Home

What is a Risk Assessment and why do I need one every year?

HIPAA rule 25 requires that every practice perform a risk assessment at least every two years. Further clarification by the OMB has mandated that annual reviews be done. A risk assessment is the process of looking at your practice and determining the types of controls necessitated by law to protect the e-PHI (Electronic Protected Health Information) and PII (Personally Identifiable Information) present in your practice. This can be an expensive proposition, which is where TLD Systems can help you – we are specialists in HIPAA Risk Assessments and strive to make our services affordable for the sole practitioner and the small practice.

Each industry has specific regulations and requirements. HIPAA is specific to the Health Care Industry and we specialize in assisting small practices with their HIPAA Security Program. If your practice accepts Credit Cards, you also want to be compliant with the PCI standard. This is the standard that is utilized for protecting financial information.

When you think about threats from the perspective of HIPAA you must look at the threats with respect to:

Availability of your data (you can access it)
Integrity of your data (you are sure that what is there is what you put there and nothing else)
Confidentiality of your data (nobody else can see it)

When you select TLD Systems to assist your practice with your risk analysis, you are selecting an organization that understands the workflow of your practice and that can become a partner in assisting you in implementing a “Culture of Compliance” in your medical practice.

The HIPAA regulations require your practice to implement safeguards to protect the data in your office that are reasonable based upon your resources. Our focus is to assist small practices. TLD Systems was founded by Dr, Michael Brody, a sole practitioner runs his own small practice and as a result we strive to insure that we help small offices to meet the HIPAA Security Standard. This also means that we speak “Medical Office” -- we understand how medical practices operate and reality of the business this is a small practice. While other organizations may be able to fluently speak the other security standards doctors need to deal with, we are able to speak more important acronyms including:

ICD 10
CPT
HCFA
HL7
EHR and
PM

You may see other standards referenced at web sites that talk about security. Those Standards include:

NCUA – National Credit Union Administration
OCC – Office of the Comptroller of Currency
GLBA – The Gramm-Leach-Biliey Act
ISO 27001 – The data security standard from the International Standards Organization
SOX – The Sarbanes Oxley Act of 2002 and its data security rules
FFEIC – Federal Financial Institutions Examination Council
PCI DSS – Payment Card Industry Data Security Standard

While these standards are important, they are not our focus and we do not provide consulting or support to meet these security standards. We are HEALTH CARE focused and HEALTH CARE specific. Our program is based on 45 CFT Parts 160, 162 and 164, the HIPAA Security Standard.

CME Online

Performance Scores for 2017 Claims Data Available on Quality Payment Program Website

Category: CMSPerformance Scores for 2017 Claims Data Available on Quality Payment Program Website
MIPS Eligible Clinicians Can Now View Performance Scores for 2017 Claims Data on qpp.cms.gov
If you’re an eligible clinician who submitted 2017 Quality performance data for MIPS via claims, you’ll now be able to view your performance scores through the MIPS data submission feature. Reminder: claims data submission is only an option if you’re participating in MIPS as an individual (not as part of a group).

https://hcup-us.ahrq.gov/reports/statbriefs/sb235-Inpatient-Stays-Age-Payer-Trends.jsp?utm_source=ahrq&utm_medium=en-1&utm_term=&utm_content=1&utm_campaign=ahrq_en2_13_2018

Category: CMSThe Centers for Medicare & Medicaid Services (CMS) will be hosting two 90-minute Physician Compare webinars to talk about the recent Physician Quality Reporting System (PQRS) and non-PQRS PY 2016 measures release on Physician Compare. Learn about star ratings and what Quality Payment Program information is in the pipeline for potential inclusion on Physician Compare in late 2018.
Specifically, the webinars will cover:

AHRQ Stats: Decline in Hospitalizations

Category: AHRQThe two greatest factors in the cost of health care are drugs and hospitalizations.

CMS Office of the Actuary releases 2017-2026 Projections of National Health Expenditures

Category: CMSToday the independent CMS Office of the Actuary released the projected national health expenditures for 2017-2026.
National health expenditure growth is expected to average 5.5 percent annually over 2017-2026, according to a report published today as an “Ahead Of Print” by Health Affairs and authored by the Office of the Actuary at the Centers for Medicare & Medicaid Services (CMS).

CMS New Medicare Card – webinar Feb. 28

Category: CMSFrom April 2018 to April 2019, older adults will receive new Medicare cards from CMS. To help protect elders from identity theft, these new cards will replace social security numbers with Medicare numbers that are unique to each beneficiary.
Follow the CMS Medicare messaging guidelines (PDF, 106 KB, 3 pp) to share these changes with elders in your community. To help prevent identity theft, remind elders to guard their cards.
This webinar focuses on the implementation of the new Medicare card and its impact throughout Indian Country.
Objectives:

Hospice QRP Resource Documents Now Available

Category: CMSHQRP Fiscal Year 2020 Requirements Fact Sheet Now Available
This fact sheet outlines specific compliance requirements for Hospice Item Set (HIS) and Consumer Assessment of Healthcare Providers and Systems (CAHPS®) for the Fiscal Year 2020 reporting year (data collection period 1/1/18 -12/31/18), to support providers in compliance with HQRP requirements.
HQRP Quarterly Update Document for the Fourth Quarter of 2017 Now Available

Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules

Category: HIPAAFresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA is a provider of products and services for people with chronic kidney failure with over 60,000 employees that serves over 170,000 patients.

HHS Approves New Healthy Indiana Medicaid Demonstration

Category: MedicaidIndiana is second state to receive waiver for community engagement requirements
INDIANAPOLIS—On Friday, U.S. Health and Human Services Secretary Alex Azar joined Indiana Governor Eric J. Holcomb to announce the U.S. Department of Health and Human Services’ Centers for Medicare and Medicaid Services approval of Indiana’s Section 1115 waiver, known as the Healthy Indiana Plan or HIP.

CMS Trying to Figure out "Cost" portion of MIPS

MIPS - The Merit Based Incentive Payment System has 4 components
Advancing Care Information
Quality Reporting
Practice Improvement Activities
Resource Use (Cost)

Scribes and Accuracy of Chart Notes

Category: EHRMedical Records are both Medical and Legal records. The accuracy of our medical records is vital to our ability to provide quality care, it is even more vital when we share our medical records with other providers and they use that information as part of their medical decision making process. If errors and inaccuracies find their way into our medical records this can also have an impact when our charts are audited for payment purposes or when our records are used for medical legal issues.