Ophthalmology and Optometry Coding Alert
Check This List to Ensure You're HIPAA-Compliant
As technology evolves, so should your HIPAA plan. When you first created your practice’s HIPAA policy, chances are that your employees didn’t have smart phones or wireless internet service, but now those features are ubiquitous. To ensure that your HIPAA policies are up-to-date, peruse the following checklist and ensure that you’ve got these bases covered:
- Have you designated someone as your office’s security officer and defined the duties?
If you answered “no” to any of these questions, it’s a good time to revisit your HIPAA policies and train your staff accordingly.
- Have you performed a risk analysis of your organization where you identified all of your information assets, their vulnerabilities, your “threat profile” and assessed the risk impact?
- Have you created a security training program for all of your staff that is both general for everyone but also focused for those specific functions that carry out your daily business responsibilities?
- Are you confident that your business associates, such as billing offices and vendors, are providing the same level of security for your PHI as you?
- Have you identified your most critical applications and the information that is essential to your office (such as EHRs), and have you provided for a business continuity/disaster recovery plan?
- Are your entity’s authentication controls adequate to prevent unauthorized access to your systems?
- Do you regularly audit your systems to determine who had access and when, if there were any attempts to exceed authorized access levels, and/or if there were any access attempts by unauthorized users?
- Have you established strong password procedures?
- Will your media, workstation and virus-checking controls measure up to compliance requirements?
- Do you have a process that ensures network security?
- Do you have a process that provides for the physical security of your facility?
- Are systems periodically tested for effectiveness of their security features?
- Do you have a staff policy about taking home portable electronics that have patient information on them?
- Has your office put texting protocols into place where you have encrypted texting procedures and a secure sign-in process if you text orders or other medical information?
- Do you have a response policy for what to do if a breach occurs—even if it’s after hours?
Related Articles
Ophthalmology and Optometry Coding Alert
- CPT® 2017:
Latest CPT® Edition Updates Retinal Repair Codes
You’ll also see changes to angiography reporting. Although it’s still October, you should already be [...] - Documentation:
CMS Finds Rampant Errors Among Blepharoplasty Claims
No visual field testing? No Medicare payment, latest compliance newsletter says. You might be collecting [...] - Patient Privacy:
HHS Targets Small HIPAA Breaches for Increased Scrutiny
New focus could impact eye care practices that aren’t part of big health systems. It [...] - Clip And Save:
Check This List to Ensure You're HIPAA-Compliant
As technology evolves, so should your HIPAA plan. When you first created your practice’s HIPAA [...] - You Be the Coder:
ABNs Can Protect You
Question: We haven’t customarily used advance beneficiary notices (ABNs) in our practice unless we’re on the [...] - Reader Question:
Know When Procedure Is 'Staged'
Question: We performed a retinal detachment repair on a patient, and the following week, he returned [...] - Reader Question:
Know the Modifier 55 Rules
Question: Our ophthalmologist is seeing a patient for follow-up visits after another physician performed eye surgery [...]
