Weak Passwords Put Patients’ EHR at Risk

By M. Thomas Langan II.

A recent government report criticized the current electronic health record certification process for failing to require strong passwords.  These vulnerabilities make it easier for hackers to penetrate electronic health record (“EHR”) systems and access patient records.  The report comes amid a study that many patients are reluctant to divulge their information when their physician uses EHR out of fear of their data’s security.  Despite the current lax requirements, it is recommended that all passwords be at least 8 characters long and contain 3 of the following: capital letters, lowercase letters, numbers and special characters and are changed at least monthly.

The government’s report can be found here: http://oig.hhs.gov/oas/reports/region6/61100063.asp

The study can be found here:  http://jamia.bmj.com/content/early/2014/07/24/amiajnl-2014-002804.abstract

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us

Are You Ready for HIPAA 5010?

On January 1, 2012, covered entities will be required to conduct the current HIPAA electronic transactions using the upgraded 5010 version.  Such transactions include claims submission, remittance advice, eligibility, claims status, referral authorizations, and others.

In order to successfully implement the 5010 transactions, covered entities should take the following steps if they have not already been completed.  This will help to avoid rejected claims and cash flow interruptions.

1. Review the details involved in the upgrade and assess the impact the change to HIPAA 5010 will have on your business operations and systems.

2. Contact your vendors for specific information regarding the installation of upgrades to your system. Also, contact your clearinghouses, billing service, and payers for preliminary information on when they expect their upgrades will be completed and they will be ready to accept the 5010 transactions.

3. Have your vendor install the necessary 5010 upgrades. Remember that the timing of the system upgrades will depend on your vendor’s readiness, both with respect to product development and scheduling.

4. Once the upgrades are completed, internally test your systems to make sure you can generate the 5010 transactions. Allow extra time to resolve any issues that may arise and work with your vendor to address these.  It is important to make sure that staff members are properly trained on the 5010 transactions as part of this process.

5. Contact your clearinghouses, billing service, and payers to conduct external testing with them. This will help to ensure that you can send and receive the transactions properly.

6. After you have completed external testing, you may switch to using only the 5010 transactions. You are permitted to begin using the 5010 transactions prior to the compliance date, as long as you and the other organization are in agreement with the early conversion.

Important Dates to Keep in Mind:

January 1, 2012 – Covered entities must use only 5010 transactions as of this date.  The 4010 transactions will be rejected.

January 1, 2012 to March 31, 2012 – The first 90 days is a period of discretionary enforcement.  A covered entity generally will not receive penalties for failing to comply with HIPAA 5010 as long as it is making reasonable efforts to follow the requirements.

October 1, 2013 – The industry switches from the ICD-9 to the ICD-10 diagnosis and procedure code sets.

© 2011 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com


Five Ways to Use Social Media in Your Practice

Here are five simple ways to use social media to help your practice:

  1. Develop your social media pages.  Consider starting a page for your practice on Facebook, LinkedIn, and/or Twitter.  Persuade your patients to “like” your practice’s Facebook page – your postings will then be featured in their news feeds.
  2. Send health-related updates.  Send e-newsletters with short reminders or news stories of interest to your patient population.  Patients will appreciate brief tips provided at no cost.
  3.  Take advantage of online networking.  Many people meet potential employers and employees on career-centered social networking sites such as LinkedIn.   Join a discussion group with similar interests and goals.
  4.  Launch a blog.  A blog is an efficient way to provide information to your patients and the online community and another way to promote your practice. 
  5.  Post general information.  Tell us about who you are and what your practice does.

Remember to always use caution and comply with all applicable privacy and confidentiality rules when using social media sites, as well as any other media outlet.

© 2011 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

Proposed Rule Gives Physicians a Break on Requirement to Electronically Submit Quality Measures

The Centers for Medicare and Medicaid Services (CMS) gave physicians a break (albeit brief) its recent proposed rule on meaningful use reporting requirements for electronic health records (EHRs).

The proposed rule would permit eligible providers to continue to report certified EHR clinical quality measure results by attestation through 2012. Absent the proposed rule’s enactment, EPs will need to submit quality measures electronically to CMS in 2012.

Note that eligible providers who are willing and able to submit clinical quality measures electronically in 2012 can maximize incentive payments and meet meaningful use requirements by participating in the newly-announced Physician Quality Reporting System-Medicare EHR Incentive Pilot.

Physicians who submit clinical quality measures for the entire year using one of the specified electronic options would be eligible for incentive payments from both the physician quality reporting system and the EHR programs.

Physicians who initially attest that they will participate in the Physician Quality Reporting System-Medicare EHR Incentive Pilot but are then unable to participate can still submit quality measures using the CMS attestation module.

© 2011 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com