First Healthcare Compliance CONNECT- January 2018
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
®<br />
<strong>CONNECT</strong><br />
An Exclusive Monthly Publication for Clients<br />
Certificate vs<br />
Certification?<br />
<strong>January</strong> <strong>2018</strong><br />
Patient Safety<br />
Gaps<br />
Preventing<br />
a HIPAA<br />
Breach<br />
Introducing<br />
our<br />
<strong>Compliance</strong><br />
Super Ninja!
Important <strong>Compliance</strong> Dates<br />
<strong>January</strong><br />
1<br />
<strong>January</strong><br />
1<br />
July<br />
1<br />
December<br />
1<br />
December<br />
February<br />
15<br />
<strong>2018</strong> EHR Stage 2 Medicaid reporting period is a minimum of any<br />
continuous 90 days between <strong>January</strong> 1 and December 31, <strong>2018</strong>.<br />
<strong>2018</strong> EHR Stage 3 Medicaid (for all new and returning participants)<br />
reporting period is a minimum of any continuous 90 days between<br />
<strong>January</strong> 1 and December 31, <strong>2018</strong>.<br />
Beginning July 1, 2017, practitioners in 9 states are required to<br />
report claims data on post-operative visits furnished during the<br />
global period of specified procedures using CPT code 99024.<br />
Virtual Group submissions due to CMS via email to<br />
MIPS_VirtualGroups@cms.hhs.gov by December 1, 2017.<br />
December 15, 2017 is the new extended deadline for electronic<br />
submission of OSHA 300/300A Illness and Injury forms for required<br />
establishments.<br />
In This Issue:<br />
Important <strong>Compliance</strong> Dates<br />
<strong>Compliance</strong> Super Ninja<br />
Patient Safety Gaps<br />
Preventing a HIPAA Breach: Phishing Attacks and Access<br />
2<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2018</strong>
<strong>Compliance</strong> Super Ninja<br />
Kristine Papa<br />
Director, <strong>Compliance</strong><br />
West Dermatology<br />
How would you describe your experience with <strong>First</strong> Healhcare <strong>Compliance</strong>?<br />
I absolutely enjoy working with 1st HCC. The customer service is always excellent! 1st HCC is open to suggestions<br />
and allows clients to submit their own training modules. Working with 1st HCC you feel as if you are part of the 1st<br />
HCC family. They go above and beyond to assist client requests – even working on a holiday to do so.<br />
What do you enjoy most about working with West Dermatology?<br />
The professionalism of the staff and how everyone goes out of their way to work as a team even across state lines. Of<br />
course no team could function without the support of management. They do all they can to make us feel we are part of<br />
the West Dermatology family in ways you may not expect from such a high level company. I am especially proud of the<br />
West Dermatology commitment to community as evidenced by the support provided, both emotionally and financially,<br />
to the victims of the October 1st shooting in Las Vegas.<br />
Would you prefer to permanently be transported 500 years in the<br />
future or 500 years in the past?<br />
500 years in the future. It’s exciting to see where compliance and technology<br />
has come and I can only image where it will be 500 years in the<br />
future.<br />
Each month we highlight one exceptional compliance<br />
professional chosen by our client services team. If our team<br />
notices your compliance chops, you might be the next Ninja!<br />
Addressing Unauthorized Access with Ray Ribble<br />
Understand the Difference: Certificate vs Certification<br />
Naughty or Nice? The Rules of Giving and Receiving in <strong>Healthcare</strong><br />
Upcoming Learning Opportunities<br />
Contact Toll Free: 888-54-FIRST 3
Don’t miss out on free stuff!<br />
Please enjoy one set of complimentary<br />
compliance posters available from our store at<br />
1sthcc.com/shop<br />
Use coupon code:<br />
TISTHESEASON<br />
Good through 1/31/18<br />
4<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2018</strong>
Get the eBook!<br />
When a patient safety incident, medical error or adverse event occurs, patients are<br />
rarely the only victims. Join us to explore the impact on caregivers and understand<br />
the lasting damage to those providers.<br />
®<br />
Patient Safety Gaps<br />
Medical Errors and Second Victims<br />
Read more about:<br />
• Background of Patient Safety Gaps<br />
• Scope of the Problem<br />
• Medical Errors and Accountability<br />
By David M. Sommers MD JD LLM<br />
Download your copy today!<br />
Contact Toll Free: 888-54-FIRST 5
By Jill Brooks, MD, CHCO<br />
Your organization’s security risk analysis and security awareness<br />
training are the best defense against nefarious cyber criminals.<br />
In reviewing breaches from 2017, cyberattacks with ransomware<br />
brought organizations to a standstill if they lacked a pre-emptive<br />
back-up plan for the data hostage situation; a few had no choice<br />
but to succumb to the hackers’ payment demands. When healthcare<br />
entities were the intended ransomware targets, breach of<br />
protected health information (PHI) was not their only concern—<br />
the delivery of patient care was significantly altered or even<br />
completely blocked. To mitigate your organization’s potential<br />
security risks for <strong>2018</strong>, specific areas to address must include<br />
your staff’s awareness of phishing emails and proper termination<br />
procedures for employee access, if necessary.<br />
As part of security awareness training, your staff must understand<br />
the potentially disastrous effects of phishing emails. Tips<br />
on detection of phishing emails should include methods of reporting<br />
to prevent other employees from possibly falling victim to the<br />
same scam. One notable scheme in 2017 involved a fake survey<br />
sent to employees’ emails at a healthcare center. Hackers gained<br />
access to the accounts of those employees who submitted the<br />
survey and were able to re-direct the employees’ paychecks<br />
into the hacker’s bank account. During the investigation, it was<br />
also determined that the email accounts contained patients’ PHI.<br />
Although uncertain if the hacker actually accessed the PHI, the<br />
HIPAA breach notification protocol had to be followed, including<br />
costly identity theft monitoring for those affected.<br />
Knowledge of common phishing email schemes will help staff<br />
realize how sneaky the cybercriminals can be. Simply clicking on<br />
a link, attachment or just opening an email may allow the hacker<br />
to insert malware, ransomware or a virus. Employees should<br />
exercise caution if they receive an email letter from their CEO<br />
or another executive in the organization even when appropriate<br />
logos are present. An email containing multiple misspellings or<br />
poor word structure should always give pause. An email request<br />
for password information should be a glaring red flag. Staff<br />
should always avoid URLs beginning with http://. The S in https://<br />
6<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2018</strong>
stands for “secure”, encrypting the data exchange to prevent<br />
others from eavesdropping on the computer communication.<br />
Any URLs lacking the domain name of the specific organization<br />
immediately following the https:// are also suspect.<br />
Termination of employee access may be necessary to maintain<br />
the security of the organization. Access must be terminated<br />
immediately upon employee termination. While a breach<br />
may result from a current employee’s malicious intent, other<br />
breaches have been attributed to unauthorized access by prior<br />
workforce members whose access was not appropriately terminated.<br />
In November 2017, the Office for Civil Rights (OCR) issued<br />
guidance on how to terminate electronic and physical access<br />
when an employee quits or is terminated. A few of the key steps<br />
include the following: notification of the IT department or security<br />
official; deactivation or deletion of user accounts; retrieval of<br />
all remote devices; and erasure of any ePHI on personal devices.<br />
Procedures should also be in place for any changes to employee<br />
job descriptions and how the level of access should be altered<br />
to reflect the new job classification.<br />
Unfortunately, many of these cyberattacks on the healthcare<br />
industry were not easily prevented such as the multiple attacks<br />
by the infamous TheDarkOverlord (TDO). Due to the serious<br />
ramifications of ransomware attacks on healthcare facilities, the<br />
OCR issued guidance on what to do in this hostage situation.<br />
The following processes are recommended for security incident<br />
procedures:<br />
• detect and conduct an initial analysis of the ransomware;<br />
• contain the impact and propagation of the ransomware;<br />
• eradicate the instances of ransomware and mitigate or<br />
remediate vulnerabilities that permitted the ransomware<br />
attack and propagation;<br />
• recover from the ransomware attack by restoring data lost<br />
during the attack and returning to “business as usual” operations;<br />
and<br />
• conduct post-incident activities, which could include a<br />
deeper analysis of the evidence to determine if the entity<br />
has any regulatory, contractual or other obligations as a<br />
result of the incident (such as providing notification of a<br />
breach of PHI), and incorporating any lessons learned into<br />
the overall security management process of the entity to<br />
improve incident response effectiveness for future security<br />
incidents.<br />
Since it’s that time of year to report all breaches affecting under<br />
500 individuals, be sure corrective action has been implemented<br />
in your organization to prevent any possible recurrences. Most<br />
importantly, your employees must be aware of any changes to<br />
your security policies and procedures for <strong>2018</strong>.<br />
Contact Toll Free: 888-54-FIRST 7
Podcast<br />
Addressing Unauthorized Access with Ray Ribble<br />
Catherine Short, Partnership Marketing Specialist at <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, hosts Ray Ribble,<br />
founder of SPHER, Inc., a healthcare cybersecurity company, for an interactive discussion on<br />
“Addressing Unauthorized Access – Knowing who is looking at your PHI.”<br />
This podcast focuses on a discussion of the current landscape as it relates to unauthorized access of<br />
patient PHI within the healthcare community. Ray guides us to what measures can be deployed to<br />
protect and detect unwanted eyeballs.<br />
Objectives:<br />
1. Review status of PHI Protection<br />
2. How is PHI monitored today<br />
3. What can I do to protect my patients PHI from unauthorized access?<br />
Looking for the latest compliance insights?<br />
Subscribe to our listen and learn podcasts and don’t miss a thing!<br />
Listen to the <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> podcast!<br />
8<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2018</strong>
This past September, <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> released our<br />
certificate program to teach the essential principles and practices<br />
of compliance— The Fundamentals. This one of a kind<br />
program gives healthcare professionals the knowledge they need<br />
to meet compliance challenges in the heavily regulated healthcare<br />
industry.<br />
When learners successfully complete our four-hour course, they<br />
earn a certificate—not certification—by taking a 100-question<br />
exam to display their mastery of healthcare compliance<br />
fundamentals. It is important to note the difference between a<br />
certificate and certification program, as they are not one in the<br />
same.<br />
Typically, a certificate program proves that a compliance practitioner<br />
attended or completed a course or series of courses that<br />
have a specific focus. This type of program is open to newcomers<br />
as well as experienced professionals, and these programs do not<br />
allow the learner to place designations after their name when<br />
completed.<br />
To be defined as a certification program, a program must include<br />
both an educational component and an experience component,<br />
and it must require that learners pass an exam. Completing this<br />
type of program allows a practitioner to put a designation after<br />
his or her name. Also, certification requires recertification, which<br />
ensures that practitioners keep their knowledge current through<br />
continuing education.<br />
Unfortunately, there are programs being offered that are mislabeled<br />
as certifications so healthcare professionals and those<br />
looking to enter this industry need to be careful in how they<br />
increase their knowledge and enhance their careers.<br />
If you’re looking for an excellent certificate program that will give<br />
you an abundance of practical knowledge, you’ll do well by taking<br />
The Fundamentals. But if you are interested in a certification, be<br />
sure to find a program that includes both education and experience,<br />
requires that you pass an exam, and includes recertification<br />
so you keep up with current teachings.<br />
If you’re considering compliance education, don’t be misled—<br />
take a close look at the credibility of the programs available and<br />
choose one that best fits your career development and current<br />
objectives.<br />
Contact Toll Free: 888-54-FIRST 9
Join us on Social Media!<br />
10<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2018</strong>
The most comprehensive healthcare<br />
compliance course yet!<br />
The Fundamentals is a user-friendly, four-module course designed<br />
to help healthcare professionals understand the<br />
essential principles and practices of compliance.<br />
Written by our “dream team” of<br />
healthcare providers and attorneys,<br />
The Fundamentals Course is packed<br />
with useful, easy-to-understand<br />
information that covers HIPAA, OSHA,<br />
employment law and enforcement of<br />
Federal healthcare laws. The course<br />
takes less than four hours to complete.<br />
The <strong>Compliance</strong> Certification Board<br />
(CCB)® has approved this event for up<br />
to 4.4 non-live CCB CEUs.<br />
Visit 1sthcc.com/shop to<br />
register today!<br />
Contact Toll Free: 888-54-FIRST 11
Join Us for These Upcoming<br />
Learning Opportunities!<br />
Complimentary CEU Webinars<br />
<strong>January</strong> 23rd @ 12pm ET<br />
Red Flag Rule - HIPAA <strong>Compliance</strong><br />
Todd Sexton<br />
Identillect Technologies<br />
Listen and Learn Podcasts<br />
February 6th @ 12pm ET<br />
Current Inspections - What to Expect<br />
When the Surveyor Arrives<br />
Bridget Smudrick, CLIA Specialist<br />
DoctorsManagement<br />
Featured <strong>January</strong> 16th<br />
Unauthorized Access<br />
Ray Ribble<br />
SPHER, Inc.<br />
Featured <strong>January</strong> 30th<br />
Security Management in<br />
<strong>Healthcare</strong> Facilities<br />
Steven S. Wilder, BA, CHSP, STS<br />
Sorensen Wilder and Associates<br />
Now available in our training zone!<br />
CEUs from the following organizations:<br />
AAPC<br />
ADCA<br />
AHCAE<br />
AHIMA<br />
APMBA<br />
ARHCP<br />
HBMA<br />
MAB<br />
NAMAS<br />
NHCLA<br />
PAHCOM<br />
PAHCS<br />
PHIA<br />
PMI<br />
PMRNC<br />
POMAA<br />
Contact our Client Services Team with any questions!<br />
888.54.FIRST or clientservices@1sthcc.com<br />
12<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2018</strong>