Dr. John Frame, highly respected surgeon and founder of Breast Health Specialists of Oklahoma (BHS of OK), has operated on thousands of breast cancer patients over his nearly three decades of surgical experience. However, he also runs a vibrant, growing business.

The Challenge
In 2012, Dr. Frame, team leader of BHS of OK, had an insurance review. The company’s insurance representative pointed out that BHS of OK was vulnerable to security breaches and regulatory non-compliance fines.

“Regulatory rules are over-reaching and overly-detailed. It’s tough to comply with what is asked of us, but nonetheless these rules are a good thing.”

“It’s a defense move. Should there be a HIPAA compliance or security breach, you’d be really vulnerable to penalties if you haven’t done a compliance audit,” said John R. Frame M.D., Surgeon, Founder, BHS of OK.

The challenge was not that BHS of OK should comply with HIPAA regulations, but how. The insurance company had two pieces of good news. First, they recommended www.aegify.com as a comprehensive solutions provider. Second, they promised significant insurance savings upon proof of HIPAA compliance.

The Solution
After a 30-minute phone call with Aegify, Dr. Frame, learned that Aegify Compliance Manager provides a unified platform for all BHS of OK’s HIPAA compliance management activities and automatically integrates with risk, security management and audit operations. He appreciated his unprecedented visibility into BHS of OK’s compliance efforts and risk management across his organization.

The time investment to become HIPAA compliant the first time in BHS of OK’s history was 8-10 hours. BHS of OK answered Aegify’s compliance questions and gathered or created all required supporting documents. “Aegify gave us a lot of templates making the process easier,” said Dr. Frame.

The Results

1. Peace of mind. BHS of OK has been HIPAA compliant for three years. Should a compliance audit be mandated in the future, BHS of OK has a solid paper trail.
2. Significant insurance savings. For three years, BHS of OK has enjoyed lower insurance premiums because of their current Aegify certificates of compliance.
3. Best PHI practices. HIPAA compliance is now a part of BHS of OK’s daily operations. BHS of OK staff has been trained and compulsively adheres to best practices for securing protected health information in all forms: email, paper, databases, over the phone or in person discussions.

“I felt very good about the having a compliance document in my files,” said Dr. Frame. “To their credit, Aegify predicted that following years would be much easier. The renewal process requires less than 10 minutes every year.”

Download a PDF of this case study

The post Breast Health Specialists of Oklahoma appeared first on Aegify.

“We had no idea where our compliance posture stood, or how much of our daily practices were already in compliance. However we did know that we were not in compliance as much as we should’ve been,” said Donnell, office manager for Internal Medicine Associates of Memphis, Tennessee. This is not an uncommon view among small medical practices nationwide. HIPAA data privacy laws coupled with HITECH security rules and enforcement is complex and foreign to most offices. These small businesses are not blessed by the deep pockets or internal IT resources enjoyed by larger clinics and hospitals to fund and obey HIPAA compliance standards. In most cases, outside consulting firms are hired, charging tens of thousands of dollars to ensure that hospitals receive the training and directives they need to stay in compliance. Not so for most small medical practices.

Key Requirements

Electronic health records (EHR) systems have certainly made management of confidential patient records easier in some respects but not necessarily more secure. The federal government is also encouraging the deployment of EHR via a program of monetary incentives that follow guidelines set out by “Meaningful use” practices. Offices that have not implemented EHR are not qualified to file for these incentives. The pressure is on for all medical practices regardless of size, to upgrade to EHR. “The sad reality is that, like many offices our size, we are still using paper forms,” said Donnell. “We have paper records that are 10-12 years old that can be difficult to find because nothing is online.” With three full-time primary care physicians and nine employees, Internal Medicine Associates of Memphis was facing a high degree of risk and potential fines for noncompliance.

Aegify RSC Suite: a HIPAA Solution to the rescue

Fortunately, they turned to David Altizer, vice president of SOS Systems of Memphis, to cure their ailments with a HIPAA compliance solution and set of best practices. Immediately, SOS Systems, a Managed Compliance Provider (MCP) partner of Santa Clara, Calif.-based Aegify, rolled up their sleeves and began putting into action a HIPAA strategy. Starting with an evaluation to assess needs, SOS used the native templates available in Aegify’s RSC Suite solution to set up policies and automate procedures, thus helping to manage a decade’s worth of patient records.“We started with nothing, and SOS thankfully provided all the documentation we needed,“ said Donnell. “We scanned into the system hundreds of patient files. Using Aegify RSC Suite, we performed an assessment that instructed us how to proceed with aligning ourselves with HIPAA compliance. We could browse and click and see where things had to be. SOS trained us on using Aegify RSC Suite and explained how and where we needed to be compliant.” Donnell also realized that following HIPAA best practices would also lead to running her medical office more efficiently as a business. With the help of SOS Systems, Donnell could rest assure they were on the right track. “We promised to do whatever it took to get compliant. The last thing we wanted was to deal with a fine,” she said.

Results of using Aegify RSC Suite

Donnell found Aegify RSC Suite easy to use and deploy. “The web-based system simply asks a lot of questions, like a multiple choice test. We selected the answers and then attached the appropriate document to update and prove compliance.” “The system gave me confidence that policies and procedures were being followed, and that patient records were being managed successfully.” “We enjoyed working with SOS Systems and did not consider using another service provider. They have been very helpful. This was our first working experience and we are satisfied with the results,” said Donnell.

Conclusions: quick deployment, easy to use, a business-saver

“The Aegify RSC Suite solution was self-explanatory from the get-go. I figured that if I could use it, then anybody else could, too. Soon enough, I found myself conducting the assessments alone without any help,” admitted Donnell. “The whole process took less than two hours, and that included attaching documents, proving compliance, and completing the entire process.” “Wherever we needed guidance, SOS stepped in to help. Regarding HIPAA, we now have peace of mind. SOS has been a true life, or rather, business, saver.”

The post Internal Medicine Associates of Memphis Achieves HIPAA compliance appeared first on Aegify.

Barbara is the office manager for a Grand Rapids, Michigan family practice with four staffers and 1800 patients. The practitioner has been providing healthcare services to patients for 24 years. While attending her monthly association meeting of regional physician office managers, Barbara met local services provider Joe Dylewski, president of ATMP Solutions, a provider of healthcare IT technology for more than 20 years. (http://www.atmpgroup.com) Her challenge posed to Joe? To help her find an online risk assessment solution she could use without any previous IT experience or formal computer education. Her goal was to meet and sustain compliance with HIPAA and HITECH regulations, to fulfill a few core requirements of “Meaningful use” statues, and to facilitate patient care reimbursements from insurers. Several years ago the office had transitioned its patient records to an EHR system to automate day-to-day processes, thus helping to reduce administration costs.

A Solution for Compliance with HIPAA/HITECH

After conducting an evaluation of her office environment, ATMP Solutions recommended that Barbara implement Aegify RSC Suite, a cloud-based, SaaS-delivered application developed by Aegify Inc., of Santa Clara, Calif. The application helps meet HIPAA and HITECH privacy and security rules at dramatically less cost and complexity than standard approaches. “Aegify RSC Suite is probably the only tool on the market built from the ground up to Page | 4 service small medical practices,” said ATMP’s Joe Dylewski. “It also had the incomparable value of not requiring its users to have deep domain knowledge with the intricacies of HIPAA laws.”

Results of using Aegify RSC Suite

Said Barbara, “A major attraction of Aegify RSC Suite is its ability to collect and store all HIPAA-related provisions and related documents online into a single repository, making it a hands-on tool and thereby easier to use and access. The system is understandable given our level of tech expertise.” Having Aegify RSC Suite automate the risk assessment process by providing a comprehensive list of questionnaires gave the office its clearest picture yet of its current state of compliance, highlighting specific non-compliant areas, such as backup and recovery, that needed immediate addressing before the office could take comfort in knowing they were 100% HIPAA compliant.

Conclusion: Quick Deployment of Aegify RSC Suite

The deployment went as planned. “There was no need to schedule 40 hours to walk through the system,” said Barbara. “It only took 3-4 weeks to complete the entire process and determine our level of compliance.” “Being an ACO (accountable care organization), it was important for our practice to fall in-line with prevailing compliance standards, to not cause a bottleneck with other doctors’ offices or business associates, and most of all, to not find ourselves in any hot water with regulators. I know this [Aegify RSC Suite] is going to be useful. We’re already seeing other groups within our association take interest. They too want to get involved with ATMP and Aegify’s compliance solution.” “Another added plus about this application is the positive impact it has had with expediting our reimbursements, which is always good for business.”

The post Finding ‘Meaningful Use’ in a simple HIPAA Solution appeared first on Aegify.