HIPAA Best Practices for Doctors’ Offices

David Bourgeois

The Office of Civil Rights (OCR), the “police” that enforce HIPAA’s policies, report that most of the $67 million (and growing) in fines “stem from improper use or disclosure of electronic protected health information (ePHI); poor health information safeguards; inadequate patient access to their ePHI; and the absence of administrative safeguard for such information.” [Source: HIPAA Journal]

Read More
Topics: Heathcare IT

Sending PHI via Mobile Devices – a Big HIPAA No-No

David Bourgeois

I rocked the boat with some of my medical friends when I emailed them my blog post, Can I Text ePHI?, which basically told them that they could NOT text or email patients without encrypting or securing the data. Don’t shoot me, I’m just the messenger. HIPAA states it is illegal to use unsecure networks and unencrypted communication methods like texting. Let’s dig further into why sending PHI via mobile devices is a HIPAA “No-No”, making it a hot button for doctors and the HHS (Health & Human Services).

Read More
Topics: Heathcare IT

Are Your Business Associates HIPAA Complaint or a Risk?

David Bourgeois

Since 2013 when Congress passed the Omnibus Rule, business associates (BAs) dealing with medical entities have been held to the same standards for protecting PHI (Protected Health Information) as covered entities (CEs), including their subcontractors. This means every vendor a medical practice or hospital contracts with access to patient data must be HIPAA compliant – no ifs, ands, or buts; it is the law!

Read More
Topics: Heathcare IT

3 Biggest Cybersecurity Mistakes Medical Practices Make

Stephen Tullos

Healthcare is no longer just about curing ailing patients. Medicine requires securing your patient’s Protected Health Information (PHI).

Even though HIPAA has been around since 1996, last year the industry averaged a breach a day, affecting 27,314,647 patient records. (Protenus) Even with millions of dollars paid in fines (in February, a Miami, Florida non-profit paid $5.5 million to settle a HIPAA case and a Dallas-area hospital paid a $3.2 million HIPAA penalty according to MSPmentor report), most medical practices don’t know what to do when it comes to securing their PHI and we regularly see these 3 cybersecurity mistakes at medical practices.  

Read More
Topics: Heathcare IT

9 Reasons Why Small Medical Practices are Most Vulnerable to a Cyber-Attack

Stephen Tullos

As my team and I talk to different medical practices, we are amazed how many of them are oblivious to HIPAA regulations and just how vulnerable they are to a cyber-attack. Like HIPAA, hackers don’t take ignorance as an excuse.

9 Reasons Why Small Medical Practices are Most Vulnerable to a Cyber-Attack

  1. Lack Concern of Cyber-Attack Threat – Most small businesses, including medical practices, think they’re too small to be a target to hackers. Unfortunately, medical data is a prize most hackers want to get their hands on and they will specifically target small medical practices expecting to find little to no cybersecurity in place. Also, hackers can use bots that crawl the internet looking for “open windows” into networks; if they stumble on a medical practice, they could be in for a big payday.
Read More
Topics: Heathcare IT

Debunking 13 HIPAA Technology Myths

David Bourgeois

Although HIPAA is the law, many people have numerous misconceptions and myths they hold onto about HIPAA. Let me dispel the top 13 HIPAA Technology Myths that we commonly hear so you’re not caught off guard.

Read More
Topics: Heathcare IT

12 HIPAA Mistakes Your Medical Practice is Making (and How to Fix Them)

David Bourgeois

Praying that the federal government doesn’t knock on your door for an audit isn’t a good plan, nor is hoping you never have a breach. If that is the extent of your processes and procedures, it is only a matter of time before both things happen and the fines will rack up quickly.

In 2015, the Office of Civil Rights that enforces HIPAA investigated 17,694 complaints and only 359 had no initial violations – that’s only 2%!

Read More
Topics: Heathcare IT

Can I Text ePHI?

David Bourgeois

We get this question from our healthcare clients frequently – can I text ePHI (Electronic Private Health Information)?

Simply put, no.

This may surprise you, because many non-medical companies frequently exchange texts with clients. (You probably know dozens of doctors that frequently text patients too.) HIPAA does not allow for texting any private information, even directly to the patient.

Also, the Joint Commission has varied in their opinion of the legality of texting medical orders too. In 2011, they banned secure-texted medical orders. In May 2016, that opinion was reversed, only to be reinstated in December that same year. [Read more at Advisory.com]

Read More
Topics: Heathcare IT

Difference Between EMR & EHR and How to Protect Both

David Bourgeois

While most people use the two acronyms EMR and EHR interchangeably, there is a difference between them. Also, how you must protect each varies as well.

What is EMR? Electronic Medical Records are the digital version of the paper charts in a doctor’s office, which contain the medical and treatment history of a patient at that single practice. The advantage of having this information digitally is for storage, efficiency, and the macro view it gives a medical provider of the individual patient’s life including blood pressure readings, vaccinations, and what preventative screenings are needed. EMR also allows the practice to see trends and the overall quality of care for all patients within the practice such as the percentage of patients that need a tetanus shot.

Read More
Topics: Heathcare IT

11 Steps You Legally Must Do to Protect ePHI & PHI

David Bourgeois

First off, let’s make sure we’re on the same page with what is PHI. PHI stands for Protected Health Information and ePHI is the electronic form of that information. HIPAA defines Protected Health Information as:

  • Data created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.
  • Relating to the past, present, or future physical or mental health or condition of any individual, or the past, present, or future payment for the provision of health care to an individual.

Who must protect PHI & ePHI? Any business that creates, stores, edits, or transfers Protected Health Information (PHI) must comply with HIPAA regulations. HIPAA breaks businesses into two categories:

Read More
Topics: Heathcare IT

About My IT's Blog

We believe an educated client is the best client, therefore, we share our knowledge with executives and business owners looking for a fair, knowledgeable IT firm that fits well with their company and objectives.

My IT helps companies to protect their data, become more efficient and productive, and to boost high-growth using technology. In our blog, we discuss these topics and our extensive expertise working with medical practices, construction industry companies, and auto dealerships.

New Call-to-action

Share This Page

    

Subscribe to Email Updates

Real Time Web Analytics