From the Federal Health IT site
The SRA Tool takes you through each HIPAA requirement by presenting a question about your organization’s activities. Your “yes” or “no” answer will show you if you need to take corrective action for that particular item. There are a total of 156 questions.
Resources are included with each question to help you:
Understand the context of the question
Consider the potential impacts to your PHI if the requirement is not met
See the actual safeguard language of the HIPAA Security Rule
via Security Risk Assessment Tool | Providers & Professionals | HealthIT.gov.
Performing a security risk assessment is not only a good idea it is the law. If you are ever challenged with a HIPAA complaint or audit one of the first things the auditor will ask to see is your risk assessment.
One of the first and most important parts of the assessment is to determine where PHI (Protected Health Information) is stored. Of course you have PHI on your server but you may also have it other places that are not so obvious. You have PHI on your back up, or more likely backups. Where are those? Are they secure?
You may have PHI on the doctor’s laptop, or transferred to a random USB memory stick. What about computers other than the server. Some team members keep copies of patient data on their personal workstation.
Once you have located the data is it secure? If your computer is stolen or you lose a memory stick that is considered a data breach.
The government guide is certainly useful but it is still cumbersome and confusing. Most dentists would benefit from paying their IT professional to come in and help them with the assessment.
I just saw a demo of a new online service for dentists called QueueDr:
How QueueDr works
- Doctor’s office adds patients to waitlist in QueueDr web app.
- If an appointment is cancelled or opens up…
- Doctor’s office presses “Fill appointment” in QueueDr.
- All interested patients receive text about opening.
- First patient to text back wins the appointment + skips the wait!
via QueueDr – Fill cancellations instantly!.
I have known front desk people who spend hours on the phone even staying well past closing in order to fill cancelled appointments. QueueDr does all the work for you. If an appointment opens up the staff member does not need to look up a list and start making calls the system does it automatically. Nobody needs to dial a phone or type in a message.
Here is the best part. You do not pay unless there is a filled appointment. There is no startup fee, no monthly subscription, you can get started at no cost then just pay $9 per appointment.
From The Atlantic:
In the trade-off between more patients and more personalized care, growing numbers of physicians are choosing the latter.
…The concierge model of practice is growing, and it is estimated that more than 4,000 U.S. physicians have adopted some variation of it. Most are general internists, with family practitioners second. It is attractive to physicians because they are relieved of much of the pressure to move patients through quickly, and they can devote more time to prevention and wellness.
“The work won’t be any easier,” Becker says, “but I will be able to spend more time with my patients, build better relationships, and provide better care. And there is mounting evidence that such practices produce better outcomes, such as reductions in hospitalization rates.”
Of course, there are drawbacks to concierge practice. For one thing, some patients cannot afford it, and others will choose not to pay the fee. Critics also see such models as promoting a two-tiered system of healthcare, in which those with more money get better care.
via The Case for Concierge Medicine – Richard Gunderman – The Atlantic.
In many ways dentistry lends itself to the “concierge” approach far better than medicine. Dentistry is less regulated and dental insurance simply does not cover major treatment under any circumstances.Third parties pay for a bit over half of dentistry but that means that a bit less than half is fee for service paid by the patient.
Never the less I believe it is difficult for any medical / dental professional to break out of the insurance pays paradigm. I constantly hear people tell me that they cannot have some treatment because their insurance does not pay for it. Of course you can have the treatment you just have to pay for it yourself. In order for a patient to break the insurance pays trap he or she must believe they are getting value for their investment.
Technology is one highly visible way that a dentist can distinguish himself from the others. A dentist who offers online services, 3D images and same day crowns seems to offer more than the dentist who does not.
What about time? Are people willing to pay for more personal care?
I think they say they are willing to pay but when it comes time to actually pay up they choose the cheapest option.
In my opinion there is a definite place for concierge or boutique dentistry but it is limited.
Andrew has been writing Anti Buzz for 4 years resulting in almost 200 articles. For the next several weeks we will revisit some of these just in case you missed it.
BIG NEWS, We may have to wait a bit longer for some new Anti Buzz articles as Andrew just became a new father. Congratulations. That means that I just became a Grandfather.
Anti Buzz: Privacy in the Internet Age:
The privacy conversation has more legs than I anticipated, having already found myself exposed to many stories and opinions on the subject. In early 2014, “predicting” that privacy is going to be a big deal in the near future was a safer and simpler guess than I would have anticipated. But this is good for me, and for you, because I have a lot to say on the subject, and dentists have more at stake in the conversation than most people. Expect more privacy-centric conversations in the future here. This week: a practical map of what the concerns are for your practice.
First, a lot of what I will say today isn’t really new to this blog. My father has discussed electronic dental records many times before, and I’ve chipped in with my own perspective. My father was keen enough to the ambiguity of “ownership” before it was popular discussion. And most recently, of course, is HIPAA and what it could mean for you. In short, the records you keep on your patients are a hot commodity.
As somebody who increasingly fancies himself a scientist, I am very sympathetic to the arguments put forth in this TED talk - briefly: We stifle innovation by limiting access to patient records, yet this flies in the face of conventional wisdom and ethics. It is highly unlikely that your patient records are the key to curing cancer, but the truth is that we don’t know what innovations we are missing by keeping things locked up. This much should be easy enough to convince people of by now as the conventional wisdom has shifted far away from technophobia’s famous “Everything that can be invented has been invented” attitude.
The question is, of course, if the benefits outweigh the invasion of privacy, but I don’t actually presume to make up your mind about that. I do presume to tell you that you are going to need to take a position on the matter before too long. I am perhaps getting ahead of myself here. Let’s walk through why your patient records are important, and to whom. [click to continue…]