Tag Archives: Acupuncture malpractice Insurance

Year-End HIPAA Reality Check

So at the end of the year, you gotta plan, protect, prepare, and protect. But you can’t ignore these things…

Click here to download the transcript.

Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.

Hi everybody. I’m Julie McLaughlin from The Fearless Acupuncturist, and I’m here today on the behalf of the American Acupuncture Council, and we are so excited. We are going to talk about end of the year hipaa. What do you need to do before the end of the year to make sure you’re HIPAA compliant? I’ll show you some slides now.

Click here for the best Acupuncture Malpractice Insurance

So at the end of the year, you gotta plan, protect, prepare, and protect. But you can’t ignore these things before December 31st. Don’t put it on your to-do list for next year. You have to do things this year to make sure you’re HIPAA compliant and you’re not getting behind, because God forbid you get audited, you can’t go backwards.

So again, I’m Julie McLaughlin, and this is my partner, Perry Barnhill, and we are part of. Fearless acupuncturists where we help acupuncturists maintain and make sure that they are HIPAA compliant. So why is December the danger zone for hipaa? Because HIPAA problems love the end of the year, right?

Get a Quick Quote and See What You Can Save

Compliance gaps quietly hide all year long, and audits and investigators, when they come in, they’re looking backwards. They’re not looking what are you going to do in the future? They’re looking at what you did. So you have to make sure that this year 2025 is good and compliant and you’ve got everything up to date.

Your documentation gaps are going to show up when it’s too late. You can’t go and change those. So I want you to do this now. I know it’s the holidays, but. Just take some time with your staff and do this now, because today is a reality check. This is gonna be about 10 minutes. It’s gonna be a compliance wake up call.

Make sure that your practice actually gets caught up. I’m gonna tell you what regular leaders are expecting to see on paper. If you don’t write it down, if you don’t record it. You didn’t do it just like your notes, even though you saw the patient, you talked to the patient, you made a care plan, everything.

If you don’t write it down, it didn’t happen, right? And you have to review this every single year. So the number one deal breaker, the number one audit is the risk analysis, and this is the foundation. Everything else sits on this. So if you do nothing else that I tell you today, which don’t do that, but if you don’t, at least do your risk analysis because no current risk analysis, you’re done for it.

They’re gonna walk in the door, they’re gonna ask you for that. You don’t have it. That’s it. Then they’re gonna look for everything else you didn’t do. At least if you have this, they’re gonna say, okay, they’re making a temp. They’re working on this. It’s a work in progress, and they could give you a little slack.

So make sure you have your risk analysis and make sure that it’s a real one. It’s one that actually reflects what you’re doing. Don’t just make something up because they’re gonna know that, they’re gonna be like you said it’s this, but it’s not even there. So make sure you’re doing this, please. So policies that can hurt you instead of help you.

So if your policies, you read through ’em and they say one thing, but your staff does another, or you are doing another thing, or you’re not doing what it says in your policy, they’re gonna come after you. This is where it goes sideways, and this is where they try to. Trick you up and you don’t wanna do it.

And the third thing is, if your technology is doing a whole nother thing, you don’t have your technology safe from hackers and ransomware and we’re seeing this stuff, we’re seeing this stuff with some of the docs. So you gotta make sure you’re okay on this, please. In your training where good practices get burned, the most common assumption is my staff knows hipaa.

We go over all of this, we do this. But the reality is, if you don’t document the training didn’t happen. If you don’t have a audit log of what you’re auditing in your office, it didn’t happen. If you’re still using that old training you’ve used for decades, it’s ineffective because the HIPAA laws change and you gotta keep up with them.

Now, what about business associates? This is a liability that nobody sees coming. So we all know that you have to have a business associates agreement with anybody who has access to your patient’s. PHI, right? So it support cloud storage, EHR marketing platforms. What about even like people that you do business with, maybe people who are referrals for you, maybe lawyers.

Maybe you do some PI things or maybe you do some work comp things. What if you’re getting emails from these people that are hacked and you open it because you see it’s somebody you trust and and then you’re hacked. So you gotta really make sure you got all your business associates agreements in place and have it documented that you have them have a little list when they were, and then make sure that you get a new one every single year.

So make sure you have one for 2025, and then get ready to send them out. For 2026, security isn’t just an IT issue, right? HIPAA expects proof of all your administrative safeguards, your physical straight safeguards, and your technical safeguards. Make sure that you’re not leaving files face up with patient’s names on it where people can see.

All of those little things. Make sure you have passwords on your computer and screensavers that aren’t just open that people can see. You gotta go through and do all these little things because if you’re not, they’re gonna know just ’cause you have it written down in your manual, but you’re not doing it.

They’re gonna catch you. I know paperwork is boring, but really is the real protection. I cannot stress this enough. If it’s not documented, it didn’t happen, and it won’t defend you. Just if the insurance companies are paying you, but you don’t have notes and they ask for your notes, they’re gonna take that money back and plus they’re gonna find you.

So you don’t wanna have this happen. How practices get blindsided. We hear this all the time. We thought we were covered. We meant to update that. I didn’t know that counted. Does that sound like you? If it does, this is a little wake up call. You gotta get on this and we gotta do this. So your year end decision point, you got two paths forward, patch things up together and just hope for the best.

Hope no one comes in audit juice. No. No disgruntled employees or patients are reporting you. Or put a real system in place. Guess which one is gonna be the better idea? The real system in place, right? Because it actually works, right? You wanna have a structure, you wanna have current tools, you wanna have ongoing guidance.

You wanna keep up with the all the changes that are happening in HIPAA all the time. You wanna have your monthly HIPAA trainings, and if you haven’t done it yet, you have to do your annual HIPAA training. That is a must. If you have not done an annual HIPAA training this year, I want you to make sure you’re doing it.

And include all the new 2025 rules and laws that have gone into effect this year. Because if you use the same. Annual hip, a training that you used last year, you’re missing all the updates from 2025 and you don’t wanna do that. So don’t drag this into next year. It’s not gonna be good. So the next steps, if you’re like, oh my gosh, I don’t know where to start, or I’m really lost, I really need help, you’re not alone.

Reach out. We’re happy to help you. Info at better HIPAA blueprint. That’s Dr. Perry and i’s. Email address, reach out to us. We’ll help you if you wanna have a demo or you just have some questions that you wanna talk about, like what do I do about this or that. Use the QR code, use the link and schedule a demo with us and we’ll help you go through it, and we’ll help you show you how to really build a HIPAA compliant system.

Office to protect your office, your staff, you and your patients. So that’s it for today, and again, thank you for the American Acupuncture Council for having us here. We’ll see you next time.

Click here for the best Acupuncture Malpractice Insurance

Get a Quick Quote and See What You Can Save

HIPAA – Top 3 Cybersecurity Threats in the Health Industry

Click here to download the transcript.

Click here for the best Acupuncture Malpractice Insurance

Get a Quick Quote and See What You Can Save

Major Benefits of Acupuncture in Pediatric Health

Does acupuncture provide benefits for children’s health?

Research supports acupuncture as having a broad range of applications in the treatment of pediatric diseases and can serve as a valuable complementary and alternative therapy.

The most common health issues addressed include peripheral facial paralysis, diarrhea, reduced limb mobility or decreased muscle strength, postoperative bloating, and Guillain-Barré syndrome.

Acupuncture is utilized across all pediatric sub-disciplines, with notable applications in neurology, critical care medicine, general surgery, respiratory medicine, and orthopedics.

Healthcare continues evolving to less invasive, natural, and drug-free methods with acupuncture now being a first-line complementary healthcare choice.

Remember the American Acupuncture Council (AAC) offers an unparalleled track record in acupuncture risk management.

There is a reason acupuncturists have trusted AAC with their business for 50 years.

Not an American Acupuncture Council member? Get a Quick Quote and find out how much you will save! Click here!

Acupuncture Helps Adult Health Conditions

Can acupuncture help a variety of adult health conditions?

Acupuncture helps with a wide range of adult health conditions, particularly various types of chronic and acute pain such as back, neck, and osteoarthritis pain.

Headaches, nausea, and dental pain are also treated successfully with acupuncture.

Other conditions acupuncture is effectively used for include fibromyalgia, carpal tunnel syndrome, and side effects from cancer chemotherapy.

Healthcare continues evolving to less invasive, natural, and drug-free methods with acupuncture now being a first-line complementary healthcare choice.

And remember, the American Acupuncture Council (AAC) offers an unparalleled track record in acupuncture risk management.

There is a reason acupuncturists have trusted AAC with their business for 50 years.

Not an American Acupuncture Council member? Get a Quick Quote and find out how much you will save! Click here!

HIPAA – Lost or Theft of Equipment & Data

Click here to download the transcript.

Hi everybody. This is Perry Barnhill with the Fearless Acupuncturist, and we wanna welcome you to another show regarding HIPAA and compliance and how you can protect yourself and your patients in your practice. Slideshow please. First, I’m gonna give a big thanks to the American Acupuncture Council for sponsoring this show.

Click here for the best Acupuncture Malpractice Insurance

Okay, so let’s get into this. Let’s talk about loss or theft of equipment and data in our practices. Before I do that. Let me just go over just a couple things here on why myself and why Julie teach hipaa. We understand what it’s like to have an office. We understand what it’s like to take care of patients, and we also understand what it’s like not to really know what it is we’re supposed to know in regards to hipaa.

Get a Quick Quote and See What You Can Save

So that’s why we’ve created a compliance program, specifically addressing HIPAA and the needs in your office as it relates to you as acupuncturists. So before we get started there’s something, I’d like to go over this regarding where you fall within the whole HIPAA world. So what we’ve done is we’ve created a little bit of a quiz here and I’m gonna hop to the next slide here so you can scan this.

So scan this QR code, and this will take you to just a few questions regarding HIPAA and compliance in your office. Now, as you go through these questions, first of all, it’s quick, it’s easy. We’re not gonna share this with a bunch of people, so don’t worry about that. You can grade yourself based on the answers to your questions.

If you’ve gotten an F, just like anything else, you’re not even close to being HIPAA compliant. But let me say this as well, even if you have a B, that’s great and you can commend. You should commend yourself for at least having a B, but that means that there’s still a few things you need to get in play to be totally HIPAA compliant.

These things. Let me just say this. HIPAA is something we don’t wanna mess around with. In fact, I talk to acupuncturists and providers all the time. The biggest risk, believe it or not, I believe we all have in practice these days, is not being HIPAA compliant. And the reason I say that is because the penalties and the fines associated with not being HIPAA compliant.

Huge, and we just don’t want that to happen to us. So make sure you go there, you check this out and see where you fall within the whole world of hipaa. Okay, so seconds count. Here’s a little story about a provider going to a coffee shop. They have their laptop there. They jump on the public wifi, they order a coffee, they sit down, they get called, they go pick up their coffee, they come back and their laptop is gone.

Basically, their laptop got stolen, so as you can imagine, I think all of us would be freaking out because our laptop got stolen and we should be freaking out if our laptop had any kind of protected health information on it or something. You’re hearing me referred to as PHI. Or EPHI, which stands for electronic protected Health Information.

So did you know, and just go through this really fast, a laptop is stolen every 53 seconds, so these things happen all the time. 70 million smartphones lost every single year. Very small percent recovered at only 7%, 4.3 percent of company issued smartphones. Their loss are stolen every single year, and 80% cost of a lost laptop is from data breach.

Last one here, 50%. 52% of all devices are stolen from the workplace. This is a big deal. Physical loss and data loss, so physical awareness of the device. Just as some examples, we misplace our phone, or we leave our laptop like in the coffee shop, or we leave our tablet unattended at work. Or in transit.

We basically lose these things. We can lose data, not sharing or not using proper passwords. How do we do that? If someone can access your systems by using your password that are not supposed to they can access data they shouldn’t have, and that is considered a breach. Sharing passwords, again, don’t share passwords.

Don’t share passwords with anybody. Accessing personal or unauthorized. Non-work, internet access or websites on your work computers be very strict, not just with yourself, but also with your employees regarding the places they can and cannot visit on the computers and on the internet. So let’s do this.

Let’s take a quick little quiz here. And what I want you to do is think about the best answer here. Some of these might be answers, but. Pick the best one here. So here’s a question. Which of the following activities can cause data to be damaged or lost? A. Staying online too long. B. Never. Never fully shutting your computer down.

C. Unauthorized access to a system. D, always keeping your computer charging. Okay, so the best one here, the very best one. Okay, the best answer here is C. Unauthorized access to a system. Anytime somebody accesses our system, meaning they gain access to protected health information that was not authorized to do that’s a breach and that’s something we don’t want to happen. Here’s a really cool chart on how long it takes a hacker to break your password, and these are just examples. Again, I’m not gonna go over all of these. You can screenshot this, you can look for it, but it’s just very interesting. So if you go to the left here, look at the number of characters.

If you just have four characters and they’re only numbers. Are there only lowercase letters or even look at the next box over upper and lowercase letters or that whole row? A hacker can access your system immediately or break your password. So the goals are, and there are very specific requirements according to hipaa.

It’s a law. You have to have certain requirements for your passwords. They have to be so long, meaning so many characters, length, they have to have special characters. So there’s things that have to be done here, but go to the bottom. So check this out. If you had 11 characters and you just slide over to the right hand side, 11 characters with numbers, upper and lowercase letters and symbols.

Take a hacker up to 34 years for them to break your password. This is where we want to be so they don’t break our passwords. So how do you create unique passwords? Make ’em meaningful to use to you and nobody else. Something you could remember. Create past phrases with special characters, and avoid items that can be easily discovered in social media or pictures.

So don’t use your first and last name. Don’t put a one in front of your first and last name. Don’t put a dollar sign behind it. These are way, way too easy to access it. Here’s an example. Fly me to the moon. Now, what does this have? It has many characters. It has upper and lowercase. It has a number, and it also has a special character, which is an explanation point.

So what do you need to know in order or to help prevent loss or theft of your equipment? Make sure you know your organization’s policy. C before removing them from the office. You cannot, or you should not remove any equipment. From the office unless you have very specific policies and procedures in place.

We have these things in your Ma in our manuals. We know this is part of things that providers do. They take their laptops home. Sometimes they allow their staff to do these things. I would suggest do not allow your staff to take. Home any protected health information. All right. But anyways, here’s some questions.

Can you travel with your equipment? You could, but you have to have policies and procedures in place. Can you take your equipment offsite to work remotely? Yeah, you can do these things, but certain things have to be followed, and you have to understand how to access that data or your practice safely and securely.

Can you use a USB or other portable storage devices? You can. But you have to make sure, again, those things are protected. Is the information on the computer or storage device encrypted? If the answer’s no, then you cannot take that device anywhere. It has to be encrypted. How can I use the secure VPN Virtual Private Network password protected wifi to log into a network and work?

So you have to know the answers to these things before you do any of them, has to be in your HIPAA manners. These things have to be part of your policies and procedures. We have these things in there. So is it important to be aware your practices, policies on traveling with equipment or taking equipment home to work remotely?

I pretty much answered that, so here we go. Absolutely. It’s true. We always have to verify our practices, policies, and procedures associated with the use of equipment outside of our office location. This will help ensure that you’re not exposing your laptop or mobile device, mobile devices to unknown risk accessing unsecured networks.

This is a real big deal if these things get breached, if you get accessed by someone that shouldn’t be accessing these things. We have to report these things, and the likelihood is if we don’t have, not the likelihood, but if we don’t have policies and procedures in place, we’re gonna get fines and we’re gonna get penalties.

Really important to have these things in place. Here’s some best practices on how you can protect your devices and your data. Obviously, knowing where your mobile devices are at all times, don’t leave ’em hanging around. Never leaving them unattended or unlock. Don’t leave laptops in a car. Doctors, providers get these things stolen and when you start asking questions like, oh yeah, I left it in the front seat, and every, and then their car gets broken into, you’re in trouble.

If that happens, there’s certain policies and procedures that you have to have in place if you decide to do these things. You have to encrypt sensitive data if it’s not encrypted. It gets stolen or it gets breached, that’s a problem. Being aware of your surroundings, meaning maybe you shouldn’t take your laptop, in a car, depending on where you’re going.

I wouldn’t take it anyways. If I was to go into a store and I have my laptop, I would take it with me. Quite literally. I would take it with me. That’s how concerned I am about these things. Have to make sure your passwords are strong, and like I said, don’t ever share your passwords. And here’s the other thing too.

If something happens, you have to report the loss of this equipment. Immediately you have to report it to hipaa, and if you don’t have certain procedures and policies in place, this is where the fines come into play. And this, quite frankly, is what concerns me the most. So a summary loss or theft of equipment or data can have significant long-term implications that will far outweigh the cost to replace the device.

You have to follow all system instructions regarding secure passwords and updating your software, updating patches to make sure that this is secure as it possibly can be. If something happens, you have to take immediate action. If an event, and when I say event, I mean there’s a breach or maybe there was a breach, meaning there was a compromise, or maybe you’re not really sure if there was or if there wasn’t a breach.

We have questionnaires that assess, breach to say and determine, yes, there was a breach. Maybe there was, or, yes, there definitely was. And then given the answer to those things, what do we do from here? And again, if these things happen, you have to provide as many details as possible related to the incident.

Who do you provide those things to? You’re gonna have to provide them to the OCR, the Office of Civil Rights, which is basically the HIPAA place, and hopefully we never have to go down that road and be in that position. So here’s some next steps. If you have questions for us or if you wanna schedule a demo or quite frankly, just get started, you can do these things.

You can schedule a demo with us. If you go to go dot fearless provider.com/demo, of course you can scan the QR code here to the right. You wanna get started with our program. You can fearless acupuncturist.com. It’s easy. You go there, you sign right up, and you get access to all the manuals, all the information.

All the videos or sometimes people want to contact me ’cause they have some specific specific questions. Please feel free to, you can contact me at Dr. perry@betterhipaablueprint.com. In the meantime, everybody make sure you have all your HIPAA stuff as good as you can, is as dialed in as possible ’cause it’s not worth the risk of not having it.

I want y’all to have an amazing day and I will talk to you next time.

Click here for the best Acupuncture Malpractice Insurance

Get a Quick Quote and See What You Can Save

Holiday Anxiety and Acupuncture Therapy

Are you finding your acupuncture patients to be more stressed and anxious than usual?

A survey by the American Psychological Association found that 38% of people felt their stress levels increased during the holiday season.

Stress can lead to an increased risk of illness, substance misuse, and higher rates of anxiety and depression.

There is good scientific evidence encouraging acupuncture therapy to treat anxiety disorders as it yields effective outcomes.

Research has shown acupuncture can:
Decrease cortisol levels, helping the body get out of the ‘fight or flight mode,

Increase serotonin levels, which may help reduce anxiety and improve mood, and

Promotes calm and improved sleep.

Healthcare continues evolving to less invasive, natural, and drug-free methods with acupuncture now being a first-line complementary healthcare choice.

And remember, the American Acupuncture Council (AAC) offers an unparalleled track record in acupuncture risk management.

There is a reason acupuncturists have trusted AAC with their business for 50 years.

Not an American Acupuncture Council member? Get a Quick Quote and find out how much you will save! Click here!