Most companies assume their cyber security is pretty good… until a breach happens and then you find out where the holes were. We often find that apathy and a lack of being proactive may cost you lots of money. An annual security audit is a necessity for all medical practices and companies in todays ever changing world of technology. It is a vital part of protecting your digital assets and cyber security plan for your organization. It’s not just about discovering any vulnerabilities or shortcomings, rather it’s about opportunities to strengthen your network security.
Noncompliance (non-adherence) to medical recommendations can have a significant impact on a patient’s overall health quality, resulting in decreased opportunities for prevention, delayed diagnosis, and incomplete or ineffective treatment. There may also be significant liability and financial risks to a responsible healthcare professional treating this patient, particularly as patient outcomes increasingly become connected to quality indicators and reimbursement.
As of September 30, 2017, the Department of Health and Human Services Office of Civil Rights (OCR) has received notices of 237 breaches. 46% occurred as result of hacking or IT security incidents; many at the business associate level. Ransomware is rampant and projected to increase 670%. As a covered entity, although a breach occurs at your business associate, under HIPAA, you are responsible for your protected health information and responding to the breach. OCR has been clear that breaches of 500 or more records will be investigated. Given the significant increase in breaches over the past few years, advance preparation is critical and can reduce the cost and burden of breach response.
An Oklahoma physician agreed on August 28, 2017 to pay the government $580,000 to resolve allegations that he violated the False Claims Act by submitting claims to the Medicare program for services he did not provide or supervise. According to the government, the physician allowed a company that employed him and in which he had an ownership interest to use his NPI numbers to bill Medicare for physical therapy evaluation and management services that he did not provide or supervise. The government further alleged that after he separated from the company and deactivated his NPIs associated with the company, he reactivated those NPIs so that the company could use them to bill Medicare for services he neither performed nor supervised.
A 34-year-old male presented to a family medicine physician for chronic low back pain. The physician is comfortable prescribing opioids and has many patients on scheduled drugs. The patient has had chronic pain for many years and has undergone multiple treatments including physical therapy, steroid injections and many medications. On presentation, the patient was on Robaxin and oxycodone (four times a day). His past history is positive for hypertension and alcohol abuse, although he stated he hasn’t drank in the past year. He works as a laborer.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: