Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Click here for the best Acupuncture Malpractice Insurance
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi everybody. I am Julie McLaughlin here for Fearless Acupuncturists with the American Acupuncture Council, and today we’re gonna be talking about a HIPAA Risk Score Assessment. So a little quiz that we’re going to do together and we’re gonna make sure that you are HIPAA compliant. So I have a few slides to share with you, so let’s go there now.
Click here for the best Acupuncture Malpractice Insurance
So again, we are from the Fearless Acupuncturist with the American Council of Acupuncture, and I’d like to thank them for allowing us to talk to you today and sponsoring these wonderful programs. It really helps educate all of our fellow providers in the things that we do. They are wonderful, and we wouldn’t be here today without them.
So what’s the risk with him? Is HIPAA really that big of a deal? Is it really something that we all have to do? I hate to tell you, but it’s right. So what we’re gonna do today is we’re gonna find out if you’re actually protected. Or if you’re accidentally a HIPAA hot mess, which nobody wants to be a HIPAA hot mess, let’s face it.
And we’re gonna take this little risk score, and don’t worry, no one’s going to know but you, this is only to see where you are, where your starting point is. You might be a hundred percent good, or you might need some help. So don’t sweat it. It’s going to be easy. And we’re going to take this one step at a time.
So some of you probably have seen my partner, Dr. Perry Barnhill, doing some of these speaking engagements here. But you also may have seen me, um, in some other venues talking about chiropractic even. And I’m an acupuncturist as well, like you and functional medicine practitioner. So I’m doing this today and I’ve kind of switched gears after practicing for 37 years.
Into helping some of my friends because frankly what I started seeing and what scares me more than, you know, seeing things that people come in with, ailments they’re coming in with in our office is that some of my friends, brilliant providers. Are losing everything. They’re having huge issues, not because of bad care, not because of failing in practice, not because of any of that stuff, but because they had compliance gaps that they didn’t even know existed.
And that really fired me up and that’s why I teamed up with Dr. Perry. He is the smartest. Compliance Ninja. I know he is the go-to guy when it comes to this stuff and I’ve actually been working with him for a very long time. Kind of in the background. I kinda do the tech stuff and, but today I wanted to talk to you about the hip risk score because it is so important to me that my friends.
Okay, we wanna go from acupuncture to audit. No, we don’t. We don’t wanna do that. We just wanna do acupuncture. Who wants to do audits? Nobody wants to do audits. You went to school to help people. When you opened your practice, it was like a big surprise. You became a CEO, IT director, a privacy officer, a cybersecurity manager, you know, running the front desk.
And somehow you still have to be a human being, but at the end of the day, you just want to treat your patients. You just wanna get your patients better. But we don’t wanna have audits. We don’t wanna have these things. And I realize that providers need support. They don’t need fear, they don’t need to worry about things.
But when compliance fails, patients suffer and the provider pays for it. And we don’t want that to happen to our friends. So that’s why we made this HIPAA compliance risk score. And the truth is that hipaa. Isn’t about paperwork, it’s about protecting people. I know there’s a ton of paperwork and no one wants to do it and we don’t get paid for it, but if we don’t do it, we could be paying somebody else and we don’t wanna have to be paying fines to the government or, you know, losing everything like we’ve seen so.
Let’s just check where you are now and make sure that you are good. So I want you to send me a thumbs up if you are a hundred percent comp compliant. If you’re a hundred percent confident that you are HIPAA compliant, you are not 99%, but you’re a hundred percent thumbs up. Nah, not very many thumbs up, right?
Because who could say that they’re a hundred percent on this stuff? There’s so many gray areas, I gotta tell you. We research this all the time. This is what we do, is looking at the changes and the laws, you know, and one law comes up and we’re like, okay, now you gotta do this. And then the next thing you know, there’s a lawsuit in the government and then they change it.
Well, nope, we decided you don’t need to do that now you gotta do this. And it. Hard to keep up and it’s not fun to keep up ’cause we wanna keep up with things in our field and acupuncture and what’s going on and what’s the latest treatment. And you know, the case studies, we don’t wanna be doing this stuff and I get it because I’m right there with you.
But at the end of the day, the government doesn’t care. They don’t care if you don’t know. Right, because ignorance isn’t a protection. It’s just like our taxes. Like they don’t care if you say, well, I didn’t know I couldn’t do that. They don’t care because you’re. Responsible for knowing you’re responsible for knowing your risk.
So that’s step number one. So that’s why I want you to do this HIPAA risk score Quiz with me. It’s fast, it’s gonna take you a couple minutes. It’s totally anonymous. Zero judgment. You’re the only one that’s gonna see this score, but it’s going to give you a starting place of where you should be with your hipaa.
So I want you to get your phones out right now and I want you to go on the QR code and take this quiz. If you can’t do it because you’re driving in your car or you’re seeing patients and you’re listening to this in your earbuds or something like that, I want you to write this down. HIPAA risk score.com.
Now don’t HIPAA mistake number one, don’t misspelled HIPAA, H-I-P-A-A risk score.com. Go there, it’s gonna take you a couple minutes and I want you to go through the questions. And just be honest because it’s only for your own feedback to give you where you are. Are you A, B, C, D, F? Right. We all wanna be an A, but you have to have a starting point.
Where are we going to be? Right? So what’s on the quiz? It’s super easy. There’s privacy training. It’s gonna ask you about your cybersecurity and encryption, your business associates compliance, breach readiness policy, and document updates, and the changes that have been made this year in hipaa. That’s a really big deal.
Now, if you are like, oh my gosh, I already know, I don’t know this stuff. Take the quiz because it will teach you a little bit about these things by, by taking the questions and knowing what you know and what you don’t know, so then you know what you need to work on. Right? Super, super easy. So when our patients come in, they don’t know what’s wrong with them.
That’s why they come to us, right? We help them find out, and then we give ’em a solution, a treatment that’s gonna help them. That’s all this is. It’s gonna help you find out where your starting point is, what you need to do, and then from there you’re going to be able to know where to go. What are the steps you need to correct?
Make sure you’re compliant, right? Super easy. So here’s an example question. So. When you hire someone new into your practice, when do they get their privacy rule training? Is it on their first day that they start, they show up and they get their privacy rule training? Or do you say, we teach on the, on the job.
They learn as they go. So think about it, when do give that privacy training to your new hires? Now, if you say, I’m teaching as I go, or we do it once a month with the whole team. You might wanna rethink it because think about this, when do they have access to PHI? When do they see that people’s names who are coming into your office?
When do they see the 18 different types of PHI personal health information that could get breached? And they didn’t even know that they had to keep it confidential. So you wanna do little things like this is make sure that if you have a new hire that you’re. Teaching them that privacy rule right from the get go, they are gonna be HIPAA compliant for you.
’cause at the end of the day. You are the provider. You’re the one responsible. So go HIPAA risk score.com. Remember H-I-P-A-A, right? And take the quiz and your score is going to equal your action. So if you got a 90% to a hundred percent, that’s excellent HIPAA readiness. You’re, you’re awesome. You’re, you’re good to go.
You probably just have to keep up with your monthly HIPAA updates and your, uh, monthly HIPAA training, and you’re good to go. If you’re in the 80 to 89%, you’re good, but you need some improvements. You might need some help. If you’re in the 70 to 79%, it’s fair. You need reinforcement and gonna know you got some really specific weak spots that you need to look at.
If you’re below 70%. You know, you are gonna be high risk and you need some immediate action and, and. You’re gonna need some help. So see where you are. No shame at all because it’s a starting point of what you need to do. Just like your patients, when they come in, that’s their starting point. So, what do I need to do to improve?
So here’s a QR code again, HIPAA risk score.com. You’re gonna find out if you have an A, B, C, D, or F. And I hope you all get an A, but if you don’t, we’re here to help you because when you get your score, if it’s not what you want, I want you to reach out because you are not alone. We are here to help our friends.
You can email us at info@betterhipaablueprint.com and we’re happy to help. We’re happy to make sure that you are going to be HIPAA compliant. So what’s your next step? If you have more questions, you just wanna find out a little bit about this whole HIPAA thing in the process, you can check us out@fearlessacupuncturist.com or you can email us at info@betterhipaablueprint.com.
If you are like, no, I know I need help, I’m good to go. I want you to schedule a demo. Go to go dot fearless provider.com/demo or use a little QR code and check it out and schedule a demo with us and we’ll show you what it’s all about and answer your questions. So be sure to take that risk quiz. And that’s it for today at the Fearless Acupuncturist.
I would like to thank the American Acupuncture Council for having this and inviting us to share this with you. You guys have been great, and be sure to check out our shows in the future, and I hope you have a great day. We’ll see you soon.
Click here for the best Acupuncture Malpractice Insurance
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi everybody. I’m Julie McLaughlin from The Fearless Acupuncturist, and I’m here today on the behalf of the American Acupuncture Council, and we are so excited. We are going to talk about end of the year hipaa. What do you need to do before the end of the year to make sure you’re HIPAA compliant? I’ll show you some slides now.
Click here for the best Acupuncture Malpractice Insurance
So at the end of the year, you gotta plan, protect, prepare, and protect. But you can’t ignore these things before December 31st. Don’t put it on your to-do list for next year. You have to do things this year to make sure you’re HIPAA compliant and you’re not getting behind, because God forbid you get audited, you can’t go backwards.
So again, I’m Julie McLaughlin, and this is my partner, Perry Barnhill, and we are part of. Fearless acupuncturists where we help acupuncturists maintain and make sure that they are HIPAA compliant. So why is December the danger zone for hipaa? Because HIPAA problems love the end of the year, right?
Compliance gaps quietly hide all year long, and audits and investigators, when they come in, they’re looking backwards. They’re not looking what are you going to do in the future? They’re looking at what you did. So you have to make sure that this year 2025 is good and compliant and you’ve got everything up to date.
Your documentation gaps are going to show up when it’s too late. You can’t go and change those. So I want you to do this now. I know it’s the holidays, but. Just take some time with your staff and do this now, because today is a reality check. This is gonna be about 10 minutes. It’s gonna be a compliance wake up call.
Make sure that your practice actually gets caught up. I’m gonna tell you what regular leaders are expecting to see on paper. If you don’t write it down, if you don’t record it. You didn’t do it just like your notes, even though you saw the patient, you talked to the patient, you made a care plan, everything.
If you don’t write it down, it didn’t happen, right? And you have to review this every single year. So the number one deal breaker, the number one audit is the risk analysis, and this is the foundation. Everything else sits on this. So if you do nothing else that I tell you today, which don’t do that, but if you don’t, at least do your risk analysis because no current risk analysis, you’re done for it.
They’re gonna walk in the door, they’re gonna ask you for that. You don’t have it. That’s it. Then they’re gonna look for everything else you didn’t do. At least if you have this, they’re gonna say, okay, they’re making a temp. They’re working on this. It’s a work in progress, and they could give you a little slack.
So make sure you have your risk analysis and make sure that it’s a real one. It’s one that actually reflects what you’re doing. Don’t just make something up because they’re gonna know that, they’re gonna be like you said it’s this, but it’s not even there. So make sure you’re doing this, please. So policies that can hurt you instead of help you.
So if your policies, you read through ’em and they say one thing, but your staff does another, or you are doing another thing, or you’re not doing what it says in your policy, they’re gonna come after you. This is where it goes sideways, and this is where they try to. Trick you up and you don’t wanna do it.
And the third thing is, if your technology is doing a whole nother thing, you don’t have your technology safe from hackers and ransomware and we’re seeing this stuff, we’re seeing this stuff with some of the docs. So you gotta make sure you’re okay on this, please. In your training where good practices get burned, the most common assumption is my staff knows hipaa.
We go over all of this, we do this. But the reality is, if you don’t document the training didn’t happen. If you don’t have a audit log of what you’re auditing in your office, it didn’t happen. If you’re still using that old training you’ve used for decades, it’s ineffective because the HIPAA laws change and you gotta keep up with them.
Now, what about business associates? This is a liability that nobody sees coming. So we all know that you have to have a business associates agreement with anybody who has access to your patient’s. PHI, right? So it support cloud storage, EHR marketing platforms. What about even like people that you do business with, maybe people who are referrals for you, maybe lawyers.
Maybe you do some PI things or maybe you do some work comp things. What if you’re getting emails from these people that are hacked and you open it because you see it’s somebody you trust and and then you’re hacked. So you gotta really make sure you got all your business associates agreements in place and have it documented that you have them have a little list when they were, and then make sure that you get a new one every single year.
So make sure you have one for 2025, and then get ready to send them out. For 2026, security isn’t just an IT issue, right? HIPAA expects proof of all your administrative safeguards, your physical straight safeguards, and your technical safeguards. Make sure that you’re not leaving files face up with patient’s names on it where people can see.
All of those little things. Make sure you have passwords on your computer and screensavers that aren’t just open that people can see. You gotta go through and do all these little things because if you’re not, they’re gonna know just ’cause you have it written down in your manual, but you’re not doing it.
They’re gonna catch you. I know paperwork is boring, but really is the real protection. I cannot stress this enough. If it’s not documented, it didn’t happen, and it won’t defend you. Just if the insurance companies are paying you, but you don’t have notes and they ask for your notes, they’re gonna take that money back and plus they’re gonna find you.
So you don’t wanna have this happen. How practices get blindsided. We hear this all the time. We thought we were covered. We meant to update that. I didn’t know that counted. Does that sound like you? If it does, this is a little wake up call. You gotta get on this and we gotta do this. So your year end decision point, you got two paths forward, patch things up together and just hope for the best.
Hope no one comes in audit juice. No. No disgruntled employees or patients are reporting you. Or put a real system in place. Guess which one is gonna be the better idea? The real system in place, right? Because it actually works, right? You wanna have a structure, you wanna have current tools, you wanna have ongoing guidance.
You wanna keep up with the all the changes that are happening in HIPAA all the time. You wanna have your monthly HIPAA trainings, and if you haven’t done it yet, you have to do your annual HIPAA training. That is a must. If you have not done an annual HIPAA training this year, I want you to make sure you’re doing it.
And include all the new 2025 rules and laws that have gone into effect this year. Because if you use the same. Annual hip, a training that you used last year, you’re missing all the updates from 2025 and you don’t wanna do that. So don’t drag this into next year. It’s not gonna be good. So the next steps, if you’re like, oh my gosh, I don’t know where to start, or I’m really lost, I really need help, you’re not alone.
Reach out. We’re happy to help you. Info at better HIPAA blueprint. That’s Dr. Perry and i’s. Email address, reach out to us. We’ll help you if you wanna have a demo or you just have some questions that you wanna talk about, like what do I do about this or that. Use the QR code, use the link and schedule a demo with us and we’ll help you go through it, and we’ll help you show you how to really build a HIPAA compliant system.
Office to protect your office, your staff, you and your patients. So that’s it for today, and again, thank you for the American Acupuncture Council for having us here. We’ll see you next time.
Click here for the best Acupuncture Malpractice Insurance
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Click here for the best Acupuncture Malpractice Insurance
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi everybody. This is Perry Barnhill with the Fearless Acupuncturist, and we wanna welcome you to another show regarding HIPAA and compliance and how you can protect yourself and your patients in your practice. Slideshow please. First, I’m gonna give a big thanks to the American Acupuncture Council for sponsoring this show.
Click here for the best Acupuncture Malpractice Insurance
Okay, so let’s get into this. Let’s talk about loss or theft of equipment and data in our practices. Before I do that. Let me just go over just a couple things here on why myself and why Julie teach hipaa. We understand what it’s like to have an office. We understand what it’s like to take care of patients, and we also understand what it’s like not to really know what it is we’re supposed to know in regards to hipaa.
So that’s why we’ve created a compliance program, specifically addressing HIPAA and the needs in your office as it relates to you as acupuncturists. So before we get started there’s something, I’d like to go over this regarding where you fall within the whole HIPAA world. So what we’ve done is we’ve created a little bit of a quiz here and I’m gonna hop to the next slide here so you can scan this.
So scan this QR code, and this will take you to just a few questions regarding HIPAA and compliance in your office. Now, as you go through these questions, first of all, it’s quick, it’s easy. We’re not gonna share this with a bunch of people, so don’t worry about that. You can grade yourself based on the answers to your questions.
If you’ve gotten an F, just like anything else, you’re not even close to being HIPAA compliant. But let me say this as well, even if you have a B, that’s great and you can commend. You should commend yourself for at least having a B, but that means that there’s still a few things you need to get in play to be totally HIPAA compliant.
These things. Let me just say this. HIPAA is something we don’t wanna mess around with. In fact, I talk to acupuncturists and providers all the time. The biggest risk, believe it or not, I believe we all have in practice these days, is not being HIPAA compliant. And the reason I say that is because the penalties and the fines associated with not being HIPAA compliant.
Huge, and we just don’t want that to happen to us. So make sure you go there, you check this out and see where you fall within the whole world of hipaa. Okay, so seconds count. Here’s a little story about a provider going to a coffee shop. They have their laptop there. They jump on the public wifi, they order a coffee, they sit down, they get called, they go pick up their coffee, they come back and their laptop is gone.
Basically, their laptop got stolen, so as you can imagine, I think all of us would be freaking out because our laptop got stolen and we should be freaking out if our laptop had any kind of protected health information on it or something. You’re hearing me referred to as PHI. Or EPHI, which stands for electronic protected Health Information.
So did you know, and just go through this really fast, a laptop is stolen every 53 seconds, so these things happen all the time. 70 million smartphones lost every single year. Very small percent recovered at only 7%, 4.3 percent of company issued smartphones. Their loss are stolen every single year, and 80% cost of a lost laptop is from data breach.
Last one here, 50%. 52% of all devices are stolen from the workplace. This is a big deal. Physical loss and data loss, so physical awareness of the device. Just as some examples, we misplace our phone, or we leave our laptop like in the coffee shop, or we leave our tablet unattended at work. Or in transit.
We basically lose these things. We can lose data, not sharing or not using proper passwords. How do we do that? If someone can access your systems by using your password that are not supposed to they can access data they shouldn’t have, and that is considered a breach. Sharing passwords, again, don’t share passwords.
Don’t share passwords with anybody. Accessing personal or unauthorized. Non-work, internet access or websites on your work computers be very strict, not just with yourself, but also with your employees regarding the places they can and cannot visit on the computers and on the internet. So let’s do this.
Let’s take a quick little quiz here. And what I want you to do is think about the best answer here. Some of these might be answers, but. Pick the best one here. So here’s a question. Which of the following activities can cause data to be damaged or lost? A. Staying online too long. B. Never. Never fully shutting your computer down.
C. Unauthorized access to a system. D, always keeping your computer charging. Okay, so the best one here, the very best one. Okay, the best answer here is C. Unauthorized access to a system. Anytime somebody accesses our system, meaning they gain access to protected health information that was not authorized to do that’s a breach and that’s something we don’t want to happen. Here’s a really cool chart on how long it takes a hacker to break your password, and these are just examples. Again, I’m not gonna go over all of these. You can screenshot this, you can look for it, but it’s just very interesting. So if you go to the left here, look at the number of characters.
If you just have four characters and they’re only numbers. Are there only lowercase letters or even look at the next box over upper and lowercase letters or that whole row? A hacker can access your system immediately or break your password. So the goals are, and there are very specific requirements according to hipaa.
It’s a law. You have to have certain requirements for your passwords. They have to be so long, meaning so many characters, length, they have to have special characters. So there’s things that have to be done here, but go to the bottom. So check this out. If you had 11 characters and you just slide over to the right hand side, 11 characters with numbers, upper and lowercase letters and symbols.
Take a hacker up to 34 years for them to break your password. This is where we want to be so they don’t break our passwords. So how do you create unique passwords? Make ’em meaningful to use to you and nobody else. Something you could remember. Create past phrases with special characters, and avoid items that can be easily discovered in social media or pictures.
So don’t use your first and last name. Don’t put a one in front of your first and last name. Don’t put a dollar sign behind it. These are way, way too easy to access it. Here’s an example. Fly me to the moon. Now, what does this have? It has many characters. It has upper and lowercase. It has a number, and it also has a special character, which is an explanation point.
So what do you need to know in order or to help prevent loss or theft of your equipment? Make sure you know your organization’s policy. C before removing them from the office. You cannot, or you should not remove any equipment. From the office unless you have very specific policies and procedures in place.
We have these things in your Ma in our manuals. We know this is part of things that providers do. They take their laptops home. Sometimes they allow their staff to do these things. I would suggest do not allow your staff to take. Home any protected health information. All right. But anyways, here’s some questions.
Can you travel with your equipment? You could, but you have to have policies and procedures in place. Can you take your equipment offsite to work remotely? Yeah, you can do these things, but certain things have to be followed, and you have to understand how to access that data or your practice safely and securely.
Can you use a USB or other portable storage devices? You can. But you have to make sure, again, those things are protected. Is the information on the computer or storage device encrypted? If the answer’s no, then you cannot take that device anywhere. It has to be encrypted. How can I use the secure VPN Virtual Private Network password protected wifi to log into a network and work?
So you have to know the answers to these things before you do any of them, has to be in your HIPAA manners. These things have to be part of your policies and procedures. We have these things in there. So is it important to be aware your practices, policies on traveling with equipment or taking equipment home to work remotely?
I pretty much answered that, so here we go. Absolutely. It’s true. We always have to verify our practices, policies, and procedures associated with the use of equipment outside of our office location. This will help ensure that you’re not exposing your laptop or mobile device, mobile devices to unknown risk accessing unsecured networks.
This is a real big deal if these things get breached, if you get accessed by someone that shouldn’t be accessing these things. We have to report these things, and the likelihood is if we don’t have, not the likelihood, but if we don’t have policies and procedures in place, we’re gonna get fines and we’re gonna get penalties.
Really important to have these things in place. Here’s some best practices on how you can protect your devices and your data. Obviously, knowing where your mobile devices are at all times, don’t leave ’em hanging around. Never leaving them unattended or unlock. Don’t leave laptops in a car. Doctors, providers get these things stolen and when you start asking questions like, oh yeah, I left it in the front seat, and every, and then their car gets broken into, you’re in trouble.
If that happens, there’s certain policies and procedures that you have to have in place if you decide to do these things. You have to encrypt sensitive data if it’s not encrypted. It gets stolen or it gets breached, that’s a problem. Being aware of your surroundings, meaning maybe you shouldn’t take your laptop, in a car, depending on where you’re going.
I wouldn’t take it anyways. If I was to go into a store and I have my laptop, I would take it with me. Quite literally. I would take it with me. That’s how concerned I am about these things. Have to make sure your passwords are strong, and like I said, don’t ever share your passwords. And here’s the other thing too.
If something happens, you have to report the loss of this equipment. Immediately you have to report it to hipaa, and if you don’t have certain procedures and policies in place, this is where the fines come into play. And this, quite frankly, is what concerns me the most. So a summary loss or theft of equipment or data can have significant long-term implications that will far outweigh the cost to replace the device.
You have to follow all system instructions regarding secure passwords and updating your software, updating patches to make sure that this is secure as it possibly can be. If something happens, you have to take immediate action. If an event, and when I say event, I mean there’s a breach or maybe there was a breach, meaning there was a compromise, or maybe you’re not really sure if there was or if there wasn’t a breach.
We have questionnaires that assess, breach to say and determine, yes, there was a breach. Maybe there was, or, yes, there definitely was. And then given the answer to those things, what do we do from here? And again, if these things happen, you have to provide as many details as possible related to the incident.
Who do you provide those things to? You’re gonna have to provide them to the OCR, the Office of Civil Rights, which is basically the HIPAA place, and hopefully we never have to go down that road and be in that position. So here’s some next steps. If you have questions for us or if you wanna schedule a demo or quite frankly, just get started, you can do these things.
You can schedule a demo with us. If you go to go dot fearless provider.com/demo, of course you can scan the QR code here to the right. You wanna get started with our program. You can fearless acupuncturist.com. It’s easy. You go there, you sign right up, and you get access to all the manuals, all the information.
All the videos or sometimes people want to contact me ’cause they have some specific specific questions. Please feel free to, you can contact me at Dr. perry@betterhipaablueprint.com. In the meantime, everybody make sure you have all your HIPAA stuff as good as you can, is as dialed in as possible ’cause it’s not worth the risk of not having it.
I want y’all to have an amazing day and I will talk to you next time.
Click here for the best Acupuncture Malpractice Insurance
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi, everybody. Good morning, good afternoon, whatever it may be for you. This is Perry Barnhill with the Fearless Acupuncturist, and in the background that you don’t see Dr. Julie McLaughlin. We want to give a big thanks to the American Acupuncture Council for bringing you this presentation on the top three cybersecurity threats that you need to be aware of in the context of your practice and hipaa.
Click here for the best Acupuncture Malpractice Insurance
Start slideshow please. I am gonna give big thanks to the a, a C for bringing this to you. All right, here we go. Let’s talk about the top three. There’s many tops, but we’re gonna start with the top three. Okay. The top three cybersecurity threats. As outlined in the health industry, meaning you, your acupuncture practice and AC cybersecurity.
Oh, so why do we teach hipaa? We understand what it’s like to have a practice. We understand what it’s like to take care of patients, and we also understand what it’s like to not really know for sure what it is we should know in regards to compliance and in regards to hipaa. So we’re here to teach you this and we’re gonna start going through some of these top three cybersecurity threats.
Again, myself and Julie we’re both he healthcare practitioners, as you can see, and also both have certifications in compliance. Alrighty. So let’s talk about some things, buzzwords, as I would say that you hear probably quite frequently, but don’t really think about in the context of your practice and in hipaa, social engineering.
So what does social engineering mean? Let’s go through this. Social engineering is a form of psychological manipulation that tricks users into making. Security mistakes and giving away sensitive information. It relies on human error. So it relies on things like our staff that may make a mistake and click the wrong link.
What we’ll talk about, and also mistakes that we as the providers may make as well. So in uses humans to make mistakes and instead of specifically using the software or actually your system to make a mistake, it tricks us by exploiting. Our human emotions. So let’s get into some of those things.
One, this is something that you really need to sit down, talk about, train with your staff such that they don’t get themselves in trouble with clicking on the wrong link. Now, what are some things you need to pay attention to? This is what they call phishing. If you’ve ever heard the word phishing, it’s not like catching a fish in the water, but these crooks are out there phishing for us to make mistakes and trick our brains into clicking something we shouldn’t click.
So if for example, number one here, if you don’t recognize the sender in an email, for example, do not click it. Okay? If you’re not expecting an attachment or an email. You may not wanna be clicking it. ’cause if you click it, you might get yourselves in a whole lot of hot water. What about this one?
Does the from address match the message? When you get an email, look at these things closely. You’d be surprised. But the little things here, these little tips, could prevent you from having the compromise of protected health information, which in turn could potentially get you some fines and penalties with HIPAA if you’re not doing the things you’re supposed to be doing.
All right, and number four. What about this one? You get emails that sort of create or invoke a sense of urgency. Double check it. Maybe it’s not a legitimate email. What about the, not recognizing the destination URL or the website, is it a secure website? These are things where I, it professionals help out a ton, but simple little tips like this training our staff and us being aware of them can help prevent massive compromises and breaches of PHI.
Number eight is this email asking for your logging credentials. Seriously, be very cautious. Certainly if you’re not aware that something’s coming across, if anybody asks for your logging information, it’s probably better idea just not to do it unless you’re a hundred percent for sure. Number nine, bad grammar or bad spelling.
I know you’ve seen this. Have you seen emails come across The spelling? Looks a little weird, a little funky. It’s not correct. The grammar doesn’t sound particularly correct as well. Don’t click on it. Just don’t click on it. What about this one? Number 10 is the greeting or signature generic or lack contact info.
Anything that looks funny with emails that are coming across, just don’t click on ’em. ’cause if you do and they’re contaminated and they’re corrupted it’s a lot of energy and it takes a lot of time to make sure that. Compromises of PHI didn’t happen. And you didn’t get hacked. Which kind of brings me to the next one here.
Ransomware. We’ve heard of ransomware. What is ransomware? Ransomware is a threat, to us and to our devices. And what makes this form of malware so unique is the word ransom. Basically, ransom extorts us, these hackers. They’ll steal our information, our protected health information, like our patient’s information, the patient’s files, and they’ll tell us, Hey.
We have this, we’re gonna keep it. You can’t even access it until you pay us X amount of money, and it sometimes is thousands and thousands of dollars. Now I wanna say this, don’t ever pay them until you speak with an IT professional or you speak with someone who you’re very confident, that’s very aware of all of this ransom, this malware don’t do anything until you contact someone, a professional regarding these things.
Okay? So here’s some threat quick tips to be aware of, kinda like we talked about in the phishing side of things. Most ransomware, they’re sent in phishing emails. So you get these funny looking emails, you click on ’em, and guess what? Now they got your information or your patient’s information, and they can hold it ransom.
So don’t click on those things, stay alert when any email prompts you to enter your credentials. If you notice, a lot of these tips are very similar. To the phishing tips. First they gotta get you, and then when they get you, they can hold you for ransom or hold that information for ransom.
So be cautious, before you click any links in any emails that you have, make sure those senders are legitimate and as a proactive measure, check to see whether the computer and network to what you’re connected to have proper intrusion protection systems and software in place. I can’t overemphasize this unless you really need to make sure your computers are secure.
Now that we’ve talked about ransomware, kinda like we talked about phishing and gave you some tips, let’s talk about some tips regarding RAN regarding ransomware and how you can prevent yourselves from getting hacked and having to pay some of these ransom demands. Okay, most ransomware, guess what?
They’re sent in phishing and email campaigns. So be careful if you open up any attachment that may look weird. Funny spelling, grammar, just like we talked about earlier. ’cause once they get that, they can hold your protected health information for ransom. Number two, stay an alert when any email prompts you to enter your credentials.
I know we said this earlier, but it’s really important because these fishers, these scammers, they will check on these things. They will ask for these things and once they have them. They’re into your system and they have your passwords. Be cautious. Before clicking any links looking at the senders and checking the URLs.
Very important. Share all of this information with your staff. ’cause your staff, you may think that, okay, this ain’t gonna happen, but it might if you don’t train your staff on the things they shouldn’t be clicking on and what they need to be aware of as a proactive measure. Check your computer, and make sure the network to which you’re connected have proper intrusion systems and software in place.
It’s so important that you have IT professionals. Help and protect your computer systems. And due to the severity and time sensitivity of ransomware attacks, if you think this is happening, or if you think it happened, or if it’s in the process of happening or something weird is going on with your computer.
Make sure you seek out your IT professionals, because if they get it, it’s a big process of trying to get it back. And then guess what? Now we gotta deal with hipaa. Now we have to deal with the OCR and potential report. And then guess what? We might even have to send notifications to patients. Something we just don’t wanna have to do if it’s not necessary.
So here’s some other things. Preventing loss or theft of equipment or data. Things like taking your laptops or your data in your car. So physical loss of equipment, these things can happen. Or even data access to that you work with daily has to be carefully protected. Alright, so let’s talk about some tips here.
Never leave your laptop or your iPad unattended at work or in transit. Yeah, in transit. What do I mean by that? Like I said, in your vehicles. There are providers that have left their laptops wide open, sitting on the front seat, even sitting on the dash, and they get stolen. It’s not something we want to happen.
Password policies and updating the passwords. These are all things that need to be in your manual. They’re all things that we have to do. They have to be part of your procedures and your policies. If you don’t have these things in play, guess what? You’re not HIPAA compliant and maybe subject to some fines or some penalties.
We don’t want that. It’s not necessary. Don’t share your password with anyone. I know a lot of us, we don’t do these things, but sometimes we do. Staff shouldn’t be, sharing their password with the staff person next to ’em. They need to have unique passwords again. If this is part of your policies and your procedures, USB drives, be very careful if anybody brings in, like a patient, A USB drive.
’cause they want you to look at their files or their imaging. It could be corrupted. So I would avoid. Even going down that road with them, you have to encrypt sensitive data. Of course if you lose anything, number seven here, lose any equipment or if you have any at all suspicious activity on your systems, you have to get on top of this early, seek out the IT people, get ’em to stop it so it doesn’t go any further.
Alerting officials again promptly if something seems suspicious. And keeping your emergency context close by this is so important. I can’t even overemphasize how important this is for you to be aware, but also anybody in your office really needs to be on top of these things. So what are some next steps?
A lot of people say, Hey, I don’t know if I’m compliant or not. Go through a HIPAA download checklist. You can download this right here for your office. You can scan the QR code here, go through and look at these questions. And sometimes they’re not always as a simple yes or no, do you have policies and procedures to protect patient information? A lot of us do. So you could say, oh, I got that one. But do you have. Legitimately written down policies and procedures, what’s the policy? What is it? And the procedure is how do we do it, or how do we implement it?
You have to have all of these in play for everything HIPAA related, even passwords, updating passwords, making sure passwords are strong. All right. A lot of times if you’d ever, if you ever want to, a lot of people like to schedule a demo. They wanna see what our program looks like. So you can do that, you can schedule a demo by going to this go dot fearless provider.com/demo.
You can scan the QR code. We are more than happy to go over it with you. You can look at our program from the inside. A lot of times people just wanna get started. So go to www.fearlessacupuncturist.com. Or you can contact myself at Dr. perry@betterhipaablueprint.com. I’m more than happy to answer any questions that you may have.
So in the meantime, everybody have an amazing day, and thank you so much for joining us here. Take care.
Click here for the best Acupuncture Malpractice Insurance
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsI ACCEPT
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
