Under the HIPAA Privacy Rule, patients have several rights regarding their medical records, including a right to access, a right to amend, and, in some circumstances, a right to restrict disclosures of their protected health information (PHI). Understanding and complying with those rights is an important component of quality patient care.
If you own a small- to medium-sized physical therapy practice, you are most likely preoccupied with daily operations such as paying bills, marketing your practice, and treating patients. You may know about HIPAA at a high-level—and you may also worry from time to time about a data breach. But, compliance and security are complicated; the regulations are written in legalese.
With electronic storage of protected health information (“PHI”) becoming more common, healthcare providers are rightly concerned about ensuring their data and security systems are not breached, and developing an established course of action in the event that their systems are breached.
Before 2015, data breaches were mostly confined to retail businesses. However, as more patient information becomes digitized, big data breaches are becoming more common in health care. And hackers don’t discriminate; they target organizations of all types and sizes, ranging from big hospitals to small private practices.
I’m sure by now you’ve heard a rumor that California has enacted the most impactful privacy rule in the nation. Maybe you also heard that California’s privacy rule applies to California residents—and that it does not apply to medical information.
Without a doubt, healthcare practices—big and small—find the HIPAA risk assessment daunting. The HIPAA Security Rule requires all covered entities (a.k.a. providers) and business associates (a.k.a. the people and vendors providers do business with) to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all electronic protected health information (ePHI).
As exhibited in the news items below, small practices are not immune to HIPAA scrutiny by the federal government’s Department of Health and Human Services (DHHS)—as investigated by their enforcement agency, the Office of Civil Rights (OCR).
Here’s a scenario I hope you never have to face: your small physical therapy practice hires a third-party billing company to manage your billing operations. Then, that billing company experiences a massive data breach affecting more than 1,000 of your patients.
The Health Insurance Portability and Accountability Act of 1996—a.k.a. HIPAA—does not distinguish between large and small practices. Fortunately, regulators do. While the law imposes the same requirements upon solo practitioners and large rehab hospitals, the manner in which those requirements are applied may depend upon your practice size.
The average American spends way more time scouring the Internet for medical advice than he or she does with an actual doctor. Here are the trends for patient behavior online and what it means for private practice PTs.
Ever rush back to your house to double-check that you remembered to lock up? You care about security, about having all your belongings safe and sound. So do we. In fact, we’re a bit obsessed. But you can never be too cautious when it comes to your clinic’s data, right?
Enter IO Data Centers, the crème de la crème of data storage. With centers in Phoenix and Scottsdale, Arizona as well as Edison, New Jersey, IO is home to some of the most profitable and security-conscious companies in the world, including us. Not only do we house all your WebPT data here, but we store all our own data, too.
Who is IO?
I’ll let their company video do the talkin’:
For most people, any mention of the cloud causes flashbacks to high school science class—a white, fluffy cumulus or dark, stormy nimbus. But when we talk cloud, we mean neither. We’re talking the techy type: cloud computing. Cloud computing is, quite simply, internet-based computing. Essentially, shared resources, software, and information are provided to computers and other devices (like your smartphone) on demand. Think about it like an electricity grid for information—you plug in (sign on) and immediately are able to access the flow of information available to you without needing your own generating station (in this case, bulky servers to house all your data).