Monday, April 27, 2015

Beware od Medical Collection Agency Snafus

When you send a patient to collections, you effectively advertise on their credit report that they are a patient of your practice.  This is permissable, since this is being done for 'Payment' purposes.  However, once the debt is satisfied, the 'Payment Purpose' expires, and the credit report listing becomes a HIPAA Violation.

The credit report entry must be immediately removed, or  else your practice could be held civicly liable as well as face OCR fines.

It is critical that the collection agencies  that you work with are aware of this and that they will react accordingly once a past due debt is satisfied.

Of course, you should have a current BA Agreement signed by these agencies before sending them any PHI.

Some agencies may not want to remove the names of paid accounts from credit reports.  Our advice:  If an Agency does not wish to comply, find another agency that will!

Better safe than sorry - go to to learn the easy way to comply with the HIPAA Laws

Cornell Pharmacy Pays $125K HIPAA Settlement

Cornell Pharmacy Pays $125K HIPAA Settlement

The Office of Civil Rights announced that Cornell Pharmacy has agreed to a $125,000 dollar settlement for violations relating to improper handling and disposal of paper charts and records.  The fines could have been easily avoided by proper dtaff training along with better written procedures

Protect your Practice!  Visit  HIPAA-STAT.c0m to learn about the simple and affordable way to compliance!

Thursday, November 13, 2014

New OCR Guidelines for HIPAA Privacy in Emergency Situations

The Office of Civil Rights has just posted new Guidelines for HIPAA Privacy Rules in Emergency Situations.  We are currently updating our manual to incorporate these new rules.  In te meantime, you can read about the new guidelines below:

U.S. Department of Health and Human Services, Office for Civil Rights

BULLETIN: HIPAA Privacy in Emergency Situations

In light of the Ebola outbreak and other events, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), is providing a bulletin to ensure that HIPAA covered entities and their business associates are aware of the ways in which patient information may be shared under the HIPAA Privacy Rule in an emergency situation, and to serve as a reminder that the protections of the Privacy Rule are not set aside during an emergency.

The HIPAA Privacy Rule protects the privacy of patients' health information (protected health information) but is balanced to ensure that appropriate uses and disclosures of the information still may be made when necessary to treat a patient, to protect the nation's public health, and for other critical purposes.

OCR's bulletin on HIPAA Privacy in Emergency Situations may be found at:

Additional guidance on HIPAA in Emergency Situations: Preparedness, Planning, and Response can be found at:

Monday, October 20, 2014

Information on the Office of Civil Rights (OCR) Audit Program

The Office of Civil Rights is now planning wide-spread audit all  Covered Entities and their Business Associates.

More Information on the OCR Audit program and timeline is available HERE:

Are you prepared?  The time to get your practice in order is before an audit happens.  With fines ranging as high as 1.5 million dollars, now is the time to prepare.

Contact Systematix today to learn more about how our HIPAA-STAT program can help protect your practice

Friday, September 26, 2014

New Security Risk - PLEASE READ

The tech wires are buzzing today with news of the "Bash Bug" - a serious security flaw with wide ranging effects and implications.  This new security flaw may allow hackers to access everything from Servers down to internet connected appliances such as disital cameras.  What makes this even more serious is that it can affect most operating systems, including Windows, Mac OS, and even Unix and Linux systems.

What you should do:

This security flaw has only just been discovered.  Many software vendors use the BASH code within their systems, and if you use software that hasn't been patched, you may be affected.  Fixing it will require software vendors repair their systems, and you will need to install the software update to secure your systems.

We strongly recommend that you contact all software vendors and hosting companies and ask A) Is their software/systems vulnerable to the BASH Bug and B) If yes, when do they anticipate them to be patched.

Be sure to document all conversations, and to stay on top of this issue until you are certain that all patchws have been supplied to you and applied to your systems.

Contact Systematix today to learn more about how our HIPAA-STAT program can help protect your practice

Monday, September 15, 2014

Meaningful Use Audits going back to 2011

We have been getting information from our clients and prospects that CMA is auditing for Meaningful Use not just from the current reporting period, but are going back as far as 2011.

Even if you have applied for and received incentive payments, it dies not mean that you are safe from audits.  You can be audited for previous reporting periods even if you were not audited at the time you received payment.  Also, if you are audited for a recent reporting period, it is very likely that you will be subject to audits for earlier periods, even if you pass the current audit.

The best strategy is to be prepared, and have all of your documentation organized and ready, including, of course, your Risk Analysis for Core Measure 15.

Can your practice pass a CMS Audit?  Can your colleagues?

If not, please contact Systematix Consulting  today to learn more about our affordable and effective
HIPAA-STAT system.

Definitive Information on Meaningful Use Audits

This is a very interesting article regarding CMS audits.  Basically, between 5% and 10% of all  physicians applying for Meaningful Use will be audited prior to receiving their incentive payments, and a similar number will be audited after receiving their incentive payment.

This translates to between 10% and 20%   of all physicians applying for Meaningful Use payments will be audited.  As we have said, those who did not meet Core Measure 15 by conducting a Risk Analysis will most likely fail their audits and not receive (or will be forced to return) their incentive payments.

It is a worthwhile read, but you may have to register prior to veiwing the article:

Can your practice pass a CMS Audit?  Can your colleagues?

If not, please contact Systematix Consulting  today to learn more about our affordable and effective
HIPAA-STAT system.