Category: DAS Blog
DAS Blog articles cover a wide variety of health IT, healthcare, physician and industry topics relevant to independent physician practices.
Researched and written by our industry experts, DAS Blog articles provide insights and tips related to the products and services our clients deal with day in and day out. Read on for more on streamlining business operations, optimizing your EHR, and tackling changing government requirements.
While the idea of cloud computing has been around for decades, it’s only in recent years that independent healthcare practices have been able to make use of it. Many providers are wary of switching to the cloud, especially when used to physical on-site servers, and questions linger about the security of cloud hosted patient records.
The Advantages of Storing Health Records on the Cloud
Despite the uncertainty, the largest advantage of using the cloud to store patient health records is the security. Major security breaches and instances of non-HIPAA compliance tend to splash across the headlines, but are often associated with on-site servers instead of cloud based ones. In fact, cloud hosted servers fight off millions of instances of cyberattacks every single day.
Think of it like this – every time a doctor, nurse, or healthcare professional logs onto a remotely-accessed cloud server, they’re proving the security of the platforms. Only authorized personnel can access the data they seek, and built-in security measures prevent unauthorized access daily.
Other advantages of cloud-based health record storage include:
- Faster loading times for all applications
- The option for automatic backups and disaster recovery
- A reduction in cost – you pay less for cloud software storage than you do for on-site servers, security software, and maintenance
- Removing the headache of common physical server HIPAA breaches
Many cloud hosting organizations like DAS Health even store servers in a biometrically secured, restricted data center. This prevents not just cyberattacks, but physical interactions with data as well.
Eliminating Human Error with Cloud Hosting
While cyberattacks and ransomware are real threats to data, the human element is a key part of protection. Often, it is carelessness or poor physical safeguards that lead to data breaches. Cloud hosting eliminates these concerns by taking away the physical interaction common with on-site servers, and adds security software protections you don’t find in the office. These human errors include:
- Mishandled PHI through unsafe passwords or storing data in unsecure locations
- Keeping data on unsecured devices instead of in the cloud
- Incorrectly set up servers that are not protected as they should be
- The theft of mobile or tablet devices that have saved EHR passwords on them
Cloud hosting eliminates some of these risks, such as hosting data in an unsecure location, and by using a trusted partner you can rest easier knowing your practice is protected from untrustworthy vendors. Making sure your practice staff follow HIPAA best practices will protect from the human element in security, as well as meet HIPAA risk assessment requirements.
The Bottom Line: Are My Patients’ Records Safe?
The answer to whether cloud-based health records are secure is a resounding yes. Cloud software is used by 83% of healthcare organizations, and companies the world over. It’s used in everything from financial markets to sport’s management. It’s also an incredibly powerful tool that independent practices can use to gain leverage on their competitors.
Learn more about our industry-leading cloud hosting services, used by independent practices across the country.
Hurricane season in the Atlantic officially begins on June 1st, and for many providers based in Florida or up the East Coast the threat to your home and business is no small matter.
While many prepare their homes for potential impacts, the workplace is often overlooked. Particularly for healthcare providers who need access to critical patient data getting your practice ready for inclement weather is an important aspect of hurricane safety.
Use these tips as a guideline to make sure your practice is on track to protect and recover from damage caused by natural disasters.
- Buy shutters or plywood in order to protect windows and doors from wind borne-debris.
- Remove any branches or trees adjacent to your building that could potentially fall and damage it.
- Anchor and brace any large furniture.
- Relocate and protect valuables.
- Secure electronics such as computers and other office equipment in high up areas. Consult with your IT vendor for the best location to keep any onsite devices to protect from damage year-round.
Protect Important Documents
- Designate important contacts to save that are crucial to business operations, such as employees, banks, lawyers, accountants, suppliers, etc. Make a copy of these contacts in a secondary location.
- Keep electronic instead of paper files whenever possible to avoid loss of information.
- Back-up data to avoid water damage, especially patient records and other medical documentation. Use cloud hosting services to keep your EHR data off-site and avoid possible damages or loss of data.
Prepare Your Office
Keeping this checklist of items on site will help prepare your office and staff to stay safe should disaster strike without notice.
- 3 day food supply (non-perishables)
- Supply of water to last 3 days
- Chairs and blankets for employees
- First Aid Kit
- Flashlights and extra batteries
- Tool kit
- Plastic bags, duct tape
- Cleaning supplies
- Electric generator
- Emergency contact information for local authorities
Have a Disaster Recovery Plan
While any business will suffer if data is lost, medical practice’s can be particularly hurt by loss of patient health data. Before disaster hits, make sure you have a plan in place to protect your business.
- Make sure data backups (preferably cloud based and housed off site) run regularly, not just during potential weather emergencies.
- Save your cloud providers contact information and keep it on hand for easy contact when needed.
- Work with a provider you know will have your data back up and running in no time at all.
HIPAA is a hot topic for healthcare professionals, and for good reason. Some HIPAA fines have totaled more than $5 million in the past, and new violators continue to get hit with penalties and fines. HIPAA’s past can be read on the news, but its future is still in contention.
HIPAA, the Health Insurance Portability and Accountability Act of 1996, provides policies and procedures for data privacy and security to protect patient’s medical information. The 1996 law was followed by an additional Privacy Rule in 2000 and Security Rule in 2003, all of which are designed to protect physical and electronic patient data by setting strict policies for data storage, sharing and availability.
HIPAA regulations have not changed much in the last 15 years, with the exception of added provisions under the HITECH act in 2009. While the regulations have not changed, they impact any and all healthcare providers as well as their business partners and continue to generate fines for non-compliance.
The Office of Civil Rights (OCR) within the Department of Health and Human Services is responsible for enforcing HIPAA. The OCR partially funds itself from the HIPAA fines that it levies.
The office has stated that they are shifting away from routine investigations to “focus on larger, more complex work which impacts a broader audience.” This may indicate that there may be fewer enforcement actions, but they might be larger in scope.
At HIMSS, Roger Severino, Director of the OCR stated that he would be looking at “big, juicy” data breaches. While he did not specify if he would be focusing on physical security, ransomware, or cybersecurity, his statement emphasizes the need for healthcare entities of any and all sizes to remain vigilant.
Severino has gone on to say that he wants HIPAA settlements to become smaller. For that to happen, however, healthcare providers need to be more conscientious about their compliance programs.
We are still likely to see financial penalties when practices fail to perform routine security risk assessments, for example. Many practices have difficulty maintaining physical data security with on site servers, often left in non-compliant settings with easy access, instead of a more secure option like cloud hosting. Investing in the right security – both for data and physical servers – is key to practice’s avoiding HIPAA fines.
New Privacy Regulations
With many current challenges, including the opioid epidemic, doctors and patients are seeking new ways to share data to improve outcomes. This focus may lead to updates to existing data security rules and regulations. While HIPAA remains the same, changing guidelines and industry pushes will impact regulations in the years to come.
Keeping HIPAA compliant is key to protecting your practice from heavy fines and from data loss. Complete your required Security Risk Assessment to identify areas of concern, and invest in the right cybersecurity services to protect your practice from malware. Not sure where to begin with HIPAA? The DAS Health team can help – contact us today.
May marks Mental Health Awareness Month, a tradition dating back to 1949 in the United States. With the recent focus on the opioid crisis, addressing patient’s mental and behavioral health needs is more important than ever.
Affecting nearly one in five Americans, mental health conditions are more common than you might think. They’re also among the most costly healthcare expenditures – just the top 5 mental disorders are estimated to cost $300 billion.
So, how can independent physician practices help? Here’s a few ways you can better address mental health needs in your practice:
Start the Conversation
Historically, mental health has often been sidelined in healthcare. Many have wanted to avoid the stigma around mental health instead of confronting it. By starting the conversation among your peers, your staff and with your patients you can drive home the importance of mental health care.
Organizations like Mental Health America, National Alliance on Mental Illness (NAMI) and the Substance Abuse and Mental Health Services Administration (SAMHSA) Provide a variety of resources for your patients and your practice.
Incorporate Mental Health Screenings
While one in five adults experience a mental health condition in a given year, it can often be hard to identify which patients may need extra support. That’s where mental health screenings come in.
By providing your patients with screening questionnaires sourced from groups like the World Health Organization, you can gain invaluable patient data to better address patient needs head on. Many screenings provide an easy to interpret health risk score that makes starting the conversations with your patients easier.
Particularly as it related to the opioid crisis, screening for high risk areas helps providers to make more informed decisions on patient care and identify at-risk individuals.
Engage Your Patients
Using a patient-driven mental & behavioral health screening application allows you to better engage your own patients in their care. When patients understand the health risks and are asked to complete screening questions as part of their regular visit, providers better highlight the importance of mental healthcare.
Many are using patient engagement to help curb the opioid crisis. Utah-based Intermountain Healthcare incorporated patient engagement into their efforts to reduce opioid prescriptions, ensuring patients understand the risks associated. After only eight months the system has already cut prescription rates by 20%.
Through engagement, incorporation of mental health screenings and opening the doors to mental health discussions providers can lead the way in addressing mental and behavioral health needs for their patients. For more on Mental Health Awareness Month visit mentalhealthamerica.net/may.
For many practices on the fence about Chronic Care Management (CCM) services, the tide has turned.
The Center for Medicare and Medicaid Services (CMS) CCM program, first established in January 2015, allows providers to add new revenue to their practice while benefiting their patients with two or more chronic conditions. With stringent requirements to bill for CCM the program requires a large commitment from practice staff.
In part because of these requirements, many providers were slow to adopt the program. With the introduction of additional codes in January 2017 and new educational programs from CMS, adoption continues to accelerate. Between 2015 and 2017, the use of CCM billing codes nearly doubled, with CCM payments totaling more than $59 million. A recent survey by Smartlink Health Solutions found that more than 41% of physician groups have now launched a CCM program.
Along with providing patients new resources, CCM services have proven beneficial for practices as well. Many are finding success with CCM vendors, who take on the extensive program requirements on practice’s behalf. These partnerships have proven to be a win-win for providers – here are the top three reasons why:
1. Financial Stability
Chronic conditions affect approximately 70% of Medicare beneficiaries – roughly 35 million people. Under the CCM program, each one of those patients could gain your practice an average of $42 per patient, per month.
For practice’s struggling with increased costs and requirements in today’s environment, the additional revenue from CCM services can be a crucial part of staying successful as a business. With just 100 qualifying patients, your practice could gain more than $50,000 per year through CMS’ program. Depending on your patient population, that number could be even higher.
2. Saving Time and Resources
The administrative requirements associated with a CCM program can make adding chronic care services impossible to manage. Requirements include 20+ monthly minutes of non face-to-face care, coordination, documentation and more. With vendor partnerships, practices can overcome these obstacles.
Ready-made templates and comprehensive care plans provided by your vendor allow staff to save valuable time on documentation – especially when CCM services are documented directly within your EHR.
Often, patients receiving chronic care services are ones who already require extra support. They may constantly reach out to your practice with questions on medications, appointments and more. With CCM, these patients receive proactive outreach and answers to those questions – saving your staff even more time.
3. Patient Engagement
Perhaps one of the most important aspects when it comes to the patient-doctor relationship is communication and availability. Particularly in today’s consumer-focused environment, having positive interactions with your patients is critical to your practice’s reputation.
With Chronic Care Management, your patients will be able to receive consistent check-ins in addition to the outreach your practice already offers, ensuring that they are receiving the care they need. Through regular check-ins and follow ups, CCM participants can achieve higher levels of satisfaction.
The benefits of Chronic Care Management extend well beyond revenue generation, and ultimately help patients improve their health. With the right CCM partner, your practice can reap the benefits of chronic care services while providing your patients enhanced care. Register for our upcoming Chronic Care Management webinar to learn more, or contact us to get started.
If you’re worried you’ve got ransomware, you would not be alone:
- A single hack of Anthem in 2015 compromised the medical information of over seventy-eight million customers
- There were three data breaches in 2017 that affected more than 1,000,000 individuals’ medical records
- There were eight more data breaches in 2017 that affected upwards of 100,000 individuals’ medical records
- There were over 300 total hacks last year alone
All of these numbers come directly from HIPAA. Breaches have affected small providers, larger health organizations, and a variety of insurance companies over the last few years. All of which begs the question – what do you do after some sort of breach?
We’ve gathered a few best practices, but it’s important to work with your IT department or vendor to have a specific plan in place before a breach occurs.
1. Alert Your IT Department
First and foremost, it’s important to be calm and avoid panicking when ransomware strikes. Alerting your IT vendor or IT department should be the first thing on your mind, so they can take immediate action to halt the cyberthreat and isolate the incident.
While it might be tempting to shut down or restart your computer and hope the issue gets resolved, you may be making the problem worse without knowing it. Your experienced, professional support is ready to help instead – and they’ll know just what to do.
2. Seclude Your Computer
If your device is connected to the internet via an ethernet cable, make sure you remove the cable immediately. If you are connected wireless, disconnect from your WiFi. Any attached storage drives, such as a USB drives, should be pulled out as well. It is critical that your computer is not associated with the company’s network in any way, as the malware can easily spread.
A computer with malware that is connected to your network can affect other devices. Make sure you take your affected device offline to avoid contaminating other computers and data.
3. Keep Your Computer Turned On
Do not turn off your computer when ransomware strikes. While this may be tempting, turning off your device may trigger a loss of important data or even evidence of the crime. It may also potentially remove important information you could use to decrypt files, and there is a chance that your device may never turn back on again.
Make sure you don’t take this risk. Leave the computer on until you have spoken with your IT professional, so you can share specifics of the attack and get better advice on the specific concern. This is the best way to get your computer – and data – back.
4. Restore from a Backup
To best protect your data, it is important to have a back up of key patient data and files. Backups completed regularly mean you can essentially revert back to before the ransomware attack and access a safe, unaffected copy of your information. With services like cloud hosting, your data is stored in the cloud and backed up daily in case of disaster or cyberattack. Once you have addressed the cyberattack with your IT team make sure to restore your data from the most recent back up.
Do not handle this step alone. Ask for professional guidance and IT support to restore the right files. If you don’t have a current backup process, speak with a cloud hosting professional on the best ways to protect your data.
Working with an IT vendor you can trust, who has the right security suite and proven track record, can help your practice stop ransomware attacks even before they happen. Call the experts at DAS Health at (813) 774-9800 to learn more.