AACS has partnered with Medical Risk Institute (MRI) to offer special member pricing on their HIPPA compliance management tools. AACS recently sat down with MRI founder Michael Sacopulos, to discuss patient privacy, the need for compliance, and how AACS members will benefit from this new partnership. Here is what we learned:
AACS: First, tell us about MRI and how the relationship with AACS came about.
MRI: I have been providing legal guidance to aesthetic medical practices for more than 10 years. Some years ago, I created Medical Risk Institute to provide medical practices the resources needed to make HIPPA compliance easier.
AACS:How have you been working with AACS to determine our members’ unique HIPAA issues and concerns?
MRI: We started a conversation in 2014. Earlier this year, we helped AACS survey its members about their patient privacy needs and concerns.
AACS: Tell us about the survey results.
MRI: The results highlighted a few misconceptions and pointed us in the right direction to create a package of documents and services to address the AACS members’ HIPPA compliance needs.
AACS:What was one of the misconceptions?
MRI: Some practices thought that HIPAA did not apply to them because they are not a Medicare provider. While there may be some technical truth to this, practices are still subject to state privacy laws and requirements. State courts have been increasingly looking to federal standards (HIPAA) to determine their standard of care. This means that effectively HIPAA is the standard for all medical providers.
AACS: Does HIPAA only apply to practices using electronic medical records systems?
MRI: No, it applies equally to electronic and traditional chart practices. In fact, the membership survey showed AACS practices almost evenly split between those that use EMR systems and those that use paper charts.
AACS: Some practices struggle with training their staff on patient privacy issues. Is it necessary?
MRI: Yes, both providers and staff are required to receive annual training on patient privacy. MRI offers an online solution that allows individuals to complete the training at their convenience. It also provides documentation to prove compliance.
AACS: Social media is a key marketing tool for many aesthetic practices. Social media also comes with some potential HIPAA issues. What should practices do to be safe?
MRI: The survey revealed that the majority of practices do not have social media policies. This is a policy that every practice should have. Many HIPAA breaches have come from the misuse of social media. Additionally, the Federation of State Medical Boards (FSMB) has issued social media guidelines. The FSMB reports that a significant number of states have received complaints and disciplined physicians for the misuse of social media. This is an area of focus for medical boards; every practice should be aware of the media guidelines and oversee social media use. A social media policy goes a long way toward protecting your practice.
AACS: We have talked about a number of HIPAA issues. If you had to pick just one thing an aesthetic practice should do for HIPAA compliance, what would it be?
MRI: My advice is to perform a Security Risk Analysis. The Office of Civil Rights (OCR) enforces HIPAA. The Office of Civil Rights says a current Security Risk Analysis is the first thing that they typically request. The OCR also ranks this report as the most important document in the effort to comply with patient privacy laws and regulation. Unfortunately, the majority of practices surveyed indicated that they did not have a current Security Risk Analysis report.
AACS: Clearly, HIPAA Compliance is complex and evolving. AACS is pleased to offer our members assistance with HIPAA compliance.
MRI: Medical Risk Institute is excited to be partnering with AACS. MRI works hard to make HIPAA compliance as painless as possible for practices. We believe our relationship with AACS will be very beneficial with AACS members.
AACS members interested in MRI’s HIPAA Compliance may learn more by contacting MRI at 812.241.8995 or firstname.lastname@example.org.