Money with wings Not getting every dollar you deserve? Register for our free webinar to learn the billing secrets payers don't want you to know.


Today's blog post comes from WebPT copywriters Charlotte Bohnett and Erica Cohen.

So, you probably remember a few weeks ago we wrote a pretty comprehensive overview on how you can ensure HIPAA compliance in your clinic. We covered everything from HIPAA basics to continuing education and training. In case you didn’t have a chance to read it, here’s a refresher:

US Congress established the Health Insurance Portability and Accountability Act in 1996. They implemented Title II: Preventing Health Care Fraud and Abuse to protect a patient’s private health information (PHI).

“Under this act, all healthcare providers, insurers, and their business associates may only collect, share, or use a patient’s PHI in approved methods and only for the explicit purpose of furthering patient care.

“A HIPAA violation can be anything from discussing identifiable patient information with your friends over lunch to leaving your not-password-protected work laptop open at a coffee shop. And, if you are found to have committed wrongful disclosure of individually identifiable health information, there are financial and criminal repercussions—including fines of up to $50,000 and one-year imprisonment.”

Now that we all know the basics, how about we tackle something a bit more tricky: HIPAA myths. There’s a lot of lore out there surrounding mobile devices and technology. What’s compliant? What isn’t? Can I use this? What about that? Let’s nip these worrisome quandaries in the bud here and now. Enter the WebPT mythbusters!

Myth: iPads are not HIPAA compliant.

Fact: False.

According to an article on ipodnn.com, “FaceTime and iOS as a whole should be compliant with HIPAA (Health Insurance Portability and Accountability Act) security rules, an Apple spokesperson suggests.”

And here’s the tech explanation the Apple representative writes in an email to Jason D. O'Grady for an article on ZD Net:

“iPad supports WPA2 Enterprise to provide authenticated access to your enterprise wireless network. WPA2 Enterprise uses 128-bit AES encryption, giving users the highest level of assurance that their data will remain protected when they send and receive communications over a Wi-Fi network connection. In addition to your existing infrastructure each FaceTime session is encrypted end to end with unique session keys. Apple creates a unique ID for each FaceTime user, ensuring FaceTime calls are routed and connected properly."

Well, that’s all well and fine. But what happens if your device is lost or stolen? In an article on CultofMac.com, Ryan Faas suggests practitioners shouldn’t save patient records onto any device. This will ensure “a lost or stolen device doesn’t immediately create a major security concern.” So if not on your device, where should you save your data? Check out the next myth for that nugget o’ wisdom.

Want to learn more about securing your mobile devices? Here are five steps to securing mobile data for HIPAA compliance from SC Magazine. Or have questions about other mobile devices? Check out this blog post from LuxSci on Blackberry HIPAA compliance as well as this marketing piece on compliance from MOTOROLA.

Myth: Storing my patient’s personal health information myself is safer than storing it in the cloud.

Fact: False.

Would you store cash under your mattress? We’re thinking probably not. So why would you store your most valuable patient information in a server under your desk? The same principles apply—there is no fail safe.

A few months ago, we posted a blog about the benefits of cloud computing. There, we cited Software Advice’s analysis on the US Department of Health and Human Services (HHS) 2011 HIPAA security violation report. Key findings?

  • 6,800 paper records were supposedly mailed but never received.
  • An impostor posing as a recycling-service employee stole over 1,300 individuals’ records and films
  • A former employee stole a laptop that contained personal health records of over 50,000 patients

Clearly, there’s a case for going digital to stay compliant and keeping your valuable documents stored in one safe place (that isn’t in a file folder, on a server tucked away in the supply closet, or on an easy-to-steal laptop’s hard drive).

And with secure data houses—like WebPT’s IO Data Center, which boasts a defensible perimeter, digital video surveillance, biometric screening, and 24x7xForever guard staff—there is practically no threat of a physical or hacker-caused breach. Learn more about our gold-standard security here.

Myth: Digitally documenting with an EMR is safer than paper documentation.

Fact:  True.

So, we know your data is safe and secure in the cloud, but how is an EMR better than paper for your documentation? Well, besides being wholly more legible and organized for your sanity’s sake, there are the matters of controlled access, encryptions, and privacy. Take WebPT for example: we use 256-bit SSL encryption—the same as online banks—for all customer interfaces. And as a recipient of the TRUSTe Certified Privacy badge, we employ strict password guidelines to ensure login security. Plus, because we issue unique user IDs and passwords for each clinic staff member, you (the clinic owner) control access to your patients’ personal health information. 

Sure, accessing your patient’s protected health information via a HIPAA-compliant device is the first step. But it’s just that—a step. Ultimately, it’s your use of these devices in a compliant manner—like saving your files appropriately, keeping your devices safe, and not discussing sensitive health information in public or on social—that will ensure you’re doing what’s right for your clinic, your patients, and the law.

Have a few myths of your own that we didn’t cover here? Let us know in the comments section below. We’d love to help you prove ‘em true or truly debunk ‘em.

PQRS 2016: Everything PTs, OTs, and SLPs Need to Know - Regular BannerPQRS 2016: Everything PTs, OTs, and SLPs Need to Know - Small Banner
  • articleAug 2, 2012

    HIPAA Compliance in the PT Clinic

    Today's post comes from WebPT copywriters Charlotte Bohnett and Erica Cohen. The Health Insurance Portability and Accountability Act  ( HIPAA ) is as dense as it is important. But for any healthcare provider handling private personal health information , which you promised to protect as part of the Health Information Privacy Rule, there are a few things you must know. First, a little background information on HIPAA: US Congress established the Health Insurance Portability and Accountability Act …

  • Digital Critical: Data Protection, Password Security, and Computer Safeguards Image

    articleDec 9, 2015

    Digital Critical: Data Protection, Password Security, and Computer Safeguards

    In the past five years, the way rehab therapists perceive—and use—information technology in their clinics has changed dramatically. We used to manage our files with stationary computers and back-room servers we could only access within the office. Now, our teams are mobile, and we use tablets, laptops, and phones to access the powerful cloud applications—including the WebPT EMR —that help us do our jobs. Essentially, the servers of yesteryear have migrated to the cloud.  With this new …

  • The Essential Guide to Disaster-Proofing Your PT, OT, or SLP Practice Image

    articleSep 28, 2015

    The Essential Guide to Disaster-Proofing Your PT, OT, or SLP Practice

    September is Disaster Recovery Month, which makes it a perfect time to think about disaster-proofing your practice. If you’re ready to skip this blog because you don’t think a disaster will impact your practice, consider the following factors: Not all disasters are city-wide events, and a disaster of any scale could destroy your practice. These events come in all shapes and sizes, from the sprinklers going off in your clinic and destroying your equipment, to snow storms …

  • articleJul 11, 2013

    HIPAA Final Omnibus Ruling: How Does it Apply to You?

    Curious as to how the  new rules  included in the HIPAA Final Omnibus Ruling apply to you and your clinic? Here, we provide a breakdown of what's in store for your practice starting September 23, 2013. The American Medical Association (AMA) published some great information to help physicians navigate this new ruling, which also applies to rehab therapists. According to the AMA, providers should focus most heavily on these three areas: 1. Privacy, Security, and Breach Notification …

  • articleJul 12, 2011

    5 Cloud Fears Explained

    Technology has become a crucial component to healthcare documentation and management. Many benefits come from Electronic Record keeping including productivity increases, greater security measures as the burden of IT being lifted off of the shoulders of clinic staff. One of the most beneficial technology innovations in healthcare is the development of cloud-based technology. , with new “cloud” technology, comes a lot of questions and concerns. Is it proven?  Is it safe?  We see a lot of misinformation …

  • articleNov 7, 2013

    FLR and PQRS: How Are They Different?

    Functional limitation reporting (FLR) and PQRS both fall under the ever-widening umbrella of Medicare regulations, and they both involve outcome measures and data codes. Still, they are completely separate requirements, each with its own set of rules. Confusing, we know. To help you sort out the differences, we’ve put together a short breakdown of each one as well as a detailed compare/contrast chart: The Basics of FLR On July 1, 2013, Centers for Medicare & Medicaid Services …

  • articleNov 13, 2012

    What’s the Difference Between Registry-Based and Claims-Based Reporting Methods for PQRS?

    Today’s blog comes from WebPT Copywriters Char Bohnett and Erica Cohen. If you pay attention to our blog posts this month, you may notice a theme. That’s because we always have themes, but this particular month is über important. For us here at WebPT, November is synonymous with PQRS prep. So we thought we’d share our vast PQRS knowledge with you, giving you all the info you need to prepare yourself for 2013. Today, we’ll cover the …

  • PQRS 2016: Everything PTs, OTs, and SLPs Need to Know Image

    webinarNov 4, 2015

    PQRS 2016: Everything PTs, OTs, and SLPs Need to Know

    At this point, you’d think satisfying PQRS requirements would be child’s play, but unfortunately, Medicare changes the rules every year. Fortunately, we’ve already combed through the 2016 Final Rule for you and organized everything you need to know about PQRS into a jam-packed, super educational 60-minute webinar. Join us for this beneficial seminar, where hosts Heidi Jannenga and Charlotte Bohnett will: detail 2016 reporting requirements; describe the different reporting methods; and explain how to ensure you successfully …

  • articleAug 13, 2011

    How to tell if an EMR will help or hinder your practice

    While looking at an EMR for your clinic, it can be hard to understand what will work for you and what won't. To add to it, the messages in the industry seem a bit mixed and muddled. On any given day, you may read an article outlining all of the reasons why EMR adoption is slow and difficult for a non-technical staff.   A number of reasons fault the user and not the software. The next day, …

Achieve greatness in practice with the ultimate EMR for PTs, OTs, and SLPs.