Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Click here for the best Acupuncture Malpractice Insurance
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Click here for the best Acupuncture Malpractice Insurance
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi, I am Julie McLaughlin here with the Fearless Acupuncturist, and I would like to thank the American Acupuncture Council for having us here. Today. We’re going to be talking about HIPAA compliance officers and how their duties impact your office and your patients. I have some slides with you now.
Click here for the best Acupuncture Malpractice Insurance
So again, a American Acupuncture Council brings amazing programs to us so we can learn as a profession. From all these different experts, and we really appreciate them helping us share this information with you today. So what we’re gonna talk about is who’s leading the charge in your office? Who is your HIPAA compliance officer?
Who has that responsibility? Is it you as the provider, or is it somebody that you have in your office? Or maybe you don’t even have one. So let’s look at what the responsibility and the roles are of this important job in your office. So why am I up here even talking about HIPAA to you? Long story short, I am a chiropractor and a acupuncturist.
I had practice for 37 years, and this is my partner, Dr. Perry Barnhill, and he is a chiropractor and naturopath. And we also are compliance officers, and this is what we do. We decided that we need to help our friends, we need to help our friends in our professions to make sure that no one’s getting in trouble with the feds because this is mandatory information.
This is what you have to do, and we wanna make sure that everybody’s compliant because we wanna be top notch in our profession to make sure that. You know the go movement’s not coming after any of us, so that’s why we’re doing this. I want you to know compliance isn’t a checklist. It’s a commitment. Yeah.
I know we have checklists, and you guys have probably downloaded ’em all, but it’s more than just that checklist. It really is a commitment. It’s a commitment to your practice and to your patients, right? Because the truth is. That the OCR Office of Civil Rights, their audits show that over 60% of small healthcare providers identify HIPAA compliance as a major challenge.
There’s no surprise. It’s convoluted. It’s got gray areas. It’s difficult to say the least. So you know, we don’t have huge teams of support staff like hospitals do or huge offices. We really are the frontline for our patients and for what we need to be compliant with the government. And so it is not surprising that this is a major challenge.
So if it is a challenge for you, you are in the majority. We’re gonna help you get past that challenge. And the other truth is that HIPAA fines can exceed millions of dollars per year for violations. And it happens. It absolutely happens. 80% of the penalties result from a lack of oversight. So if this is one small thing you can do, and you are gonna beat 80% of these penalties, I want you to really listen up.
Because without leadership, everyone is gonna assume someone else is handling well. I thought they were handling, I had thought you were handling it. I thought you were doing it. And the truth is, nobody’s handling it until you actually appoint somebody. And you need to have. Someone who’s gonna be really trustworthy, somebody that you can really rely on, somebody who’s detailed oriented, who’s really going to stay on point with this, and someone who’s gonna help make sure your whole team is on point with your hipaa.
So the core purpose of your compliance officer is gonna be, they’re a guardian of your patient’s trust. They are guarding your patients. I, their personal health information, ensure privacy and security rules are followed. Remember, you do not wanna get hacked. You don’t wanna get scammed. This is gonna help you make sure that you are staying within the lines and none of that stuff is happening to you.
It’s gonna build real world systems to protect the PHI. You’re gonna have monthly HIPAA trainings to keep your team current and compliant. ’cause a lot of times, some of these HIPAA breaches. Aren’t even intentional. They’re just accidental. Just because people don’t know, and that compliance officer is gonna be super important in making sure your team is educated and also, God forbid you got audited.
They’re gonna serve as a point of contact for all things hipaa. If you had an audit. You want that compliance officer to be on top of it to know what parts of your manual are done, which parts need help, what parts. You want somebody who’s a one person contact and their responsibilities are gonna be develop them and maintain the policies and procedures.
Conduct annual and regular risk assessments, oversee monthly employee HIPAA training and documentation, manage any breach investigations, incident responses, and maintain audit logs and compliance records. So you can see this is super important job. And so you don’t wanna just randomly assume that someone’s gonna do this.
It is not about policing. It’s about leading. Really, you’re not policing your practice. You’re not policing the patients. It’s really about leading them to keep that information safe. And you wanna lead by influence and knowledge, not fear. You wanna teach ’em, you wanna make it fun. You wanna do things that’s gonna make them remember it, whether it’s acronyms or just little procedures that you put in place.
But that person’s gonna be responsible for knowing how your office runs. How you’re gonna best learn and maintain and keep doing this information. So you want someone who can communicate clearly and consistency with patients and with the team and someone who will step up to correct the risk if one’s identified.
You don’t want someone who’s just gonna brush it under the rug. If you see a risk, you want someone who’s gonna go ahead and take the initiative and change it. And if you think I don’t even know where to start, or I don’t even know where to know, if I have a HIPAA compliance person where to start, this is a great place to start.
I want you to go on and do this QR code, or you can go to H-T-T-P-S. Slash four slash hipaa risk score.com. Remember, HIPAA has two a’s, not two P’s, right? I want you to go on there and take, it’s like a little 10 question quiz. It’s super quick. It’ll take you a minute or two, and it will give you a grade between A and F, and it will tell you where you are and where your weaknesses are, and where your strengths are, and some of the things that you need to do to get HIPAA compliant in your office.
This information is not shared with anyone. It is just for your information only and for your HIPAA compliance officer to know where are the things that you need to work on. So where most offices slip up when it comes to HIPAA compliance officers is that they will assign someone by default. They’ll say it’s the office manager job.
They’ve never been trained to do what their job is. Never been told how to do it, but because they’re office manager, they do everything, we’re gonna put it on them. And that’s not the best idea because sometimes giving people extra jobs is not in their job description or their job title. They feel like they’re not being paid for it, or they’re being overworked, or they just ignore it because they don’t even know how to do it.
So you wanna make sure that the person you choose actually has training and actually is. In their job description and their job is being compensated for that. So you want to not have a manual that hasn’t been updated in years and expect the new compliance officer just to become magically current because the laws change.
Monthly. They change all the time. They change ’em to one thing and then they change ’em back. And then they change ’em to another thing and then they change ’em to another thing. And that’s where we can help you with staying up to date. But that HIPAA compliance officer needs to have a good baseline. Don’t give them some manual that’s 10 years old and expect them to be all the way up to date.
The training that happens once a year is quickly forgotten. So you’re required to have that training in your office. Once a year, but you’re also highly recommended that you have training once a month for your staff. So that is absolutely what you want to do, and that’s gonna help your compliance officer and your team.
And if you have no audit trail. Or documentation to prove compliance, that’s really gonna be a problem. Let’s say you’re doing everything you need to do, but you never write it down. That’s like seeing patients and never taking a note, right? Then that means that visit never happened in the eyes of malpractice and the eyes of insurance, all of those things.
So you have to document it and you have to write it down what you’re doing to be compliant. So tools that make compliance manageable, right? We have a solution with fearless acupuncturists that we can talk about if you need to. You need to have an editable policy and procedure manuals, because those things change.
You need to have a step by step risk assessment template that you’re gonna go through and you’re gonna assess. All the different things in your office, that could be a potential risk, right? You want monthly training for your staff. You wanna have an audit log and a compliance checklist because. If you are doing something, let’s say you do your monthly HIPAA training, you get it.
Everybody who was there sign that they participated in the training and you put it in your audit log. When you do that risk assessment, you put it in your audit log. ’cause if you don’t write it down, it didn’t happen. And if you come and get audited and you say, we’ve been doing it, but you have no proof, they don’t care.
It’s the government. They don’t care. They say, say ignorance is not an excuse. You wanna make sure you have ongoing support and updates about the regulations change. You need to stay current on this stuff because again, if you say I’m current from last year, but I didn’t keep up with this year, the feds, they don’t care.
So if you need some help, if you need to strengthen your HIPAA plan, take that free quiz if you wanna talk to us and just have questions if you wanna see a demo of how we can help support your team as well. I’m going give you a link and you’ll be able to reach out and just reach out and we’ll be happy to do it because you’re not alone in this.
We’re here to help our friends and our friends. Are you, our friends are the people in our profession. So info at better hipaa blueprint dot coms are email if you wanna contact us. Fearless acupuncturist.com is our website if you wanna check it out. And if you’d wanna schedule a demo, here’s the QR code.
Or you can go to go dot fearless provider.com/demo and we’ll set up a demo and go through everything so we can see where you are now and what you need and help you get to where you wanna be. So that’s it for today. With Fearless Acupuncturist. I am Dr. Julie McLaughlin, and I would like to thank again, the American Acupuncture Council for having us on here and providing these great educational tools for everyone.
Have a great day, and I’ll see you next time.
Click here for the best Acupuncture Malpractice Insurance
Today I am going to be talking about facial acupuncture, what works, what doesn’t work, and, lots of different things that people incorporate into their practice.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi, my name is Michelle Gellis. I am an acupuncture physician and an author, and I would like to thank the American Acupuncture Council for giving me this opportunity to speak to you today. Today I am going to be talking about facial acupuncture, what works, what doesn’t work, and, lots of different things that people incorporate into their practice.
Click here for the best Acupuncture Malpractice Insurance
Some are based on Chinese medicine. Some are more modern things. And a lot of the information that I’m gonna be talking about today comes from my book and it’s called Treating the Face. It is a 500 page. Full color hardcover book. And throughout the book I talk a lot about different tools and techniques that people use that practitioners can use in order to not just for cosmetic purposes, but also for neuromuscular purposes.
So facial ac. When I say facial acupuncture, I am referring to any treatments that affect the face, whether it’s skin level, muscle level, working with the fascia, working with the nervous system, working with the musculature, and. Knowing how to affect the circulation of the face, the lymphatic system of the face, the skin, the nerves, the muscles will really play into what sort of results you will get when you do your treatments.
So there, there are. Effective ways to layer things into your treatments. I am a big proponent on not just one size fits all treatments. And so if we’re looking at just, we’ll start with cosmetics. So when we’re looking at. Cosmetic concerns with the face. We can be looking at the very superficial dark spots, redness, fine lines, wrinkles sagging, things of that nature.
And some of these are very superficial, so treatments that are more superficial, things like microneedling. Red and blue and yellow light therapy and other hues of LED light therapy can be. Very beneficial. Facial cupping and facial gu sha can help to bring blood and chi out to the face. And so this can be beneficial for the skin as well.
Now, going another layer deeper, if we’re looking at. The circulation of the face and we are looking at the fascia and the musculature of the face, then we would be. Thinking in terms of treatments that go a little deeper, so this is where the facial cupping and the guha come in and techniques that aren’t just let’s say intradermal level, but more working submuscular, working with motor points.
And this can help to lift the face so the face lifts itself. And also looking at our facial expressions. We also wanna think about doing body points, so I didn’t want to neglect to talk about that. So body points can help our emotional body, which will. Ultimately show up on the face. And a lot of our expressions, for better or for worse, are going to, can cause wrinkles in the skin, fossil adhesions and permanent sagging and asymmetry of the face as well.
So. I’m going to also now kind of pivot and talk about neuromuscular facial conditions. So things like Bell’s palsy trigeminal neuralgia, TMJ, stroke ms. There were a lot of neuromuscular facial conditions, and when we’re thinking about treating those, we’re not thinking so much about. Skin level concerns, but more about the nervous system and the musculature of the face.
And this is where submuscular needling facial motor points some scalp acupuncture and in some cases LED therapy, if we’re using a LED light that has near infrared. Settings, which can go down to the muscle level. So how do we kind of layer all of this? When might you use one set of tools versus another?
When I do cosmetic acupuncture on a patient, depending on what their concerns are and how how kind of deep the. Concern is that they’re deep wrinkles. Deep sagging. That will determine what I, how I start to think about what it is I’m going to do. So I’ll give you an example. If someone came to me and they had.
Minor signs of aging on their face, but really deep wrinkles on their forehead. One of the, so I, I’m always going to do my cosmetic acupuncture. And that might involve some mandatory points that I use for lifting the face body points to help, to nourish all of the channels that feed into the face.
And then I always, and every cosmetic acupuncture treatment with facial cupping and facial guha. Now, I might add in some. LED therapy if they have acne or if there were superficial skin concerns. But what I could do either and, and that would happen while the needles are in. But what I could do additionally, either during this treatment or as a standalone treatment, is some microneedling to address.
Just the forehead area, if that is where their concerns are. However, if they don’t want to have microneedling, then I could. Weave into their treatment. Some submuscular needling of the frontals motor points on the frontals. And these will help to bring this will help to balance the muscle function and help to relax the forehead so that it’s, it’s doesn’t, so these lines.
Aren’t embedded in their forehead any longer. And of course the cupping and guha can help with that as well. So that’s one example of cosmetic. Now let’s talk about a potential patient who has Bell’s Palsy. So of course, on Bell’s Palsy, typically it is one side of the face and I would certainly treat any underlying conditions with body points and then locally.
I would incorporate acupuncture points. I would incorporate possibly some submuscular needling of different areas that have been affected. And I could also do some motor points for the muscles that have been affected, and then I would put an LED light over them on the near infrared setting in order to help to nourish the muscles.
To help to bring them back into normal functioning. When all of this was done, I would take the light off, I would take the needles out, and then I would do my cupping and GU shop. So these are more deeper level treatments as opposed to microneedling, which is more of a skin level, superficial level treatment.
So kind of to summarize the submuscular needling is used. Let’s see if I can grab a picture. But Submuscular needling is used when we are. Wanting to deeply nourish and affect particular muscle. And so that might be the frontals, it can be the digastric muscle, it can be the we, we can do some submuscular.
Needling on the corrugator muscle, which brings the eyebrows together. We can also do some submuscular needling around the temporalis. And so these are all, I’m trying to find my my chapter in my book on Submuscular needling. And. Here we go. So let me find a good picture for you guys. So by putting needles underneath the muscle, here we go.
So you can see here in this image here. Down here I’m doing submuscular needling, get that submuscular needling of the frontals. And then below that I’m doing submuscular needling of the Steris, which is right here. So working with the motor points in the face, which affect. Each one of the individual muscles or, and or submuscular needling is going to help not only with neuromuscular things, but also can help with cosmetic concerns.
And all of this has to be framed with you have to be thinking about safety. You have to be thinking about whether or not the patient has had any neurotoxins like Botox or fillers facial fillers, and. So in my classes I teach how to talk to your patient about these and how long they have to wait before you can treat them, and what areas to avoid if they’ve had any facial surgeries.
So, to close I just would like to summarize by saying. When you’re thinking about treating the face, you can layer treatments, but more isn’t always better. Knowing how and when to layer is very important. Using the right tool at the right time and really speaking clearly to your patients about expected outcomes is important as well.
If you’re interested in learning more about treating the face, you can go to my website, facial acupuncture classes.com. I have recorded webinars and live classes that cover all of these topics and, myw, my classes are also listed on my website, all my live classes, and you can also find me on Facebook, Instagram, and TikTok and LinkedIn under my name, Michelle Gellis.
So thank you again to the American Acupuncture Council, and I hope to see you soon.
Click here for the best Acupuncture Malpractice Insurance
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi everybody. I am Julie McLaughlin here for Fearless Acupuncturists with the American Acupuncture Council, and today we’re gonna be talking about a HIPAA Risk Score Assessment. So a little quiz that we’re going to do together and we’re gonna make sure that you are HIPAA compliant. So I have a few slides to share with you, so let’s go there now.
Click here for the best Acupuncture Malpractice Insurance
So again, we are from the Fearless Acupuncturist with the American Council of Acupuncture, and I’d like to thank them for allowing us to talk to you today and sponsoring these wonderful programs. It really helps educate all of our fellow providers in the things that we do. They are wonderful, and we wouldn’t be here today without them.
So what’s the risk with him? Is HIPAA really that big of a deal? Is it really something that we all have to do? I hate to tell you, but it’s right. So what we’re gonna do today is we’re gonna find out if you’re actually protected. Or if you’re accidentally a HIPAA hot mess, which nobody wants to be a HIPAA hot mess, let’s face it.
And we’re gonna take this little risk score, and don’t worry, no one’s going to know but you, this is only to see where you are, where your starting point is. You might be a hundred percent good, or you might need some help. So don’t sweat it. It’s going to be easy. And we’re going to take this one step at a time.
So some of you probably have seen my partner, Dr. Perry Barnhill, doing some of these speaking engagements here. But you also may have seen me, um, in some other venues talking about chiropractic even. And I’m an acupuncturist as well, like you and functional medicine practitioner. So I’m doing this today and I’ve kind of switched gears after practicing for 37 years.
Into helping some of my friends because frankly what I started seeing and what scares me more than, you know, seeing things that people come in with, ailments they’re coming in with in our office is that some of my friends, brilliant providers. Are losing everything. They’re having huge issues, not because of bad care, not because of failing in practice, not because of any of that stuff, but because they had compliance gaps that they didn’t even know existed.
And that really fired me up and that’s why I teamed up with Dr. Perry. He is the smartest. Compliance Ninja. I know he is the go-to guy when it comes to this stuff and I’ve actually been working with him for a very long time. Kind of in the background. I kinda do the tech stuff and, but today I wanted to talk to you about the hip risk score because it is so important to me that my friends.
Okay, we wanna go from acupuncture to audit. No, we don’t. We don’t wanna do that. We just wanna do acupuncture. Who wants to do audits? Nobody wants to do audits. You went to school to help people. When you opened your practice, it was like a big surprise. You became a CEO, IT director, a privacy officer, a cybersecurity manager, you know, running the front desk.
And somehow you still have to be a human being, but at the end of the day, you just want to treat your patients. You just wanna get your patients better. But we don’t wanna have audits. We don’t wanna have these things. And I realize that providers need support. They don’t need fear, they don’t need to worry about things.
But when compliance fails, patients suffer and the provider pays for it. And we don’t want that to happen to our friends. So that’s why we made this HIPAA compliance risk score. And the truth is that hipaa. Isn’t about paperwork, it’s about protecting people. I know there’s a ton of paperwork and no one wants to do it and we don’t get paid for it, but if we don’t do it, we could be paying somebody else and we don’t wanna have to be paying fines to the government or, you know, losing everything like we’ve seen so.
Let’s just check where you are now and make sure that you are good. So I want you to send me a thumbs up if you are a hundred percent comp compliant. If you’re a hundred percent confident that you are HIPAA compliant, you are not 99%, but you’re a hundred percent thumbs up. Nah, not very many thumbs up, right?
Because who could say that they’re a hundred percent on this stuff? There’s so many gray areas, I gotta tell you. We research this all the time. This is what we do, is looking at the changes and the laws, you know, and one law comes up and we’re like, okay, now you gotta do this. And then the next thing you know, there’s a lawsuit in the government and then they change it.
Well, nope, we decided you don’t need to do that now you gotta do this. And it. Hard to keep up and it’s not fun to keep up ’cause we wanna keep up with things in our field and acupuncture and what’s going on and what’s the latest treatment. And you know, the case studies, we don’t wanna be doing this stuff and I get it because I’m right there with you.
But at the end of the day, the government doesn’t care. They don’t care if you don’t know. Right, because ignorance isn’t a protection. It’s just like our taxes. Like they don’t care if you say, well, I didn’t know I couldn’t do that. They don’t care because you’re. Responsible for knowing you’re responsible for knowing your risk.
So that’s step number one. So that’s why I want you to do this HIPAA risk score Quiz with me. It’s fast, it’s gonna take you a couple minutes. It’s totally anonymous. Zero judgment. You’re the only one that’s gonna see this score, but it’s going to give you a starting place of where you should be with your hipaa.
So I want you to get your phones out right now and I want you to go on the QR code and take this quiz. If you can’t do it because you’re driving in your car or you’re seeing patients and you’re listening to this in your earbuds or something like that, I want you to write this down. HIPAA risk score.com.
Now don’t HIPAA mistake number one, don’t misspelled HIPAA, H-I-P-A-A risk score.com. Go there, it’s gonna take you a couple minutes and I want you to go through the questions. And just be honest because it’s only for your own feedback to give you where you are. Are you A, B, C, D, F? Right. We all wanna be an A, but you have to have a starting point.
Where are we going to be? Right? So what’s on the quiz? It’s super easy. There’s privacy training. It’s gonna ask you about your cybersecurity and encryption, your business associates compliance, breach readiness policy, and document updates, and the changes that have been made this year in hipaa. That’s a really big deal.
Now, if you are like, oh my gosh, I already know, I don’t know this stuff. Take the quiz because it will teach you a little bit about these things by, by taking the questions and knowing what you know and what you don’t know, so then you know what you need to work on. Right? Super, super easy. So when our patients come in, they don’t know what’s wrong with them.
That’s why they come to us, right? We help them find out, and then we give ’em a solution, a treatment that’s gonna help them. That’s all this is. It’s gonna help you find out where your starting point is, what you need to do, and then from there you’re going to be able to know where to go. What are the steps you need to correct?
Make sure you’re compliant, right? Super easy. So here’s an example question. So. When you hire someone new into your practice, when do they get their privacy rule training? Is it on their first day that they start, they show up and they get their privacy rule training? Or do you say, we teach on the, on the job.
They learn as they go. So think about it, when do give that privacy training to your new hires? Now, if you say, I’m teaching as I go, or we do it once a month with the whole team. You might wanna rethink it because think about this, when do they have access to PHI? When do they see that people’s names who are coming into your office?
When do they see the 18 different types of PHI personal health information that could get breached? And they didn’t even know that they had to keep it confidential. So you wanna do little things like this is make sure that if you have a new hire that you’re. Teaching them that privacy rule right from the get go, they are gonna be HIPAA compliant for you.
’cause at the end of the day. You are the provider. You’re the one responsible. So go HIPAA risk score.com. Remember H-I-P-A-A, right? And take the quiz and your score is going to equal your action. So if you got a 90% to a hundred percent, that’s excellent HIPAA readiness. You’re, you’re awesome. You’re, you’re good to go.
You probably just have to keep up with your monthly HIPAA updates and your, uh, monthly HIPAA training, and you’re good to go. If you’re in the 80 to 89%, you’re good, but you need some improvements. You might need some help. If you’re in the 70 to 79%, it’s fair. You need reinforcement and gonna know you got some really specific weak spots that you need to look at.
If you’re below 70%. You know, you are gonna be high risk and you need some immediate action and, and. You’re gonna need some help. So see where you are. No shame at all because it’s a starting point of what you need to do. Just like your patients, when they come in, that’s their starting point. So, what do I need to do to improve?
So here’s a QR code again, HIPAA risk score.com. You’re gonna find out if you have an A, B, C, D, or F. And I hope you all get an A, but if you don’t, we’re here to help you because when you get your score, if it’s not what you want, I want you to reach out because you are not alone. We are here to help our friends.
You can email us at info@betterhipaablueprint.com and we’re happy to help. We’re happy to make sure that you are going to be HIPAA compliant. So what’s your next step? If you have more questions, you just wanna find out a little bit about this whole HIPAA thing in the process, you can check us out@fearlessacupuncturist.com or you can email us at info@betterhipaablueprint.com.
If you are like, no, I know I need help, I’m good to go. I want you to schedule a demo. Go to go dot fearless provider.com/demo or use a little QR code and check it out and schedule a demo with us and we’ll show you what it’s all about and answer your questions. So be sure to take that risk quiz. And that’s it for today at the Fearless Acupuncturist.
I would like to thank the American Acupuncture Council for having this and inviting us to share this with you. You guys have been great, and be sure to check out our shows in the future, and I hope you have a great day. We’ll see you soon.
Click here for the best Acupuncture Malpractice Insurance
So what’s going on HIPAA 2026, because this is the email I’ve been getting, in fact, several. And it says, hi Sam. Hope all is well. I’m getting a sudden surge in emails about the new HIPAA laws going into effect.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hey, greetings, all my friends. It’s Sam Collins, the coding and billing expert for acupuncture for you, the profession, and of course, the American Acupuncture Council. But most importantly, really it’s just you and I wanna make sure that each time we’ve got something new, something that’s changing to make sure you’re up to date.
Click here for the best Acupuncture Malpractice Insurance
If you’re a network member with me, even better, let’s make sure we always know what’s going on. Otherwise, even if you’re not a member, this is a place where we’re gonna give you the updates. Let’s go to the slides. Let’s talk about. What’s going on, and some of you may have gotten some emails to this and it’s always one that I’m always careful, hyperbole and if you have stress, it sells.
So what’s going on HIPAA 2026, because this is the email I’ve been getting, in fact, several. And it says, hi Sam. Hope all is well. I’m getting a sudden surge in emails about the new HIPAA laws going into effect. Now, I do understand HIPAA is misspelled here, but I left the email just as it was sent and it says, is this accurate or is it just marketing hype?
And I’m so glad they reached out to me. As good as Google searches and chat, GPT can be, remember, those are still limited to the information they can gather, and is it always correct? No. So we wanna be careful and we also wanna be careful. Is it also subject to hyperbole as well? Potentially to some extent.
I always look at the context. Obviously HIPAA is a big deal. It is. But how big is it? It depends on the size of the office, what you’re doing. At the end of the day, what is hipaa? In a acupuncture office? Don’t let anyone have someone else’s records. Many of you’re using paper charts. That’s pretty hard to get records unless they break into your office.
So let’s make sure what are we really doing and talking about let’s update. There are changes that you have to make. Or potentially February 16th. However, these updates probably will have nothing to do with you. I will tell you, I’m gonna be very acentric when it comes to these things. Code changes, everything else.
I’m like, how does it affect us? That’s what I wanna know. These updates chiefly concerned, a heightened confidentiality, protections for substance abuse disorder and reproductive health privacy. And this is mostly related to. Reproductive rights of people that some states allow certain types of birth control, others don’t.
If you go to another state, they can’t get access to it. It’s just protection. All this is about protection of a patient’s information. Same for substance abuse, that if someone has, gone through some substance abuse treatment, that no one just can easily get access to it. In fact, the easiest way to keep everything private, always pay cash.
If you’re not aware, cash means you don’t have to disclose at all, and the patient has a right to. Now, with this update though, what if it does affect us? What do we really have to do? It’s really updating your privacy practice. I’m gonna say 99.9% of you won’t, but let’s say for some reason you’re doing some reproductive health.
Now, I’m not saying necessarily fertility, I’m talking about reproductive birth control and that type, but let’s say you were, what would you add in there? The patient has rights for reproductive protection and that these records will not be disclosed unless specifically requested. And even then you would make sure who’s the requesting party, who they have access.
In other words, you’re gonna exercise a lot more caution for records, particularly if they have things like substance abuse. Same applies with HIV. So what this really is a defensive way just to make sure patients are aware of their new rights now. Does this mean you need to change your privacy notice?
Probably not. But let’s say for some reason you did, you would update your privacy notice with this additional information of that protection. If you’re not maintaining records on reproductive rights or substance abuse, though change is nothing. So continue the same, which means I don’t update anything.
Now let’s keep in mind though, what if you did have to update it? Would you have to have all patients sign the new privacy practice? No, you wouldn’t. Once they signed one from years ago. That remains in effect. Do post up in your office if you’ve made an update somewhere where they can see it. Make people aware.
But for the most part, they do not have to sign a new one. This is more so just to make sure that if you have these, you’re gonna make the change. Chances are you don’t, and this is where I want to keep things with simplicity in mind. Avoid hyperbole. At the end of the day, what is hipaa? Oh, by the way, you know how you’re supposed to do a yearly HIPAA training?
This isn’t at the very least part of it. It may be for some of you, the whole thing, depending on the size of your office. The basics of HIPAA is that we are protecting protected health information. What does that include? Names, date of birth, social security number, their diagnosis, treatment. In other words, all the information you have on the patient, you’re protecting it.
What does it mean? I don’t let anyone have access but realize. There’s things that can make it more vulnerable. If you do all paper notes, it’s very hard for someone to get it ’cause you physically would have to send it. But what if it’s electronic? Could someone hack into your system? So we have to have other things in safeguards there.
And even verbal information. Be very careful by example. Here’s a common one, A friend recommends a friend and you start discussing things about it. Like someone’s recommended a friend and they said, Hey did my friend John come in? Do you know? You can’t disclose that. You better get permission from another person.
And this sometimes you go I just wanna thank them. Gotta have permission. ’cause maybe they don’t want them to know. So at the end of the day, think of it this way, HIPAA is about giving the least information that’s necessary. We use the term minimum necessary. So if someone’s asking for a very specific date on a patient and it’s a valid request.
You’re gonna limit it to that date. Don’t send everything. Don’t send extra things. Here would be the reason why if you send too much, you never get it back. You know the barn door’s open, but if you send not enough, it’s easier to send more than to try to pull it back. Make sure, of course there’s administrative safeguards in the office.
Again, that’s what we’re doing today. Who’s your officer? Probably you, but make sure you have things in place. Do you do a risk assessment? Have you looked recently? Hey. Have we done all the right things by example? Do all your employees or people you work with get some initial HIPAA training from you and is it done yearly?
Now, I’m not saying it has to be a big yearly thing, but enough to go over it again to make sure there’s no issues. And you should have some type of a written policy. It could even be a page. I’m gonna suggest some of you may have to have more than that, but for the most part it’s like just the protocols of how to deal with it.
Like when someone calls. How do we handle if someone’s asking for records? You know what the answer is? We don’t give ’em anything over the phone, not without a signed authorization. Remember, if you’re working with outside vendors, billers or other people, they have to sign up. A business associate network manager with me, we have that.
We’ve done so because everything, I have to keep private. Make sure that if you have any type of service that’s shredding documents and you’re not doing it yourself, they need a HIPAA notice and then make sure you have. Rules that what happens if there’s a violation? I don’t think you’re gonna have some big sanction.
It just means, Hey, we’re gonna reprimand that this doesn’t happen again. Put safeguards in place and it’s just gonna be, I did a reprimand. You’re not gonna say, I’m gonna suspend you for a damn I, I guess you could, but that doesn’t help us. And then make sure you’ve got reasonable physical safeguards, meaning secure the charts.
Now if you have paper records, that’s pretty easy. Don’t put ’em in a place where people can get them. Now what if you said I don’t have a locked cabinet. Do you need a locked cabinet? Not necessarily so long as it’s protected from the public getting to it. So if it’s in an open area behind where people can walk in, you’re always gonna have some type of safeguard.
It’s never left alone for people just to wander. And now patients are escorted back. Now obviously electronic could be a little bit more difficult ’cause now what if you’re sending an email that’s not secure, or you’re not sure because your system could be hacked? Make sure you’ve got the proper encryption on your computers.
But one simple thing is make sure just when someone comes in your office, they can’t look and see someone else’s information on the computer. It should always blank out. In fact, I’d recommend just the privacy screen. That way when you look only dead on, can you see it? Nope. Nothing from the side.
Okay. And then make sure, as I mentioned, restrict access. No, you can’t go back there. We don’t let you, those are obvious, but it’s something to remember. That’s part of the training that staff have to remember, Hey, we just can’t let a patient go to the restroom. And then they’re wandering around the office and trying to look at someone else’s chart.
Not that I think people. Do that. But every now and then you get a couple of people that are a little quirky that may try to do something like that. And then of course, make sure that you’re shredding documents when you discard them. You can’t just throw ’em out, shred them, okay, by a cross crutch shredder, or there’s a service out that’ll do it.
Remember, you do wanna keep the records timely. On the minimum time for many states. Could be five years, some or seven or 10. Know your state if you’re not sure. Contact me network members. I can make sure, but you don’t need to keep a bunch of records if you’ve been seeing a person for 20 years. You honestly don’t need all 20 years.
You need the last seven years, let’s say. Alright, now what about technical safeguards? Here’s something to make sure this is training with staff passwords. Everyone should have their own no shared passwords. That way we know who was on or what there was a problem. That way, if something happened, we can find out how it happened, who it happened with, and not everyone gets blamed.
If you will make sure there’s log off. The computer should log off after five minutes, maybe even shorter, depending. How about encryption? Now, it’s pretty hard to buy a computer without that, but check to make sure. Where I’d be more concerned are mobile devices and backups. If a staff can have access to records on their mobile device, let’s remember if you have Google or Microsoft, they look at everything, if you use email through Google, they’ve read it and they’re sending you ads based on it. Okay. And they’re selling it to other people. So make sure you keep things very private in that way. I would recommend no mobile devices unless we know it’s encrypted limit access based on job role. If someone’s job is only appointments, then they don’t necessarily need an EHR access.
Okay. It just lends to less people touching, less problem we can have. And then make sure, again, the personal devices. I have a concern because everyone does it now, and then you wonder what things have access. I had a friend that said, Hey man, I have a TikTok. I never had TikTok before. So I put it on, I watched the thing.
I thought it was pretty it’s not for me. I’m an older person, so I don’t wanna sound like I’m down on it, but the thing, I deleted it. Do you know, I get an email now and again from TikTok that says, Hey, this person’s on TikTok. We saw they were in your contacts on your phone. So again, there’s a lot of access there.
I would be really conscientious of. And then remember, patients have rights. Make sure they all do a privacy notice, do they have to sign that every year? No. Once is enough. If you amend or change it, then of course, put a post, a new notice. But at the same token, they have to resign. And if a patient wants, can they have access to the records?
Sure. Can they make amendments? Not really. They can’t amend it. What they can do is give what their opinion is. But don’t make them change the record. They can just write what they think. It should be a little odd. But on the medical side, you might see this. And then if they want confidential things like, Hey, I don’t want you to speak to my spouse, I don’t want you to let this person know, you have to honor it.
And in fact, I would say always simply, I don’t wanna say hide, but use that as your protection. I’m sorry. HIPAA allows me not to do that and just leave it at that. No excuses. That’s just what it is. And if they want any type of authorization, I want it in writing. From them. I don’t want there to be any issue later saying, I didn’t give you authorization to do that.
It’s not complicated in a small office, but you wanna make sure we have the right things in place. ’cause if someone does make a complaint, could that be a problem for us? Maybe which means other simple things too. Verbal discussions. Avoid, obviously if you go in a hospital, you ever notice everyone gets quiet when they get on the elevator.
You wanna make sure you’re not talking. You gotta be very qui quiet. My son’s an attorney and it’s interesting when they have meetings. They literally have soundproof rooms. A hundred that no one can hear anything. It’s really, in fact, if you sit in the room with no sound, it’s a little scary because there’s like anti sound in there.
But that’s how careful they are with the type of things they deal with. So use good discretion. If you’re releasing information and you’re not sure, or they’re asking, don’t release it. You can always get more information. Again, you can never get it back if you’re not sure where you’re sending it.
If you’re not sure. That was them on the voice. But don’t leave a voicemail. In fact, make sure they have permission for you to do so many patients will. And then if you’re gonna send a fax or an email, verify who it is before you send it. Because once you send, if it’s the wrong one, and I, when I say verify it, I mean I want you to send, my rule is you’re gonna send a test email first.
Make sure the respond back saying it’s theirs before you send it, okay? Because once you send it, there’s no coming back. The network, myself and the HJ Ross or American Acupuncture Council, we’re always here for you. We wanna be your support. If you’re a member with me and you want to go into some more details or some training, by all means do that.
Otherwise, for everyone else, use good common sense when it comes to hipaa. You always be on the right track and not saying things can’t change, but remember hyperbole often is just that it’s trying to excite you about something. We’re always gonna be that good and honest resource. So until next time, my friends, I wish you well.
And remember, acupuncture got a nice increase in fees this year. Go forward. Take care everybody.
Click here for the best Acupuncture Malpractice Insurance
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsI ACCEPT
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
