Editor’s note: Ancil Lea, author of this guest commentary, has worked with more than 1,500 physicians, clinics, out-patient surgery centers, and hospitals to help with everything from medical software to healthcare marketing for nearly 30 years. He is the former coordinator for the Arkansas Office of Health Information Technology.
As 2015 comes to a close, I’m finding several things on the minds of physicians, administrators, office managers, and support staff besides scrambling around trying to get all of their bases covered for the holiday season.
They’re also thinking about business and practice concerns that deserve attention.
I sat down with a clinic last week to talk through modifications to “meaningful use” (MU) objectives and the requirements they will have for attestation coming up soon. “Security Risk Assessments” are at the top of the list these days. Even specialty clinics not participating in MU still have to get their “policies and procedures” documents together for Security Risk and to have their technology review scrutinized closely.
When it comes to these assessments, clinics and providers should consider getting an outside firm to help with this process. To have your own staff perform this work is kind of like doing surgery on yourself – and it could set you up for closer scrutiny by auditors. As I understand it, a self-assessment that isn’t rigorous enough can be a “flag” that triggers an audit, so it pays to take them seriously.
One Security Risk area I continue to see clinics struggling with is in the area of “communication of the provider to other providers, nurses and staff.” With doctors and staff texting and messaging Patient Health Information (PHI) on their smartphones, tablets, iPads, and other devices, this can create a gaping security hole in your practice. Finding and implementing a secure/encrypted solution to this is crucial. We forget how easy it is for unsecured data traveling among these devices to be captured and exploited by hackers. Patients should be able to trust that their medical information is safe from outside threats, so whether you’re a small clinic or major healthcare center, I encourage you to fix this problem and clean up the devices you have.
One more note about this: my experience is that a number of physicians choose to imagine that the data they’re sending is not at risk, but the fact is that unsecured data is vulnerable, and HIPAA auditors have just received new funding to “hand out” fines.
The end of the fiscal year always comes with challenges and opportunities. Figuring out what you need to spend or fork over to the government is one that comes to mind. Many start handing out bonuses or making investments in needed capital expenditures, based on the accountant’s direction. An investment in secure communication consulting and solutions should be on your shopping list if it isn’t already.
It could help keep your New Year a happy one.