ABYDE FOR THE OXMAN GROUP USERS

It's time for stress-free compliance.

  • EASIEST SOFTWARE YOU’LL EVER USE

    And if we’re being honest, easy is an understatement. All companies say it, but we are so confident in the simplicity of our software that we will prove it.

  • ‘HANDS OFF’ APPROACH

    We automate it all – from notifications about training to policy generation. Can you imagine not having to set your own reminders?! Go ahead, focus on your patients – we will ping you with the important stuff.

  • CUSTOMER SUCCESS TEAM LIKE NO OTHER

    We will meet you where you are – whether that’s by phone, chat, or email. It’s tough stuff in the tech space, but our customers love us as much as we love them.

  • STATE BY STATE, LAW BY LAW

    No matter what state your practice is in, our solution is for you — from sea to shining sea. We know our stuff and dedicate ourselves to staying on top of the latest state and federal changes so you don’t have to.

  • MORE THAN JUST SOFTWARE

    With us, you get more than policies and software. We offer Master Classes, newsletters, and more to keep you up to date. At the end of the day, we are proud to lead with education.

LATEST COMPLIANCE NEWS

Business Associate HIPAA Fine

Choose Your Business Associates Wisely: An $80K Mistake

January 8, 2025 As we ring in the new year, it’s important to remember that Business Associates (BAs) are just as responsible for protecting patient health data as their Covered Entity counterparts. A major misstep by a BA was highlighted recently on a federal level, and the first fine of 2025 was imposed. Elgon, a Massachusetts-based medical record and billing support company for Covered Entities, was levied a $80,000 fine due to numerous violations of the Security Rule, which were exposed by the fallout of a ransomware attack. As a proposed update to the Security Rule is currently open for public comment and may take effect in the spring, it is crucial for Covered Entities to select Business Associates (BAs) who prioritize compliance. BAs are just as responsible for ensuring that Protected Health Information (PHI) is kept secure. What Happened? Elgon was the victim of a ransomware attack on March 25, 2023. Unfortunately, the BA didn’t realize the intrusion of its firewalls for over a week until a ransom note was discovered. Elgon then reported the breach, which affected over 30,000 patients of a Covered Entity. Thousands of social security numbers, addresses, and other personally identifiable information were leaked from the attack. When Elgon was investigated, it was uncovered that the organization failed to recognize its risks in a Security Risk Analysis (SRA). The SRA is at the foundation of a successful practice or business, giving an organization a benchmark on how it handles PHI and how it can improve. This fine is also the second enforcement of the OCR’s Risk Analysis Initiative, highlighting the importance of completing and maintaining this assessment. How to Protect Your Organization Covered Entities and Business Associates need to uphold their commitment to protecting patient data. This recent fine is a stark reminder of what can happen when the proper procedures are not followed, exposing the personal information of thousands of patients. To avoid and mitigate situations like this, Covered Entities must carefully choose the right BA to work with, ensuring they also understand the importance of protecting patient data.  For BAs, having the proper safeguards in place is vital, earning trust from Covered Entities that you can keep their patients’ PHI safe. A key document that establishes the liability of both parties is the Business Associate Agreement (BAA). The BAA is a written document required when working with Business Associates and vice versa. This signed agreement ensures both parties know their responsibilities when handling patient data. Proposed updates to the Security Rule expand on this, with BAs potentially having to verify they are enforcing the proper safeguards on a yearly basis, certified by a compliance expert. Overall, this fine sets the tone for a new year of significant changes and enforcement by the OCR. Covered Entities and Business Associates must both understand their critical role in protecting patients. To learn more about how you can become HIPAA compliant, schedule a consultation with our team of experts today.

Read More »
2025 HIPAA Compliance

New Year, New Compliance Program

December 31, 2024 After a year of record-breaking breaches and fines in 2024, starting the new year with your HIPAA compliance buttoned up is crucial. A compliance program is a comprehensive plan to ensure compliance with HIPAA guidelines. It’s much more than yearly training; it’s what you do daily to uphold your commitment to patient data safety.  The new year is about implementing new routines and actions for improvement. That’s why now is the time to get the right compliance program in place. Here are three key goals to help you start on the right track in 2025.   Complete a Security Risk Analysis  The first step to HIPAA compliance is completing a Security Risk Analysis (SRA).  The SRA is an assessment of the administrative, technical, and physical safeguards your practice has in place to protect patient data.  While the SRA might seem like a simple requirement to adhere to HIPAA regulations, it is actually one of the most overlooked, with only 14% of practices able to present documentation of a compliant SRA.  The SRA helps your practice identify vulnerabilities and creates a roadmap for HIPAA compliance, guiding your practice on what needs to be addressed. This documented analysis of your practice is the foundation of a compliant practice.    Establish a Culture of Compliance  A culture of compliance is the understanding that everyone—from leadership to staff—recognizes the importance of protecting patient data.  To achieve a compliant practice, it’s vital that all staff understand and continuously commit to following HIPAA. The culture of compliance involves much more than just training; it encompasses every decision employees make when dealing with data. This includes using the appropriate encryption measures when sending emails to patients and ensuring that staff members discuss only the minimum necessary amount of Protected Health Information (PHI) when required. To cultivate a culture of compliance in your practice, staff must have access to comprehensive resources to train, learn, and document anything regarding PHI. This could include interactive training portals, required access logs, and easy access to all learning materials. By providing streamlined compliance, your practice not only establishes a culture of compliance but also enforces it, holding all staff accountable if they don’t adhere to HIPAA guidelines.    Get Organized – Digitize Documentation In the new year, do a self-audit of your HIPAA documentation. If asked, could you easily find specific policies?  While meeting HIPAA requirements is essential for a compliant practice, you must also be able to present documentation as proof. The year is about embracing change. While most might picture their HIPAA manual as an overflowing binder, this is not the only option for managing documentation. It’s time for a change.  Cloud-based compliance programs allow you to access your HIPAA manual easily by logging into your account. Gone are the days of rifling through a binder to find a specific policy or procedure—a web-based HIPAA manual easily generates and organizes your documentation, saving you time and keeping all versions of your documentation in a centralized location.    Sticking to Resolutions If achieving streamlined HIPAA compliance has been a long-avoided New Year’s Resolution, this is the year to begin. With the right program, you can simplify compliance and have complete visibility into what is necessary to remain compliant. To learn more about how to get compliant this new year, schedule a consultation with a compliance expert today. 

Read More »

READY TO BE STRESS-FREE?