Tag Archives: Julie McLaughlin

HIPAA – What’s The Risk?

Is HIPAA really that big of a deal? Is it really something that we all have to do? I hate to tell you,…

Click here to download the transcript.

Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.

Hi everybody. I am Julie McLaughlin here for Fearless Acupuncturists with the American Acupuncture Council, and today we’re gonna be talking about a HIPAA Risk Score Assessment. So a little quiz that we’re going to do together and we’re gonna make sure that you are HIPAA compliant. So I have a few slides to share with you, so let’s go there now.

Click here for the best Acupuncture Malpractice Insurance

So again, we are from the Fearless Acupuncturist with the American Council of Acupuncture, and I’d like to thank them for allowing us to talk to you today and sponsoring these wonderful programs. It really helps educate all of our fellow providers in the things that we do. They are wonderful, and we wouldn’t be here today without them.

Get a Quick Quote and See What You Can Save

So what’s the risk with him? Is HIPAA really that big of a deal? Is it really something that we all have to do? I hate to tell you, but it’s right. So what we’re gonna do today is we’re gonna find out if you’re actually protected. Or if you’re accidentally a HIPAA hot mess, which nobody wants to be a HIPAA hot mess, let’s face it.

And we’re gonna take this little risk score, and don’t worry, no one’s going to know but you, this is only to see where you are, where your starting point is. You might be a hundred percent good, or you might need some help. So don’t sweat it. It’s going to be easy. And we’re going to take this one step at a time.

So some of you probably have seen my partner, Dr. Perry Barnhill, doing some of these speaking engagements here. But you also may have seen me, um, in some other venues talking about chiropractic even. And I’m an acupuncturist as well, like you and functional medicine practitioner. So I’m doing this today and I’ve kind of switched gears after practicing for 37 years.

Into helping some of my friends because frankly what I started seeing and what scares me more than, you know, seeing things that people come in with, ailments they’re coming in with in our office is that some of my friends, brilliant providers. Are losing everything. They’re having huge issues, not because of bad care, not because of failing in practice, not because of any of that stuff, but because they had compliance gaps that they didn’t even know existed.

And that really fired me up and that’s why I teamed up with Dr. Perry. He is the smartest. Compliance Ninja. I know he is the go-to guy when it comes to this stuff and I’ve actually been working with him for a very long time. Kind of in the background. I kinda do the tech stuff and, but today I wanted to talk to you about the hip risk score because it is so important to me that my friends.

Okay, we wanna go from acupuncture to audit. No, we don’t. We don’t wanna do that. We just wanna do acupuncture. Who wants to do audits? Nobody wants to do audits. You went to school to help people. When you opened your practice, it was like a big surprise. You became a CEO, IT director, a privacy officer, a cybersecurity manager, you know, running the front desk.

And somehow you still have to be a human being, but at the end of the day, you just want to treat your patients. You just wanna get your patients better. But we don’t wanna have audits. We don’t wanna have these things. And I realize that providers need support. They don’t need fear, they don’t need to worry about things.

But when compliance fails, patients suffer and the provider pays for it. And we don’t want that to happen to our friends. So that’s why we made this HIPAA compliance risk score. And the truth is that hipaa. Isn’t about paperwork, it’s about protecting people. I know there’s a ton of paperwork and no one wants to do it and we don’t get paid for it, but if we don’t do it, we could be paying somebody else and we don’t wanna have to be paying fines to the government or, you know, losing everything like we’ve seen so.

Let’s just check where you are now and make sure that you are good. So I want you to send me a thumbs up if you are a hundred percent comp compliant. If you’re a hundred percent confident that you are HIPAA compliant, you are not 99%, but you’re a hundred percent thumbs up. Nah, not very many thumbs up, right?

Because who could say that they’re a hundred percent on this stuff? There’s so many gray areas, I gotta tell you. We research this all the time. This is what we do, is looking at the changes and the laws, you know, and one law comes up and we’re like, okay, now you gotta do this. And then the next thing you know, there’s a lawsuit in the government and then they change it.

Well, nope, we decided you don’t need to do that now you gotta do this. And it. Hard to keep up and it’s not fun to keep up ’cause we wanna keep up with things in our field and acupuncture and what’s going on and what’s the latest treatment. And you know, the case studies, we don’t wanna be doing this stuff and I get it because I’m right there with you.

But at the end of the day, the government doesn’t care. They don’t care if you don’t know. Right, because ignorance isn’t a protection. It’s just like our taxes. Like they don’t care if you say, well, I didn’t know I couldn’t do that. They don’t care because you’re. Responsible for knowing you’re responsible for knowing your risk.

So that’s step number one. So that’s why I want you to do this HIPAA risk score Quiz with me. It’s fast, it’s gonna take you a couple minutes. It’s totally anonymous. Zero judgment. You’re the only one that’s gonna see this score, but it’s going to give you a starting place of where you should be with your hipaa.

So I want you to get your phones out right now and I want you to go on the QR code and take this quiz. If you can’t do it because you’re driving in your car or you’re seeing patients and you’re listening to this in your earbuds or something like that, I want you to write this down. HIPAA risk score.com.

Now don’t HIPAA mistake number one, don’t misspelled HIPAA, H-I-P-A-A risk score.com. Go there, it’s gonna take you a couple minutes and I want you to go through the questions. And just be honest because it’s only for your own feedback to give you where you are. Are you A, B, C, D, F? Right. We all wanna be an A, but you have to have a starting point.

Where are we going to be? Right? So what’s on the quiz? It’s super easy. There’s privacy training. It’s gonna ask you about your cybersecurity and encryption, your business associates compliance, breach readiness policy, and document updates, and the changes that have been made this year in hipaa. That’s a really big deal.

Now, if you are like, oh my gosh, I already know, I don’t know this stuff. Take the quiz because it will teach you a little bit about these things by, by taking the questions and knowing what you know and what you don’t know, so then you know what you need to work on. Right? Super, super easy. So when our patients come in, they don’t know what’s wrong with them.

That’s why they come to us, right? We help them find out, and then we give ’em a solution, a treatment that’s gonna help them. That’s all this is. It’s gonna help you find out where your starting point is, what you need to do, and then from there you’re going to be able to know where to go. What are the steps you need to correct?

Make sure you’re compliant, right? Super easy. So here’s an example question. So. When you hire someone new into your practice, when do they get their privacy rule training? Is it on their first day that they start, they show up and they get their privacy rule training? Or do you say, we teach on the, on the job.

They learn as they go. So think about it, when do give that privacy training to your new hires? Now, if you say, I’m teaching as I go, or we do it once a month with the whole team. You might wanna rethink it because think about this, when do they have access to PHI? When do they see that people’s names who are coming into your office?

When do they see the 18 different types of PHI personal health information that could get breached? And they didn’t even know that they had to keep it confidential. So you wanna do little things like this is make sure that if you have a new hire that you’re. Teaching them that privacy rule right from the get go, they are gonna be HIPAA compliant for you.

’cause at the end of the day. You are the provider. You’re the one responsible. So go HIPAA risk score.com. Remember H-I-P-A-A, right? And take the quiz and your score is going to equal your action. So if you got a 90% to a hundred percent, that’s excellent HIPAA readiness. You’re, you’re awesome. You’re, you’re good to go.

You probably just have to keep up with your monthly HIPAA updates and your, uh, monthly HIPAA training, and you’re good to go. If you’re in the 80 to 89%, you’re good, but you need some improvements. You might need some help. If you’re in the 70 to 79%, it’s fair. You need reinforcement and gonna know you got some really specific weak spots that you need to look at.

If you’re below 70%. You know, you are gonna be high risk and you need some immediate action and, and. You’re gonna need some help. So see where you are. No shame at all because it’s a starting point of what you need to do. Just like your patients, when they come in, that’s their starting point. So, what do I need to do to improve?

So here’s a QR code again, HIPAA risk score.com. You’re gonna find out if you have an A, B, C, D, or F. And I hope you all get an A, but if you don’t, we’re here to help you because when you get your score, if it’s not what you want, I want you to reach out because you are not alone. We are here to help our friends.

You can email us at info@betterhipaablueprint.com and we’re happy to help. We’re happy to make sure that you are going to be HIPAA compliant. So what’s your next step? If you have more questions, you just wanna find out a little bit about this whole HIPAA thing in the process, you can check us out@fearlessacupuncturist.com or you can email us at info@betterhipaablueprint.com.

If you are like, no, I know I need help, I’m good to go. I want you to schedule a demo. Go to go dot fearless provider.com/demo or use a little QR code and check it out and schedule a demo with us and we’ll show you what it’s all about and answer your questions. So be sure to take that risk quiz. And that’s it for today at the Fearless Acupuncturist.

I would like to thank the American Acupuncture Council for having this and inviting us to share this with you. You guys have been great, and be sure to check out our shows in the future, and I hope you have a great day. We’ll see you soon.

Click here for the best Acupuncture Malpractice Insurance

Get a Quick Quote and See What You Can Save

Year-End HIPAA Reality Check

So at the end of the year, you gotta plan, protect, prepare, and protect. But you can’t ignore these things…

Click here to download the transcript.

Hi everybody. I’m Julie McLaughlin from The Fearless Acupuncturist, and I’m here today on the behalf of the American Acupuncture Council, and we are so excited. We are going to talk about end of the year hipaa. What do you need to do before the end of the year to make sure you’re HIPAA compliant? I’ll show you some slides now.

Click here for the best Acupuncture Malpractice Insurance

So at the end of the year, you gotta plan, protect, prepare, and protect. But you can’t ignore these things before December 31st. Don’t put it on your to-do list for next year. You have to do things this year to make sure you’re HIPAA compliant and you’re not getting behind, because God forbid you get audited, you can’t go backwards.

So again, I’m Julie McLaughlin, and this is my partner, Perry Barnhill, and we are part of. Fearless acupuncturists where we help acupuncturists maintain and make sure that they are HIPAA compliant. So why is December the danger zone for hipaa? Because HIPAA problems love the end of the year, right?

Get a Quick Quote and See What You Can Save

Compliance gaps quietly hide all year long, and audits and investigators, when they come in, they’re looking backwards. They’re not looking what are you going to do in the future? They’re looking at what you did. So you have to make sure that this year 2025 is good and compliant and you’ve got everything up to date.

Your documentation gaps are going to show up when it’s too late. You can’t go and change those. So I want you to do this now. I know it’s the holidays, but. Just take some time with your staff and do this now, because today is a reality check. This is gonna be about 10 minutes. It’s gonna be a compliance wake up call.

Make sure that your practice actually gets caught up. I’m gonna tell you what regular leaders are expecting to see on paper. If you don’t write it down, if you don’t record it. You didn’t do it just like your notes, even though you saw the patient, you talked to the patient, you made a care plan, everything.

If you don’t write it down, it didn’t happen, right? And you have to review this every single year. So the number one deal breaker, the number one audit is the risk analysis, and this is the foundation. Everything else sits on this. So if you do nothing else that I tell you today, which don’t do that, but if you don’t, at least do your risk analysis because no current risk analysis, you’re done for it.

They’re gonna walk in the door, they’re gonna ask you for that. You don’t have it. That’s it. Then they’re gonna look for everything else you didn’t do. At least if you have this, they’re gonna say, okay, they’re making a temp. They’re working on this. It’s a work in progress, and they could give you a little slack.

So make sure you have your risk analysis and make sure that it’s a real one. It’s one that actually reflects what you’re doing. Don’t just make something up because they’re gonna know that, they’re gonna be like you said it’s this, but it’s not even there. So make sure you’re doing this, please. So policies that can hurt you instead of help you.

So if your policies, you read through ’em and they say one thing, but your staff does another, or you are doing another thing, or you’re not doing what it says in your policy, they’re gonna come after you. This is where it goes sideways, and this is where they try to. Trick you up and you don’t wanna do it.

And the third thing is, if your technology is doing a whole nother thing, you don’t have your technology safe from hackers and ransomware and we’re seeing this stuff, we’re seeing this stuff with some of the docs. So you gotta make sure you’re okay on this, please. In your training where good practices get burned, the most common assumption is my staff knows hipaa.

We go over all of this, we do this. But the reality is, if you don’t document the training didn’t happen. If you don’t have a audit log of what you’re auditing in your office, it didn’t happen. If you’re still using that old training you’ve used for decades, it’s ineffective because the HIPAA laws change and you gotta keep up with them.

Now, what about business associates? This is a liability that nobody sees coming. So we all know that you have to have a business associates agreement with anybody who has access to your patient’s. PHI, right? So it support cloud storage, EHR marketing platforms. What about even like people that you do business with, maybe people who are referrals for you, maybe lawyers.

Maybe you do some PI things or maybe you do some work comp things. What if you’re getting emails from these people that are hacked and you open it because you see it’s somebody you trust and and then you’re hacked. So you gotta really make sure you got all your business associates agreements in place and have it documented that you have them have a little list when they were, and then make sure that you get a new one every single year.

So make sure you have one for 2025, and then get ready to send them out. For 2026, security isn’t just an IT issue, right? HIPAA expects proof of all your administrative safeguards, your physical straight safeguards, and your technical safeguards. Make sure that you’re not leaving files face up with patient’s names on it where people can see.

All of those little things. Make sure you have passwords on your computer and screensavers that aren’t just open that people can see. You gotta go through and do all these little things because if you’re not, they’re gonna know just ’cause you have it written down in your manual, but you’re not doing it.

They’re gonna catch you. I know paperwork is boring, but really is the real protection. I cannot stress this enough. If it’s not documented, it didn’t happen, and it won’t defend you. Just if the insurance companies are paying you, but you don’t have notes and they ask for your notes, they’re gonna take that money back and plus they’re gonna find you.

So you don’t wanna have this happen. How practices get blindsided. We hear this all the time. We thought we were covered. We meant to update that. I didn’t know that counted. Does that sound like you? If it does, this is a little wake up call. You gotta get on this and we gotta do this. So your year end decision point, you got two paths forward, patch things up together and just hope for the best.

Hope no one comes in audit juice. No. No disgruntled employees or patients are reporting you. Or put a real system in place. Guess which one is gonna be the better idea? The real system in place, right? Because it actually works, right? You wanna have a structure, you wanna have current tools, you wanna have ongoing guidance.

You wanna keep up with the all the changes that are happening in HIPAA all the time. You wanna have your monthly HIPAA trainings, and if you haven’t done it yet, you have to do your annual HIPAA training. That is a must. If you have not done an annual HIPAA training this year, I want you to make sure you’re doing it.

And include all the new 2025 rules and laws that have gone into effect this year. Because if you use the same. Annual hip, a training that you used last year, you’re missing all the updates from 2025 and you don’t wanna do that. So don’t drag this into next year. It’s not gonna be good. So the next steps, if you’re like, oh my gosh, I don’t know where to start, or I’m really lost, I really need help, you’re not alone.

Reach out. We’re happy to help you. Info at better HIPAA blueprint. That’s Dr. Perry and i’s. Email address, reach out to us. We’ll help you if you wanna have a demo or you just have some questions that you wanna talk about, like what do I do about this or that. Use the QR code, use the link and schedule a demo with us and we’ll help you go through it, and we’ll help you show you how to really build a HIPAA compliant system.

Office to protect your office, your staff, you and your patients. So that’s it for today, and again, thank you for the American Acupuncture Council for having us here. We’ll see you next time.