Home Health & Hospice Week
Use Authentication To Protect Against HIPAA Violations
Make some new priorities related to cyberattacks and hacking. You may be getting a false sense of HIPAA security if you are requiring only passwords to access your agency’s private data. Healthcare has become a frequent victim to intimidation from digital criminals, and though completely breach-proofing your agency is not possible, you can greatly cut down on the likelihood of an infraction. Putting a plan in place to verify users on your agency’s devices is a good place to start. What is Authentication? According to the HHS Office for Civil Rights, “authentication is a process used to verify whether someone or something is who or what it purports to be in the electronic context, while keeping unauthorized people or programs from gaining access to information,” an OCR report from October 2016 says (see the full report at www.hhs.gov/sites/default/files/november-2016-cyber-newsletter.pdf). As HIPAA violations continue to pile up, wreaking havoc on the healthcare industry, it’s never been more critical to verify staff, set up passwords, and put plans into place. In fact, the HIPAA Security rule requires that “reasonable and appropriate authentication procedures” be initiated to protect the ePHI of patients, and if for one reason or another, your agency is privy to a breach, you’ll be held accountable for your lack of authentication guidelines. Risk analysis: Assessing your agency risk and where data is lost is the initial step toward eradicating ePHI loss. For starters, a quarterly, in-house audit of all devices and software helps stave off digital mayhem. It is wise to engage the services of a certified health IT firm or law group to do a risk analysis of your systems, too. Hackers are a step ahead of private providers, and providers easily fall victim to them, says attorney Clinton Mikel of The Health Law Partners in Southfield, Mich. “If the OCR investigates and finds over 500 individuals were affected, the first thing they will look for is the security risk analysis.” Know These Two Types Of Verification Single-factor and multi-factor authentication are two types of password control, OCR suggests. Once you complete a risk analysis, the potential for cyberattack is easily assessed and you can go about organizing a plan for passwords and access. Single-factor authentication refers to the requirement of only one set of credentials for access — like a password associated with something in the office — to a device, network, or system. This type of verification is considered weaker than multi-factor authentication, which requires two or more things to allow a covered entity access. For example, staff might need a keycard to enter the office, fingerprint verification to turn devices on, and a password to log into the system. When putting together your HIPAA compliance plan, consider these authentication ideas to increase ePHI security: Tip: Before setting up a plan or even hiring a certified health IT expert, take a look at the ONC’s helpful Security Risk Assessment Tool. The tool gives advice, breaks down HIPAA compliance for novices, and offers information on how to audit your practice safety and security measures. See the tool at www.healthit.gov/providersprofessionals/security-risk-assessment-tool.
Home Health & Hospice Week
- Pre-Claim Review:
FL Agencies Face PCR Starting April 1 — No Exceptions
Illinois agencies improve affirmation rates. Home health agencies in the next state to get hit [...] - Fraud & Abuse:
Check Out The 3 New Safe Harbors Most Likely To Apply To You
Are you considering offering free transportation to your patients? Medicare’s shift in focus to patient [...] - OASIS:
Make Sure You're In Compliance With M1060b Guidelines
New Q&As highlight one exemption. Clinicians completing OASIS have had their hands full with OASIS-C2 [...] - HIPAA:
Use Authentication To Protect Against HIPAA Violations
Make some new priorities related to cyberattacks and hacking. You may be getting a false [...] - Human Resources:
Help Your Employees Deal With Their Baggage
Are your expectations realistic? If you expect your employees to leave their personal issues at [...] - Industry Note:
You Need This Item Before Appealing RAC Denial
Don’t jump the gun. Homecare providers are waiting to see what topics get approved for [...] - Industry Note:
Re-Run These Hospice Reports
If you’ve run any Hospice-Level Quality Measure Reports or Hospice Patient Stay-Level Quality Measure Reports [...] - Industry Note:
Medicaid Fraud Control Units Rack Up Indictments
It’s not just federal authorities who will be scrutinizing you for fraud. State Medicaid Fraud [...] - Industry Note:
Certifying Physician Must Go On Claim
Are you out of compliance with a Medicare claims requirement to put two physicians on [...] - Industry Note:
Medicare Launches CCM Awareness Campaign
Medicare is making a push to raise awareness of its Chronic Care Management services, and [...] - Industry Note:
Physicians Must Document F2F, CMS Stresses
Ahead of Pre-Claim Review’s April 1 launch in Florida, the Centers for Medicare & Medicaid [...] - Industry Note:
Hospice-Paramedic Partnerships Reduce ER Visits
Hospices looking for ways to reduce their costs and build better relationships with their hospital [...] - Industry Note:
HHA Owner Indicted For $15 Million Fraud Scheme
A Miami home health agency owner has been indicted on Medicare fraud charges, the Department [...] - Industry Note:
2 Ohio Agency Owners Convicted Of Medicaid Fraud
Two owners of an Ohio home care agency have been found guilty of Medicaid fraud [...]
