Gaurav Modi

Best Practices, HIPAA

My EHR system makes me HIPAA compliant, right?

July 16, 2020 Comments Off on My EHR system makes me HIPAA compliant, right?

July 16, 2020 Let’s face it, in today’s digital age, it’s tough to find a medical practice that doesn’t utilize an Electronic Health Records (EHR) system. Even if you were late to the game and just recently made the switch, the use of EHRs in doctor’s offices nearly doubled between 2009 and 2017, to almost 86% of providers. One of the biggest qualifications for any EHR system is that it meets all HIPAA compliance requirements to protect the sensitive patient data held within it. But is that where HIPAA compliance begins and ends?  A common misconception many providers have, however, is that implementing a HIPAA compliant EHR ensures their practice is in compliance with all standards  – instead, it’s just one piece of the much larger puzzle. Make no mistake, having a HIPAA compliant EHR is essential. There are a number of safeguards that should be implemented to protect your EHR’s electronic data, such as:  While these safeguards are key, there are other HIPAA requirements that go beyond the security of your EHR software and impact your practice’s operations, physical accessibility, and all technology used within the organization – including IT networks and other applications not included in your EHR software. That’s why the Security Risk Analysis’ three sections – administrative, physical, and technical safeguards – are so essential to ensure every aspect of your business’ risk is assessed. Even non-HIPAA experts can conclude that having a HIPAA compliant EHR system is a no brainer. But missing all, or even just some, of the other pieces to the puzzle puts your practice and your patients at high risk. In fact, within  Abyde’s Security Risk Analysis, only 10% of the questions pertain to your EHR system. Whether with Abyde, internally, or with another vendor – it’s essential to review the other 90% of your necessary safeguards before getting slammed with a HIPAA violation. 

Abyde MSV Business Affiliate Program
Partner News

Abyde’s Industry Leading HIPAA Compliance Software Now Part of MSV Business Affiliate Program

July 15, 2020 Comments Off on Abyde’s Industry Leading HIPAA Compliance Software Now Part of MSV Business Affiliate Program

July 15, 2020 July 15, 2020, Tampa, FL – Abyde, offering a best-in-class HIPAA compliance software solution for medical practices, has joined the Medical Society of Virginia’s (MSV) Business Affiliate Program. Abyde offers MSV members protection from HIPAA compliance pitfalls through a user-friendly, complete HIPAA compliance program. This new partnership comes at a perfect time to help Virginia physicians overcome changes to HIPAA in 2020. The MSV Business Affiliate Program is designed to engage with companies that can offer exclusive rates, superior service, and competitive solutions to its membership of over 9,000 physicians, residents, medical students, and physician assistants. Dustin Beekman, Director of Business Development for MSV recognizes the value in this relationship. “We are very excited that Abyde has joined our Business Affiliate Program,” he said. “The opportunity this provides our members is the reason we started this program and an important part of our decisions to work with Abyde as an industry leader in HIPAA compliance.” “We are thrilled to work with a partner like MSV, especially during a time when it’s essential that we come together to help physicians across Virginia succeed,” said Matt DiBlasi, President of Abyde. “The passion behind MSV’s commitment to physician prosperity is evident, and we are honored to be a part of helping Virginia physicians meet HIPAA requirements even during a turbulent and changing climate like today’s.” The MSV Business Affiliate Program launched in January 2019 and was created to provide opportunities to both the MSV membership and Business Affiliates. Through this unique relationship, MSV will continue to be able to provide dynamic and comprehensive benefits to its membership. About Abyde  Abyde (Tampa, FL) is a technology company dedicated to revolutionizing HIPAA compliance for medical professionals. Launched in January 2017, Abyde was formed with the idea that there could exist an easier, more cost-effective way for healthcare providers to comply with government-mandated HIPAA regulations. For more information on Abyde visit abyde.com. About MSV The Medical Society of Virginia (MSV) serves as the voice for more than 30,000 physicians, residents, medical students, physician assistants, and physician assistant students, representing all medical specialties in all regions of the Commonwealth. The association was founded in 1820 and is headquartered in Richmond, Virginia. MSV strives to advance high-quality health care and make Virginia the best place to receive care and practice medicine. Read the full press release here.

HIPAA Compliant Marketing for Healthcare Practices
Best Practices, HIPAA

HIPAA Compliant Digital Marketing for Healthcare Practices

July 8, 2020 Comments Off on HIPAA Compliant Digital Marketing for Healthcare Practices

July 8, 2020 Nowadays, you can shop online for anything – from chopsticks that double as LED lightsabers to a wig for your dog (seriously, we’re not kidding), and shopping online for a healthcare provider is no different. The internet plays a key role in a healthcare consumer’s decision making, in fact, according to a study released by the Pew Internet & American Life Project, “80 percent of Internet users, or about 93 million Americans, have searched for a health-related topic online.” Let’s face it, we use the internet for basically anything and everything nowadays especially as we continue to adapt in today’s COVID-19 world, which is why it’s important for your practice to understand what is and isn’t allowed when it comes to HIPAA compliance and online marketing.  Using online marketing as a tool can be extremely beneficial for practices. Most medical practices have a website and many use social media and email marketing as tools to reach potential patients – ensuring you are utilizing these platforms in a HIPAA compliant manner is imperative to marketing in the right ways while still ensuring the privacy of your patients and security of your practice. Whether it be for your practice website, social media page, or advertisement – if you would like to use any type of patient information there are some strict guidelines to follow: Your Practice Website Having a HIPAA compliant website for your practice enables patients to search for information regarding the services that you provide, and ultimately drive new patients to you. The following are some key tips to follow when creating and maintaining the website for your practice:   Email Marketing  If choosing to use email marketing to engage with patients there are some key safeguards you must take to ensure you’re protecting your patients’ information and aren’t setting yourself up for a HIPAA violation:  Social Media  Nowadays social media platforms play a large role in consumers’ decision making. Having a strong social media presence can be a great asset to your practice, but in order to use social media to your advantage, you should follow these guidelines:  Where marketing regulations get tricky is patient reviews or comments on digital platforms. While patients are able to post a review or comment about your practice, you cannot respond in any capacity that ties the patient to your practice. A dental practice in Texas was faced with a $10,000 fine along with a 2-year corrective action plan after they responded to a patients’ Yelp review. The practice had responded to multiple reviews the investigation found, disclosing patient information including names, medical diagnoses, and more and was only hit with a small fine due to their immediate cooperation with the Office for Civil Rights. On top of ensuring that you’re meeting all the criteria for a safeguarded online presence, you should also create a well-documented strategy that clearly outlines what’s permitted and what isn’t for your staff. This should cover the necessary policies and procedures for marketing to patient’s whether it is done online, over the phone, or in person.

Is My Telehealth Solution HIPAA Compliant?
Best Practices, HIPAA

Is Your Telehealth Solution HIPAA Compliant?

July 2, 2020 Comments Off on Is Your Telehealth Solution HIPAA Compliant?

July 2, 2020 Ever thought you’d be saying “What’s up Doc?” on a video chat from home? Telehealth has made remote visits a new reality – though not all telehealth providers have been created equal when it comes to being HIPAA compliant. Why is it important for telehealth to be compliant? 90% of healthcare executives have already or are planning to adopt telehealth services within their operations, and as remote patient care continues to explode in popularity so do the risks to compromising that patient information. Part of telehealth’s current popularity is due to COVID-19. To best meet the urgency  brought on by COVID-19, the Office for Civil Rights (OCR) provided an update to the provision of telehealth services allowing providers to use any form of non-public facing video communications with patients, even if they weren’t considered ‘HIPAA compliant.’ While this enforcement discretion is only temporary, we can predict that the general public will prefer to keep their distance and avoid face-to-face doctor visits if possible for the foreseeable future. In fact, a recent study found that 74% of Americans would be comfortable and willing to use telehealth services for their doctors appointments.    While COVID-19 has made a major impact on telehealth services, the ability to provide care remotely has been growing in popularity for several years. The value of telehealth goes beyond allowing for social distancing between patients and providers, including:  With all the benefits presented in utilizing telehealth services, there are also additional risks to be aware of. The following are some key recommendations for implementing telehealth in the most secure way possible:    The explosion of telehealth providers to meet the new demand after COVID-19 has seen some great – and some not so great – products within the telehealth market. If you are looking into adding a telehealth solution, be sure it is one that has proper safeguards and programming to prevent and contain possible cyber threats. An unsecured telehealth provider could make your patient data vulnerable – such as chatbot and telehealth startup Babylon Health, whose users found dozens of videos of other patients’ appointment consultations in their app due to a software glitch. While the issue was quickly corrected, implementing a non-compliant telehealth app creates a high risk for potentially compromising patient data. As the healthcare industry continues to implement technology solutions, it’s important to ensure that sensitive patient information remains safeguarded from additional risks that technology presents. Utilizing HIPAA compliant providers for telehealth and having the proper Business Associate Agreements in place are key to providing the most effective and protective services for your patients.

Acquios Alliance Partnership
Abyde News, Partner News

Abyde partners with Acquios Alliance to deliver HIPAA compliance solutions to private practice optometrists

July 1, 2020 Comments Off on Abyde partners with Acquios Alliance to deliver HIPAA compliance solutions to private practice optometrists

July 1, 2020 July 1, 2020, Tampa, FL – Abyde, an intuitive and industry leading HIPAA compliance software solution for private practices, today announced it has joined Acquios Alliance’s network of top vendors to deliver exceptional HIPAA compliance solutions to their members. Abyde’s collaboration with Acquios Alliance helps alleviate the unique challenges private practice optometrists encounter by providing them with state of the art HIPAA compliance programs designed to reduce the time, resources and stress that accompanies a complete HIPAA program. Abyde’s software solution is the easiest way for any sized eye care practice to implement and sustain comprehensive HIPAA compliance programs. Abyde’s revolutionary approach guides providers through mandatory HIPAA requirements such as the Risk Analysis, HIPAA training for doctors and staff, managing Business Associate Agreements, customized policies and more. “As part of Acquios Alliance’s selective network Abyde is now poised to deliver exceptional HIPAA services designed specifically for the needs of an independent optometrist – which is a unique challenge,” said Matt DiBlasi, President of Abyde. “This partnership will allow us to provide the same comprehensive HIPAA solutions we are known for to a growing group of eye care providers.” “Acquios Alliance works to deliver solutions that connect our members to industry leaders, and our partnership with Abyde will help to fill needed gaps in practice’s HIPAA compliance programs,” said Rick Guinotte, CEO of Acquios Alliance. “Abyde’s HIPAA compliance solution is the best choice for our members, and we are proud to work together to help our optometrists continue to excel.”  About Abyde Abyde (Tampa, FL) is a technology company dedicated to revolutionizing HIPAA compliance for medical professionals. Launched in January 2017, Abyde was formed with the idea that there could exist an easier, more cost-effective way for healthcare providers to comply with government-mandated HIPAA regulations. For more information on Abyde visit abyde.com. About Acquios Alliance “Acquios Alliance is a membership program aimed at mitigating the unique challenges private practice optometrists face to help them thrive, independently. We partner with top vendors across the country in order to connect our members with the premium services they seek. Each of our vendor partners has a commitment to empowering the independence of the private practice optometry office. If your goal is independence and being unique, we are your advocate.” Read the full press release here.

When Sharing PHI is HIPAA Approved
HIPAA

Should I Share This? When Sharing PHI is HIPAA Approved

June 18, 2020 Comments Off on Should I Share This? When Sharing PHI is HIPAA Approved

June 18, 2020 We get it, the struggle is real. The moans and groans with HIPAA always seem to get louder when medical practices are faced with figuring out to whom and how sensitive data can be shared. Contrary to what many believe, HIPAA is all about properly sharing protected health information (PHI) – not preventing it entirely. Sometimes, lacking confidence that internal policies are in alignment with best practices on sharing PHI securely can cause a practice to hesitate to (or altogether not) send PHI to other parties requesting it, including other providers. Unfortunately, not acting in a timely manner and failing to comply with the request to share PHI with another provider can be a costly one. Proper disclosure of PHI is highly regulated under HIPAA when it comes to sharing or receiving patient records from another practice, and there are consequences to both sharing too much information – or not enough. First, the HIPAA Privacy Rule does in fact permit a health care provider to share patient information for treatment and healthcare operation purposes without needing written patient authorization as long as the reasonable safeguards to protect the information are used. To clarify what the U.S. Department of Health and Human Services (HHS) considers as treatment and operation purposes, “Treatment means the provision, coordination, or management of healthcare and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.”  Some key notes on sharing PHI between providers:  Additionally, if a patient is the one requesting their records to be sent to another provider: It’s time for providers to change their perspective on HIPAA – which is widely considered a restrictive set of laws and regulations. HIPAA is meant to be a guideline on how to securely and efficiently share sensitive and valuable data. Not a barrier or inhibitor as so many see it now. Being able to do so will have positive effects on the healthcare industry as a whole and improve patient care for years and years. Don’t let the unknowns of HIPAA keep data from those who have lawful access to them such as other providers or patients. If so, it is just as much of a HIPAA violation as sharing sensitive data with the wrong people.

Crystal Practice Management
Partner News

Abyde joins Crystal Practice Management to expand HIPAA compliance among users

June 17, 2020 Comments Off on Abyde joins Crystal Practice Management to expand HIPAA compliance among users

June 17, 2020 June 17, 2020, Tampa, FL – Abyde has announced a new partnership with Crystal Practice Management, an EHR and billing platform for optometrists, delivering Abyde’s Industry-leading HIPAA compliance software solution to Crystal Practice Management users. This partnership will provide Crystal Practice Management (PM) users with the tools necessary to implement a complete HIPAA compliance program, fulfilling essential, government-mandated HIPAA compliance requirements while streamlining providers’ time and resources spent on HIPAA. Abyde’s collaboration with Crystal PM showcases their mission to revolutionize HIPAA compliance by providing a simple, user-friendly solution that fits perfectly with eye care providers’ day to day operations. “We know that HIPAA compliance is a common gap among providers, and we’re thrilled to help Crystal PM users remove the stressors of trying to comply with complex HIPAA requirements,” said Matt DiBlasi, President of Abyde. “HIPAA compliance is essential for a practice’s success, especially now, and we are honored to be a part of Crystal PM’s offerings.” Abyde’s software solution is the easiest way for any sized eye care practice to implement and sustain comprehensive HIPAA compliance programs. The revolutionary approach to HIPAA compliance guides providers through mandatory HIPAA requirements such as the Risk Analysis, HIPAA training for doctors and staff, managing Business Associate Agreements, customized policies, and more. “Crystal Practice Management continues to focus on helping our providers save time and resources while getting the best solutions possible, and the Abyde program fits squarely into that goal,” said John Knaus, CEO of Crystal Practice Management, “We are thrilled to partner with an organization and solution that will provide instant value to our users.” About AbydeAbyde (Tampa, FL) is a technology company dedicated to revolutionizing HIPAA compliance for medical professionals. Launched in January 2017, Abyde was formed with the idea that there could exist an easier, more cost-effective way for healthcare providers to comply with government-mandated HIPAA regulations. For more information on Abyde visit abyde.com. About Crystal PMCrystal Practice Management is the ideal solution for a paperless office with more than 15 years of experience and thousands of satisfied clients. Crystal PM provides offices with the most complete and customizable health records on the market, secure electronic claims for almost all insurance carriers, an exhaustive billing component, and a multi-doctor scheduling program. With both cloud and on-premise delivery options, Crystal Practice Management has multiple pricing options, but all options include at least one year of toll-free phone support and automatic software updates. For more information, visit www.crystalpm.com. Read the full press release here.

FDA Services Partnership
Partner News

Abyde and FDA Services join forces to deliver leading HIPAA compliance solutions for Florida Dental Association members

June 9, 2020 Comments Off on Abyde and FDA Services join forces to deliver leading HIPAA compliance solutions for Florida Dental Association members

June 9, 2020 June 9, 2020, Tampa, FL –Abyde, an industry leading HIPAA compliance software solution for dental practices, announced a new partnership with FDA Services to deliver a complete and quality HIPAA compliance program to FDA members. Abyde’s collaboration with FDA Services as a preferred vendor showcases collaborative efforts to provide FDA members with government mandated and essential HIPAA compliance programs. The partnership will help FDA practices meet government mandated HIPAA needs, and better protect their practice and patient’s health information by identifying and correcting key security safeguards.   Abyde’s software solution is the easiest way for any sized dental practice to implement and sustain comprehensive HIPAA compliance programs. The revolutionary approach to HIPAA compliance guides providers through mandatory HIPAA requirements such as the Risk Analysis, HIPAA training for doctors and staff, managing Business Associate Agreements, customized policies and more. “Together with FDA Services, we are eager to show the value and simplicity providers have found with Abyde to even more of FDA’s members,” said Matt DiBlasi, President of Abyde. “During today’s challenging times and beyond, HIPAA compliance is essential for a practice’s success and we are honored to be a part of FDA Services’ platform.” “The Florida Dental Association is proud to offer our members only the best products and services, and we’re thrilled to be adding Abyde into the mix of quality and comprehensive solutions. We know our members will find great value in the peace of mind and simplicity Abyde offers while meeting a real requirement and need for dental practices,” said Scott Ruthstrom, Chief Operating Officer of FDA Services. “We look forward to providing industry leading education and services to FDA members.” About Abyde Abyde (Tampa, FL) is a technology company dedicated to revolutionizing HIPAA compliance for medical professionals. Launched in January 2017, Abyde was formed with the idea that there could exist an easier, more cost-effective way for healthcare providers to comply with government-mandated HIPAA regulations. For more information on Abyde visit abyde.com. About FDA Services FDA Services is the wholly owned, for-profit company of the Florida Dental Association.  FDA Services researches and vet business solutions so FDA members can take advantage of exclusive deals, discounts, and services on programs that are important to run an efficient dental practice.  For more information on FDA Services visit fdaservices.com/crown-savings.  Read the full press release here.

State Laws vs HIPAA
HIPAA, Legislation

State Laws vs HIPAA – What You Need to Know

June 8, 2020 Comments Off on State Laws vs HIPAA – What You Need to Know

June 8, 2020 When it comes to regulations surrounding the privacy and security of health information, federal HIPAA laws are typically the golden rules to follow. But did you know that many states have their own laws surrounding patient rights, data privacy, and medical records which sometimes overrule the federal guidelines? These state laws either predate the enactment of HIPAA or were passed to create stricter safeguards and typically focused on technology use. We understand HIPAA laws are confusing, and ensuring that you’re following the rules only becomes a little harder when it’s not crystal clear which rules are the ‘right’ ones.  It’s important to note that when HIPAA laws and state laws go head to head, HIPAA typically comes out on top. But like most things, there are some exceptions to the rule where the state law takes precedence. These specific instances include:  In HHS’ own words, “HIPAA provides a Federal floor of privacy protections for individuals’ individually identifiable health information,” basically meaning that any laws that are viewed to be ‘weaker’ than HIPAA regulations will be overruled. State laws will also be overruled if they contradict a HIPAA law. It’s not always easy to determine which laws are stricter and there are many areas of overlap between HIPAA regulations and state-specific laws. To try and give some clarity, here are some topics that commonly conflict each other:  Source: healthinfolaw.org As data privacy has become an increasing topic of concern, individual state’s as well as the federal government have been enacting stricter policies on matters that concern the security and privacy of electronic health information. More recently, events such as the COVID-19 public health emergency have been a catalyst for updating regulations to best meet the changing needs of the public. And as HIPAA laws, as well as state laws, have been under constant update, it’s harder for practices to keep up. We know that HIPAA alone is confusing, especially when you add in state-specific rules and regulations, which is why Abyde dynamically generates policies and procedures specific to your practice and the state you’re located in if applicable. With Abyde you don’t have to worry about reading through pages of laws, determining whether there are any contradictions, and figuring out which law preempts the other – we’re here as your HIPAA experts to help do so for you! While we know HIPAA like the back and maybe even front of our hand, there may be laws outside of HIPAA that impact your practice and overall operations – this blog article shouldn’t be considered legal advice, and we always recommend consulting with a legal team regarding your practice’s legal needs!

What is a HIPAA Security Risk Analysis
Best Practices, HIPAA

So, What Exactly is a Security Risk Analysis?

June 2, 2020 Comments Off on So, What Exactly is a Security Risk Analysis?

June 2, 2020 You might be aware that all practices need to complete a ‘Security Risk Analysis’ as a part of their HIPAA compliance program, but do you know exactly what this analysis covers? While this is the first step and among the most important aspects of a complete HIPAA program, it is often missed or not properly completed – in fact, during the latest round of OCR audits, 86% of covered entities could not show a properly documented Security Risk Analysis for their practice.  The HIPAA Security Rule defines a Security Risk Analysis (SRA) as an “accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronically protected health information held by the covered entity or business associate.” In layman’s terms, the risk analysis is a systematic review of your processes and policies that is ultimately designed to shed light on any aspects of your practice that could be considered weaknesses in protecting the privacy and security of your practice and the protected health information (PHI) it holds. Not having a properly documented analysis leaves potential risks unidentified and is a huge red flag for your overall compliance efforts. What questions does an SRA need to include? There is no specific checklist to follow when it comes to performing a risk analysis for your practice. The OCR does however provide specific elements that should be included. Your assessment should:  Completing a risk analysis for your organization is not just a one-time thing. Assessments should be reviewed periodically, especially as new work processes are implemented or technologies are updated. After events such as COVID-19, addressing any changes your practice made regarding remote operations, utilizing telehealth services, or receiving/providing more information electronically rather than in a physical exchange are all things that will need to be addressed for any additional vulnerabilities or threats they brought on.  What’s the best way to tackle an SRA? If your organization hasn’t completed an SRA before or has done so in a more basic or incomplete manner, using an outside organization will help to ensure all areas of the SRA are fully completed and documented accordingly. A third party can also help add new areas and questions to the SRA that reflect changing regulations as well as technology enhancements that present new threats or vulnerabilities to your organization.

Are you prepared for OSHA's Workplace Violence Prevention requirements? Learn what you need to do to be compliant.

DOWNLOAD CHECKLIST
X