How the end of Windows XP support effects your HIPAA Compliance
As of April 8, 2014, Microsoft will be officially ending support of Windows XP. As the lifecycle for the popular OS comes to an end, it is important to understand what will be changing, and how this will effect your operations. For New Jersey medical practices who use EMR software specifically, it means that you need to know the effect an outdated operating system will have on your HIPAA compliance status.
What exactly happens when an OS or other software product reaches the end of a life-cycle?
Essentially, the product becomes ‘disowned’ by the company. In the case of XP, Microsoft will no longer provide security updates, non-security related hotfixes, free or paid support, or online technical content updates. Though ‘non-compliant’ may be too heavy a term to describe the effects of staying with XP, the continued use of XP machines can pose a real threat to system security. Once support is fully discontinued, machines will become increasingly vulnerable to attack and security breach due to the unavailability of security updates or patches.
Machines that go unpatched are highly susceptible to being compromised, and when attacked, can serve as a conduit to install malicious software, or ‘malware’ on a device or network. Once a particular device or network has been compromised, there are any number of possibilities as to what type of program, or virus can be installed, and to what information or data can be compromised, or even lost. Another major concern of using a non-supported OS is that third-party vendors and software manufacturers may also stop offering applications and updates for instances of their software running on an antiquated OS.
What you can do.
The best course of action to take if you are running Windows XP at this point, is to completely update your OS to Windows 7 or 8. More often than not, this will also require updating hardware as well, as many older systems are not up to spec to support the newer operating systems. A viable alternative when hardware upgrades are not an option, is to deploy Windows XP in a virtual environment, but this is only recommended if the EMR software vendor supports virtualization.
“Meaningful Use” Defined
Meaningful use is the set of standards defined by the Centers for Medicare & Medicaid Services (CMS) Incentive Programs that governs the use of electronic health records and allows eligible providers and hospitals to earn incentive payments by meeting specific criteria. The goal of meaningful use is to promote the spread of electronic health records to improve health care in the United States. Below are the dates that each stage of “Meaningful Use” must be implemented, and what they entail.
Remember, “Meaningful Use” of your EMR is required to remain HIPAA compliant.
Stage 1 should have already been implemented, so check our timeline below to make sure that your practice is up to speed.
Stages of “Meaningful Use”
Stage 1: 2011-2012 Data capture and sharing:
-Electronically capture health information in standardized format.
-Communicating that information electronically.
-Initiating the reporting for clinical quality measures and public health information
-Using information to engage patients and their families in their care.
Stage 2: 2014 Advance clinical processes:
-More rigorous health information exchange
-Increased requirement for e-prescribing and incorporating lab results
-Electronically inputting patient care summaries across multiples settings
Stage 3: 2016 Improved outcomes:
-Improving quality, safety, and efficiency
-Decision support for national high-priority conditions
-Patient access to self-management tools
-Access to comprehensive patient data through patient-centered HIE
Have you met your HIPAA deadlines?
CATS Technology Solutions Group can help you with all of your EMR needs, and help make sure you remain compliant. Call us today 732-204-7100!
Click Here to Download a PDF Version of Have You Met Your Meaningful Use Deadlines to be HIPAA Compliant?
The government is working on changing the health industry into the digital age and has provided reimbursement incentives and an electronic medical records deadline for those who adopt electronic medical records (EMR). However, along with the benefits from the government there are also penalties for those who do not meet the electronic medical records deadline for implementation.
For health care practices who either have not adopted certified EHR / EMR systems or cannot demonstrate ”meaningful use” by the EMR deadline in 2015, Medicare reimbursements will be reduced by 1%. The deduction rate increases in succeeding years by 2% in 2016, 3% in 2017, 4% in 2018, and up to 95% depending on future adjustments.
On the other hand, as part of the American Recovery and Reinvestment Act, health care providers can receive up to $44,000 reimbursement incentive payments which started in 2011 for implementing EMR systems. Health care providers must be able to demonstrate “meaningful use.” The “meaningful use” standard is measured in stages. Stage 1 started in 2011 and ended in 2012. It required that providers meet 14 to 15 core requirements and choose five more from a menu of 10 options. Some of these requirements include electronic file system for all patients’ health records, medical billing system, and transcription services. Physicians will have until end of 2014 to meet Stage 2. Stage 3 has yet to be defined. Check out this “Meaningful Use” calculator to see how much time you have to comply.
Benefits of “meaningful use”
- Complete and accurate information. With electronic health records, providers have the information they need to provide the best possible care. Providers will know more about their patients and their health history before they walk into the examination room.
- Better access to information. Electronic health records facilitate greater access to the information providers need to diagnose health problems earlier and improve the health outcomes of their patients. Electronic health records also allow information to be shared more easily among doctors’ offices, hospitals, and across health systems, leading to better coordination of care.
Therefore, CATS Technology can work with you and your systems in order to meet the “meaningful use.” We will also guide you through the process in order for you to receive as much reimbursement money as possible. Give us a call at 732-204-7100 to get your medical practice on the right track.
Click Here to Download a PDF Version of The Latest EHR Rules and Guidelines
If you have a medical practice and you’ve been wondering, “What is HIPAA and what does it mean to my medical practice?” you’re not alone. Please read on:
HIPAA stands for Health Insurance Portability and Accountability Act. This act sets the standard for protecting sensitive patient data. The deadline for HIPAA compliance was September 23, 2013. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed. The HIPAA Security Rule applies to all health plans, health care clearinghouses, and to any health care provider who transmits health care data in electronic form.
To illustrate the paragraph above, HIPAA simply means a method of having patient records secured from unauthorized access but easily accessible to healthcare practices. The following is an example of proper HIPAA compliance.:
John catches some sickness while on vacation. John now needs to go to a hospital. If the healthcare practice complies with HIPAA, they will be able to access any records, x-rays, scans, allergies, and etc. about the client which will help resolve the issue much more quickly and efficiently while keeping such data secured to only those who should have access.
Why is having your systems HIPAA ready essential? It is the law that health care providers must keep patient records and data secure and protected from any outside source besides the patient and their health care provider. With this being said, practices need to make sure they keep their data secure and have a data loss prevention plan. These practices also need to be up to date on network security in order to keep them protected against any potential attacks. CATS Technology will make sure your data is safe and secure, so that you can do your job without any worries.
“HOW WILL I PAY FOR HIPAA COMPLIANCE?”
Does your practice have an EHR (Electronic Health Record) system? If you do not, your practice may be eligible to earn up to $40,000 or more if you utilize an EHR system within 12 to 17 months. The government has around $17 billion to help fund these EHR systems for your practices. Also, after 2015 the government will start giving financial penalties to those practices that do not follow HIPAA regulations.
Your next step should be to give CATS Technology a call to evaluate your system. CATS will work with you and your systems to make sure they comply with HIPAA regulations and help you get on track with aid from the government. The high level importance of a health care provider meeting HIPAA compliance is critical to the healthcare provider and the future of health care technology. Some of those high level points are: Security Management Process, Information Access Management, Security Incident Procedures, etc. CATS Technology can provide support for your business to help achieve HIPAA compliance. Not only does CATS Technology help your systems meet the requirements but CATS will also maintain your systems and keep your network secure. In order to keep your systems HIPAA compliant proper and regular maintenance needs to be performed.
What Exactly is EMR and EHR?
EMR (Electronic Medical Records) and EHR (Electronic Health Records) are paperless digital and computerized systems for maintaining patient data. EMR was made to reduce documentation errors and increase efficiency.
All health care providers are required to begin building an EMR and EHR systems following HIPAA Compliance. HIPAA is an act that sets the standard for protecting sensitive patient data. Before the signing of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, it was understood industry-wide that HIPAA was not strictly enforced. Under HITECH, healthcare providers could be penalized for “willful neglect” if they failed to demonstrate reasonable compliance with the Act. The penalties could be as high as $250,000 with fines for uncorrected violations costing up to $1.5 million.
Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed. Once the health care providers globally are set up with EMR and EHR systems, all of the records will be synced to a central location where all health care providers can access patient information.
List of records saved under EMR and EHR:
- Patient’s notes from previous doctor visits
- All images of scans and x-rays the patient has had
- List of medicines they have taken
- Information on allergies the patient may have
- Other critical patient data
What an EMR system enables medical service providers to do is take that medical record that you’ve been historically documenting on paper, or in other hand-written form, and document it one time in an electronic form. You are then empowering things like security at a much higher level. In a paper system, if someone pulls a chart and reviews it, you may not know what they did or what information they’ve gleaned from those pages. With an Electronic Medical Record system, you know who accessed what and when, and there’s a complete audit trail. Only one person can have a physical chart at a time, thereby slowing service to the patient, increasing the risk of error, and increasing costs for the hospital. Capturing the information once and making it accessible by many is probably one of the most profound benefits of an EMR system.
CATS Technology will work with you to help design and manage a fully integrated EHR and EMR system that will allow you to be in compliance as well as achieve your best work for improving patient care. To minimize the amount of downtime experienced by your practice, CATS Technology offers proactive monitoring services focused around keeping your systems running smoothly and efficiently.
Ask Yourself These Health Care IT Questions
- Is your Health Care Practice operating an Electronic Medical Records (EMR) System?
- Have you, as a Covered Entity (CE) validated each aspect of your IT systems to ensure your patient’s data is secure?
- Does your IT Firm, as a Business Associate, alleviate potential “new” concerns for various technologies?
If you answered yes to any of the questions above, then read on…And after finishing, you should check out your IT Provider to be sure they are up for the challenges that lay ahead.
Health Care Practices that have implemented an EMR system are eligible for reimbursement from the government. These practices have to meet “Meaningful Use” and attest to doing so. Meaningful use covers aspects of your practice that your trusted IT provider should be helping with. Have you been able to leverage the Patient Portal? Are you ready for stage 2 in 2014? Critical concerns need to be addressed now as your practice begins to share data outside of your walls…
Are you ready for an audit from HIPAA?
- Access Control. A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).
- Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.
- Integrity Controls. A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.
- Transmission Security. A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.(1)
Above are the summation of “technical safeguards” that are contained in the HIPAA Act of 1996. Considering the nature of EMR, practices of all sizes are now required to follow these safeguards much more closely. Has your IT provider perhaps placed your practice in a compromised situation? Are they up for the tasks at hand?
In the past, HIPAA audits were rare or occurred only when a breech occurred, however there is now funding through the HIPAA Act that is allowing for KPMG to select certain CEs for a random audit. Are you ready? According to Rita Bowen of HealthPort, most health care providers are not ready.
“…findings show that only 10%–20% of health information management (HIM) professionals, as interviewed at AHIMA-component state association meetings in 2012, are aware of these HIPAA audits or are ready for them.”(2)
Do you have an iPhone or Android Device? Do you interact with your EMR system remotely or with an iPad? If you are, then you have to ensure that your HIPAA safeguards extend to those devices. Some practices allow employees to access systems through their own devices…If you are doing this, then you need to have very strict controls in place. This setup, allowing employees to use “their device” is called Bring Your Own Device (BYOD) and requires strict controls in place.
HIPAA, Meaningful Use, BYOD, what do they all have in common? IT. The majority of concern for these various regulations are covered by a technical system or IT system. You need to be sure that your IT provider is up for the challenges that YOU are facing.