Total Medical Compliance

May Advisor 2012

Nichole Eaton — Tue, 08 May 2012 15:45:25 +0000

The latest TMC newsletter contains articles on the long awaited HIPAA Updates are soon to be published, Building a Safety Foundation, OCR-HIPAA Audit Origram, & Instrument Processing.

Read The Advisor articles

Click here to print a copy of The Advisor

April Advisor 2012

Nichole Eaton — Tue, 10 Apr 2012 04:09:54 +0000

Read The Advisor articles

Click here to print a copy of The Advisor

HITECH Act Changes HIPAA for Healthcare Webinar

lawelles — Tue, 27 Mar 2012 17:00:38 +0000

This is a complimentary webinar offering by TMC.

The HITECH section of the American Recovery and Reinvestment Act of 2009 (ARRA), signed into law in February of 2009, mandated some very significant changes in the HIPAA regulations.

Breach regulations have proven to be the big challenge for healthcare practices. There are ways to position your practice so that a breach does not have to be reported to the patient, HHS, and possibly the local media. Breachs can be very expensive and time consuming to report therefore prevention becomes your best strategy. Breach is just one part of the HITECH Rule which impacts your facility or practice operations. Join this webinar to learn about other activites which are addressed by HITECH and the upcoming final regulations which will be published in 2012.

March Advisor 2012

Nichole Eaton — Mon, 05 Mar 2012 22:17:21 +0000

The latest TMC newsletter contains articles on Access Reporting 2012, Dental Radiation Manual-Important Information for North Carolina Clients, Regulated Waste Management, & Dental Waterline Safety.

Read The Advisor articles

Click here to print a copy of The Advisor

More…

See Prior TMC Compliance Newsletters

Access Report 2012

Nichole Eaton — Wed, 22 Feb 2012 22:59:24 +0000

Access Report 2012

2012 will be a busy year for HIPAA changes

Final regulations on Breach are expected in March 2012 according to HHS. This may be significant if HHS follows Congress’ request to remove the Harm Analysis.
We will be reporting a lot more…
Ms Word or pdf

February Advisor 2012

Nichole Eaton — Wed, 08 Feb 2012 17:05:56 +0000

The latest TMC newsletter contains articles on Reporting Breaches to Health & Human Services, Radiation Dental Manual Updates for NC Clients, Compliance Resolutions to Keep for 2012 and Medical Infection Control Attendees-Important Notice!

Read The Advisor articles

Click here to print a copy of The Advisor

More…

See Prior TMC Compliance Newsletters

January Advisor 2012

Nichole Eaton — Mon, 09 Jan 2012 15:35:56 +0000

The latest TMC newsletter contains articles on Do I Need to Post the OSHA 300A Log?, Are Your Business Associates in Compliance with HIPAA Regulations?, Is PPE Nice to Have or is it Required?, Are your business Associates in Compliance with your HIPAA Regs?, & Violence Prevention Teams.

Read The Advisor articles

Click here to print a copy of The Advisor

More…

See Prior TMC Compliance Newsletters

December Newsletter 2011

Nichole Eaton — Thu, 01 Dec 2011 15:24:51 +0000

The latest TMC newsletter contains articles on Regulatory Updates & New Resources, US Measles Outbreak 2011, OCR HIPAA Audit Program- The Time is Now, Big Brother vs. Big Fines, & Final Ruling-New Poster required by NLRB.

Read The Advisor articles

Click here to print a copy of The Advisor

More…

See Prior TMC Compliance Newsletters

November Newsletter 2011

Nichole Eaton — Tue, 01 Nov 2011 13:55:22 +0000

The latest TMC newsletter contains articles on First Annual Report to Congress on Breaches, Is Glutaraldehyde Utilized in Your Office?, HIPAA Audits to Come, Workplace Violence….Are You Safe?, 3D PPE – Donning, Duffing, Disposal and New TMC Hours.

Read The Advisor articles

Click here to print a copy of The Advisor

More…

See Prior TMC Compliance Newsletters

Annual Risk Assessment Requires Input From Your IT Professional

Bearle — Sun, 16 Oct 2011 17:37:05 +0000

Both the HIPAA Security Rule and Meaningful Use (MU) regulations require a practice to conduct an annual Risk Analysis, take corrective action with identified issues and document the analysis and the corrective action, both system changes and procedures. There is a technical and a managerial element to the Annual Risk Analysis.

The HIPAA requirement has been in effect for 5 years, the MU regulation is relatively new. If you are in compliance with the HIPAA Security Rule, you will meet the Risk Analysis requirement for MU.

OCR (Office for Civil Rights) has already conducted some audits of healthcare organizations as a result of a breach where the circumstances reported seemed to indicate that adequate technical and administrative precautions were not in place. In 2012 programmed audits will begin to look at overall compliance of organizations selected.

Obtaining specific input from an IT Professional is a critical piece of your annual Risk Assessment.

Practices must depend on their Information Technology (IT) professionals to perform the technical review for the areas or systems they service. Your IT professional may be on your staff if you have a large practice and/or may be one or more vendors or companies who provide help on a continuing basis.

You may use an IT company that handles your PC’s, servers and system integration maintenance.
You may also use a practice management system that is maintained and serviced by the vendor who installed it.
You may have an IT person on staff as well.
Almost always there are multiple players who support your technology environment whether large or small.

Ask all of your IT professionals for a Risk Assessment on the system they provide or service to help you meet the technical part of the analysis. The vendor must be knowledgeable on HIPAA as well as meaningful use regulations. Be sure they address the HIPAA requirement for a violation, and vulnerability as it relates to a breach. (You can have a breach without being in violation of the HIPAA Security Rule.) They can then tell you the issues and discuss with you the possible solutions, which need to be documented as well.

Few system environments, if any, will be absolutely secure. You just need to understand the issues and risks so you can make an informed management decision as to the type of corrective action or protective steps to take.

As the manager, you can and must ask your IT professional specific critical questions that will prompt the appropriate review by them. The ultimate responsibility of compliance with all of the regulations rests with the practice so you must know and document the specifics. General comments that your systems are compliant are not sufficient to meet this test.

The TMC HIPAA Annual Risk Analysis document includes those critical questions that must be answered for the manager. You want to be sure any system you own, run or purchase keeps you compliant with regulations. The IT person should know the HIPAA requirements and be able to vouch for the system they are providing.

The IT professional that provides your general service- fixing technical problems, integrating systems and processes, etc.- must be prepared to proactively alert you to issues you may never even know exist. Examples: (1) You have a scanner and fax machine that retains all data on a hard drive that is not encrypted and cannot be encrypted. (2) When you ship a server to be repaired there is a risk because the data is not encrypted. (3) The system you are about to purchase cannot be encrypted. (4) The thumb drives in use are not encrypted and cannot be. (5) Your wireless system in place can be easily accessed and potentially could expose your patient data.

You can then make informed management decisions as to what must be corrected and what cannot be corrected immediately. Then you must take extra precautions to reduce the risk in some other way.

Total Medical Compliance can provide the assistance you need to ask the right questions, document the information as required by regulation, determine the level of risk by working with you and your IT professional and help you formulate management solutions.

Working with IT professionals that understand the technology that is acceptable under HIPAA is the other critical element. Be sure your IT professional has a deep understanding of HIPAA and the latest HITECH requirements. Do they have a written program in place for their organization? This is a requirement under the new regulations. See the TMC Business Partners page on our website to see those companies with HIPAA Programs provided by TMC. www.TotalMedicalCompliance.com.

Don’t wait until you have a breach or you receive notice from OCR that you have been selected for an audit. Waiting could be costly for your practice.

Read more in the September issue of the TMC Advisor, a monthly compliance newsletter.