Abyde News

HIPAA for Enterprise Practices
Abyde News

Abyde expands HIPAA compliance solutions to serve enterprise-level organizations

March 2, 2021 Comments Off on Abyde expands HIPAA compliance solutions to serve enterprise-level organizations

March 2, 2021 Abyde, a user-friendly HIPAA compliance software solution designed for independent providers, today announced the launch of a new complementary Enterprise product designed with medium to large organizations in mind.  HIPAA compliance has remained a priority for the Office for Civil Rights with historic enforcement activity in 2020. Recently announced audit data revealed only 2% of covered entities met all HIPAA compliance requirements, and only 14% completed the required Security Risk Analysis to assess their physical, technical and administrative safeguards. For larger organizations, implementing an efficient HIPAA compliance program for multiple locations has remained a daunting task. Abyde Enterprise works to solve these HIPAA headaches, allowing HIPAA program administrators to easily navigate between locations, view their compliance program at a glance, and simplify shared compliance responsibilities with an innovative multi-user functionality. The complementary product reimagines Abyde’s already industry-leading features, which guide providers through mandatory HIPAA requirements, with new tools and reporting capabilities to better serve organizations who have 2 to 2,000 locations.  “Abyde Enterprise is a game-changer for larger organizations and just another example of how Abyde is revolutionizing HIPAA compliance,” said Matt DiBlasi, President of Abyde. “We’re thrilled to bring to market a one-of-a-kind solution that will truly make HIPAA compliance as easy as possible for companies who must effectively manage multiple locations.”  “Abyde Enterprise is all I’m ever going to need for HIPAA compliance,” said Amanda Bailey from Triad Eye, an Abyde user who recently upgraded to Enterprise. “I’ve been really impressed how Abyde Enterprise might be even easier to use than standard Abyde – which I could have never thought was possible! Every multi-location practice out there should be using Abyde Enterprise!”  About Abyde Abyde is a healthcare technology company on a mission to revolutionize HIPAA compliance for medical professionals. Launched in 2016, Abyde has become the preeminent solution for independent practices to achieve and maintain government-mandated HIPAA compliance, serving thousands of practices of all sizes across the nation. The industry-leader, Abyde combines an intuitive software with personal support for an experience so simple, ‘easy’ is an understatement. To see how, visit abyde.com today. Read the full press release here.

The Security Rule HIPAA
Abyde News, HIPAA

HIPAA Building Blocks: The Security Rule

November 12, 2020 Comments Off on HIPAA Building Blocks: The Security Rule

November 12, 2020 Even with a law as complex as HIPAA, there are a few building blocks that form the base of all HIPAA requirements. One of those blocks – often referred to as the first step in HIPAA compliance – is the Security Rule. Essentially, the Security Rule ensures protected health information (PHI) is only accessible to those who should have access. Think of it almost like a personal bodyguard there to protect your PHI. In this case, that ‘bodyguard’ is made up of specific safeguards – covering physical, administrative, and technical access – that ensure the protection and confidential handling of patient information. Administrative Safeguards  Covering more than just paperwork (though, there is a lot of that), administrative safeguards include documentation of the actions, policies, and procedures used by your practice to protect PHI. These requirements cover:  Physical Safeguards  Beyond the obvious (we hope things like locking your doors are already in place), physical safeguards cover the measures taken to protect your information systems, physical infrastructure, and equipment from unauthorized access as well as natural hazards. Key requirements include:  Technical Safeguards  It’s impossible to avoid technology in the healthcare world today, and technical safeguards cover the ways your practice secures electronic protected health information (ePHI) and controls access to it. These requirements are a bit more difficult that simply installing antivirus software, and cover:  These safeguards are just a few pieces of the HIPAA compliance puzzle, but can make or break a practice when it comes to HIPAA. Often, practices slapped with HIPAA fines are missing one (or in most cases, a lot) of these requirements that could have prevented HIPAA violations and better protected their patient data. So how do you start actually implementing all these requirements? There’s no easy instruction manual handy, but the next best thing is working with HIPAA experts that can not only assess where your program is at, but help guide you through recommended updates to fix any high risk areas. However you manage HIPAA, meeting the Security Rule requirements is just the first step – make sure you review your entire HIPAA program, not just one or two pieces, to be compliant. 

Acquios Alliance Partnership
Abyde News, Partner News

Abyde partners with Acquios Alliance to deliver HIPAA compliance solutions to private practice optometrists

July 1, 2020 Comments Off on Abyde partners with Acquios Alliance to deliver HIPAA compliance solutions to private practice optometrists

July 1, 2020 July 1, 2020, Tampa, FL – Abyde, an intuitive and industry leading HIPAA compliance software solution for private practices, today announced it has joined Acquios Alliance’s network of top vendors to deliver exceptional HIPAA compliance solutions to their members. Abyde’s collaboration with Acquios Alliance helps alleviate the unique challenges private practice optometrists encounter by providing them with state of the art HIPAA compliance programs designed to reduce the time, resources and stress that accompanies a complete HIPAA program. Abyde’s software solution is the easiest way for any sized eye care practice to implement and sustain comprehensive HIPAA compliance programs. Abyde’s revolutionary approach guides providers through mandatory HIPAA requirements such as the Risk Analysis, HIPAA training for doctors and staff, managing Business Associate Agreements, customized policies and more. “As part of Acquios Alliance’s selective network Abyde is now poised to deliver exceptional HIPAA services designed specifically for the needs of an independent optometrist – which is a unique challenge,” said Matt DiBlasi, President of Abyde. “This partnership will allow us to provide the same comprehensive HIPAA solutions we are known for to a growing group of eye care providers.” “Acquios Alliance works to deliver solutions that connect our members to industry leaders, and our partnership with Abyde will help to fill needed gaps in practice’s HIPAA compliance programs,” said Rick Guinotte, CEO of Acquios Alliance. “Abyde’s HIPAA compliance solution is the best choice for our members, and we are proud to work together to help our optometrists continue to excel.”  About Abyde Abyde (Tampa, FL) is a technology company dedicated to revolutionizing HIPAA compliance for medical professionals. Launched in January 2017, Abyde was formed with the idea that there could exist an easier, more cost-effective way for healthcare providers to comply with government-mandated HIPAA regulations. For more information on Abyde visit abyde.com. About Acquios Alliance “Acquios Alliance is a membership program aimed at mitigating the unique challenges private practice optometrists face to help them thrive, independently. We partner with top vendors across the country in order to connect our members with the premium services they seek. Each of our vendor partners has a commitment to empowering the independence of the private practice optometry office. If your goal is independence and being unique, we are your advocate.” Read the full press release here.

Abyde Featured in Optometric Management Magazine
Abyde News

Abyde President, Matt DiBlasi, Featured Article in Optometric Management Magazine

April 20, 2017 Comments Off on Abyde President, Matt DiBlasi, Featured Article in Optometric Management Magazine

April 20, 2017 The article below was featured in the April edition of Optometric Management Magazine. To see it on their website,  click here. ARE YOU HIPAA COMPLIANT? THESE FIVE STEPS CAN HELP YOUR PRACTICE SECURE PATIENT INFORMATION By Matt DiBlasi, St. Petersburg, Fla.April 1, 2017  THANKS TO the HITECH Act, Meaningful Use and the Medicare Access and CHIP Reauthorization Act (MACRA)/Merit-based Incentive Payment System (MIPS), the number of optometrists using EHRs will be at an all-time high by the end of 2017. Many practices are trying to implement software, install IT networks, ensure data backups are running properly and integrate diagnostic technology, such as optical coherence tomography devices, into electronic information systems. For established practices the overwhelming sentiment is, “This is not what I went to school for!” While that statement may be true, O.D.s must embrace this technology. It is tied closely with The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and, thus, the survival of one’s practice. Whether it is patient names, Social Security numbers, dates of birth or medical histories, the data stored in EHR is extremely profitable to those with malicious intent. In fact, this protected health information (PHI) is 10x more valuable than credit card information on the black market, reports Reuters. This makes optometry practices targets for criminals. (See “Securing Your Practice,” p.23.) To ensure you’re complying with the latest HIPAA security requirements, consider following these five steps. 1 PERFORM A RISK ANALYSIS This is a self-evaluation in which a practice must identify safeguards in place to secure PHI, as well as identify potential risks to the confidentiality of that same sensitive information. For example, many practices do not change computer and server passwords on a regular basis — a potential risk. As a result, my company recommends computer and server passwords be changed at least 3x per year, as anything less frequent would be considered an elevated risk. The Office for Civil Rights (OCR) at the United States Department of Health & Human Services is clear in explaining that the risk analysis is the first step in a practice’s HIPAA security compliance efforts. Without one, a practice cannot be considered HIPAA compliant. In the case of a HIPAA audit, data breach precaution is the first item the OCR will require from a practice as proof of risk analysis. (The first thing the government will ask for in case of an audit is proof of risk analysis). This makes it vital for practices to have their risk analyses easily accessible and up to date. The five categories to consider when documenting the risk analysis are (1) physical, (2) technical, (3) administrative, (4) policies and procedures and (5) organizational requirements. (See tinyurl.com/RAHHS .) Pro tip. Rather than updating the risk analysis once per year, make it a habit to update it, at minimum, on a quarterly basis to save a substantial amount of time. Securing Your Practice 2 DOCUMENT POLICIES AND PROCEDURES No matter the size of your practice, it is imperative to document all HIPAA policies and procedures for your organization, as the 2016 HIPAA Audit Protocol mandates policies and procedures be reviewed in the case of an OCR audit. While it may seem like overkill for smaller optometry practices to have a full complement of documented policies, doing so can be beneficial in the case of disaster recovery efforts or streamlining the onboarding/off boarding process for employees. Pro tip. Make sure policies and procedures are specific to your organization’s processes. In other words, avoid using generic online or purchased templates that can give a false sense of security that you are meeting the HIPAA policy and procedure requirement. Examples of policies: access authorization, disaster recovery plan, email and fax transmission and employee hiring and termination. 3 CREATE A HIPAA TRAINING PROGRAM Many practices conduct HIPAA training for all staff (full/part-time), but few may be meeting OCR’s training requirement. This requirement: Not only must HIPAA training be completed, at minimum, once per year for all employees, but training requirements also mandate that it be concluded in a modular format. This means documented proof is required that a quiz was taken by each employee. Pro tip. Make sure new employees go through a formal HIPAA training program and take an associated quiz within 90 days of being hired, or “in a reasonable time frame.” 4 REQUIRE BUSINESS ASSOCIATE CONTRACTS Also known as BACs, these offset liabilities in the case of a data breach. With the majority of data breaches caused by business associates (CPA firms, attorneys, consultants) and not internal employees, the importance of getting BACs signed cannot be understated. If a business associate will not sign a BAC, realize that by continuing to work with him or her, the practice is taking on a huge liability risk. (See tinyurl.com/BACHHS .) Pro tip. Every BAC is worded differently, so be sure to identify when the BAC expires. 5 ENCRYPT OR SECURE PHI You may understand the importance of ensuring servers and backups are encrypted properly, but have you ensured other applications, such as your email, are secure? Emails containing PHI should never be sent under any circumstance unless encrypted or secured. Also, remember that every time a document is scanned or printed to a multi-function device, a copy is saved to the internal hard drive. If hard drives are not encrypted or wiped properly and the device is returned at the completion of a lease or sold to another business, a data breach can occur. Pro tip. Most all-in-one printers/copiers/scanners provide a HIPAA-compliant security or encryption package. If these are not available for your device, work with an IT professional to wipe and delete hard drives properly before disposing of the system. Total Complaints Investigated 36,048Source: HHS.gov PROTECT YOUR BUSINESS While many practices feel burdened by the added responsibilities of technology, such as EHR, lack of time to interpret HIPAA security requirements is not an accepted excuse when a HIPAA audit reveals problems. Follow the steps outlined above, and consider reaching out to a third party for questions, concerns or if you just need help. OM MR.

Are you prepared for OSHA's Workplace Violence Prevention requirements? Learn what you need to do to be compliant.

DOWNLOAD CHECKLIST
X