Text Messaging your Patients with Vetters Enterprises

Best Practices for Text Messaging Your Patients

Posted on November 21, 2018December 7, 2018 by VettersEnt

Text messaging is undoubtedly one of the most popular ways to quickly and easily communicate today, but does that make it secure? Think again! While text messaging your patients might seem like an exciting new way to stay in touch, there are many unique problems that can pop up when using texting in the healthcare space.

Texting and HIPAA

As a provider, your medical practice is required to follow the rules and regulations put together in HIPAA. Some practices mistakenly think that HIPAA prevents all text message communications, but that isn’t the case. There is no rule that stops you from texting patients missed appointment notifications, appointment reminders and other information. However, HIPAA does mandate that, when text messaging your patients, you must put adequate protections in place to guard Protected Health Information (PHI). Since you have no guarantee that text messages are arriving at the phone number associated with a patient and phones can be easily compromised, you shouldn’t dive into text messaging your patients without the right preparations.

Do Your Patients Want to Receive Text Messages?

Before you add text messaging to your suite of contactoptions, you should consider what your patients want. The Columbia University Medical Center conducted a study of patients to see what they wanted from theirdoctors. ¾ of patients said that they preferred:

Being texted statements instead of questions (“Reply YES to this message to confirm your appointment on November 20^th” instead of “Can we expect you at your appointment on November 20^th?”)
Receiving text messages that are professional and written with proper grammar (Saying “you” instead of “u,” “tomorrow” instead of “2mrw,” etc.)
Cute, happy emojis included at the end of messages

When You’re Text Messaging Your Patients

Verify patient contact information every time you speak with them to ensure reminders and confirmations are arriving at the right destination.
Let patients know that by giving you their wireless contact information, the number may be used for both telephone and text message communications.
If patients ask to stop receiving text messages or change the phone number on file, you should have procedures inplace to instantly update the information in the system. You can face legaltrouble for unwanted text communications.
When text messaging your patients,include the least amount of PHI possible.
If you choose to use a third-partymessaging service, make sure that it is HIPAA-compliant before signing up.

Alternatives to Text Messaging

Patient portals offer secure messaging between providers and patients, and they are 100% HIPAA compliant. Vetters Enterprises can help your practice implement patient portals and ensure safe, prompt communication between your office and clients. Patient portals also offer the additional benefit of fulfilling the secure patient communication guidelines that are part of the Meaningful Use standards. If you are tracking your metrics for MU or MACRA, adding a patient portal will help you to reach your goals.

Improve Your Practice with Vetters Enterprises

Vetters Enterprises specializes in practice management, private practice business support and revenue cycle optimization. We can perform in-depthassessments of your practice or facility and identify potential issues. Let uskeep your business as healthy as you keep your patients! Give us a call at(443) 352-0088.

Tips for Surviving a Federal HIPAA Audit

Posted on February 13, 2018July 6, 2018 by VettersEnt

Being contacted by the Department of Health and Human Services (HHS) or the Office for Civil Rights (OCR) for a HIPAA audit can be a very scary situation. The best way to survive a federal HIPAA audit is ensuring that you have the proper procedures in place every single day on the job. A single employee who is non-compliant could cost your practice a lot.

Make Sure It’s Valid

Unfortunately, some scammers try to take advantage of practices by pretending to be OCR representatives conducting an audit and asking practices to purchase “certification” services. OCR and HHS will only make contact with your practice via email or certified letter. You always have a right to respond to ask for proof of validity, and that will not be held against you during the audit process. There is no certifying body for HIPAA compliance in existence, so any organization that approaches you claiming that they are one is lying.

Educate Your Employees

One of the best prevention strategies is educating your employees of the serious consequences of a HIPAA violation.

A HIPAA violation that occurs without knowledge: $100-$25,000 violation
A HIPAA violation due to reasonable cause: $1,000-$50,000 violation
A HIPAA violation due to willful neglect, but fixed within 30 days: $10,000-$50,000 violation
A HIPAA violation due to willful neglect that is uncorrected or corrected after 30 days: $50,000 violation

Reminding employees of the steep cost associated with each violation regularly can help to ensure compliance.

Tips for Survival

When preparing for a federal HIPAA audit, ask yourself the following:

Are our HIPAA policies and procedures regularly updated and effective? You should have things like a Breach Notification policy on hand and in effect.
Is our HIPAA training regularly updated and effective? How do we know it’s working? Every practice is required to hold HIPAA trainings for employees that are up-to-date, as well as maintain detailed records showing when employees attended the training and tests or surveys showing they understood the content.
Has our practice completed a risk assessment? This aspect of HIPAA often lies under the radar, but it’s a requirement as part of the HIPAA security management processes.
Have we had HIPAA breaches? If you have had a breach, you should make sure that all documentation has been properly completed.

Keep Your Practice HIPAA-Compliant with Vetters Enterprises

Vetters Enterprises specializes in practice management, private practice business support and revenue cycle optimization. We can perform in-depth assessments of your practice or facility and identify potential issues. Let us keep your business as healthy as you keep your patients! Give us a call at (443) 352-0088.

Message from the CEO of Compliancy Group

Posted on April 8, 2016 by VettersEnt

Today I want to talk about the odds of being audited.

It’s been all over the news lately that OCR has finally launched their Phase 2 audit program, ushering in a series of 200 desk and onsite audits that will be completed by the end of the year. If you consider the odds of being randomly selected for one of these Phase 2 audits, you wouldn’t be alone in thinking that the chances are slim. It’s a claim we’ve seen time and again.

But set aside these Phase 2 audits for a moment and consider that two of the largest fines ever–totaling $5.5 million–were levied against North Memorial Health System of Minnesota and the Feinstein Institute for Medical Research just a few weeks ago. In each of these cases, an OCR investigation was triggered by a PHI breach. And in each case, OCR discovered a lapse in the organization’s HIPAA compliance which lead to these behemoth fines.

So while the odds of being selected for a Phase 2 audit are relatively slim, the odds of having a breach and triggering OCR investigation are as high as they’ve ever been.

If you need help with your compliance efforts, reach out to VE Cycle Management today. We can get you on track wth Compliancy Guard, the tool that saves you more than money.

Read on to check out some of the content we’ve put out this month, and some of the free educational webinars we have slated for the weeks ahead. And remember that Compliancy Group is here to give you compliance with confidence.

Marc Haskelson

President, CEO

The Importance of HIPAA and HITECH Compliance

Posted on July 15, 2015July 15, 2015 by VettersEnt

Did you properly attest?

What happens if you falsely Attest to Meaningful Use?

Recently, the former CFO of the Shelby Regional Medical Center, Joe White, has been sentenced to 23 months in federal prison and ordered to pay $4.5 million in restitution. White oversaw the hospital’s implementation of electronic health records (EHR) and was responsible for Meaningful Use attestation to obtain incentive payments. He pleaded guilty to making a false statement about the hospital’s status as a meaningful user of EHR when, in fact, the hospital failed to meet the requirements. As a consequence of the ensuing turmoil, Shelby Regional Medical Center has permanently closed.

What message does this send?

Although this is a more severe example of dishonesty, the underlying warning is still there for recipients of Meaningful Use incentives. Falsely attesting or failure to meet requirements could result in civil penalties, refund of incentive money, and could lead to criminal charges.

Does attesting for Meaningful Use mean you’re HIPAA compliant?

Attesting for Meaningful Use does not exempt you from the obligation to comply with HIPAA regulations. Regardless of whether you are applying for Meaningful Use or not, you are still required to be HIPAA compliant. The HITECH Act has served to strengthen HIPAA security and privacy provisions by adding greater fines and penalties for non-compliance. Bottom line, if your services involve Protected Health Information (PHI) you are required to be HIPAA compliant.

HITECH?

The HITECH Act was established with the intent to promote the adoption of health information technology. This was promoted and incentivized by the Government through the Meaningful Use program. Providers can obtain incentive payments by attesting and proving that they are using certified EHR technology to improve patient care.

Do you think you are compliant?

According to HHS, 70% of the healthcare industry is not HIPAA compliant while CMS states that 79% of Meaningful Use Audits have resulted in failure. The two prevalent factors were incomplete risk assessments and misconceptions about the differences between HIPAA and HITECH. If you are unsure of your compliance with HIPAA, HITECH or Meaningful Use you need to take corrective action immediately.

Become Compliant Now And Protect Your Practice

100% Of Our Clients Have Passed Their Audits

Find out how you can quickly become HIPAA compliant, prove your due diligence, satisfy Meaningful Use, and protect your organization’s reputation from irreparable damage and financial penalties.

Why The Guard?

HIPAA, HITECH, Meaningful Use, and Omnibus compliance
Expert HIPAA Coaches
Risk Analysis, Gap Identification and Remediation Plans
Built-in Training, Policies & Procedures
BA Agreement Templates & Tracking
HIPAA Hotline Support
Over 1,000 Satisfied CEs & BAs

vettersenterprises.com 443-377-3096 ph info@vettersenterprises.com

Corrected YouTube Video

Posted on May 12, 2015 by VettersEnt

BUMMER! I found out that my first CoffeeChat Video was cut off so I uploaded a new one that appears to be “all there”. This technology stuff is hard!

CoffeeChat #2 Is up on our YouTube Channel

Posted on May 5, 2015May 5, 2015 by VettersEnt

Take a listen to our latest CoffeeChat https://youtu.be/zMKxGhcfdVY here on our YouTube channel. This episode talks about how just getting a HIPAA Risk Assessment is not enough to be HIPAA compliant according to HITECH and OMNIBUS regulations. Use the contact us page to find out how CompliancyGuard can help your practice Achieve, Illustrate and Maintain HIPAA compliance.

How can CompliancyGuard help you avoid HIPAA fines?

Posted on April 20, 2015 by VettersEnt

Well I will tell you how…

CompliancyGuard is like an insurance policy that protects you from failing HIPAA audits and the excessive fines that can come with those.

The fact is that over 70% of Covered Entities (CEs) will fail their HIPAA audits. And while the reasons for such failures can be all over the place, primarily it will be because of inadequate preparation to achieve complete HIPAA compliance and the inability to maintain compliance after initial risk assessment.

What CompliancyGuard does for you and your practice is simply and effectively provide you a “One-Stop-Shop” solution that sets you up for success and allows you to Achieve, Illustrate and Maintain HIPAA compliance so that it is completely taken off your plate. It is a HIPAA compliance officer in a box. Check out these case studies and tell me you don’t want to have this solution in your back pocket when the HIPAA auditors come knocking!

http://compliancy-group.com/hipaa-case-studies/

Subscribe to our YouTube Channel!

Posted on April 14, 2015April 14, 2015 by VettersEnt

We went all out on this one! I will be having a series of videos called CoffeeChats where I will discuss some of the challenges facing medical practitioners in private practice. I started with a HIPAA compliance overview and I will be delving deeper into that subject with additional videos in the series.

HIPAA is a huge set of regulations and believe it or not over 70% of practices are not HIPAA compliant and over 79% of practices will fail their Meaningful Use HIPAA audits. It’s a challenging landscape to try and navigate and VE Cycle Management wants to help you succeed and achieve HIPAA compliance. Our web-based “one-stop-shop” solution CompliancyGuard can help you do this. We will learn more about what advantages CompliancyGuard has over other services out there and why you need it during this series of videos. Watch the first one now and don’t forget to SUBSCRIBE! https://www.youtube.com/channel/UCBcw7_mnHeIR6eLKv2F4JxA/videos

Vetters Enterprises, LLC

Tag: HIPAA