Time for your Practice to Revisit your Security Standards

Does your practice have safeguards in place to protect your HIPAA sensitive information? Has your practice participated in security training or conducted a Risk Assessment. Do you have a mitigation plan in place if your practice does experience a breach in your data? These are all important and relevant questions to be asking yourself as a provider moving into the New Year. According to a recent report released by Experian, the potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually in 2015.

Experian’s almanac predicts a stormy forecast is ahead for the healthcare industry as the threats are growing. The report points to many vulnerabilities, the expanding number of access points to protected health information, or PHI, and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the healthcare industry a vulnerable and attractive target for cybercriminals.

“We expect healthcare breaches will increase – both due to potential economic gain and digitization of records. Increased movement to electronic medical records and the introduction of wearable technologies introduced millions of individuals into the healthcare system, and, in return increased, the potential for data breaches,” the report notes.

”Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cybercriminals,” the authors add. “The problem is further exasperated by the fact that many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ PHI. In fact, an individual’s Medicare card – often carried in wallets for doctors’ visits – contains valuable information like a person’s Social Security number that can be used for fraud if in the wrong hands. Currently, we are not aware of any federal or law enforcement agency which tracks data on SSN theft from Medicare cards, but the problem is widely acknowledged.”

The takeaway? Security breaches are a real and increasing threat to the Healthcare industry and taking the proper precautions and implementing security standards, processes and protocols is no longer an option but a necessity. Consult with a security expert today for a Security Assessment and Mitigation Plan at EHR & Practice Management Consultants, Inc. (www.ehrpmc.com) 1-800-376-0212 or contact@ehrpmc.com

Are You Prepared for a Malpractice Suit, Will you EHR Protect or Hurt You?

According to recent research providers may be in for a rude awakening. The U.S. Department of Health and Human, the office announced in May 2013 that more than half of all doctors and eligible clinicians had received Medicare or Medicaid incentive payments for adopting or meaningfully using EHRs. Usage by eligible professionals grew by 33% from 2008 to 2012, the agency said in a press release. New pitfalls emerge with such fast-moving technology, Ms. Chestler said[1]. Design flaws, complex templates, and careless usage by health professionals are all factors that can fuel EHR-related lawsuits and contribute to challenges defending claims. Being mindful of the potential legal dangers of EHRs and taking steps to prevent them can save physicians significant time and expense, experts agreed.

Every aspect of EHR selection, implementation, and use may be examined in the course of medical malpractice discovery to find the source of the incident, or undermine the records that are being presented in defense of the malpractice claim. The Health Insurance Portability and Accountability Act (HIPAA) states the healthcare provider is the covered entity responsible for maintaining the integrity of the patient’s medical record — not the EHR vendor, consultant, or the systems integrator. A doctor can be held liable because most vendors’ contracts essentially say, ‘We do not practice medicine; it is up to the physician to make sure this EHR is being used correctly.’ Practices must understand what they’re using and verify that the system is appropriately set up to document the care they provide.”

With this being a highly litigious society it is important for providers and provider organizations for be informed of the dangers that EHR can pose from a legal standpoint. At EHR &Practice Management Consultants, Inc. we have consultants whose sole role it to provide advice on these matters. Of course it is important to be proactive and have an assessment completed prior to any litigation, but we can also assist in the event that a lawsuit has already been filed. Please contact our offices today for more information at 1(800)376-0212 or contact@ehrpmc.com, it may be a determining factor in preventing litigation or assist in your defense.

[1] Alisa L. Chestler, a Washington, D.C.-based health law attorney at Baker, Donelson, Bearman, Caldwell & Berkowitz. She co-wrote a 2013 American Health Lawyers Association report titled “Minimizing EHR-Related Serious Safety Events.”