process

The patient intake process is tedious, but it’s incredibly important to your operations, and speed and accuracy are vital. Streamlining and perfecting patient intake starts with leveraging the right software—one that makes it easy for patients to fill in their information and access their records, and provides all of the valuable data your practice needs to operate in an easy-to-navigate platform. For starters, your intake software should:

Be encrypted for data transfer through the internet and HIPAA compliant
Be intuitive and user-friendly
Not require special software or hardware downloads or installation for the user
Be portable into back-end systems

Your intake process should also be integrated with your electronic health records (EHR) software, and information should be updated and available in real-time for a smooth experience—for patients, admin staff, and providers—so that everyone is up-to-speed. Both technology and your process should remove redundancies from your workflow and streamline the intake experience.

3: Provide HIPAA-Compliant Live Chat & Text For Swift and Convenient Communication

Another great way to improve patient experience is via live chat and text, through which you and your staff can communicate with patients wherever they are, send appointment reminders, have two-way private and secure conversations, multitask as needed and be available when emergencies happen.

HIPAA-compliant chat and text messaging lets you communicate efficiently and accurately with patients and simultaneously safeguards electronically protected health information (PHI) while taking full advantage of the speed and flexibility of today’s communication technology.

Some of the many benefits of secure live chat and text in the healthcare realm include:

Reduced response times, including in the off-hours and on weekends or holidays
Ability to provide immediate recommendations for care and preliminary diagnoses
Ability to send follow-ups, like reminding patients to take medications, which creates better relationships between you and your patients
Secure PHI storage that acts as a record of past conversations, symptoms, or complaints to improve future care, diagnosis, and treatment plans

4: Leverage Technology and Software Integrations For Smarter Decision-Making

Technology and software integrations have transformed healthcare and are vital in any medical practice. Why? Because when you streamline your office functions and workflows, you improve all aspects of patient care and experience.

First, your office should be using an EHR (electronic health record) system. This system automates access to client information, helping to improve workflows and reduce incidences of errors by improving the accuracy and clarity of medical records. It should include all the key clinical data relevant to each patient’s care, including:

Demographics
Progress notes
Problems
Medications
Vital signs
Past medical history
Immunizations
Laboratory data
Radiology reports

Communication data collected throughout your patients’ experience with your office—such as phone conversations, appointment scheduling, and reminders, and live chat and text transcripts—should also be sent to and recorded in your EHR system.

Finally, the right software can help you make better patient and business decisions. For instance, maybe you want to know the percentage of patient calls versus the percentage of calls from hospitals that come into your office. Or, maybe you want to know which hospitals call you the most or you want to know the main reasons patients call so you can use that information to improve patient care and education.

How The Highest-Performing Medical Practices Prioritize Patient Experience

Medical practices that provide a superior service experience are available to their patients 24/7, have a streamlined and accurate intake process, are tech-forward, and have omnichannel communication options that empower patients to reach out any time and from anywhere. But most medical practices don’t do it all on their own. The highest-performing medical providers leverage an outside service provider like Nexa to improve client satisfaction, increase retention and grow their revenue. Learn more about how Nexa can help your medical practice level up by visiting nexa.com/medical.

[ Contribution from the marketing team at Nexa ]

« Older Entries

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
messagesUtk	5 months 27 days	HubSpot sets this cookie to recognize visitors who chat via the chatflows tool.
utm_campaign	past	Google Ad Services sets this cookie to store session campaign value if present.
utm_content	past	This cookie is used for storing the session content value if present.
utm_source	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
utm_term	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_3010814_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
utm_medium	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

Cookie	Duration	Description
ApplicationGatewayAffinityCORS	session	No description available.
email	past	No description available.
gclid	past	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	past	No description available.
handl_ref	past	No description available.
handl_url	1 month	No description available.
username	past	No description available.

New HIPAA Regulations 2020-2022 and beyond

2020 CARES Act

2021 HIPAA Safe Harbor Law

21st Century Cures Act

Final Rule Expected on Proposed Changes to the HIPAA Privacy Rule

Identify Your Organization’s Vulnerabilities

HIPAA Training Standards Businesses Need to Know

4 Steps to Designing a Superior Patient Experience

1: Make Prompt Call Answering & Convenient Appointment Scheduling A Priority

2: Streamline and Perfect Your Patient Intake Process

3: Provide HIPAA-Compliant Live Chat & Text For Swift and Convenient Communication

4: Leverage Technology and Software Integrations For Smarter Decision-Making

How The Highest-Performing Medical Practices Prioritize Patient Experience

Recent Posts

Categories

Archives

Recent Posts

Categories

Archives

PAGES

RECENT POSTS

HARNESSING THE POWER OF AI FOR YOUR MEDICAL BILLING SERVICE: A Crawl, Walk, Run Approach to Implementing AI

BillFlash Partner Blog: 5 Payment Processing Trends You Need to Know

How Today’s Cloud-Based Medical Billing Software is Minimizing Claim Rejections

3.36% Cut in The Proposed 2024 Medicare Physician Pay Schedule

CONTACT US

877.650.0904

LINK TO EZVIEW

SEARCH OUR SITE

FOLLOW US

HIPAA COMPLIANCE