News — Fine

Okay folks – we need to talk about your data backup.   Dental offices, as covered entities, must meet Implementation Standards to get in compliance with the HIPAA security rules. There are two types of implementation standards: required and addressable. Required means it must be done and there is only one right way to do it. Addressable means it must be done, but you have options. However, if you aren’t going to do it, you must document in writing why. Substantiate. Substantiate. Substantiate.   Backing up your data (the act/action) is an addressable implementation standard. You’ve got to do it,...

On January 9, 2017, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), announced the first HIPAA enforcement action and settlement based on the late reporting of a breach of unsecured protected health information (PHI). Presence Health, a large Illinois healthcare network, settled potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. The breach involved missing paper-based operating room schedules containing the PHI of 836 individuals. Information included individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia....

If the government and third-party payors know you maintain an effective compliance program and have your ducks in a row, you are less likely to get picked on in the first place! We have seen it happen.

If you are an administrator or compliance officer for a dental practice and you are looking for solutions to concerns that keep you up at night or you’re looking for an ally for support or an existing compliance program or you are looking to develop a compliance program, but don’t know what to do or how to go about it, we will love to have a chat with you.