Monday, November 28, 2011

We've got a lot to be thankful for.

@ Turn Key Solutions we have so much to be thankful for that even on the Monday after Thanksgiving, it's still hard to write this list & not miss something.   But here's a start...

We're thankful for our customers. We appreciate your support and your loyalty more than we can express. We are so blessed to have the opportunity to serve people, to make your day better, and to make your technology work so that you can make things happen.

We're thankful for our opportunities and our freedoms here in the USA.

We're thankful for God's blessings on our country, our business, and our families.

We're thankful for our courageous military and their families that give up so much to protect our freedoms.

We're thankful for our team members.   (Interesting aside - we recently took an in-house survey, and every one of us, without exception, listed their primary motivator as "Helping People.")

We're thankful for our new office.    YES!  You heard it first right here!   Over the next 4 weeks, we're moving about 4 miles over to a much nicer, bigger office building.   We are looking forward to launching a whole new series of customer training sessions in our brand new office.   Stay tuned - we'll have an open house soon, and you'll be invited!

Okay, I could go on quite a bit here.   We've got so many great customers, employees, vendors, solutions, opportunities and blessings all around, that all I know to do is say "Thank You.".  
And brace yourself.   2012 is going to be a great year.

Our entire team and I look forward to hearing from you and helping you as you make the most of your blessings and opportunities too.


Monday, November 7, 2011

I don't need no stinking risk assessment. (HIPAA, HITECH & YOUR TECH Part 3)

In our previous blog about HIPAA & HITECH compliance we walked through a simple outline of steps towards meeting HIPAA / HITECH compliance, all of which are based on a walk-though of the HIPAA administrative simplifications.

Quick recap - step 1 is to familiarize yourself with the law and get a team together that can help you be compliant.   HERE's  a great document from HHS on how to do the risk assessment.

STEP #2 - The next step is  do a risk assessment.

"THIS IS STUPID.  WHY?" you ask.   "I know my risks.  I don't need you to tell me what my risks are."

Well, forget the fact that the HHS expects you to do it.  How about looking at this from a PURELY BUSINESS PERSPECTIVE.

What would you do if one of your employees accidentally lost a box of your patient charts?

What would you do if a major hurricane was coming?

What about if your practice was hit by a tornado?   Could you EVER recover your business data?  Collections reports?  Patient charts?

The shocking thing for me, as a consultant, is how QUICKLY we forget things like the Joplin tornadoes , and hurricanes Gustav and Katrina.

to give me your patients' data,
and all your money.   

But as a business owner or manager (and that's what you are, even though your business is healthcare..), here's the biggest threat you've got: UNCLE SAM.

SO, if you adhere to HIPAA / HITECH regulations, obamacare, or whatever you want to call it, great.  You're already looking for compliance solutions & doing your homework.

BUT IF YOU DON'T believe that HIPAA & HITECH are real threats to you, then forget about the risk assessment as a HIPAA mandate, but DON'T OVERLOOK IT AS A SOUND BUSINESS PRACTICE.

So, if you're interested, here's what your Risk Assessment should look like:

1. It should be periodic.   The world changes, your business changes, and risk factors change.  Your assessment from 2005 is outdated, refresh it or start a new one.

2. You should be involved in it.  If you pay a consultant to do it 100%, it won't reflect your organization accurately.

3. Your assessment should be thorough.   HIPAA law (164.308(a)(1)(ii)(A) states that you should assess the vulnerabilities to the
         A. Confidentiality
         B. Integrity, and
         C. Availability of electronic protected health information (ePHI) held by the covered entity.


Our recommendation is to use a company called eGestalt.

1. For most practices, their solution costs at or under about $100 / month.
2. It's a secure offsite repository for your compliance plan.
3. It's built and maintained by a team of people who do nothing but obsess over security compliance, so they're keeping it up-to-date.
4. Simple reporting - with a few clicks, you can see in color and in pictures EXACTLY how compliant you are.
5. Comprehensive reporting - with a few clicks, you can pull an extensive report on your compliance status, complete with your supporting policies & documents, to provide an auditor.
6. It's HIPAA / HITECH simplified - all throughout the process of their assessments, you're provided both detailed links to the actual law, and also great explanations & templates for how to meet the legal requirements.

Are there options out there?

You bet.

But this one is a cheap, simple and comprehensive way for you to meet this incredibly important part of HIPAA & HITECH.   And it's proven, reliable, and industry-accepted as a strong solution.

So, when you're ready, CALL US at  225-751-4444 or visit us online at www.TKSHEALTH.COM to learn more or to get started on your audit.