Episode 411: Cybersecurity Performance Goals
We discuss the different categories of goals that are outlined; being proactive so your practice is ready when changes come; the essential goals HHS has outlined and what they mean; the encouraged goals HHS has outlined and what they mean; why these goals make sense; and how the PCT Way can help you meet these cybersecurity goals.
Episode 409: The Forthcoming Return of Random HIPAA Audits
we share ways to be proactive in light of the news that random HIPAA audits are returning.
We discuss why there’s still no HIPAA police; the function of these random audits; where the gaps in compliance have been historically; what auditors will likely be looking for; the importance of risk analyses, risk mitigation plans, and policies & procedures; how many HIPAA covered entities were audited the last time the program was active; and PCT’s resources to help you get started with formal compliance in a shame-free way.
Episode 408: Smart Notebooks – HIPAA Considerations and Risks
We discuss why smart notebooks are popular; how smart notebooks work and why they’re in HIPAA’s scope; risk exposure; device security and hardening; communicating to clinicians that these devices are not HIPAA compatible; ways to support documentation processes that are HIPAA compatible; and what to do if you find out a clinician has been using a smart notebook.
Episode 407: Change Healthcare Cyber Attack – the Impact
we discuss the recent Change Healthcare cyber attack and its impact for group practices.
We cover what we know and what we don’t know yet; resources to help you take practical steps; how many people are impacted by this breach; the ongoing investigations; ransomware attacks; who is liable for this incident; maintaining operational continuity; and the importance of being proactive in your security practices.
Episode 406: Key Takeaways from the HIPAA Regulators Annual Reports
we summarize what group practice owners should know about the Office of Civil Rights Annual Reports to Congress and explain how understanding them can inform risk management.
We discuss the compliance report from the Office of Civil Rights (OCR); how complaints filed were resolved; compliance reviews vs. audits; reframing the (very common) fear of HIPAA complaints; the unsecured PHI report from the OCR; risk management for avoiding large breaches; the importance of reporting breaches; and the primary sources of breaches and ways to minimize them.
Episode 405: Teletherapy – Cross-Jurisdictional Practice & Licensure Compacts Updates
we’re exploring what group practice owners should know about cross-jurisdictional practice in the age of teletherapy.
We discuss the shifting landscape of cross-jurisdictional practice; different licensure compacts to be aware of; applying for privileges to practice under licensure compacts; telehealth training requirements; service and payment parity; payment parity advocacy; states that restrict teletherapy based on provider location; temporary practice provisions; and our CE training that dives deeper into this topic.