Cyber Attacks, HIPAA Security Regulations, Online Phishing Scams, Internal Protections, External Protections, EPHI, Encryption, does your head hurt yet?
IT Security is overwhelming, costly, and critically necessary for any radiology group managing their radiology billing in-house or externally through a Revenue Cycle Management Company (RCM). The personal information obtained and stored in your organization is among the most highly sought after by hackers and cybercriminals. The process as a whole is very complex, but there are some basic steps you can take to help simplify your radiology practice’s IT Security.
First, seek professional help. IT Security is not something just anyone can do. An expert in information technology is required just as a radiologist is required to interpret imaging results. You need specific software, hardware, and other tools to keep your organization safe and compliant. Individual needs will vary depending on your organization so you’ll need professionals to help you make informed decisions.
Dexios uses a combination of software experts at Imagine (our radiology billing software), an internal department of IT professionals to handle day-to-day support issues, and a network of professionals to make sure our hardware, servers, firewalls, etc...are protected and compliant.
Securing your radiology practice may seem expensive, but in reality it saves you money. A data breach that results in EPHI being leaked by cybercriminals may mean the end of some radiology practices. Factoring in the cost of law proceedings alone can well exceed the cost of security. In addition, a data breach could damage your organization's reputation making patients reluctant to seek out your services.
Educate your staff frequently. The people working in your organization every day play a critical role in security. Hackers are very good at what they do and even the most seasoned healthcare employee can fall victim to a scam- especially an email phishing scam. According to HIPAA, 60% of healthcare industry data breaches involve phishing or other email attacks. It’s imperative that staff understand how to recognize phishing emails and fraudulent attempts to gain sensitive information. Dexios employees are required to complete a Phishing Awareness course once a year and are quizzed at the end of each course to help ensure understanding and retention of the information.
Seek professional guidance, educate your employees, that seems easy enough right? Well, no IT Security article is complete until we discuss the confusing and sometimes intimidating aspects of the Healthcare Insurance Portability and Accountability Act (HIPAA).
We are all familiar with HIPAA regulations, but if you’ve ever tried to read the documents provided by the U.S. Department of Health & Human Services you know they can be difficult to understand. It can be even more difficult to then figure out how these regulations relate to your radiology billing and coding department.
Dexios has worked very hard to understand and implement a compliance program that exceeds the status quo. Establishing a robust compliance program is not an easy feat. Our IT professionals and HIPAA compliance officer took a lot of time and effort to implement this program, but the results are well worth the effort for our clients. For two years in a row, Dexios Corporation’s compliance programs have been independently evaluated and have achieved HBMA’s compliance accreditation. Dexios Corporation was recognized for our compliance program to protect patient privacy, prevent medical billing fraud, and comply with federal regulations.
We only say this because now you know you can trust we understand how overwhelming HIPAA regulations can be. Here are a few basic tips to help you stay on track with federal regulations.
Appoint a HIPAA Compliance Officer. This person should be involved in every aspect of your ongoing efforts to remain compliant. Some of their main responsibilities should include, yearly training for staff, required annual audits/assessments, all related documentation, and reported breaches.
Conduct a risk analysis. Work with your Compliance Officer to review your PHI (personal health information) life cycle, as well as, your security policies and procedures. When reviewing your PHI make sure to include both paper and electronic formats. Assess how your PHI is collected, used, stored, shared, and disposed of. Identify possible weaknesses and take the necessary steps to resolve them.
Understand Business Associate Agreements (BAA). A Business Associate is any person or business that provides a service that requires them to have access to the PHI that you maintain. Before allowing access to PHI a Business Associate Agreement must be signed that clearly states what PHI they can access, how it will be used, and how it will be returned or destroyed once the service has been completed. While the PHI is in the Business Associate’s possession they are held to the same HIPAA compliance obligations as you or any covered entity would be.
Have an Incident Response Plan. It is important to have a plan of action if a data breach occurs. Designate a response team to document and implement the necessary steps needed if a security incident occurs.
Whatever steps you take, remember that technology and federal regulations are constantly changing. Making your internal radiology billing processes an ongoing process that must be consistently monitored and updated as needed to stay secure and compliant. If you ever need assistance with IT security for your radiology practice or assistance with radiology billing, contact Dexios to receive assistance from our radiology billing consultants.
Contact us here to learn more about if Dexios could be beneficial for your radiology group!