Best Practices

Your Biggest HIPAA Vulnerability
Best Practices, HIPAA

Why Improper Documentation Can Be Your Biggest HIPAA Vulnerability

May 23, 2024 Comments Off on Why Improper Documentation Can Be Your Biggest HIPAA Vulnerability

May 23, 2024 Secure documentation is essential in any industry. However, in healthcare, there’s even more on the line. Ensuring HIPAA compliance with proper patient data care is crucial. Let’s explore how it works. Required Documentation for HIPAA HIPAA requires Covered Entities (CEs) and Business Associates (BAs) to document how they manage Protected Health Information (PHI).  Your organization needs to document its compliance process to be HIPAA compliant. This process includes your initial Security Risk Analysis, identifying risks and vulnerabilities, completing training, and any partnerships your organization might have with BAs. Under the Breach Notification Rule, any breach must be documented and reported, and affected patients must be notified. Written proof is required that your organization takes appropriate measures to protect patient data, especially when dealing with PHI. Additionally, your practice’s policies and procedures must be easily accessible and personalized for your location. Personalized documentation of policies, like a Disaster Recovery Plan, details the best course of action for your employees and their roles if a situation arises.  What Happens if Documentation isn’t in Place? When documentation isn’t in place, it can lead to fines.  Proper documentation is crucial for HIPAA compliance. HIPAA mandates personalized documentation of your practice’s compliance program, which identifies your practice and shows that appropriate measures are in place to secure PHI. The Business Associate Agreement (BAA) is a legally binding contract required for Covered Entities to establish with their Business Associates. The BAA outlines each party’s responsibilities for securing PHI. This documentation is vital for ensuring compliance with HIPAA regulations and identifying duties in the relationship. Many organizations have faced fines for neglecting this essential documentation. For instance, the Center for Children’s Digestive Health was fined $31,000 for lacking a BAA.  While thorough documentation practices are essential, many practices using manual methods often fall short, leading to HIPAA violations. At the latest HIPAA Summit, the OCR stated that some of the most common recurring HIPAA violations include incorrect documentation, especially missing BAAs. It’s a simple task to ensure accountability, but it’s necessary.  How Intelligent Software Solutions Can Help Documentation is essential but can be overwhelming. Compliance software simplifies the process, saving countless hours and protecting your practice. Innovative cloud-based solutions enable you to auto-generate and manage your policies and procedures quickly. You can create your documentation dynamically in seconds, ensuring your practice has the most up-to-date documentation. BAAs, a commonly overlooked document, can also be managed within software. Drafting the agreement and sending the documentation through the software simplifies the process.  To learn more about how Abyde can streamline and simplify your HIPAA compliance, please schedule an educational consultation.

Top Five Reasons Why You Need Compliance Software
Best Practices, HIPAA

Top Five Reasons Why You Need Compliance Software For Your Organization

May 21, 2024 Comments Off on Top Five Reasons Why You Need Compliance Software For Your Organization

May 21, 2024 As a healthcare provider, staying updated on evolving regulations is crucial to protecting your practice, its reputation, and its patients. But complying with regulations can be daunting; even the most diligent teams face challenges. In light of the recent Change Healthcare Breach, it’s more important than ever for practices of all sizes to reevaluate their compliance approach.  This is where automated compliance software provides an excellent solution to streamline, simplify, and secure the process. This blog post explores the benefits of intelligent software compliance programs for protecting your practice in place of manual compliance efforts and how software can help you succeed.  Top Five Reasons Why You Need Compliance Software  1: Automate Tasks & Reduce Manual Work An average manual HIPAA audit can take anywhere from several hours to several months to complete. When patient care is the focus, this is wasted time. Intelligent, user-friendly software assists practices in understanding the process and managing their time efficiently. With algorithms running the program, employees can dedicate more time to patient care, optimize workflow, efficiently schedule appointments, and reduce wait times. 2: Avoid Fines with Compliance Software The average cost of a HIPAA fine in 2023 was $321,269.  In comparison, investing in software is much less expensive than a potential fine, saving practices hundreds of thousands of dollars with preventative measures.  Ensuring ongoing compliance is the key. Software simplifies necessary processes to ensure compliance, potentially reducing common infractions that result in fines and penalties. 3: Effectively Manage Risk  HIPAA is highly detailed and demanding, requiring practices to maintain meticulously documented and ongoing compliance programs.  With centralized documentation, integrated Security Risk Analysis (SRA), and automated ongoing risk monitoring, risk can be mitigated. Software can dynamically generate policies and reporting, streamlining cumbersome processes. With thorough reporting, organizations can make informed decisions and proactively identify gaps. Stronger risk management protects practices against threats to their reputation, finances, and operations.  4: Develop a Thorough Understanding of Compliance  Understanding the regulations is essential for maintaining HIPAA compliance. Access to comprehensive training and up-to-date resources to ensure compliance is another advantage of software solutions.  Regular training establishes a foundation for your organization to foster a culture of compliance. Software companies also provide dedicated support teams to assist your practice with questions. 5: Stay Ahead of Regulations  The Office for Civil Rights is always improving and updating HIPAA rules to keep up with the latest technology and practices. Melanie Fontes Rainer, the director of the OCR, recently discussed the HIPAA Security Rule, stating that HIPAA is technology-neutral and scalable, but it doesn’t reflect how we receive healthcare today. This is particularly important considering the OCR has recently issued new HIPAA and online tracking guidelines. As technology advances, so does regulation. Changes in regulations are challenging to keep up with. Alternatively, software is regularly updated to align with compliance changes, simplifying reviews of the evolving healthcare landscape. You can minimize risk and stay compliant by receiving the latest HIPAA updates from your software provider. How Abyde can help Manually managing HIPAA compliance can be risky and error-prone, leaving your practice exposed. Instead, you can easily navigate requirements and safeguard your practice while saving significant hours and costs. All while promoting a culture of compliance through staff education on regulations and requirements, it’s all possible with software by Abyde. To learn more about ensuring your practice is compliant, email info@abyde.com and schedule an educational consultation.

World Password Day
Best Practices, Cybersecurity

Strong Passwords, Strong Protection: World Password Day

May 2, 2024 Comments Off on Strong Passwords, Strong Protection: World Password Day

May 2, 2024 Happy World Password Day!  To celebrate, let’s refresh your password etiquette. With the most recent updates on the Change Healthcare breach, you don’t want to miss this opportunity to do some compliance housekeeping!   Let’s dive into how to ensure your passwords are HIPAA-compliant, keeping Protected Health Information (PHI) secure.  Best Practices  First, let’s say ‘sayonara’ to ‘Password123!’. When it comes to creating a secure password, length is crucial.  Forget complex passwords with limited characters. Aim for at least 8 characters, using a mix of uppercase and lowercase letters, numbers, and symbols. This creates a longer and more challenging code to crack. Next, create passphrases instead of passwords. Consider using easy-to-remember passphrases instead. A good example would be including your favorite book or restaurant in a sentence. For example: “MyFavoritePlaceToE@tIsThaiGardenOn46thSt!” Lastly, make your passwords unique across different accounts.  Beyond the Password Two is Better than One Now that’s settled, let’s dig into the additional security steps to keep your practice safe.  Don’t shy away from Multi-Factor Authentication (MFA); it’s your friend.  Enable MFA wherever possible, adding an extra layer of security by requiring a second verification step, like a code from your phone, to access accounts. Imagine MFA as a second line of defense in password security. When not used properly, it can leave an open door for cyber attacks.  We’ve seen this play out in the news recently. On May 1st, Andrew Witty–Chief Executive Officer of UnitedHealth Group–testified in front of Congress regarding the Change Healthcare breach. Witty stated that the attackers successfully compromised a stolen user ID and passwords due to a lack of multi-factor authentication. This attack has cost Change Healthcare a whopping $870 million… and counting!  To think, this whole issue could have been avoided if they took 5 minutes out of their day to implement practical password protocols… Password Powerhouse Consider ‘hiring’ a password manager!  Using a password manager can provide peace of mind, knowing your passwords are secure. These tools generate strong, unique passwords and securely store them, eliminating the need to remember countless complex combinations. Just remember to use a strong master password for the manager itself! Finally, don’t forget to update your passwords at least three times a year and immediately if you suspect a security breach or phishing attempt. What’s Next?  Think of password etiquette like flossing your teeth – not the most fun activity, but neglecting it can lead to painful consequences.  That’s where Abyde can help simplify your practice’s everyday compliance needs.  Abyde’s software offers an all-in-one suite of compliance resources with password and multi-factor authentication best practices training, on-call compliance experts, and much more. To learn more about compliance for your practice, schedule an educational consultation with one of our experts today!   

HIPAA Compliant Marketing
Best Practices, HIPAA

Can You Post That?: The Secret to HIPAA Compliant Marketing

April 30, 2024 Comments Off on Can You Post That?: The Secret to HIPAA Compliant Marketing

April 30, 2024 Going viral in healthcare has a much more serious meaning than in marketing. Marketing in healthcare is essential. You want more people to know about your practice.  Like everything, the internet has revolutionized how patients look for a healthcare provider.  The internet is most people’s first introduction to your practice, with 75% of prospective patients first searching online for a healthcare provider.  Marketing and healthcare might seem like oil and water, especially when you throw HIPAA in the mix, but we promise you can do both, just with some rules.  Ready to take your patient engagement to the next level? Here are some tips and tricks when it comes to marketing your practice and being HIPAA compliant.  Tracking Tips One of the most common forms of marketing is online tracking tools.  Have you ever searched for something online and seen an ad on another website? For example, while falling down the rabbit hole of watching cat videos, you go to another site. Suddenly, BAM! Cat toy ads on every other site. While we aren’t complaining about seeing more cute cats, this isn’t a coincidence. It’s just tracking tools at play.  Almost every site you visit is trackable, with 90% of sites online having at least one tracking script installed.  Online tracking tools have been in recent healthcare compliance news, with the OCR releasing new HIPAA-compliant guidance.  Online tracking tiptoes into non-compliant territory, but installing software on suitable sites can be beneficial.  First, when working with a marketing company and installing this tracking software, ensure a Business Associate Agreement (BAA) is signed. A BAA outlines the responsibilities of each party, in this case, your practice and a marketing company, when handling Protected Health Information (PHI). These agreements ensure that both parties are on the same page, are liable, and know the importance of protecting patient data.  First, HIPAA does not apply to unauthenticated public sites like your practice’s homepage. Once patients are logging in, that’s when HIPAA comes into play. The information tracked must be the minimum necessary, and overall, can’t relate to the past, present, or future health, health care, or payment for health care.  Following the proper protocols helps avoid fines and keeps your practice running smoothly. Back in January, the NewYork-Presbyterian Hospital was fined $300,000 due to improper tracking practices.  Social Media Guru We’re not expecting you to become TikTok famous, but social media can be helpful in your practice. 74% of people online use social media, and nearly half have used it to learn more about a doctor or health professional for their care.  A social media page can be like a welcoming front door for patients. So, if you’re using it, make sure it’s HIPAA-compliant and shines a light on your fantastic practice!  When posting on social media, ensure PHI or patients who still need to sign a media consent form are visible.  While we know you might be excited about a patient’s new smile before and after braces, without consent, you might not be so happy with the fines. In Abyde’s software, we feature a media consent form, helping to keep your practice complaint.  Raving Reviews  Now, we’ve all read Google reviews. Whether it be the new Mexican restaurant up the street or your new general practitioner, we rely on others’ experiences when making a decision. Over 70% of patients trust Google reviews when searching for a new healthcare provider.  When responding to reviews, it’s essential to follow the simple rule: less is more. You can reply to reviews; make sure that identifiable information about a patient isn’t shared. For instance, even if it’s a lovely review, sharing a patient’s treatment online is unnecessary.  It’s essential to keep your cool when responding to these messages.  If it is a negative review, take it offline! Offer secure forms of contact for a patient, addressing their needs in a HIPAA-compliant manner. We’ve seen the repercussions of a Google review HIPAA violation. Manasa Health Center LLC was fined $30,000 for sharing PHI online in response to negative reviews. Even if the negative reviews were hurtful, we’re safe to say it probably wasn’t worth that much!  What’s Next?  We all know social media can be a game-changer for your practice, boosting patient numbers and engagement. But with great power comes great responsibility.  That’s where Abyde swoops in – streamlining compliance for your practice. Abyde simplifies compliance, and with features like the intuitive Security Risk Analysis, you’ll have all the tips and tools you need to ensure you’re compliant. So, get back to posting (safely)!  To learn more about compliance for your practice, schedule an educational consultation with one of our experts today! 

Improper Access of PHI by Staff
Best Practices, Cybersecurity, HIPAA

Compliance Catastrophes: Improper Access of PHI by Staff

April 24, 2024 Comments Off on Compliance Catastrophes: Improper Access of PHI by Staff

April 24, 2024 It’s hump day! As we get through this middle bump of the week, we’re still rolling our series, Compliance Catastrophes; real-ish world examples of nightmare scenarios!  Today, we’re looking at you, healthcare workers and Business Associates! We know you do amazing work when taking care of patients, but keeping data secure is a part of building an awesome practice or business environment.  When given the keys to keep Protected Health Information (PHI) safe, it doesn’t mean to open the treasure chest of data! When working in this field, you’re around a lot of sensitive information, and it’s vital to uphold your commitment to patients by keeping it confidential!  We know it’s not all healthcare workers or their associates, but more people break this rule than you’d expect.  We’re getting scientific! There was a recent study that highlighted over 400 employees inappropriately accessing PHI at a hospital, and many only stopped accessing unauthorized PHI due to being warned they were caught by email.   It shouldn’t take being caught to change bad behavior! You know the drill – improperly accessing PHI is a breach of trust.  But just to be safe, let’s see an example of what you should not do. Now, joining us today, you guessed it, is our unlucky friend, Catastrophe Cathy.  PHI Peeking Cathy was at the front desk when a familiar face showed up for an appointment. An old friend from high school that she hasn’t seen in years!  They chat for a little bit, and Cathy can’t help but wonder what brought this friend in.  When she’s closing up, she can’t ignore the voice in the back of her head to go look. She falls for the temptation and searches for her friend’s medical information, curious about what brought her old friend into the practice.  As she’s reading about her old friend, another employee notices what she’s doing. Cathy is embarrassed and ashamed, as well as she should be! She was breaching her old friend’s PHI. That information is strictly confidential, no matter how close they used to be.  Real Life: Real FinesYou might think that a situation like this could never happen to you, but it happens often and there are severe consequences.  Last year, the OCR fined Yakima Valley Memorial Hospital in Washington State due to some snooping security guards. Curiosity didn’t kill the cat, but did leave it with a hefty fine! Over 400 patients’ records were looked at and the hospital was charged with a pretty expensive bill: $240,000!  To avoid snooping breaches, make sure all staff are properly trained on their roles and responsibilities. Access controls need to be monitored often, ensuring staff only have access to what pertains to their role. Additionally, make sure logs are reviewed, keeping your eyes open for any suspicious activity.   We all deserve our health information to be secure, and healthcare workers and business associates are at the front lines of keeping it confidential. To learn more about common compliance catastrophes, email us at info@abyde.com and stay tuned for the next in our series on our social media! 

HIPAA Compliance Email Safety
Best Practices, Cybersecurity, HIPAA

Compliance Catastrophes: Email Safety

April 22, 2024 Comments Off on Compliance Catastrophes: Email Safety

April 22, 2024 Good morning! We hope we can cheer up your Monday blues with the announcement of our new educational series, Compliance Catastrophes: real-ish world examples of nightmare scenarios!  Throughout this week, we’ll be releasing blogs and videos on common breaches of Protected Health Information (PHI) in healthcare, giving you the tips you need to stay secure.  We’re starting our series with one of the most common HIPAA breaches: email scams.  Email scams are very prevalent, with 91% of cyberattacks beginning with a phishing email. Phishing attempts are the most common form of cybercrime, with 3.4 BILLION spam emails sent daily.  Now, before we get too far, let’s clear up any misconceptions. Phishing attempts are unfortunately not a Saturday night getaway on a boat with your friends catching fish, it’s much more like casting a lure of fake urgency or importance to try and ‘fish’ for personal information, like PHI. You might think that you could never fall for a phishing scam, but let me tell you, it happens quite often.  Let me introduce you to the star of the week, Catastrophe Cathy.  A One-way Ticket to a Breach Cathy was scrolling through her email, and she couldn’t believe her eyes! Her boss sent her an email offering her a week’s vacation to Italy! All she had to do was claim it by clicking the link listed at the bottom of the email.  She was sold! It looked real; it said it was from her boss, Bob, and it even had his email signature!  As she clicked the link, the malware began to work its nefarious magic – infecting her computer and getting access to PHI.  Her dreams of seeing the Leaning Tower of Pisa came crashing down. Once she realized there was no trip. She panicked! What was she going to do?  Email Safety 101 Now, we can be like Cathy if we aren’t careful when checking our emails!  Falling for these phishing scams affects over 300,000 people a year, yielding over $50 million in losses.  First, an always good rule of thumb: If it’s too good to be true, it’s not. Sorry, or scusa (sorry in Italian) Cathy!  Next, always check who is sending the email. While it looked like it came from Bob the Boss, if she looked at the email address, she would have seen it came from Stevethescammer@email.com! Hackers pretending to be someone else at your organization is a very common practice known as spoofing.  Lastly, if you see any odd links or attachments, never click them, report them as spam, delete them, and, if applicable, forward them to your organization’s phishing email!  Phishing scams have also made a recent detrimental impact on healthcare. The OCR settled its first phishing cyber attack investigation, costing the Lafourche Medical Group $480,000!  Reel in Control Now, if you find yourself falling for an email scam, the first thing you need to do is to alert your team. You might be embarrassed, but it’s brave to admit you’re wrong, ensuring others don’t fall for a similar attack, too.  The most important step right now is to disconnect your device from the internet. Think of it like putting up a “closed for business” sign. This cuts off the hackers’ access and prevents them from finding more information on your network.  Loop in your IT team or IT provider, and follow company procedures for a cyber attack. Of course, notify patients affected by the breach, and report the breach in your Abyde software and to the OCR. Also, since it is a phishing attempt, you can report it to the FTC.  To learn more about common breaches, stay tuned to our blogs and videos this week! Follow us on social media to be the first to see the latest compliance news, and if you have any questions, email us at info@abyde.com. 

Promoting Safety in Dentistry
Best Practices, OSHA

Smile with Confidence: Promoting Safety in Dentistry

April 16, 2024 Comments Off on Smile with Confidence: Promoting Safety in Dentistry

April 16, 2024 Happy Toothsday! Okay, okay, yes, we know that was bad. Regardless, we hope you’re having a lovely beginning of the week.  Working in dentistry can be very rewarding, You know that confident feeling of rocking a fantastic smile? In dentistry, you get to create that feeling for people every day.  However, dentistry comes with challenges, like working with sharps daily and the possible exposure to bloodborne pathogens.   Here at Abyde, we’re all about prevention and safety. Today, we’re jumping right into promoting safety in dental offices. By following the right procedures, you can focus on what’s important: creating dazzling smiles!  Gear Up for Grins When working at your practice, having the proper Personal Protective Equipment (PPE) is vital. PPE encompasses all the protective gear you need to wear to ensure your safety while working with patients. This includes equipment like: While your masks and gloves might not be the most fashionable statement pieces, by rocking the correct PPE, you can minimize exposure to germs and other dental hazards, keeping you safe.  Let’s face it (pun intended!), dentistry can get a little…messy at times.  That’s where PPE comes in!  Face shields and glasses act as your splash guards, keeping your eyes protected from any flying fluids or debris. Gloves also minimize contact, keeping your hands covered when delivering exceptional patient care.  This way, you can focus on creating beautiful smiles without worrying about exposure. Syringe Savvy Using sharps is part of the dental world. That’s why we recommend the latest and safest tools. Think of it this way: those fancy safety features on your dental devices aren’t just bells and whistles – they’re game-changers! Sure, change can be a bit daunting, but these innovations are designed to make your practice safer, smoother, and ultimately, more awesome.   Some of the common safety tools include:  Bite-sized Learning When protecting your staff, training is key. With excellent training, your staff can be equipped with the knowledge they need to be safe.  This includes mastering the proper steps for sharps and bloodborne pathogens, two of the most common safety issues in a dentist’s office.  These situations can be tricky, but with the proper training, your team can conquer any challenge with ease.  How Abyde Can Help We know that paperwork and regulations can feel like a cavity that just won’t quit. That’s why we make it simple. Abyde is a software solution that makes compliance easy. With Abyde, we offer a variety of resources to make compliance a breeze, including training on everything you need for dental compliance.  To learn more about what it takes to be compliant in your dental practice, email us at info@abyde.com and schedule a consultation here.

Healthcare Workplace Violence Prevention
Best Practices, OSHA

Your Safety Matters: Workplace Violence Prevention in Healthcare

April 15, 2024 Comments Off on Your Safety Matters: Workplace Violence Prevention in Healthcare

April 15, 2024 Hi everyone! We hope you had a nice weekend!  We’re starting this week with a heavier, but necessary article. We ALL deserve to feel safe and comfortable when at work – no, ifs, ands, or buts.  This is especially true for our healthcare workers. It’s a stressful job, and on top of the pressure, they shouldn’t have to worry about violence or unsafe working conditions. Unfortunately, this is not the case. Workplace violence is especially common in healthcare, disproportionately affecting healthcare workers. For example, workplace violence is FIVE more times as likely to occur in private healthcare practices and social assistance programs than in any other industry sector.  This is unacceptable. But, hey, here’s a half-glass-full mindset! There’s always a way to change that! We need to create a better workplace for our healthcare employees.  Today, we’re diving into the best ways to build a culture of safety and compliance in your practice, so your staff feels empowered and safe.  Leading the Charge To ensure a team feels safe and secure in the workplace, their leaders must establish a culture of compliance. While we talk about a culture of compliance often, what does that mean?  From leadership,  means guiding and ensuring the safety of employees, having clear policies in place, providing worthwhile training, and much more. This behavior is not just after an incident, but continuously, cultivating an environment where staff feels safe and supported.  All employees must feel heard and supported in the workplace, encouraging open communication about their experiences and what can be done to make the workplace even better. Employees are the heart of any healthcare setting, and their safety is paramount. To empower them to feel secure, clear reporting methods are crucial. This includes offering multiple channels, like a confidential hotline or online portal, to report any situation that raises a red flag.  But safety isn’t a one-time fix. It’s a continuous journey that requires ongoing commitment from leadership. By incorporating these elements, leadership fosters a culture of compliance where staff feels safe and supported at work, knowing their concerns are heard and acted upon, ultimately creating a safer work environment for everyone. Violence? Yeah, No, Gotta Go In part of implementing a culture of compliance, ensure all staff is aware that there is a zero-tolerance policy for violence in the workplace. This policy encompasses all employees, patients, visitors, and in general, anyone who comes into contact with a practice’s employees. This zero-tolerance policy covers everything that goes beyond respectful interactions.  By establishing a zero-tolerance policy, you protect your employees. By making clear consequences for workplace violence, your staff can focus on what they do best: healing others.  How Abyde Can Help Workplace violence in healthcare is unfortunately an epidemic in the field. For instance, 64% of clinicians have felt physically unsafe at work.  At Abyde, we believe a strong culture of compliance shouldn’t be a burden. That’s why we offer revolutionary compliance software that simplifies the process for everyone.  With Abyde, all employees become active participants in creating a safe and secure work environment. By making compliance easier, Abyde empowers your staff with the knowledge and resources they need to be successful. This translates to a more confident and engaged workforce.  No one deserves to feel unsafe at work, and with Abyde, we’re all taking a step towards a safer, more positive work environment for everyone. Get started on building a culture of compliance today! Email info@abyde.com and schedule a consultation here. 

HIPAA Compliant Phone Calls
Best Practices, Business Associates, HIPAA

1-800-HIPAA: Guide to Compliant Phone Calls

April 12, 2024 Comments Off on 1-800-HIPAA: Guide to Compliant Phone Calls

April 12, 2024 Brrring Brrring Brring! It’s your friends from Abyde calling! Pick up! We have some worthwhile tips and tricks to share with you today.  While we all love a good chat on the phone when working with Protected Health Information (PHI), it’s key to keep things confidential.  That’s why today, pick up our call and learn how your practice can make compliant phone calls. By following our tips, you’ll be a confident phone pro, ready to chat with patients while keeping their privacy a top priority. So, are you ready to answer? Let’s get started! Hello, it’s HIPAA In the digital age, there are numerous ways to connect and share information with patients. Reaching out to patients through the phone is still a common practice, but you need to be able to navigate it safely.  First, ensure your phone systems are HIPAA-compliant before sharing any PHI. This includes end-to-end encryption, user authentication, audit control, automatic log-off, and other strong security features.  When onboarding with a cloud-based phone service, make sure a Business Associate Agreement (BAA) is signed with the provider, ensuring accountability and liability when it comes to the protection of patient data.  Listen, we know you might be itching to chat after your visit –   you genuinely care about our patients and their well-being, but there aren’t a ton of reasons to call a patient.  While HIPAA restricts casual chit-chat, some of the reasons to call a patient include: Additionally, if you are calling a Business Associate (BA), make sure a BAA is signed before communicating any PHI through the phone.  When in Doubt, Leave it Out! When on the phone with a patient or a BA and you’re disclosing PHI, the Minimum Necessary Requirement is at play. As in the name, this standard means only the minimum necessary information about a patient’s health information should be disclosed.  FCC, or the Federal Communications Commission has come out and given guidance on HIPAA-compliant phone calls. Keep it short and sweet! Phone calls should be less than 60 seconds or less than 160 characters in text length.  And, don’t blow up any patient’s phone with calls! The FCC says patients should only receive three calls a week, or one text a day.  To ensure patient privacy and clear communication, keep calls brief and focused.  Before sharing any information, take a moment to verify the patient you are speaking with.  Phoning Family While it’s only normal for a family to worry about a patient’s health, sharing this information is a different story.  Under HIPAA, the patient has to agree for their PHI to be shared with family. Once again, only the minimum information required can be shared.  However, if a patient is incapacitated, PHI can be shared with the family if it’s considered in their best interest. Once a patient is lucid again, the patient can retract permission for PHI to be shared with family.  Dialing Up Patient Trust Phone calls are a common and effective way to quickly share information with patients. Like anything regarding PHI, it’s vital to stay compliant, keeping patient information secure.  By properly handling phone calls at your practice, you’ll strengthen patient trust, improve communication, and reduce compliance risks with the right tools. Abyde can be one of those trusted tools, being a cloud-based solution that streamlines the compliance process. Abyde will assist you in having everything you need to be compliant, keeping you in check and creating a culture of compliance at your practice.  To learn more about what your practice needs to do to be compliant, email info@abyde.com, call us at 1.800.594.0883,  and schedule a consultation here.     

Looking to finish your SRA for MIPS by the Dec 31 deadline? We're here to help you get compliant in minutes.

SCHEDULE CONSULTATION
X