HIPAA Compliance Plan Archives

HIPAA Training Standards Businesses Need to Know

Sep 21, 2021 | Live Compliance, Partner

Per the HIPAA Privacy Rule and HIPAA Security Rule, both Covered Entities and Business Associates, must require HIPAA training for all workforce members that access protected health information (PHI) or electronically protected health information (e-PHI) in any of its forms and should be provided “as necessary and appropriate for the members of the workforce to carry out their functions within the [organization].”

According to the Rule, training must be provided “to each new member of the workforce within a reasonable period of time after the person joins the covered entity’s workforce.” Along with all other annual compliance requirements, HIPAA training is arguably the most important. Your workforce members are your first line of defense in the event of a Breach and must be able to identify your organization’s designated HIPAA Security Officer, and have a firm understanding of the HIPAA Privacy and Security Rule. Training should also highlight the organization’s Technical, Administrative, and Physical Safeguard objective security requirements. It is best practice to provide ongoing security awareness training and, in addition to the mandatory annual training, the Privacy Rule also highlights what’s known as “periodic” training. The goal is to ensure workforce member’s knowledge of HIPAA compliance is not forgotten.

The HIPAA Privacy Rule states that “An [organization] must document that the training as described [in the HIPAA Text] has been provided.” Failing to do so will be seen as “willful neglect” and will result in HIPAA violations including monetary penalties as high as $1.5 million dollars. A minor violation may only result in a corrective action plan requirement, whereas a significant data breach attributable to a lack of training will be viewed more seriously.

At Live Compliance, we make checking off your compliance requirements extremely simple.

- - Completely online, our role-based courses make training easy for remote or in-office employees.
  - Short informative video trainings to meet periodic training requirements
  - Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as Password Protection.
  - Policies and Procedures are curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
  - Electronic, prepared document sending and signing to employees and business associates.

Call us at (980) 999-1585 or visit www.LiveCompliance.com.

ABOUT EZCLAIM:
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.

Compliance Plan Breakout

Dec 10, 2019 | AMBA National Conference, Live Compliance

Compliance Plan Breakout

AMBA 2019 National Conference Session Recap

Compliance Plan Breakout – Written by Stephanie Cremeans of EZClaim

Any provider that is treating Medicare or Medicaid patients is required to have a compliance plan for their practice. This is mandated under the Patient Protection and Affordable Care Act of 2010.

The Office of Inspector General (OIG) has established an outline of seven components to help the small or individual provider offices get started. They also understand that small practices don’t typically have extensive resources creating and establishing a plan, and encourage practices to start with one item, making the compliance plan a working document that is updated and added to as necessary. The seven components are as follows:

Conduct internal monitoring and auditing
Implement compliance and practice standards
Designate a compliance officer or contact
Conduct appropriate training and education
Respond appropriately to detected offenses and develop corrective action
Develop open lines of communication with employees
Enforce disciplinary standards through well-publicized guidelines

Let’s dig in a bit to the first component, conducting internal monitoring and auditing. Starting with this step will help a practice lay the groundwork of its compliance plan and shed light on areas that need additional work. There is no set number of records that are required to be audited, rather a suggestion of 5 (or more) per provider annually for a small or solo practice. You can start your compliance plan by simply documenting that no less than 5 charts per provider will be audited annually. Keep track of the results and use them to start implementing other components. For instance, you have the audit results, but what is considered passing? What are you going to do if a provider isn’t compliant? Document the answers and you are building your plan. Did the audit show specific areas for improvement? Find applicable training or host training for those that need it, document it in your plan. Did you find overpayments? Document how these are to be handled, resolve them quickly, and put policies in place to prevent a bigger problem.

By taking steps to create a compliance plan and show a good-faith effort to improve on risk areas your practice will reap the benefits of clean claims with a reduction in denials, fewer billing errors, and the assurance that your records are ready for an audit. This will also reduce your risk exposure to fines.

For help getting started with that first audit, setting benchmarks and improvement plans or for education on problem areas contact RCM Insight. For additional assistance with building your HIPAA compliance plans contact Live Compliance.

If you are enjoying the informative content we’re providing and have a specific topic you would like to see covered, we would love to hear from you! Please feel free to send along your ideas via email to sales@ezclaim.com.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
messagesUtk	5 months 27 days	HubSpot sets this cookie to recognize visitors who chat via the chatflows tool.
utm_campaign	past	Google Ad Services sets this cookie to store session campaign value if present.
utm_content	past	This cookie is used for storing the session content value if present.
utm_source	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
utm_term	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_3010814_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
utm_medium	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

Cookie	Duration	Description
ApplicationGatewayAffinityCORS	session	No description available.
email	past	No description available.
gclid	past	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	past	No description available.
handl_ref	past	No description available.
handl_url	1 month	No description available.
username	past	No description available.

HIPAA Training Standards Businesses Need to Know

Compliance Plan Breakout

Compliance Plan Breakout

AMBA 2019 National Conference Session Recap

Recent Posts

Categories

Archives

Recent Posts

Categories

Archives

PAGES

RECENT POSTS

BillFlash Partner Blog: 5 Payment Processing Trends You Need to Know

How Today’s Cloud-Based Medical Billing Software is Minimizing Claim Rejections

3.36% Cut in The Proposed 2024 Medicare Physician Pay Schedule

Five Revenue Cycle Reports That Drive Informed Decisions

CONTACT US

877.650.0904

LINK TO EZVIEW

SEARCH OUR SITE

FOLLOW US

HIPAA COMPLIANCE