Ask these seven questions of your vendor upfront before buying into a plan.
If your practice-compliance arrangement was put together after a cursory reading of the HIPAA rules on the HHS website, then you may want to rethink your system. Oftentimes, the OCR advice after a breach suggests that if a plan was in place beforehand, a fine could have been avoided.
Remember: A superficial understanding of health IT and HIPAA isn’t going to protect you or your practice should you experience violation. “A robust compliance plan must include relevant, mandatory policies and procedures, as well as an evolving and up-to-date risk analysis in order to maintain compliance,” explains John E. Morrone, Esq, a partner at Frier Levitt Attorneys at Law in Pine Brook, NJ.
Qualified personnel only. CMS keeps upping the bar on CEHRT with the hope the new advancements will improve healthcare, but if you’re not in the know, the new ideologies can impede the care you give, your office workflow, and your bottom line.
“As technology advances and more and more healthcare data pours into the system, it becomes even more critical that covered entities and business associates have experienced and qualified technology providers supporting their compliance efforts,” warnsMorrone. “The emergence of technologies such as telehealth and wearables create additional challenges for IT professionals. Moreover, the ever increasing use of ‘patient portals’ that allow patients direct access to their medical records create additional entry points for unauthorized access to protected health information.”
If you are in the market for a new vendor, consider asking these questions to ensure your partnership is HIPAA-compliant:
Consider this: One size does not fit all in the case of technical support. Look for a vendor that meets the demands of your practice and your wallet.