The Devastating Effects of Social Media in Healthcare

The Devastating Effects of Social Media in Healthcare

HIPAA Social Media Do’s and Don’ts in Healthcare

There are many benefits to social media in the healthcare industry, however, there is also huge potential for HIPAA violations of patient privacy to be violated on social media networks.  The Privacy Rule protects All “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral. The Privacy Rule calls this information “protected health information (PHI).”

Did you know that more than 71% of recorded data breaches in the healthcare industry are attributable to employee actions?

The most important rule is to never share Protected Health Information or Personally Identifiable Information on social media. Social media may include personal blogs and other websites, including Facebook, LinkedIn, Twitter, YouTube, or others of the like.

A few common identifiers include but are not limited to:

    • demographic data
    • medical histories
    • test results
    • insurance information
    • and other information used to identify a patient or provide healthcare services or healthcare coverage.

What is a breach and what can I do to avoid it?

 A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. This means employees should refrain from posting, commenting, or sharing patient information on social media including patient names, photos, and descriptors that would identify the patient.

What is considered identifiable information?

The most common social media HIPAA violations include:

    • Posting of images and videos of patients without written consent
    • Posting of gossip about patients
    • Posting of any information that could allow an individual to be identified
    • Sharing of photographs or images taken inside a healthcare facility in which patients or PHI are visible
    • Sharing of photos, videos, or text on social media platforms within a private group

“Friending” patients on social media websites is also strongly discouraged. This can lead to accidental identifying of patients, especially if your place of work is listed in your profile and accidental ‘discussion’ about the patient’s care. Therefore, employees in inpatient care roles generally should not initiate or accept friend requests. Do not enter into social media discussions with patients who have disclosed PHI on social media.

Employees should also refrain from messaging or texting PHI or PII on social media or messaging applications not approved by your organization. In general, no personally identifiable health information should be sent in any manner which does not ensure communication encryption in transit and at rest.

So, what do you do if you think you may have exposed a patient’s protected health information or personally identifiable information?

In general, it’s advised to, follow your organization’s Incident Response Policy immediately and notify your supervisor and/or designated HIPAA Security Officer for immediate next steps.

At Live Compliance, we make checking off your compliance requirements extremely simple.

    • Reliable and Effective Compliance
    • Completely online, our role-based courses make training easy for remote or in-office employees.
    • Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities.
    • Policies and Procedures are curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
    • Electronic, prepared document sending and signing to employees and business associates.

Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email me, Jim Johnson at Jim@LiveCompliance.com or visit www.LiveCompliance.com

For more information about DarkWeb breaches please contact us at (980) 999-1585 or email us at support@livecompliance.com


ABOUT EZCLAIM:
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.

Integrating an EHR and PM – RCM Insight

Integrating an EHR and PM – RCM Insight

Have you ever been a bit overwhelmed when shopping around for all your medical practice needs?  Of course!  There are so many pieces required to meet all the HIPAA and reporting requirements, but it’s also about efficiency and ease of sharing information between clinicians to administrators.  This can make the all-in-one Electronic Health Record (EHR) and Practice Management (PM) systems very tempting.  Keep in mind, you will pay a hefty price for an all-in-one, which makes this a very simple decision for some practices.  The good news:  You have alternatives that still provide the same ease of sharing data through integration.  I recently interviewed Dan Loch, President of EZClaim Software, LLC.  EZClaim offers a stand-alone billing platform that offers several options for integration with clearinghouses and EHR’s.  I asked Dan what he felt the biggest advantages were to using stand-along programs.

    1. Your practice will get the best of both worlds! Often practices will find a great EHR, but the billing side is not the best, or vice-versa.  Using stand-alone programs that can talk to each other allows a practice to choose an EHR solution that is best for their clinicians AND a PM solution that is best for the billers and administrators.
    2. Typically, stand-alone systems are more ‘nimble’ in responding to industry and regulatory changes.
    3. Integrating multiple ‘best-in-class’ software packages creates an offering with much more in-depth capability.

If you are currently using separate EHR and PM solutions but the programs are not integrated – consider looking into this feature.  This will relieve the burden of entering data twice.  Start by verifying if the programs have an existing integration.

    • If so, the hard part is done! Just ask what the process is to get set up and if there are any fees associated.
    • If not, consider contacting your PM software vendor to inquire what formats they accept for EHR integrations. Once they provide the specs, work with your EHR to determine if you can export in the required format.

There is no single solution that works for every practice.  If you’d like to learn more, check out this article from EZClaim ‘All-in-One’ or ‘Specialized’ Medical Billing Software?  Which is Best?  I hope that this information will help you weigh your options and find the right fit for your specific situation.  If you have questions or would like some help determining what would be best, RCM Insight is here to help!  Visit us at www.rcminsight.com and submit a request to chat on the Contact Us page.

 

How to Spot, Avoid and Report Malware

How to Spot, Avoid and Report Malware

Whether you’re a one-person billing company or a multi-location organization, it’s possible that you’ve seen or heard of Malware and the potential risks associated with it and how it can cause major downtime and potential HIPAA violations due to breached information.

Criminals use malware to steal personal information, send spam, and commit fraud. Malware includes viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads.

Here are a few, high-level quick steps you can take to spot and avoid Malware.

First, let’s talk security software.

Install and update security software, and use a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS X) to update automatically, and don’t forget to Back up your data regularly. Strong security software can prevent a hack or scam before it happens. You should install well-known software directly from the source. Sites that offer lots of different browsers, PDF readers, and other popular software for free are more likely to include malware. Read each screen when installing new software. If you don’t recognize a program or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.

Don’t change your browser’s security settings and pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.

Next, watch what you’re clicking on.

Instead of clicking on a link in an email, type the URL of a trusted site directly into your browser. Scammers send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a scam site. Don’t open attachments in emails unless you know who sent it and what it is. Opening the wrong attachment — even if it seems to be from friends or family — can install malware on your computer.

Avoid clicking on pop-ups or banner ads about your computer’s performance! Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.

Your computer may be infected with malware if it:

    • slows down, crashes or displays repeated error messages
    • won’t shut down or restart
    • serves a multitude of pop-ups
    • serves inappropriate ads or ads that interfere with page content
    • won’t let you remove unwanted software
    • injects ads in places you typically wouldn’t see them, such as government websites
    • displays web pages you didn’t intend to visit, or sends emails you didn’t write

Other warning signs of malware include:

    • new and unexpected toolbars or icons in your browser or on your desktop
    • unexpected changes in your browser, like using a new default search engine or displaying new tabs you didn’t open
    • a sudden or repeated change in your computer’s internet home page
    • a laptop battery that drains quicker than it should

At Live Compliance, we make checking off your compliance requirements extremely simple.

  • Reliable and Effective Compliance
  • Completely online, our role-based courses make training easy for remote or in-office employees.
  • Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as Password Protection.
  • Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
  • Electronic, prepared document sending and signing to employees and business associates.

Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email me, Jim Johnson at Jim@LiveCompliance.com or visit www.LiveCompliance.com

For more information about DarkWeb breaches please contact us at (980) 999-1585 or email us at support@livecompliance.com

 

Online “Health Information Exchange” Is The Answer!

Online “Health Information Exchange” Is The Answer!

An online “Health Information Exchange” (HEI) can be the answer to managing the release-of-information (ROI) process completely digitally.

Many healthcare providers are spending a significant amount of time and money on fulfilling requests for medical and/or billing records. Outdated and inefficient modes of technology like printers, postal mail and fax machines make up much of that cost. Time spent on having employees complete record fulfillment operation—or money spent on working with third-party release-of-information (ROI) companies—add significantly to strains on manpower and/or budgets. Then add in the money spent on postage and in-office time spent responding to status calls, and you have a significant cost center that is not benefitting your business. 

In today’s digital world, both businesses and consumers expect efficient, safe, online transactions. While the healthcare industry had a longer grace period for digital transformation initiatives, a new survey reveals that 75% of people now expect the same service from healthcare organizations that they receive from other businesses. This is driving many organizations to re-think the current, highly ROI process and seek a simple, secure, and more cost-effective digital ROI solution. 

Utilizing an online Health Information Exchange may be the answer to your problems. By utilizing the FREE proprietary software that the country’s fastest growing HIE, ChartSwap, healthcare entities can manage the ROI process completely digitally in a HIPPA- and HITECH-compliant, SOC 2, Type II-certified and conveniently cloud-based environment. In addition to eliminating the need for paper, printers, postage, and other unnecessary and inconvenient expenses, ChartSwap allows records providers to conduct all communication with requestors 100% online without the security concerns associated with e-mail. 

ChartSwap users set their own fees and can quickly and conveniently collect payments electronically via either credit card or PayPal (which includes the option for ACH transfer). Over 90% of ChartSwap requestors use online payment methods, and for the few who still prefer to send a paper check, ChartSwap handles the receipt and processing of those payments on your behalf. That means that 100% of your payments for medical and billing records will be handled by the ChartSwap platform—at absolutely no cost to you!

Using ChartSwap has been shown to improve employee productivity by 50% or more, thanks to ChartSwap’s advanced digital workflows, automatic status alerts, and fully online communication model. Additionally, the turnaround time for fulfilling records requests via ChartSwap can be as quick as two days and rarely exceeds 14 days—that’s more than 50% faster than the turnaround time on requests fulfilled by traditional methods. 

To learn more about taking back control of your office’s record fulfillment operations, and turn this cost center into a profit center, visit ChartSwap today. 

ChartSwap is a partner of EZClaim, a medical billing software solution. For more details about EZClaim, visit their website at EZClaim.com