 |
 |
 |
Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
So at the end of the year, you gotta plan, protect, prepare, and protect. But you can’t ignore these things…
Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi everybody. I’m Julie McLaughlin from The Fearless Acupuncturist, and I’m here today on the behalf of the American Acupuncture Council, and we are so excited. We are going to talk about end of the year hipaa. What do you need to do before the end of the year to make sure you’re HIPAA compliant? I’ll show you some slides now.
So at the end of the year, you gotta plan, protect, prepare, and protect. But you can’t ignore these things before December 31st. Don’t put it on your to-do list for next year. You have to do things this year to make sure you’re HIPAA compliant and you’re not getting behind, because God forbid you get audited, you can’t go backwards.
So again, I’m Julie McLaughlin, and this is my partner, Perry Barnhill, and we are part of. Fearless acupuncturists where we help acupuncturists maintain and make sure that they are HIPAA compliant. So why is December the danger zone for hipaa? Because HIPAA problems love the end of the year, right?
Compliance gaps quietly hide all year long, and audits and investigators, when they come in, they’re looking backwards. They’re not looking what are you going to do in the future? They’re looking at what you did. So you have to make sure that this year 2025 is good and compliant and you’ve got everything up to date.
Your documentation gaps are going to show up when it’s too late. You can’t go and change those. So I want you to do this now. I know it’s the holidays, but. Just take some time with your staff and do this now, because today is a reality check. This is gonna be about 10 minutes. It’s gonna be a compliance wake up call.
Make sure that your practice actually gets caught up. I’m gonna tell you what regular leaders are expecting to see on paper. If you don’t write it down, if you don’t record it. You didn’t do it just like your notes, even though you saw the patient, you talked to the patient, you made a care plan, everything.
If you don’t write it down, it didn’t happen, right? And you have to review this every single year. So the number one deal breaker, the number one audit is the risk analysis, and this is the foundation. Everything else sits on this. So if you do nothing else that I tell you today, which don’t do that, but if you don’t, at least do your risk analysis because no current risk analysis, you’re done for it.
They’re gonna walk in the door, they’re gonna ask you for that. You don’t have it. That’s it. Then they’re gonna look for everything else you didn’t do. At least if you have this, they’re gonna say, okay, they’re making a temp. They’re working on this. It’s a work in progress, and they could give you a little slack.
So make sure you have your risk analysis and make sure that it’s a real one. It’s one that actually reflects what you’re doing. Don’t just make something up because they’re gonna know that, they’re gonna be like you said it’s this, but it’s not even there. So make sure you’re doing this, please. So policies that can hurt you instead of help you.
So if your policies, you read through ’em and they say one thing, but your staff does another, or you are doing another thing, or you’re not doing what it says in your policy, they’re gonna come after you. This is where it goes sideways, and this is where they try to. Trick you up and you don’t wanna do it.
And the third thing is, if your technology is doing a whole nother thing, you don’t have your technology safe from hackers and ransomware and we’re seeing this stuff, we’re seeing this stuff with some of the docs. So you gotta make sure you’re okay on this, please. In your training where good practices get burned, the most common assumption is my staff knows hipaa.
We go over all of this, we do this. But the reality is, if you don’t document the training didn’t happen. If you don’t have a audit log of what you’re auditing in your office, it didn’t happen. If you’re still using that old training you’ve used for decades, it’s ineffective because the HIPAA laws change and you gotta keep up with them.
Now, what about business associates? This is a liability that nobody sees coming. So we all know that you have to have a business associates agreement with anybody who has access to your patient’s. PHI, right? So it support cloud storage, EHR marketing platforms. What about even like people that you do business with, maybe people who are referrals for you, maybe lawyers.
Maybe you do some PI things or maybe you do some work comp things. What if you’re getting emails from these people that are hacked and you open it because you see it’s somebody you trust and and then you’re hacked. So you gotta really make sure you got all your business associates agreements in place and have it documented that you have them have a little list when they were, and then make sure that you get a new one every single year.
So make sure you have one for 2025, and then get ready to send them out. For 2026, security isn’t just an IT issue, right? HIPAA expects proof of all your administrative safeguards, your physical straight safeguards, and your technical safeguards. Make sure that you’re not leaving files face up with patient’s names on it where people can see.
All of those little things. Make sure you have passwords on your computer and screensavers that aren’t just open that people can see. You gotta go through and do all these little things because if you’re not, they’re gonna know just ’cause you have it written down in your manual, but you’re not doing it.
They’re gonna catch you. I know paperwork is boring, but really is the real protection. I cannot stress this enough. If it’s not documented, it didn’t happen, and it won’t defend you. Just if the insurance companies are paying you, but you don’t have notes and they ask for your notes, they’re gonna take that money back and plus they’re gonna find you.
So you don’t wanna have this happen. How practices get blindsided. We hear this all the time. We thought we were covered. We meant to update that. I didn’t know that counted. Does that sound like you? If it does, this is a little wake up call. You gotta get on this and we gotta do this. So your year end decision point, you got two paths forward, patch things up together and just hope for the best.
Hope no one comes in audit juice. No. No disgruntled employees or patients are reporting you. Or put a real system in place. Guess which one is gonna be the better idea? The real system in place, right? Because it actually works, right? You wanna have a structure, you wanna have current tools, you wanna have ongoing guidance.
You wanna keep up with the all the changes that are happening in HIPAA all the time. You wanna have your monthly HIPAA trainings, and if you haven’t done it yet, you have to do your annual HIPAA training. That is a must. If you have not done an annual HIPAA training this year, I want you to make sure you’re doing it.
And include all the new 2025 rules and laws that have gone into effect this year. Because if you use the same. Annual hip, a training that you used last year, you’re missing all the updates from 2025 and you don’t wanna do that. So don’t drag this into next year. It’s not gonna be good. So the next steps, if you’re like, oh my gosh, I don’t know where to start, or I’m really lost, I really need help, you’re not alone.
Reach out. We’re happy to help you. Info at better HIPAA blueprint. That’s Dr. Perry and i’s. Email address, reach out to us. We’ll help you if you wanna have a demo or you just have some questions that you wanna talk about, like what do I do about this or that. Use the QR code, use the link and schedule a demo with us and we’ll help you go through it, and we’ll help you show you how to really build a HIPAA compliant system.
Office to protect your office, your staff, you and your patients. So that’s it for today, and again, thank you for the American Acupuncture Council for having us here. We’ll see you next time.