Posts Tagged HIPAA

image_pdfimage_print

Introducing a New HIPAA Privacy Notice for Patients and Practices

HIPAA Notice of Privacy Practices

September 23, 2013 is the date that medical practices and other covered healthcare entities will roll out a new Notice of Privacy Practices to patients to be compliant with the HIPAA Omnibus rule enacted in March 2013.

What Does This Mean For Patients?

Patients should be aware that after September 23rd, their healthcare providers will have a new Notice of Privacy Practices (NPP) available. The new NPP should be posted in each office, on the website if one exists, and should be available as a handout for any patient requesting it.

The new notice will include:

    • Reasons that your Protected Health Information (PHI) can and cannot be disclosed to others.
    • Information for opting-out of communication related to fundraising activities, if your healthcare provider does any fundraising.
    • The ability to restrict your PHI from payer disclosure when you pay in cash instead of having the charges filed with your insurance plan.
    • Information about being contacted if there is a breach of your PHI due to unsecured records.

What Does This Mean For Practices?

    • A new Notice of Privacy Practices that is specialized to your practice must be developed.
    • The new NPP must be posted in your practice, on your website and available as a handout for any established patients who request them.
    • All new patients must be offered a copy of the new NPP and must sign an acknowledgement that they received it. (They may turn a copy of the NPP down, however.)
    • Policies that address the disclosure of information/records and notification of a breach, should one occur must be developed.
    • Old and new versions of the NPP should be on file in the practice, and patient acknowledgements should also be kept as long as the medical record is retained.

What else is required for compliance with HIPAA Omnibus?

One of our good friends, Steve Spearman at Health Security Solutions has posted great information on his site about the other requirements of the HIPAA Omnibus rule. His excellent posts help readers understand and comply with the new HIPAA guidelines in the following areas:

    • Business Associates Agreement (BAA) Update
    • Downstream Subcontractors Needing BAAs
    • New Breach Notification and Reporting Protocol
    • School Immunization Records Protocol
    • Electronic Fulfillment of PHI Request
    • Medical Record Protocols for Cash Payments

At Manage My Practice, we’ve offering a free sample Notice of Privacy Practices for your practice use. Please read the sample notice carefully, make changes specific to your practice and add your practice name. Note that language related to fundraising is NOT included, as it will not apply to most private practices. Insert fundraising language as follows if appropriate for your practice.

Fundraising Activities: We may use PHI to contact you to raise money. If  you wish to opt out these contacts, or if you wish to opt back in to these contacts, please contact our Privacy Officer.

Likewise, if your practice has a research function, insert relevant language:

Research: We may use and share your health information for certain kinds of research, however, all research projects are subject to a special approval process.

Check your state laws.

Your state law may require authorizations for certain uses and disclosures of PHI beyond those outlined in the sample notice. Be sure to amend your NPP to reflect any state-specific laws (resource hererelated to release of medical records. Remember to post your new NPP on your website and in your practice, and begin giving it to new patients September 23, 2013.

The new Notice of Privacy Practices is not required until September 23rd, but you can start using it as soon as you have yours ready.

For more on HIPAA, read my post “Three Big HIPAA Myths.”




(Photo Credit: hyku via Compfightcc)

Posted in: General

Leave a Comment (0) →

How One Hospital Uses Box to Mobilize Their Providers

Box for HealthcareAt Wake Forest Baptist Medical Center in Winston-Salem, North Carolina, doctors are saving time and sharing ideas using Box, a file-sharing and collaboration software that lets providers browse available medical documents and communicate with each other about treatment options. We are big believers in Box at Manage My Practice – we use it, and most of our clients end up using it too. Box is the only HIPAA-compliant file storage and collaboration service, and just like the doctors at Wake Forest, it makes our lives easier countless times a day. Wake Forest uses Box to store all of their medical journals and articles, as well as commenting on each file so that physicians can discuss procedures and treatment options. The doctors can access the repository from their tablets and smartphones, so that accessing detailed disease or treatment information is always as close as their mobile device.

Box is a simple and secure solution for sharing content with your coworkers, customers and audience. If you have moved your organizations’s practice management, electronic health record or email service to “the cloud” then it only makes sense to move your paperwork and content out of boxes and storage and into the cloud as well. If you have are using email attachments, a network drive, FTP server, or a non-compliant solution like Dropbox, then switching to Box can help your practice reduce your liability, stay HIPAA compliant, and store all of your digital content in a secure and accessible manner.

Box also makes mobilizing your workforce across locations easy. Box means your content is always available in a web browser, a phone or tablet, or synced on your desktop. Many of our consulting clients also use it to coordinate work and file across locations. If you have outsourced your billing or human resources, a shared folder in Box allows both locations to have the latest information and stay in touch.

Manage My Practice is a Certified Box Reseller, and would love to help you leverage Box to improve your practice’s workflow.





Posted in: Compliance, Day-to-Day Operations, Headlines, Innovation

Leave a Comment (1) →

A Guide to Healthcare Buzzwords and What They Mean: Part One (A through L)

Welcome to our guide to Healthcare Buzzwords!

Understanding Healthcare Jargon

ACO

An acronym for “Accountable Care Organization”, an ACO is a model of healthcare delivery in which a group of healthcare providers agree to accept payment for their services based on the aggregated health outcomes of the patients they see, as opposed to the total number of services performed. ACOs reward providers in a “fee for health” model, as opposed to a traditional “fee for service” model. Although the term ACO can apply to a variety of types of organizations, regulations for establishing ACOs to participate in the Medicare Shared Savings Program specifically were included in the Patient Protection and Affordable Care Act of 2010.

Big Data

(more…)

Posted in: Day-to-Day Operations, Headlines

Leave a Comment (0) →

David Brooks of qliqSoft Talks to Us about Secure Communications, Replacing the SMS, and BYOD

a picture of David Brooks of qliqSoft, interviewed in this post

 

Last week Mary Pat and I had a chance to meet and sit down for a while with a smart guy whose new venture is doing some really exciting things in the healthcare space. One of our favorite things to do! In an effort to keep on readers on the edge of what’s new, and to give more of the people we meet a chance to say hello and connect to our audience, we present the first in the MMP Interview series.

We first got in touch with David when he commented on one of our 2.0 Tuesday posts on Medigram– a new, private beta secure communications service. David let us know that Medigram wasn’t the only player in the space, and we agreed to meet for coffee and a chat. We got a chance to sit down with David soon after for a coffee and a demo of his company’s flagship product qliqConnect– also currently in Beta.

David is a sharp, passionate guy, and we loved having the chance to talk to him. Check out the interview below!

(more…)

Posted in: Day-to-Day Operations, Electronic Medical Records, General, Innovation

Leave a Comment (0) →

Medicare News for Week of April 17, 2012: CMS Website Upgraded, 2 National Provider Calls, Proposed CQMs for MU Stage 2 and 27 ACOs are Announced

(more…)

Posted in: Collections, Billing & Coding, Compliance, Electronic Medical Records, Finance, Medicare & Reimbursement, Medicare This Week

Leave a Comment (0) →

ICD-10 Compliance Date Will Be Revised Says Health and Human Services

As part of President Obama’s commitment to reducing regulatory burden, Health and Human Services Secretary Kathleen G Sebelius today announced that HHS will initiate a process to postpone the date by which certain health care entities have to comply with International Classification of Diseases, 10th Edition diagnosis and procedure codes (ICD-10).

(more…)

Posted in: Headlines, Medicare & Reimbursement

Leave a Comment (0) →

Managed IT Services, HIPAA/HITECH Compliance and Changing IT Providers: Ed Garay from Lutrum Answers Your IT Questions.

Mary Pat: Where does the name of your company, Lutrum, come from?

Ed Garay: When I was developing a name for this company, I didn’t want to be like every other healthcare IT services company with health, md, medical, etc. as part of their name.  I wanted it to represent something deeper about what we do and who we are as an IT organization.  Although we are IT specialists, I realized that one of the things that I am always working with my team on is to listen and understand our client’s needs.  Which lead me to creating the name, Lutrum.  Lutrum is a slight variant of the Latin word Lutra.  Lutra means otter in English.  And the otter symbolizes empathy.

Mary Pat: What led up to you starting your own business?

Ed Garay: In late 2000, I worked as an IT Director for an organization that continued to downsize.  I came to a career crossroad.  With starting to support under 100 systems, and the network running in tip-top shape, there was really no need for me to be there full-time in the long run.  So, do I look for another job that can’t possibly be as fulfilling as where I was, or do I take a leap of faith and start up my own business and share my knowledge with the masses?  Through the feedback of mentors and other resources that knew me personally and professionally, I was highly motivated to take the leap of faith and have never looked back.  My business career has evolved over the years and has naturally lead me to Lutrum.

Mary Pat: What are Managed IT Services?

(more…)

Posted in: Compliance, Electronic Medical Records, General

Leave a Comment (0) →

mHealth Gives Home Health a Whole New Meaning

a picture of a mobile phone with a red cross on its screen

One of the most exciting trends in modern healthcare can be found at the intersection of two larger societal changes: the shifting demographics of an aging Baby-Boomer population, and the fast adoption of smart mobile devices and mobile application platforms. As robust, secure and intuitive mHealth applications are adopted, patients are more empowered to monitor and share their health data outside of a traditional medical office or hospital setting. As healthcare delivery system already short on providers becomes even more taxed, mHealth applications will allow the system as a whole (patients, caregivers, loved ones, and payers) to navigate health decisions in a more efficient and informed way.

This quote from the Deloitte Center for Health Solutions 2010 Survey of Health Care Consumers says it all:

“Boomers view tech-enabled health products as a way to foster control and ongoing independence for themselves, especially in light of the rise in incidence in chronic disease with aging, and their desire to reduce costs. Nearly 56% of boomers show a high willingness to use in-home health monitoring devices in tandem with care of their primary physician.”

What are the advantages of pushing home health medical data from the source to the care provider?

  • Minimum lag time between data collection and the clinician’s ability to review it.
  • Reduction in errors associated with human intervention in data entry.
  • Intuitive and simple interfaces promote active patient involvement and caregiver communication in healthcare management.
  • Secure sharing of PHI (Protected Health Information) with patient, family members, and approved internal and external stakeholders in health.

Here are just a few of the companies and products available now (or in the near future) that might change your mind about where and how health data is captured and shared. Each of these products automates the capture of health data and the transfer of the data in a usable format to an Electronic Health Record.

Near Field Communications

NFC (Near Field Communications) is a wireless technology that allows for quick transfer of data between two sensors that are fairly close (an inch or two) together. The secure transfer allows for seamless data tracking inside caregivers’ workflow. For example: medical supplies, drugs, injectables and fluids can be fitted with low cost sensors that are swiped past a patient’s sensor to indicate they will be administered to the patient, and then again past the provider’s sensor to indicate a finished procedure, capturing time of administration, dosage, and patient information without slowing down the care to enter this critical data by writing them down, typing them in, or just resolving to remember them for later entry.

Gentag makes the data sensors and applications that manufacturers can use to send data via cell phone to the hospital or physician for seamless inclusion in the electronic medical record (EMR). Monitoring of blood pressure, fever, weight management and urinalysis are just a few of the ways Gentag has improved data capture in healthcare.

iMPak Health makes a cholesterol monitor the size of a credit card that accepts a small blood sample to process for triglyceride levels. The data is uploaded wirelessly to a cell phone that transmits it to a health provider.

Smart Fabrics and Wearable Monitors

Researchers at the Universidad Carlos III de Madrid in Spain developed a fascinating concept for an “Intelligent T-Shirt” that uses sensors woven into a washable fabric to create a hospital garment that does more than preserve the patient’s modesty. The sensors in the fabric can detect and record temperature, bioelectric impulses (for ECG monitoring), as well as the patients location, current resting position, and level of physical activity.

Copenhagen Institute of Interaction Design graduate Pedro Nakazato Andrade has designed a dynamic cast called Bones that collects muscle activity data around a fracture area by using electromyographic (EMG) sensors to report the patient’s progress to physicians automatically. This could reduce the need for follow-up visits and imaging, or change the specifics of rehabilitation.

The Basis Band is a wristwatch-type accessory that monitors heart rate by directing light into the skin to image blood flow. It also uses a heat sensor for skin temperature changes, an accelerometer for recording movement and activity, and sensors for galvanic skin response. The band also gives customers access to a free, web-based health dashboard to oversee the data the device collects and transmits.

There are still some considerable hurdles to full adoption of mobile home health monitoring. Very few patients use only one medical device, so not only do monitoring devices need to work with networked EHR technologies, they have to be integrated with each other to present a comprehensive picture of health to providers and Health Information Exchanges (HIEs). Also, as patients navigate the system of generalists, specialists, and emergency care providers, the possibility of encountering multiple software and hardware platforms will require flexible, integrated solutions that can run on any device. As with any networked application of sensitive data, security and availability are major factors in a success deployment. Unless patients can count on the privacy of their data, and providers can count on the uptime of their software, healthcare systems won’t be able to realize the full benefit of mHealth installations. On top of that, more monitoring of patient health means that there will be even more data to be collected on each patient, and on the population as a whole. While more data means more opportunity for large scale research and analysis for the public benefit, it also means more data has to be secured and protected as a part of the health record, requiring even more security and storage resources. And finally, the Food and Drug Administration will have a large say in the future of mHealth application development through industry regulation. Device makers and application developers will certainly have to work within a governmental framework which will have a large say in the time-to-market of many possible products.

With all that being said, the opportunity to meet the demographic challenges of an already stressed healthcare system with mobile home health monitoring and Electronic Health Records will be one of the major themes of the future of both the heath and technology industries.

Posted in: Innovation

Leave a Comment (0) →

An Exhaustive (and Exhausting) Medicare Roundup for November 18, 2011 Including the Revalidation Call Transcript, 5010 Enforcement Delay, Medicare Sends Less Collection Letters and ICD-10 Handbooks

CMS Announces 90-Day Period of Enforcement Discretion for Compliance with New HIPAA Transaction Standards

Today the Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services (OESS) announced that it would not initiate enforcement action until March 31, 2012, with respect to any HIPAA covered entity that is not in compliance with the ASC X12 Version 5010 (Version 5010), NCPDP Telecom D.0 (NCPDP D.0) and NCPDP Medicaid Subrogation 3.0 (NCPDP 3.0) standards. Notwithstanding OESS’ discretionary application of its enforcement authority, the compliance date for use of these new standards remains January 1, 2012 (small health plans have until January 1, 2013 to comply with NCPDP 3.0).

CMS has posted the transcript from the National Provider Call on Thursday, October 27, 2011

Don’t miss this opportunity to hear from CMS experts on this important topic. Click on National Provider Call on Revalidation of Medicare Provider Enrollment  to view the transcript. This transcript contains a number of post call clarifications – such as where to find the listing of providers which have received a notice to revalidate.  The audio file will be posted in the near future.

Now Available Online: List of Providers sent a Revalidation Request

In response to provider requests, CMS has posted a listing of providers who have been sent a request to revalidate their Medicare enrollment information. The listing contains the name and national provider identifier (NPI) of each provider sent a letter, as well as the date the letter was sent. To see the listing, click on “Revalidation Phase 1 Listing” in the Downloads section of the Medicare Provider Supplier Enrollment Revalidation Page. NOTE: You must widen each column in the spreadsheet to view the contents. CMS will be updating this list monthly.

(more…)

Posted in: Collections, Billing & Coding, Headlines, Medicare & Reimbursement

Leave a Comment (0) →

The Best of Manage My Practice – October, 2011 Edition

As we finish off another month here at MMP, we wanted to go back over some of our most popular posts from the month and get ready for another busy,  productive, and meaningful month. Presenting, The Best of Manage My Practice, October 2011!

We’ve started this monthly wrap-up to make sure you don’t miss any of the great stuff we post throughout the month on Manage My Practice, but we also want to hear from you! What were your favorite posts and discussions this month? Did we skip over your favorite from October? Let us know in the comments!

Posted in: A Career in Practice Management, Collections, Billing & Coding, Day-to-Day Operations, Finance, General, Medicare & Reimbursement

Leave a Comment (2) →
Page 1 of 3 123