To-do list: EHR reminders for ODs

To-do list: EHR reminders for ODs

There's already much to consider when it comes to electronic health records (EHRs), but for ODs trying to meet incentive program requirements, keep security and accountability measures in mind, too.

"This SRA needs to be evaluated and continually tested to ensure our patients' data is protected at the highest level."

Doctors participating in the Medicare and Medicaid EHR Incentive Programs must remember not only to conduct a security risk assessment (SRA) of protected patient information to meet such requirements, but also that participation in the incentive program can open you to audits.

Use this helpful security tool and reminder below to ensure you have EHR success.

Protecting patients' information—right tool for the job
The formula seems simple enough—doctors exhibit meaningful use and incentive programs offer funding—yet putting into practice can be a different story. Therefore, a tool available from the Department of Health and Human Services (HHS) can assist doctors in meeting one aspect of program requirements: security.

The Health Insurance Portability and Accountability Act (HIPAA) requires certain "covered entities" to complete regular risk analyses on protected patient information, while the EHR incentive programs also require proof of such SRAs. As an OD who transmits information electronically in connection with a transaction for which the HHS has adopted a standard, you are a "covered entity."

To assist doctors with theses reviews, the HHS released an SRA tool "designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations," the HHS said in a news release.

Practitioners can apply for the tool online and use it free of charge. The tool asks more than 150 questions and highlights areas where corrective action might be required. A tutorial video and user guide are available to navigate the SRA tool, as well.

"This SRA needs to be evaluated and continually tested to ensure our patients' data is protected at the highest level," says Jason Miller, O.D., who answers coding and HIPPA questions as part of the "Ask the Coding Experts" webinar series.

Apply for the tool by clicking here.

Be on the lookout for audits
Doctors receiving incentive payments as part of the EHR incentive programs should also keep a weather eye out for audits. Participating ODs have been audited in the past, and it's not only critical to be alert for correspondence from auditing contractors, but also to keep proper documentation.

Figliozzi and Company is the designated contractor performing audits on behalf of the Centers for Medicare and Medicaid Services (CMS), and will provide audits on Medicare eligible professionals. Providers selected for an audit can expect to receive an initial request letter from the auditor via the email address provided during registration for EHR incentive programs; click here to see an example of a request letter.

States and their contractors also will perform audits on their Medicaid providers, and providers should contact their State Medicaid Agency for more information about these audit processes.

Click here for more information about audits, and preparing and maintaining documentation to ensure you're prepared.

September 23, 2014

comments powered by Disqus