ABYDE FOR ERJ SOLUTIONS MEMBERS

It's time for stress-free compliance.

Request a demo
  • EASIEST SOFTWARE YOU’LL EVER USE

    And if we’re being honest, easy is an understatement. All companies say it, but we are so confident in the simplicity of our software that we will prove it.

  • ‘HANDS OFF’ APPROACH

    We automate it all – from notifications about training to policy generation. Can you imagine not having to set your own reminders?! Go ahead, focus on your patients – we will ping you with the important stuff.

  • CUSTOMER SUCCESS TEAM LIKE NO OTHER

    We will meet you where you are – whether that’s by phone, chat, or email. It’s tough stuff in the tech space, but our customers love us as much as we love them.

  • STATE BY STATE, LAW BY LAW

    No matter what state your practice is in, our solution is for you — from sea to shining sea. We know our stuff and dedicate ourselves to staying on top of the latest state and federal changes so you don’t have to.

  • MORE THAN JUST SOFTWARE

    With us, you get more than policies and software. We offer Master Classes, newsletters, and more to keep you up to date. At the end of the day, we are proud to lead with education.

"The toughest part of HIPAA is complying with the rules. Abyde’s step by step system removes the complexity and therefore the worry of complying with the rules. Plus, Abyde reminds me to stay up to date, keeping me in continual compliance!"
Dr. Robert Bass
"The ease of the Risk Assessment is definitely my favorite. Abyde is very good at keeping us on track. The training programs are great as well."
Brenda Anderson
"I love how Abyde continually sends notifications to update information so we can stay current with all compliance issues. Above all, you will not find a more economical choice that provides all of the resources needed for compliance in your medical practice."
Amy Rogers

LATEST COMPLIANCE NEWS

One Patient Request, Years of Fallout: The Concentra Right of Access Case

December 22, 2025 Well, the Office for Civil Rights (OCR) is back, folks!  After a historic government shutdown, the OCR has announced its first fine.  The recipient of the latest fine is Concentra, Inc., a Texas-based enterprise healthcare provider. While this health organization might have numerous locations, the root of this federal fine and years of legal battles stems from one patient complaint to the OCR.  With the 21st fine of the year, we’re taking it back to the basics: Patient Right of Access.  What Happened?  In February 2018, a patient requested a copy of their medical and billing records from Concentra’s Peoria, Arizona, location. While a Concentra employee forwarded the request to the billing office, the patient did not receive their medical records in a timely manner. The patient sent several requests throughout the year.  In October 2018, Concentra’s Business Associate issued an invoice to the patient for $82.57 for the requested medical records. This amount was disputed.  After months of back-and-forth with Concentra, in December 2018, the patient filed a complaint with the OCR regarding how the healthcare provider handled their record request. Finally, in March 2019, over a year after the initial request, Concentra’s Business Associate provided the health records to the patient for an adjusted rate of $6.50.  Providing the records was just the beginning for Concentra. In the summer of 2020, the OCR notified the healthcare provider that this case indicated noncompliance with the Privacy Rule and provided Concentra with the opportunity to submit mitigating evidence.  Then, in 2021, the OCR proposed to levy a $250,000 penalty. After several more years of legal battles, the OCR settled this case in 2025 with a $112,500 settlement.  Patient Right of Access 101 This lengthy chain of events highlights the importance of promptly and thoroughly addressing patient requests.  Detailed in the Privacy Rule, patients have the right to access their health records within 30 days from the initial request, known as the Right of Access. This timely access empowers patients to make informed decisions about their healthcare. This 30-day timeline applies on the federal level. Depending on the state, your practice may be required to comply with more stringent timelines, as seen in California.  The 30-day timeline is firm, and a practice can only be granted an extension once, for an additional 30 days. In addition to adhering to a 30-day timeline, the fees for copies of records must be reasonable and feasible.  The acceptable fee for providing copies of documents is limited to the cost of labor for copying, supplies, postage, and any provided summary. Alternatively, your practice can charge a flat fee of not more than $6.50 instead of calculating these specific costs.   Keeping Your Practice Compliant (And Your Patients Happy) While following the Right of Access might seem straightforward, it’s one of the most common HIPAA violations practices make. There have been 50+ HIPAA Right of Access enforcement actions levied by the OCR.  With the right compliance program, you can ensure that your staff is aware of all requirements when handling patient requests. Clear policies and engaging training help you respond correctly, on time, and with confidence. Ready to ensure your practice is HIPAA compliant? Schedule a consultation with one of our compliance experts today.

Read More »
HIPAA Compliant Remote Work

Secure Care, Anywhere: A HIPAA Guide to Telehealth and Remote Work

December 8, 2025   Nearly six years ago, office staff discovered that work from home was a possible model in the healthcare field. Not only did the work move to the house, but digital, at-home healthcare became wildly popular.  If part of your team is still working remotely, whether full-time or part-time, remember: HIPAA isn’t only within the four walls of your organization.  Here’s the good news: staying HIPAA compliant from a home office isn’t meant to be complicated. With the right tools and game plan, you can keep Protected Health Information (PHI) secure from the comfort of your own home.    Lock It Down at Home Remote work doesn’t change the HIPAA baseline. The standard of “minimum necessary” still applies, safeguards still span people, process, and technology, and documentation still matters. Think of compliance like a thermostat you’ve set correctly: once it’s dialed in, it quietly keeps everything in range. First, your staff needs to understand the standard requirements for keeping data secure and be trained on safely accessing PHI remotely. Do your employees know that it’s a big HIPAA no-no to share sensitive patient data with family during casual conversations while working from home? The best way to communicate what to do is through relevant, documented policies, including a remote work policy. It’s essential that work laptops and any devices with access to PHI are encrypted, and that all logins utilize Multi-Factor Authentication (MFA). Encryption and MFA are both additional layers of protection, ensuring that only authorized users can access PHI. Does staff utilize personal devices for work from home? If so, require mobile device management policies, encryption information, and clear off-boarding procedures. Have a lost-device and incident response policy so your team knows exactly who to notify, how to lock or wipe a lost device, and how you’ll assess whether an event rises to the level of a breach. The work station should also include HIPAA-compliant communication through email and phone calls. If you meet with patients through telehealth services, use an encrypted platform and verify the patient’s identity before each session.  As your organization ensures that the proper safeguards are in place, Business Associate Agreements (BAAs) must also be signed for any third parties (encryption services, IT providers, HIPAA-compliant platforms) with access to your PHI. BAAs offset the liability if a breach occurs due to your BA’s negligence. The legal document details exactly what each party is responsible for and how to handle any situation.  While the legal aspects might feel overwhelming, they are necessary to keep patient data safe. With clear policies, trained people, and the right security controls, remote work and telehealth can be both convenient and compliant.   Remote Ready  Remote work and telehealth are no longer temporary fixes to the problem of a pandemic; they’re a simple fact of operating today. HIPAA didn’t change with the scenery, but the right tools can. Intelligent software solutions can provide clear policies, thorough training, compliant BAAs, and more. Telehealth and remote work are here to stay. Keep the safeguards in place, and you’ll be compliant wherever you work, even at home. Meet with a compliance expert to learn more about how your remote organization can achieve HIPAA compliance. 

Read More »
Read more

READY TO BE STRESS-FREE?

schedule a demo