Magda Fariña Rodriguez, President at Health Management Solutions, Inc. located in the Miami/Fort Lauderdale Area explains how the Omnibus rule is having a significant impact on Healthcare Providers and their Cover Entities. Under the new rule, there have been some big changes. First, there is now a presumption that a breach of Protected Healthcare Information (PHI) has occurred unless the Covered Entity (CE) or Business Associate (BA) demonstrates that there’s a low probability that protected health information (PHI) has been compromised by providing a written Risk Assessment.
This means that the burden of proof is on the medical office to conduct a risk analysis and prove that a breach did not occur. This change was made to better protect consumer’s rights. If they are unable to do this, or it is determined that indeed there was a breach, then they have to send breach notifications—first class mail—within 60 days. According to Rodriguez, the three new areas that HCP need to focus on complying with are: Privacy, Security and Breach notification, policies and procedures, Notice of Privacy Practices (NPP) and Business Associate Agreements (BAA).
The new deadline for NPP and BAA compliance is now September 23, 2014. “This has been a long awaited process, for which those of us familiar with the evolution of the rule, and in particular larger healthcare organizations that have significant resources at their disposal, have been preparing,” Rodriguez says. She adds, “However, my concern is with the smaller individual ‘solo’ healthcare practitioners, such as dentists that are not associated with a large healthcare organization, from which to obtain training and resources, I believe they are in the dark about these changes.” Rodriguez feels that there is a language barrier in the industry because healthcare professionals don’t associate the term “Cover Entity” (CE) with themselves and they don’t know the actual definition. “They think this terminology applies only to larger organizations,” Rodriguez says, “a large majority presume they do not need to comply with this regulation (when they do).”
Another misunderstanding she has identified is that healthcare providers think that they are HIPAA compliant because they have patients sign the “Acknowledgement Receipt of Privacy Practices” form that they created years ago when the Health Insurance Portability and Accountability Act (HIPAA) was first implemented. “They tell me,” she explains, “ ‘Yes, I am HIPAA compliant, I give my patients the form to sign.’ But, they are unaware they need to comply with the new rule that requires them to change their Business Associate Agreements (BA) and to review their associations because the new definition of BA has expanded to include subcontractors not previously included in the privacy rule. They also need to conduct annual training for all their staff and change the Notice of Privacy Practices (NPP) to comply with the new guidelines. They need to implement a Risk Management Program, designate a Security Official, have written policies and procedures, document compliance and conduct a Risk Analysis when there is a breach.”
She explains, “Many of these Healthcare Providers and Cover Entities have no idea the level of fines involved and the fact that the Department Office for Civil Rights(OCR) will be conducting inspections starting to enforce the Rule beginning Fall 2014. For example, if they are found to be out of compliance and they did not know about the requirement then fines start at $100 and go up to $50,000. If there is reasonable cause to suspect a violation, $1000 to $50,000. If it is found to have been willful neglect to comply with the requirements, the fines start at $10,000 and go up to $50,000—even if the problems have been corrected. If the problems have been shown to be both willful neglect and they are currently uncorrected the fine is $50,000 per violation.” She adds, “The Department of Health and Human Services understands that smaller and less sophisticated practices may not be able to implement security in the same manner and cost, as larger organizations. However, cost alone is not considered an acceptable reason not to implement a procedure or measure to safeguard patient information.”
About Magda Fariña-Rodriguez and Health Management Solutions, Inc. (HMS)
Magda Fariña-Rodriguez earned her Bachelors of Science in Business Management and Political Science from Marymount College of Fordham University and has more than 25 years working in healthcare and dental business management. Today, she directs Health Management Solutions, Inc. (HMS), a multi-business management professional consulting firm, dedicated to serving the continuing educational, business and financial needs of the healthcare industry; particularly specializing in the dental profession.
Her company, Health Management Solutions, Inc. (HMS) helps healthcare providers meet their practice risk management and professional continuing education needs. They provide comprehensive professional business practice management, asset management and financial services, following strict ethical business standards. Services are provided by a group of experts, such as Financial Business Associates, Attorneys, Guest Speakers and Healthcare Providers and Consultants. These professionals understand the healthcare practitioner’s financial, business, professional, and ethical concerns. Their philosophy is “to educate, promoting compliance awareness with existing regulatory standards, quality care and recommended financial and risk management practices within the healthcare industry.”
Lazaro Fernandez, DDS says, “Magda Fariña-Rodriguez, President of Health Management Solutions, Inc., has been overseeing our Risk Management and OSHA Compliance Efforts since 1996. We have three large dental practices and an extensive staff (6 dentists, 5 hygienists and over 20 assistants ) and we felt we needed expert assistance in these areas. Throughout the years we have never had a negative incident that we have not been able to handle successfully. We know this has been due to the policies and procedures she helped create for Fernandez Dental and we implemented. As a large dental practice, we are the subject of numerous inspections from dental insurances companies, the Health Department and many others, and we have always been commended for our excellent infection control practices and our dental documentation and recordkeeping. Her efforts have helped us overcome countless challenges.”
To learn more about Health Management Solutions, Inc. (HMS) visit their website at:http://www.HealthManagementSolutionsInc.com/. For more information about Magda Fariña Rodriguez visit her LinkedIn page at:https://www.linkedin.com/in/magdafrodriguez. Offices are located at 3600 West Flagler St., Miami, FL 33135. Or, call (305) 443-8727.