Monthly Archives: September, 2017

9 Vulnerabilities Medical Practices Create Themselves

September 13th, 2017 Posted by Healthcare Revenue 0 thoughts on “9 Vulnerabilities Medical Practices Create Themselves”

Unfortunately, many medical practices proverbially-speaking, shoot themselves in the foot, and create vulnerabilities themselves, which open them up to potential cyber-attacks and HIPAA violations.

Fortunately, most of these vulnerabilities can be prevented with small changes in mindset, culture, and processes.

9 Vulnerabilities Medical Practices Create Themselves

(more…)

HIPAA 101

September 1st, 2017 Posted by Healthcare Compliance 0 thoughts on “HIPAA 101”

HIPAA dates back to 1996 and stands for the Health Insurance Portability and Accountability Act. At first HIPAA’s regulations were vague and with little to no enforcement. That changed in 2009 with HITECH Act (Health Information Technology for Economic and Clinical Health), which was part of the 2009 American Recovery and Reinvestment Act. This act charged the Office of Civil Rights (OCR) to enforce HIPAA’s policies with a minimum penalty of $50,000 and the law even states that “a medical entity’s reasonable lack of knowledge of a violation…is no longer accepted.” In 2013, HIPAA’s reach extended to companies working with medical entities, known as Business Associates (BAs).

Who Does HIPAA Regulate?

Any business that creates, stores, edits, or transfers Protected Health Information (PHI) must comply with HIPAA regulations. HIPAA defines PHI as:

  • Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.
  • Relates to the past, present, or future physical or mental health or condition of any individual, or the past, present, or future payment for the provision of health care to an individual.

ePHI is the electronic version of PHI, known as Electronic Protected Health Information.

HIPAA breaks businesses into two categories:

  • Covered Entities (CEs)includes health plans, clearinghouses, and providers (doctors, clinics, psychologists, dentists, chiropractors, nursing and hospice homes, and pharmacies).
  • Business Associates (BAs)any company that comes into contact with PHI, including an IT firm, shredding company, document storage company, attorney, accountants, collection agencies, EMR (Electronic Medical Record) companies, data centers, transcriptionists, and many more.

HIPAA also requires all CEs to have a BA Agreement (called a BAA for short) with each Business Associate they work with directly.
(more…)

The Louisiana Healthcare Support Alliance is compromised of multiple experts and companies based in the Greater New Orleans area.

Areas of Expertise

Copyright © 2017 Louisiana Healthcare Support Alliance