www.aapc.com
HEALTHCAREBUSINESS MONTHLYCoding | Billing | Auditing | Compliance | Practice Management
June 2016
Zoom in on ICD-10-CM Glaucoma: 38
Focus on laterality and the stage of the condition
HIV Status: Who Should Know? 42
HIPAA disclosure regulations can be confusing
Strategy Is Key to a Healthy Future: 50
Lay plans for productive staff and patient-centered care
CHAPTER OF THE YEARMonmouth-Ocean, New Jersey
June2016_HBM.indd 1 20/06/16 5:20 pm
52 Healthcare Business Monthly ■ Coding/Billing ■ Auditing/Compliance ■ Practice Management
By Brian Shrift, CISSP, HCISPP
Information technology (IT) is a critical part of your healthcare or-ganization. To effectively secure its data and systems, your organi-
zation’s IT support must be up to date on the latest trends, technolo-gies, and efficiencies and they must maintain the most current certi-fications. If you aren’t confident (and, probably, even if you are) that your organization’s data is being managed properly, now’s the time to examine its infrastructure more closely.
It Won’t Happen to MeToo often, I hear clients and business associates say silly things like:
• “It will never happen to me.” • “I’m just a small practice; I’ll never get audited for HIPAA
compliance.” • “I’ll never be hacked.” • “My email will never be compromised.” • “My server will never fail.”• “I’ll never have a fire that will destroy my business.”• “No one will steal my laptop.”
Contrary to these misconceptions, IT vulnerabilities and the result-ing loss of data, data breaches, downed systems, and other nightmares occur regularly in organizations of all sizes. The odds against you are too high and the consequences (financial and otherwise) are too seri-ous to assume the worst will never happen.
Backup and Disaster RecoveryA proper backup and disaster recovery plan is vital. If you need a rea-son why, consider this: If your IT systems are down, you’re losing rev-enue. Specifics you should examine include:
If you don’t address vulnerabilities now, the odds are against you when disaster strikes.
istoc
k.com
/Nico
ElNino
■ PRACTICE MANAGEMENT
June2016_HBM.indd 52 20/06/16 5:20 pm
www.aapc.com June 2016 53
IT Support
Backup Plan – Have a written plan detailing how your systems are backed up, what is being backed up, how often the backup is occur-ring, and the retention policy of the backup (how long old data is re-tained). A backup that occurs every five minutes is significantly bet-ter than one that occurs each night.Backup Media – On what media is the backup being saved? Find out if it is a backup to tape, hard drive, universal serial bus (USB) drive, online backup, etc. Each presents a mix of pros and cons. For instance, if you’re backing up to tape or USB drive, is that media then taken offsite? If so (and it should be), be sure the backup data is encrypted. This will protect the integrity of the data in the event it’s lost or stolen. If you’re using an online backup provider, ensure it meets your regulatory needs for security and reliability.If you’re backing up to a device that remains onsite, and there’s a fire, flood, or other catastrophic event that ruins both your produc-tion data and backup data, will your organization be ruined? Make sure you have a plan B.Mean Time to Recovery (MTTR) – This simply means the av-erage time it takes for your systems to be operational again in the event they go down. This is important because if your systems go down, you’re immediately losing revenue. Determine how long it will take for IT support to get you back online and whether there will be data loss. If your server crashes, will it take four hours or four days to recover? The difference could mean an organization’s sur-vival or failure.
Test Your Backup and Disaster Recovery Solutions You do not have a working backup and disaster recovery plan until it has been tested. Even if your backup reports “Success,” don’t trust it. The only way to ensure success is by testing it.
Questions to Ask an IT Support VendorIf you’re thinking about hiring an IT support vendor, talk to other business partners about their IT support solutions and experienc-es. Find out whose services they use, and the pros and cons to those services.If you’re ever in doubt about your IT support, or want a second opinion, invite a competitor or outside IT support company to re-view your systems. A peer review may reinforce recommendations
made to a client, or confirm there is nothing further of value they can provide.Remember that you get what you pay for. It’s more important to hire someone who wants to work with you and who understands you – someone you can trust as a business partner. This is an important partnership because IT is so critical to your organization. If you want to test your IT support, copy a folder or two of docu-ments to an alternate location and time how long it takes them to recover the files. This is a nominal task that should take under 30 minutes to accomplish.
Brian Shrift, CISSP, HCISPP, is president of Precision Business Solutions.
If your IT systems are down, you’re losing revenue.
IT Support vs. IT ManagementI describe IT support vs. IT management as “Reactive vs. ProActive.” Many people or companies providing IT support are simply there to provide support in a time of need. IT support is great, but most organizations need more. Someone providing IT management knows you’ll need support, but also proactively works in the background to maintain, monitor, and document your IT systems. IT maintenance used to consist of disk defrags and the occasional service pack. Today, there are a number of proactive measures. For example: • Up-to-date systems patches protect against the latest vulnerabilities;
• Reliable anti-virus and spyware protection further guards against hackers; and
• Optimized configurations keep systems running smoothly.
This isn’t something that’s done once, but repetitively. Just like a regular oil change, if you maintain your systems, they will last longer and perform better. Continuous monitoring is an important proactive measure to prevent downtime, respond to and resolve problems quicker, and prevent revenue loss. IT management should work with the business owner or manager to budget, improve, and plan IT expenditures. Whomever you have in this position should be able to discuss IT with you in language you can understand. You can’t make the best business decisions for your organization if you don’t understand the information provided to you.
To discuss this article or topic, go to www.aapc.com
PRACTICE MANAGEM
ENT
June2016_HBM.indd 53 20/06/16 5:20 pm
