• HIPAA Q&A: Fulfilling Patient Records Requests and Authorizations for Releasing PHI  Image

    articleOct 30, 2019 | 10 min. read

    HIPAA Q&A: Fulfilling Patient Records Requests and Authorizations for Releasing PHI

    Under the HIPAA Privacy Rule , patients have several rights regarding their medical records, including a right to access, a right to amend, and, in some circumstances, a right to restrict disclosures of their protected health information (PHI). Understanding and complying with those rights is an important component of quality patient care. Furthermore, The DHHS Office for Civil Rights (OCR) is spotlighting the importance of these rights with its Right of Access Initiative. In September, OCR stood …

  • A HIPAA Risk Assessment is a Learning Experience Image

    articleOct 23, 2019 | 8 min. read

    A HIPAA Risk Assessment is a Learning Experience

    If you own a small- to medium-sized physical therapy practice, you are most likely preoccupied with daily operations such as paying bills, marketing your practice, and treating patients. You may know about HIPAA at a high-level—and you may also worry from time to time about a data breach. But, compliance and security are complicated; the regulations are written in legalese. Big organizations have resources that you do not in the form of experts—and time—that they can devote …

  • How to Deal with a Patient Data Breach (and Avoid One in the First Place) Image

    articleOct 15, 2019 | 7 min. read

    How to Deal with a Patient Data Breach (and Avoid One in the First Place)

    With electronic storage of protected health information (“PHI”) becoming more common, healthcare providers are rightly concerned about ensuring their data and security systems are not breached, and developing an established course of action in the event that their systems are breached.  The most important security precaution that a provider can have in place is a stable system for breach prevention. Otherwise, navigating the field to ensure there are no breaches can be difficult.  Do not place your …

  • Protecting Patient Data: Lessons Learned from the Anthem and Equifax Data Breach Settlements Image

    articleOct 10, 2019 | 6 min. read

    Protecting Patient Data: Lessons Learned from the Anthem and Equifax Data Breach Settlements

    Before 2015, data breaches were mostly confined to retail businesses. However, as more patient information becomes digitized, big data breaches are becoming more common in health care. And hackers don’t discriminate; they target organizations of all types and sizes, ranging from big hospitals to small private practices. So, is there anything a small-to-medium-sized physical therapy practice can do to reduce the risk of a data breach? Performing a HIPAA risk assessment is an excellent first step.  No …

  • Does the New California Consumer Privacy Act Apply to Your Physical Therapy Practice? Image

    articleOct 4, 2019 | 6 min. read

    Does the New California Consumer Privacy Act Apply to Your Physical Therapy Practice?

    I’m sure by now you’ve heard a rumor that California has enacted the most impactful privacy rule in the nation. Maybe you also heard that California’s privacy rule applies to California residents—and that it does not apply to medical information. And perhaps you’ve wondered if the rule applies to your practice, but you haven’t had time to look into it. Lucky for you, WebPT has created this handy FAQ to educate you about the California Consumer Privacy …

  • Overcome Your Fear: 4 Strategies for Tackling the HIPAA Risk Assessment Image

    articleSep 24, 2019 | 5 min. read

    Overcome Your Fear: 4 Strategies for Tackling the HIPAA Risk Assessment

    Without a doubt, healthcare practices—big and small—find the HIPAA risk assessment daunting. The HIPAA Security Rule requires all covered entities (a.k.a. providers) and business associates (a.k.a. the people and vendors providers do business with) to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all electronic protected health information (ePHI). However, carrying that out often seems insurmountable and impossible. How can any busy healthcare practice be expected …

  • Even Small Practices Face Cybersecurity Threats and Government Scrutiny Image

    articleSep 10, 2019 | 4 min. read

    Even Small Practices Face Cybersecurity Threats and Government Scrutiny

    As exhibited in the news items below, small practices are not immune to HIPAA scrutiny by the federal government’s Department of Health and Human Services (DHHS)—as investigated by their enforcement agency, the Office of Civil Rights (OCR). Potential violations may be reported to these agencies through complaints by individual patients or through OCR-initiated audits.  April 2, 2019: “Michigan Practice Forced to Close Following Ransomware Attack” According to this article , when ransomware encrypted the computer system at …

  • 4 Tactics to Reduce Business Associate HIPAA Risk  Image

    articleSep 5, 2019 | 6 min. read

    4 Tactics to Reduce Business Associate HIPAA Risk

    Here’s a scenario I hope you never have to face: your small physical therapy practice hires a third-party billing company to manage your billing operations. Then, that billing company experiences a massive data breach affecting more than 1,000 of your patients. Because the billing company didn’t have an information security or compliance program in place, it was not aware of the breach for more than six months. Unfortunately, the billing company also did not have insurance, so …

  • A 10-Point Plan for Smart and Secure Electronic Communications with Patients Image

    articleMar 15, 2018 | 8 min. read

    A 10-Point Plan for Smart and Secure Electronic Communications with Patients

    As emails and text messages have become ubiquitous, patient expectations around provider responsiveness have increased. Gone are the days when providers set aside time each afternoon to return calls; now, they can simply respond to their patients’ texts—but should they? Many physical therapists, regardless of their practice model or patient population, are surprised to learn that they may not be allowed to interact with patients in the manner they—or their patients—prefer. These same providers are typically even …

  • Ransomware and Malware: 7 Simple Ways to Protect Your Practice from Hacks Image

    articleNov 28, 2017 | 7 min. read

    Ransomware and Malware: 7 Simple Ways to Protect Your Practice from Hacks

    I hate to say it, but your patients’ protected information could be at risk—that is, if you’re not taking the proper precautions to keep it secure. Every day, hackers and cyber criminals use malicious software (a.k.a. “malware”) to target businesses and individuals around the world. Malware has many incarnations—including computer worms, annoying pop-ups, and Trojan horses—but the term generally refers to any software that’s installed without the user’s knowledge or consent. And last year, we saw a …

Pages

Achieve greatness in practice with the ultimate EMR for PTs, OTs, and SLPs.