Health Information Compliance Alert

With more and more digital issues surfacing over the past year, it is critical that practices keep a close watch on all their vendors and suppliers to steer clear of issues.

Why: Evidence and case settlements suggest that compliance relating to electronic protected health information (ePHI) and EHRs is firmly in both the HHS Office for Civil Rights’ (OCR’s) and HHS Office of the Inspector General’s (OIG’s) sights for 2020 (see p.13).

As part of your compliance planning and HIPAA risk assessment, it is a great idea to create a list of all your vendors annually and check in with them. As part of that follow-up, you should do a comprehensive investigation of your EHR products, your relationship and contracts — and whether they’ve had any compliance or violation issues over the past year of service.

While performing your re-evaluation, consider setting up a scorecard with weighted questions and tally the results. Here are some examples of important questions to add to your vendor checklist:

• Does your current EHR vendor offer all the necessary functions your practice needs?
• What is the pricing model of your current EHR software, and does it match industry standards?
• Does your vendor offer specialty-specific, certified EHR technology that is in line with the scope of your work?
• Is the EHR provider geographically positioned to consider your state’s compliance requirements as well as the federal mandates?
• Does your software provider offer user-friendly clinical tools and is your practice using them properly?
• Has your EHR vendor been privy to a HIPAA or false claim violation over the past year?
• If unhappy with service, will you be penalized for switching to another EHR vendor?
• Do you have a business associate agreement (BAA) on file for your EHR vendor?