Online Safety Community

HIPAA should be implemented alongside MACRA and MIPS to foster better patient engagement

The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), a federal Act that governs the way in which physicians need to be paid when they treat patients who come to them under Medicare, alters and replaces the earlier Act in this regard, namely the Balanced Budget Act, which was in force from 1997.  

Since the Balanced Budget Act linked physician payments to budget cuts and economic growth; it brought down physician payments by 21 percent. MACRA, on the other hand, introduces the “pay-for-performance” programs called Merit based Incentive Payment System (MIPS) and Advanced Alternative Payment Models (APM's), which are independent of the macroeconomic factors that were the criterion for physician payments earlier.

Patient engagement is at the core of MACRA

One of the highlights of MACRA is patient engagement. With technologies having become smarter; they come loaded with patient engagement tools that are indispensable. Technology may have brought features such as availability of secure patient portals and encrypted text message and email products, but most patients are still comfortable with non-secure communication tools like text messaging and email.

Patient engagement tools sent electronically by regular (unencrypted) email and text messaging include features such as appointment reminders, healthcare instructions, patient satisfaction surveys, and health and wellness newsletters and recall reminders. Since these are still prevalent, HIPAA has clear rules for sending Protected Health Information (PHI) by unencrypted electronic transmission. There is thus a clear link between MACRA, MIPS and HIPAA.

The first of these HIPAA rules became effective with the passage of the HIPAA Omnibus Rule in September 2013. This was followed by guidances from the U. S. Department of Health and Human Services in 2014 and 2016.

Widespread violations have been the norm

From the time of the passage of these Rules and guidances; it has been noticed that there have been widespread violations of the HIPAA Rules for communicating with patients by unencrypted email and text message. The main reason for this is that Providers and Business Associates are not aware of the rules. Many of them have scant knowledge of what a PHI as defined by HIPAA really is.

Does this mean that there is no way out? There is. It is provided by the HIPAA Rules and HHS/OCR guidance, which provide a simple, easy-to-use, three-step Safe Harbor for using unencrypted email and text messaging to engage patients. This three-step HIPAA Safe Harbor frees Covered Entities and Business Associates from any responsibility or liability for unauthorized access to Protected Health Information (PHI) in unencrypted emails and text messages during transmission and after receipt by the patient.

All about the three-step Safe Harbor

Want to know what this Safe Harbor is? To understand this and to stay compliant with the requirements set out in HIPAA and avoid causing violations to the HIPAA rules on communicating with patients by unencrypted email and text message; please register for a highly meaningful and relevant webinar from MentorHealth, a leading provider of professional trainings for the healthcare industry.

Paul R. Hales, an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis and the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and Business Associates; will be the speaker. To make the most of his experience, please visit .

Paul will explain the three-step HIPAA Safe Harbor. They are easy to follow, but only when the steps are known.

This webinar for HIPAA Covered Entities and Business Associates will cover:

  • A clear explanation of the simple 3 Step HIPAA Safe Harbor that protects Covered Entities and Business Associates acting on their behalf from liability related to patient engagement by unencrypted email and text messaging
  • What makes an email or text message subject to HIPAA law
  • A clear explanation of how HIPAA defines PHI - it's not just information about, for example, a diagnosis, disease, surgery or prescribed treatment
  • How a 2015 Federal Communications Commission Order about health care text messages added to confusion and what it really means - the 3 Step HIPAA Safe Harbor is the only text message Safe Harbor for Covered Entities and Business Associates
  • The interconnected liability of Covered Entities and Business Associates that provide unencrypted electronic patient engagement services like appointment reminders - and both can protect themselves.

This session will be of immense use to personnel who deal with PHI and other aspects of HIPAA, such as Hospital Trustees, C-Suite Executives, HIPAA Compliance Officials, HIPAA Privacy Officers, HIPAA Security Officers, Health Information Technology Supervisors, Practice Managers, Risk Managers, Dentists, Optometrists, Chiropractors, Physical Therapists, and Podiatrists.

Views: 19

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Mark Nilson posted an event

Guidelines for Performing a Vendor Audit with an emphasis on Construction Audit at Training Doyens 26468 E Walker Dr,Aurora, Colorado

April 3, 2018 from 1pm to 2:30pm
OVERVIEWVendor/Contract audits require a certain skill set to understand the terms and conditions of a contract between a Company and any given vendor where products or services are outsourced.  Understanding the risks that are inherent within them is the first step in developing audit objectives and steps. The primary focus of the audit is the vendor (third party) activities pertinent to a contract. A majority of the fieldwork on these types of audits will likely be performed at the Vendor’s…See More
15 hours ago
gracylayla posted an event

How to begin your career in IBM API Connect? at 4608 Spalding, plano TX 75024 United States

February 19, 2018 to February 19, 2019
IBM API Connect is a complete API lifecycle management solution that will make things easier for developers, Central IT, and LoB Management. The thought behind API Connect is that APIs are small data applications, often called microservices, but they are applications nonetheless.IBM API Management with a built-in gateway, allowing you to create, run, manage, and secure APIs and Microservices. API Connect is the first of its kind: a unified end-to-end API management solution that enables the…See More
16 hours ago
John Robinson posted a blog post

Risk Management in the Global Economy and outlook for 2017

Risk management in the global economy is a highly challenging field for risk managers from any part of the world. With most of the world’s countries almost becoming part of the global economy in this era of globalization; it is emerging that risks that apply to one part any one nation’s or group of…See More
18 hours ago
Training Doyens posted an event
Thumbnail

Hot Issues in Multi-State & Internet Sales Tax at 26468 E Walker Dr, Aurora, Colorado 80016-6104

March 13, 2018 from 1pm to 2pm
OVERVIEWStates are tense. They need more revenue.Millions of dollars of internet sales occur daily without tax.  The states want their money. In just 90 minutes, learn the different ways your company triggers nexus on itself and what it must do to comply with state regulations.WHY SHOULD YOU ATTENDWill I owe taxes in more than one state for the same sale? Must I charge tax on my internet sales?  Why is my drop shipper charging me tax?  Why did I receive a NEXUS Questionnaire and what if I don’t…See More
18 hours ago

Forum

Occupational Health and Safety 7 Replies

Health and safety are important aspects of an organisation’s smooth and effective functioning.  Did you know that workplace health & safety injuries cost Australian businesses over $60 billion…Continue

Tags: Safety, and, Health, Occupational

Started by WHS Solutions. Last reply by Tony Ferraro yesterday.

About sailpoint software

An identity management system refers to an information system, or to a set of technologies that can be used for enterprise or cross-network identity management. Additional terms are used synonymously…Continue

Tags: sailpoint

Started by sujathayarlagadda on Friday.

What can be essentials safety measures taken to secure campus?

Students safety inside and outside the school premises is a huge concern in today's risk environment. what measures should be taken to ensure campus security?Continue

Tags: security, campus

Started by Jen McDade Feb 6.

What can be essentials safety measures taken to secure campus?

Students safety inside and outside the school premises is a huge concern in today's risk environment. what measures should be taken to ensure campus security?Continue

Tags: security, campus

Started by Jen McDade Feb 6.

What are the advantages of IoT in healthcare Industry?

No DescriptionContinue

Tags: Aware360, IoTin

Started by Jen McDade Feb 5.

Badge

Loading…

© 2018   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service