Tag Archives: Perry Barnhill

HIPAA – Immediate Nationwide Update Alert – Dr. Perry Barnhill

Click here to download the transcript.

Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.

Hi, everybody. Good morning. Good afternoon. This is Perry Barnhill with the Fearless Acupuncturist. Today I want to give a big thanks to the American Acupuncture Council for bringing this to you. Today we are going to talk about HIPAA and as it applies to reproductive healthcare. Many of you acupuncturists deal with reproductive healthcare, even for those of you that don’t in your files, in your patient’s histories, in the forms that the very patients fill out.

Click here for the best Acupuncture Malpractice Insurance

There will be things regarding reproductive healthcare, like contraception, pregnancy management, fertility, sterilization, and also sexual health. Just as a reminder of what reproductive healthcare means in the context of hipaa, slideshow, please. Okay, so how fast things change. Literally at the beginning of the year, we had some new laws regarding reproductive healthcare, and now, like just within the last few weeks on June 18th, it’s changed.

Get a Quick Quote and See What You Can Save

Some of those things have changed for most of the states out there, but not all of them. And this is what we’re gonna talk about. And again, things change very quickly. Sometimes you really need to stay on top of all the HIPAA laws, new, old, and the changing ones as they’re coming down the pipe.

Strengthening reproductive healthcare privacy under the new HIPAA privacy rule. Now, again, like I talked about a little bit before, there was the new requirements that we talked about in December and also in January, but now there’s some new requirements regarding attestations, or shall I say, some things you may not need to do, and we’re gonna talk about the action steps and specifically how it applies to you and how it applies to compliance and relationship to hipaa.

Here’s what happened on June 18th, so just a few weeks ago, a US district court judge for the Northern District of Texas, federal judge has invalidated the 2024 HIPAA reproductive health modifications to the privacy rule decision is immediate and it applies nationwide. This is how we’re saying there can be a law, and then several months later that law no longer exists, or you no longer have to do certain or specific things within that particular law.

The Texas judge, this is what the Texas judge said. He said that HHS had overstepped its bounds, and he cited three main legal issues, which we’ll just talk about briefly. One, the rule unlawfully restricted public health laws. Two, it redefined terms like person and public health in ways that exceeded the federal authority.

And three, it addressed politically charged issues like abortion without clear congressional approval. A violation of a major questions doctrine. And again, let me just remind you what the reproductive healthcare law that I was talking about just a little bit before, things like contraception, pregnancy management fertility, sterilization, sexual health.

So those was what specifically they stated was fell under that umbrella of reproductive healthcare law. However, some of the things we had to do, like I said earlier, like attestation statements. Most of us will not need to do any longer. Okay, so let’s just keep going here. HIPAA related entities, covered entities like you and your business associates.

Remember, business associates are folks that you do business with or basically people that have access to your patient’s information or basically anything that you have that you share with somebody else in relationship to a business associate for protective health information have to follow state laws.

Regarding that particular reproductive health. All right, so now let me say this. It does get a little confusing. It gets confusing for everybody. Federal law. There’s federal law as we know, and then there’s state law. When it comes to hipaa, actually state laws will supersede or become in addition to.

Federal law. So you can have a federal law, but your particular state may have it more strict, it may be more detailed, or you may have to do additional things regarding that particular law. So we always say stay on top of your state laws as well. So in the absence of hipaa, reproductive health rule, some states, not only many states are increasing.

HIPAA privacy protections for the residents. So here’s some of the states that you need to pay attention to that will likely, or I wouldn’t, going to suggest to you to keep doing what you’re supposed to be doing in regards to reproductive healthcare and providing attestation statements, which we’ll get into just a second.

So anyways, New York, California. Washington, Nevada, and Connecticut, and there may be some more to come. We’ll see. How does this impact you? Here’s the thing. Covered entities, at least most of them in those state or in most states, are no longer required to seek attestations from requesters regarding protected healthcare or rather protective health information related to reproductive healthcare.

So what does that mean? Basically because of this new law. The states that I didn’t mention, you follow the federal law, okay? You do not have to provide an attestation statement if someone asked for those certain things regarding reproductive healthcare. All right? What that means is if you did what you were supposed to at the beginning of the year with all the new updates that came down the pipe and you change your privacy notices, now you would actually take that out.

’cause now it no longer applies to you. But if you’re in those states that are going to continue to follow this. You need to keep it in there. If you don’t know what I’m talking about, make sure you reach out to me so we can make, tell you the things that you need to know regarding this and many other things that changed at the beginning of the year.

So double check your state now, navigation or navigate the prohibition on disclosing protected health information for the purpose of investigating or imposing liability unlawful reproductive healthcare imposed by your state. Let me put that in some different words here for you. If you have patient files, which we have patient files that do in fact many times contain the very things that I detailed regarding the big umbrella of reproductive healthcare, and if somebody like from law enforcement or a judicial BA branch, we listed these things before, requested that information, we were supposed to by law actually send them this model attestation form, which basically said, Hey, listen, we’re sending you some information here.

You have to fill this out. Actually, let me reverse here. We’re not gonna send you this information, this protective healthcare information until you fill this form out and basically promise to us that you’re not going to punish anybody for whatever was in those particular files regarding reproductive healthcare.

So now, because that federal state judge said what he said. Most states no longer have to do this. All righty? So make sure you pay attention to your state. This is why we always talk about hipaa. It’s not like you can just do HIPAA and you can just fill out this manual and you’re good to go and you just sit back and you forget about.

It’s constantly evolving and it’s constantly changing as you can see and what happened in Texas is just a real simple reminder that a single court ruling can unravel. A lot of the new guidelines that were literally just presented and required six months ago. It’s evolving from reproductive privacy rules and think about this, cybersecurity, look at ai, artificial intelligence, and all the new things that are coming down with computer systems and privacy and cybersecurity threats and phishing.

It gets really scary at times. This is why. Monthly training isn’t optional. It’s your, it’s literally your lifeline such that you have to stay on top of these things. And I’ll be very clear, it’s not like the government says, Hey, by law, you have to absolutely do one monthly HIPAA training a month.

That’s not what they say. What they say is you need to do continuous training throughout the year for yourself and to all of your employees and even to your business associates, believe it or not. What I’ve also heard other people say that teach the things that we teach is that even the government suggests that you do HIPAA training.

To about two times a month. Now, is that a law? It’s not a law, but it’s what we’ve heard for suggestions. We step back and say, Hey, you should be doing things at least once a month. All right, so staying informed protects your license. It’s your patience and your peace of mind. And believe me, if you don’t have these things dialed in like you’re supposed to and someone comes knocking on the door for an audit, it’s something that you don’t want to go through because I talk to doctors all the time.

I talk to acupuncturists all the time. That get scared because they don’t have the things that they should have. So it’s really easy to get the things that you need to have, and I’ll talk to you about that here in just a second. HIPAA compliance, again, you can’t just check a box and be like, okay, cool, I’m HIPAA compliant, or fill out a particular form.

It can get a little bit involved. It’s about staying ready for whatever comes next. Keep learning. Keep updating the things. Stay fearless. We want you to be fearless so you can focus on your patients. That’s why you became an acupuncturist, is to focus on your patients. We can help you with the HIPAA side of things, so what are some of the next steps that you can do?

Couple things here. HIPAA checklist, if you’re wondering like, ah, I wonder if I’m HIPAA compliant, or I wonder if I’m even close to being HIPAA compliant, you can scan the QR code and get this checklist, or you can just look at it here and go through these questions. You can’t answer these questions, or if you’re not doing these things on these questions, you’re not HIPAA compliant.

It’s not worth the risk. So if you want to, you can set up a demo with us, where we can talk to you, we can show you the HIPAA compliance program that we have and how easy it is to navigate through this. Just go to go dot fearless provider.com/demo. You can scan the QR code here as well.

Sometimes acupuncture, you just wanna get started. So you can go to ww dot fearless acupuncturist.com to get started. Or. A lot of times people just wanna reach out and ask me questions, and I am more than happy to answer any questions that you may have, and you can contact me there at that email, Dr.

perry@betterhipaablueprint.com. If you have any questions, like I said, reach out to us. We are absolutely more than happy to sit down and talk to you and spend some time with you and clear up any questions or confusion that HIPAA presents with many of the times. In the meantime, everybody have an amazing day and we will talk to you soon.

Click here for the best Acupuncture Malpractice Insurance

Get a Quick Quote and See What You Can Save

HIPAA Warning – Verifying Employee Eligibility – Perry Barnhill

Click here to download the transcript.

Hi everybody. This is Perry Barnhill with the Fearless Acupuncturist. Today we are gonna talk about OIG and an exclusion list and what it means to you and why you need to be aware of it. Wanna give a big thanks to the American Acupuncture Council? Go to slideshow please.

Click here for the best Acupuncture Malpractice Insurance

Okay, here we go. Understanding and using the OIG exclusion list. This is about performing certain exclusion checks. On your staff regarding the Office of Inspector General. Let’s talk about that. This is something that we want to check every single month. Now put it in perspective here for you.

We got Health and Human Services at the top, HHS, you’ve heard of that. And then we have OIG, the Office of Inspector General. Now they’re very closely related to the OCR, which is the Office of Civil Rights, and this is where all the HIPAA stuff comes in. These two are basically sisters to each other, and they’re so important that you need to be aware of.

Get a Quick Quote and See What You Can Save

That’s why we’re talking about this right now. What is the OIG exclusion list and why do we need to check it? Okay, so here’s what it is. The exclusion list is a list of individuals that the government collects that basically shouldn’t be employed in your office. If you’re accepting any federally funded programs such as Medicare, for example, or even if you’re in some acupuncture networks for P-P-O-H-M-O or insurance networks.

Now, if they’re on this list. Is something we need to be aware because we may not keep them employed. This is something we want to ensure compliance with Medicare, Medicaid, like I said, certain contract requirements by regularly verifying employees. Who do we need to check? Okay, now everybody that we need to check is pretty much anybody in our office that’s involved in any kind of patient care or has any kind of access to protected health information.

So you got your staff that’s involved with your patient care. Any employees handling any kind of billing procedures or protocols, personnel. Anybody who has access to protective health information, I’m not talking about a janitorial service or a cleaning service. Those folks though, if you don’t know already, they need or you need to have them fill out certain forms such as non-disclosure statements and agreements.

Because even janitors that come into our office may accidentally see protected health information. And that’s something just on a side note that you need to be aware of and you should have protected and you should be speaking to them about. The Medicare exclusion list. This is a list of an OIG website that I want you all to go to.

Here it is exclusion dotig.hhs.gov. You need to go here, and this is where you need to start doing some check-in. Go in there and enter your employee’s last name and first name, and if you need to, because some people have similar names or same names, use additional details such as their date of birth. If you have other providers in the office, you need to check on them as well to narrow the results.

So how do we interpret these results if their name actually pops up? The good news is if it doesn’t pop up, they’re good to go. You don’t need to worry about it, but if one of your employees or your personnel’s name pop up, make sure you click to verify and redo, review additional details again to make sure it’s not the same person that you have in your office.

So you can enter date of birth NPI numbers if they’re providers for confirmation. And believe it or not, there’s another exclusion list that I want you to check. Even though I’m talking about this and there seems like it’s overwhelming, at least a little bit. It’s easy. It’s very fast. You literally go to those websites, you check in their names.

It pops up very fast, and their name’s either on there or it’s not on there. I. The other one is the SAM exclusion list. This is the next website you want to go to and just double check and make sure nobody in your office is on this list. sam.gov. Just go there. Check how to search is very similar.

You use the entity verification search function and again, you enter the information of the employee’s name or any personnel that you have in your office to make sure they’re not on that list. Some verification tips. Provide as much identifying information as possible. Again, to make sure maybe you got two people with the same name, confirm the details and make sure that they match.

The last thing I want y’all to check is your state-based exclusion checklist. So we got the government, we got the SAM list and then also double check any kind of exclusion list. And again, just to reiterate this, if you accepting any federally funded programs, you have to make sure that none of your employees or anybody in your office is on this list or even other providers.

’cause if they’re on this list and you hire them and they’re employed and they find out. You can get in some big trouble and the fines are pretty steep. So again, where to check for state specific list? Use your state specific portal. Alrighty, and make sure that they’re not on that list as well. How to search?

Very similar. Locate the sections for OAG provider sanctions and you enter your employee’s name and other identifying details if needed and if possible, reviewing the information. Check details again to ensure that it matches the individual. Again, making sure it’s not the person in your office. Maybe they got a same name, and I know I said that a thousand times, but just double check.

Note any active sanctions or exclusions relative to state Medicaid programs. Here’s some best practices for verification. Always verify with multiple data points for the reasons we’ve just talked about. Cross-reference your results. Check the OIG, the Sam and State Base to confirm accuracy and just as important, make sure you document everything as if it’s not documented, they will say, you never ever did it. So make sure you do that and make sure you do it monthly. The importance of regular exclusion lists, compliance meets Medicare, Medicaid, and also many insurance contracts. You have to make sure they’re on this list. Risk management helps prevent potential fraud and abuse.

’cause if those folks are on this list, it’s likely they have some kind, they’ve been convicted of some kind of criminal action, and there’s something going on that you definitely may not want them in your office. All right? Quality insurance ensures that other qualified personnel have access to sensitive patient care and information.

So you gotta be safe there. You gotta protect that information. So here’s some next steps. Just to recap, use OIG website and Medicare exclusion list checks to make sure they’re not on the list. The SAM exclusion list. And also check your state. Record this in your manual. Make sure you record it in your manual.

’cause again, like I said, if it’s not checked, it’s not done and you need to do it monthly. It doesn’t take long. So just make sure you get in there and you get that done. Additional resources, I’ve went over these, but here’s a screen just to check again, different spots you can check. If you don’t know if you’re HIPAA compliant, the likelihood is that you’re probably not.

Many providers may have a form or two in the office, and they think that means that they’re HIPAA compliant. So this is why we came up with the checklist here. Go over this checklist. Look at the boxes here. If you’re not checking every box, the likelihood is very high. Likelihood is that you’re not HIPAA compliant.

Make sure you do so because the fines associated with any HIPAA noncompliance are very scary. You can scan the QR code as well. If you want to schedule a demo, you can go to fearless provider.com right here as you see, and we can go over a demo with you, show you how the program looks, what exactly it looks like on the inside, how to navigate it, how to have your staff navigate if you choose not to.

If you wanna just get started, you can go to fearless acupuncturist.com. You can get started that way as well. If you want to contact me. If you wanna reach out to me ’cause you have questions or concerns or anything like that, please feel free to do i’m more than happy to jump on the phone and jump on the site, go over a demo with you and answer any questions that you may have.

You can contact me at Dr. perry@betterhipaablueprint.com. Also, you can scan the QR code here as well. If you got questions, reach out to me please. I am more than happy to help any and all of you. In the meantime, everybody, have an amazing day and we will talk to you soon.

Click here for the best Acupuncture Malpractice Insurance

Get a Quick Quote and See What You Can Save

Why Google Reviews Matter to HIPAA – Perry Barnhill

Click here to download the transcript.

Good morning. Good afternoon, everybody. Welcome to Fearless Acupuncturists. This is Dr. Perry Barnhill, and today we’re gonna talk about Google reviews and how to respond to them properly. Properly go to slides.

Click here for the best Acupuncture Malpractice Insurance

Again, this is Dr. Perry Barnhill and I wanna welcome to the webinar on how to respond to Google reviews in a HIPAA compliant way, such that you keep yourselves outta trouble. That’s the goal. We wanna respond to reviews properly and legally in a positive way, and at the same time keeping ourselves out of trouble with any kind of HIPAA violations.

All right, here we go. So why do Google Reviews matter? We know these reviews impact our online reputation. They’re very important. We know it builds positive engagement with potential patients, even existing patients we know patients check reviews out all the time. As a matter of fact, we check reviews out and Google reviews on primary, people we go to see, doctors we go to see.

Get a Quick Quote and See What You Can Save

So it’s really important. It builds. Engagement with the SEOs and compliance with HIPAA is very crucial, as we all know in all patient communications, especially public facing communications such as Google reviews. So understanding HIPAA in online interactions, and let me just go over a little bit of HIPAA overview.

As we know, HIPAA protects. Patient health information, just the acronym PHI Protected Health Information and PHI includes all kinds of things that can identify the patients. Things such as their name. We know that’s pretty basic. Their IP address, their face. There’s so many things that it can be related back to the patient.

It is protected health information and violations. I know you hear about this a lot, but this is true. Violations can result in big fines and it can damage your reputation. Okay, so here’s what we want to do. We want the dos and the don’ts and responding to reviews. Now the dos, we want to keep our responses generic and professional.

We wanna focus on customer service, not their acupuncture care. Now, the don’ts, we never want to confirm or imply that the reviewer is a patient in our office. We don’t wanna mention any details about their care, including anything regarding about their family members. Like just be very safe about it and just don’t do anything like that.

Alright, so creating a safe response to positive reviews. And here’s an example. Dr. Joe and his team are fantastic. They always make me feel comfortable. Here would be a sample response. Thank you so much for your kind words. We strive to provide a comfortable and welcoming experience for everyone who visits our office.

Now, how do we handle negative reviews? Let me give you an example here. I had a disappointing experience with the wait time at Dr. Sally’s office, and here’s a good response. We always appreciate any feedback. We take concerns like this seriously and would like to learn more. Please contact our office directly so we can address this issue.

So one thing to notice is we’re not referring back to you or any way that can imply that this patient even came to our office. These are very generic responses, but these are the responses that we need to have in order to stay compliant, navigating complex reviews. Here’s an example of a review. The whole family.

Love seeing Dr. Steve. Here’s an example. Response. We love taking care of families. Here’s the key. I didn’t directly say we take care of your family. We love taking care of families as just a generic response as compared to I. We love taking care of your family. So that’s the distinction there. And again, this response is safe.

’cause it doesn’t reveal or directly imply that we’re taking care of their family. We just love taking care of families. So here’s some common mistakes to avoid. Just re going over the skin, acknowledging that the patient or their family members in any way confirms their status in our office, providing any additional information about their care, even if they mention it first.

Don’t, just don’t respond to it in that way at least. And here’s another thing, and I see this often, don’t engage in back and forth discussions that might inadvertently disclose more details. And where I see a lot of providers getting themselves in or potentially hot water, they have this back and forth almost argument about the care or the wait time or whatever it was in the office.

So don’t even go there. Alright, HIPAA compliance and best practices. Always thank the reviewer without confirming any details. Keep your responses focused on general customer service. Encourage offline communications for specific concerns. Where we said, Hey, please contact our office. Don’t go there online and in front of everybody.

Train your team. Also, this is so important. Train your team and how to handle reviews in a compliant MA manner. I would suggest that if you have team members responding, make sure before they respond. They get back with you and you approve that response before it goes out. Handling potential HIPAA violations.

This is what we don’t want to have to deal with, but if we accidentally disclose PHI take that review offline immediately, get rid of the trail. Consult with your compliance officer for guidance. Ask to see what you should do from there. Report the incident to necessary authorities If required, however, ask first.

Don’t just start reporting things to hipaa. If you don’t know for sure if it was a violation, ask someone like myself. Ask someone like Dr. Julie. Find out first before you go reporting things. So here’s some final tips for success. You wanna respond promptly. Thoughtfully and you want to regularly review your HIPAA policies related to online interactions, and this is where I say you need to train the staff.

It’s part of the training, it’s part of the requirements we have for hipaa. We have to train the staff on how to respond to situations like this, for example, and encourage our satisfied patients to leave positive reviews and then bury the bad reviews with good reviews. Remember protecting patient privacy.

It’s not just a legal requirement, it’s commitment to the trust your patient’s place in you. So some next steps here, you can all go to and download this HIPAA compliance checklist. You can go to this, the website here, or you can scan the QR code, check out this list. If you go through this list and you can’t safely mark all those boxes, you’re not in compliance with hipaa and we don’t wanna be there.

You don’t have to be there. It doesn’t have to be complicated, it doesn’t have to be confusing, but it’s a process. So make sure you are, because if you’re not, the consequences are what we don’t wanna talk about. You don’t have to be in that boat. If you want, you can schedule a demo with us. You can go to fearless acupuncture.com.

There’s a demo there. You can scan the QR code. You can go to our website@ww.fearlessacupunctures.com or always feel free to contact me at Dr. perry@betterhipaablueprint.com. And again, thank you so much, the American Council acupuncture Council. It’s a mouthful. A CN. How’s that for allowing us to provide you with this webinar?

And in the meantime, everybody have an amazing day.