Share

Today's blog post comes from WebPT copywriters Charlotte Bohnett and Erica Cohen.

So, you probably remember a few weeks ago we wrote a pretty comprehensive overview on how you can ensure HIPAA compliance in your clinic. We covered everything from HIPAA basics to continuing education and training. In case you didn’t have a chance to read it, here’s a refresher:

US Congress established the Health Insurance Portability and Accountability Act in 1996. They implemented Title II: Preventing Health Care Fraud and Abuse to protect a patient’s private health information (PHI).

“Under this act, all healthcare providers, insurers, and their business associates may only collect, share, or use a patient’s PHI in approved methods and only for the explicit purpose of furthering patient care.

“A HIPAA violation can be anything from discussing identifiable patient information with your friends over lunch to leaving your not-password-protected work laptop open at a coffee shop. And, if you are found to have committed wrongful disclosure of individually identifiable health information, there are financial and criminal repercussions—including fines of up to $50,000 and one-year imprisonment.”

Now that we all know the basics, how about we tackle something a bit more tricky: HIPAA myths. There’s a lot of lore out there surrounding mobile devices and technology. What’s compliant? What isn’t? Can I use this? What about that? Let’s nip these worrisome quandaries in the bud here and now. Enter the WebPT mythbusters!

Myth: iPads are not HIPAA compliant.

Fact: False.

According to an article on ipodnn.com, “FaceTime and iOS as a whole should be compliant with HIPAA (Health Insurance Portability and Accountability Act) security rules, an Apple spokesperson suggests.”

And here’s the tech explanation the Apple representative writes in an email to Jason D. O'Grady for an article on ZD Net:

“iPad supports WPA2 Enterprise to provide authenticated access to your enterprise wireless network. WPA2 Enterprise uses 128-bit AES encryption, giving users the highest level of assurance that their data will remain protected when they send and receive communications over a Wi-Fi network connection. In addition to your existing infrastructure each FaceTime session is encrypted end to end with unique session keys. Apple creates a unique ID for each FaceTime user, ensuring FaceTime calls are routed and connected properly."

Well, that’s all well and fine. But what happens if your device is lost or stolen? In an article on CultofMac.com, Ryan Faas suggests practitioners shouldn’t save patient records onto any device. This will ensure “a lost or stolen device doesn’t immediately create a major security concern.” So if not on your device, where should you save your data? Check out the next myth for that nugget o’ wisdom.

Want to learn more about securing your mobile devices? Here are five steps to securing mobile data for HIPAA compliance from SC Magazine. Or have questions about other mobile devices? Check out this blog post from LuxSci on Blackberry HIPAA compliance as well as this marketing piece on compliance from MOTOROLA.

Myth: Storing my patient’s personal health information myself is safer than storing it in the cloud.

Fact: False.

Would you store cash under your mattress? We’re thinking probably not. So why would you store your most valuable patient information in a server under your desk? The same principles apply—there is no fail safe.

A few months ago, we posted a blog about the benefits of cloud computing. There, we cited Software Advice’s analysis on the US Department of Health and Human Services (HHS) 2011 HIPAA security violation report. Key findings?

  • 6,800 paper records were supposedly mailed but never received.
  • An impostor posing as a recycling-service employee stole over 1,300 individuals’ records and films
  • A former employee stole a laptop that contained personal health records of over 50,000 patients

Clearly, there’s a case for going digital to stay compliant and keeping your valuable documents stored in one safe place (that isn’t in a file folder, on a server tucked away in the supply closet, or on an easy-to-steal laptop’s hard drive).

And with secure data houses—like WebPT’s IO Data Center, which boasts a defensible perimeter, digital video surveillance, biometric screening, and 24x7xForever guard staff—there is practically no threat of a physical or hacker-caused breach. Learn more about our gold-standard security here.

Myth: Digitally documenting with an EMR is safer than paper documentation.

Fact:  True.

So, we know your data is safe and secure in the cloud, but how is an EMR better than paper for your documentation? Well, besides being wholly more legible and organized for your sanity’s sake, there are the matters of controlled access, encryptions, and privacy. Take WebPT for example: we use 256-bit SSL encryption—the same as online banks—for all customer interfaces. And as a recipient of the TRUSTe Certified Privacy badge, we employ strict password guidelines to ensure login security. Plus, because we issue unique user IDs and passwords for each clinic staff member, you (the clinic owner) control access to your patients’ personal health information. 

Sure, accessing your patient’s protected health information via a HIPAA-compliant device is the first step. But it’s just that—a step. Ultimately, it’s your use of these devices in a compliant manner—like saving your files appropriately, keeping your devices safe, and not discussing sensitive health information in public or on social—that will ensure you’re doing what’s right for your clinic, your patients, and the law.

Have a few myths of your own that we didn’t cover here? Let us know in the comments section below. We’d love to help you prove ‘em true or truly debunk ‘em.

Webinar: The Modifier Open Forum - Regular BannerWebinar: The Modifier Open Forum - Small Banner

article Aug 2, 2012

HIPAA Compliance in the PT Clinic

Today's post comes from WebPT copywriters Charlotte Bohnett and Erica Cohen. The Health Insurance Portability and Accountability Act  ( HIPAA ) is as dense as it is important. But for any healthcare provider handling private personal health information , which you promised to protect as part of the Health Information Privacy Rule, there are a few things you must know. First, a little background information on HIPAA: US Congress established the Health Insurance Portability and Accountability Act …

article Jul 11, 2013

HIPAA Final Omnibus Ruling: How Does it Apply to You?

Hopefully, yesterday’s post was a good HIPAA Final Omnibus Ruling jumping-off point and, as a result, your curiosity is piqued as to how these new rules apply to you and your clinic. Well, we won’t waste any more of your time in this introduction—after all, September 23, 2013, will be here before we all know it. So here you go: The American Medical Association (AMA) published some great information to help physicians navigate this new ruling, which …

Most Frequently Asked Questions From Our Functional Limitation Reporting Webinars Image

article May 22, 2013

Most Frequently Asked Questions From Our Functional Limitation Reporting Webinars

Today's blog post comes from WebPT Senior Writer Charlotte Bohnett, contributing writer Erica Cohen, and WebPT Co-Founder Heidi Jannenga, PT. Monday and Tuesday we hosted webinars on functional limitation reporting. We got tons of great questions. Here are the most frequently asked ones: The Basics What is functional limitation reporting? Beginning July 1, 2013, CMS is requiring that you complete functional limitation reporting (FLR) on all Medicare part B patients in order to receive reimbursement for your …

article Nov 6, 2012

Pass the PQRS, Please!

Today's blog post comes from WebPT Co-Founder Heidi Jannenga, PT, MPT, ATC/L. Can you believe it’s already November? That means two things: Thanksgiving and PQRS 2013 (if you treat Medicare patients, of course). I know we’d much rather fill our thoughts—and bellies—with turkey, dressing, and buttery mashed potatoes. But you have to make room somewhere for Physicians Quality Reporting System (PQRS, formerly known as PQRI). You can’t smother it with gravy or tuck it behind excess cans …

webinar Aug 27, 2012

Keep Your Clinic Compliant

Compliance is no laughing matter, but in this webinar, we do our best to keep things light—and understandable. Here, we provide some informational resources, including ways technology can help your clinic stay compliant and how to ensure your staff understands HIPAA. This webinar was hosted by Special Guest Rick Gawenda of  Gawenda Seminars  and WebPT Co-Founder Heidi Jannenga PT, MPT, ATC/L.

PQRS Back Pain Measures Group Clarification Image

article Jan 17, 2014

PQRS Back Pain Measures Group Clarification

It’s a new year, and you know what that means: a new PQRS reporting period. Many WebPT Members have already started reporting PQRS data—and that’s great. The sooner you begin reporting, the sooner you’ll reach the minimum reporting requirements and thus ensure you avoid the 2% penalty. As you might recall from this blog post , you have a few different options when it comes to satisfactory PQRS reporting. For those practitioners who treat a large population …

How to Complete Functional Limitation Reporting in WebPT Image

article Feb 19, 2014

How to Complete Functional Limitation Reporting in WebPT

As of July 1, 2013, the Centers for Medicare and Medicaid Services (CMS) requires that therapists complete functional limitation reporting (FLR)—through the use of  G-codes and severity modifiers —on all eligible Medicare Part B patients at the initial evaluation, re-evaluation if applicable, every progress note (minimum of every ten visits), and discharge in order to receive reimbursement for their services. Today, several other private insurance companies also require FLR data as a condition of reimbursement. Good thing …

article Nov 11, 2013

Everything You Need to Know About the Medicare 8-Minute Rule

In honor of this month’s compliance theme, here’s everything you need to know about how therapists determine what to bill to Medicare for outpatient therapy services (a.k.a. the 8-Minute Rule): CPT Codes  There are two types of CPT codes you’ll need to understand in order to bill properly: service- and time-based. Service-based (or untimed ) codes are those that you’d use for things like conducting a physical therapy evaluation or re-evaluation, applying hot/cold packs, or performing electrical …

article Aug 1, 2012

Holy Autonomy, Batman! It’s Compliance!

Today’s post comes from WebPT copywriters Charlotte Bohnett and Erica Cohen. Autonomy, direct access, and respect. We all know the fight—in fact, at this point these three words have become more like a rehab therapist mantra. But we get the sneaking suspicion that not everyone really understands what these words means. Today, let’s tackle autonomy. For a dictionary definition , autonomy means: “independence or freedom, as of the will or one's actions: the autonomy of the individual.” …

Get exclusive content delivered right to your inbox.