Art Gross co-founded Entegration in 2000 and serves as president and CEO. As Entegration’s medical clients adopted EHR technology Gross recognized the need to help them protect patient data and comply with complex HIPAA security regulations. Leveraging his experience supporting medical practices, in-depth knowledge of HIPAA compliance and security, and IT technology, Gross started a second company — HIPAA Secure Now! — focused on the unique IT requirements of medical practices. Email Art at [email protected]
Until they’ve opened a letter from the Office of Civil Rights (OCR) notifying them that their practice is being audited for HIPAA compliance, many physicians don’t realize the gravity of the situation their practices may be facing.
If you’ve ever been speeding down the highway, passed a police car, then slowed to well below the speed limit, hoping you wouldn’t get pulled over and handed a citation, then you are likely doing the same thing when it comes to your HIPAA compliance.
Here’s a cautionary tale: A medical practice comes to us in a panic. It turns out the physician had received a letter from the Office of Civil Rights (OCR) ordering an investigation related to a patient data breach – not his own.
All medical practices need to realize they are vulnerable to information security breaches. Mobile devices that house sensitive patient information can easily be lost or stolen, and practices should take steps to reduce risks by performing a risk assessment and identifying potential “leaks.”
The Centers for Medicare and Medicaid Services (CMS) pulls no punches when it warns healthcare providers that meaningful use audits are happening, at random, and consequences for failing the audit are costly. If a provider cannot produce documentation that fully supports its electronic health record (EHR) attestation, the CMS could recoup incentive payments.