HIPAA and OSHA Guidance with Jill Obrochta | Dental Marketing Guy Show

Transcript of Jill Obrochta on The Dental Marketing Guy Show:
Jill-C-Obrochta

Stream Audio:

 

Justin: Welcome to the Dental Marketing Guy Show. I’m Justin the dental marketing guy and today it is a huge honor to interview a real HIPAA expert. We have Jill Obrochta and she is a 20 year plus veteran of the Clinical Dental Hygiene Arena who specialized inpatient motivation and chairside verbal skills. And now she’s considered one of the country’s top dental OSHA and HIPAA compliance experts. You’re going to want to hear what Jill has to say because the implications for your practice are huge. If you’ve ever known or heard about someone who’s been bitten by to hit the monster. Man, we’re talking about ten million dollar finds. We’re talking really, really big deal here, we’re going to talk about how to protect yourself, and in fact Jill has a special offer at the end of the interview for those of you who are interested in learning more about how to protect yourself from HIPAA and OSHA and how to be compliant. Really, really huge value we’re going to get into. Let me tell you a little more about Jill, she’s a compliance researcher, she’s a product developer and OSHA GHS and HIPAA training specialist. She’s an internationally published writer and educator for several top industry manufacturers including Pro Dentec Capital One, Waterpik Technologies, 3M ESPE, PGNE, and she is the founder of dentalenhancements.com. That’s the website, her own nationwide web based Education Company specializing in OSHA and HIPAA training, and she makes it easy. So she’s here to talk to us about her enthusiasm, about how you can protect yourself, protect your practice. The last thing we want is to have you build your dream practice and then have it crumbling down because of government intervention and penalties. So I’ve said a lot about this, but you know what I can’t talk nearly as well about the technical as you, Jill. How are you?

Jill: I’m doing awesome, Justin. It’s really nice to be here. I’m so excited to talk to your audience and it was great when I heard from you when you reached out, you know, my favorite topic is compliance and HIPAA is really the new OSHA. So there’s so many things that doctors need to be aware of. Not only the doctor, but also their team as well with regards to OSHA and HIPAA.

Justin: Excellent and you know I’ve done a little vetting of, you know. I’ve seen you on dental town. I’ve heard good things about you and I’d love to just dive into this. You know, where do we start? Let’s talk about, you know, what is HIPAA? What kind of history and evolution and meaning of HIPAA?

Jill: HIPAA, so HIPAA started in the 90’s and it really stands for Health Insurance Portability and Accountability Act of 1996. So right around that time when people were moving, you got transferred or you were moving. Insurance companies were making insurance policies skyrocketing price. So originally the president puts a cap on any insurance company being able to price gouge. Later it sort of morphed itself by the year 2000 to have a right to privacy. Many executives were going to interview for jobs and they were getting discriminated against if the big bosses were checking into their health history. Do they have any communicable disease and they were discriminated so, then the government intervened that, somewhere around 2003, all healthcare facilities including dental offices have to have patients sign a HIPAA Patient Acknowledgement form and really what this was, was a pledge from the doctor not to give away, sell their mark, their health information for marketing purposes like name, address, phone number. We were just getting into email, that sort of thing and today HIPPA protects any individuals- past, present, or future protected health information- PHI. There is a ton of acronyms in the HIPPA world. So PHI is what a doctor and his team really need to be aware of, they need to know what is HIPAA? What does that mean for the dental office? That’s a little bit of the history and the evolution of HIPAA but now it has changed and it accelerates so quickly. These days, you know when we think about 2003 we started with HIPAA signing simple forms, we’re going to keep everything private. Then in 2013 there was a huge change in the HIPAA law. These laws are called HIPAA Omnibus Rules, the Omnibus Rules deal with much stricter privacy and security. When we started to work from on the internet in the workplace. This is when things went a bit crazy at the same time we’re enjoying the pleasures of the internet, you know, being able to email patient document, contact insurance companies, contact labs and other dental offices. There’s also identity thieves, especially where I live, here in Florida and in California. California just put out a great report, in fact, if anyone wants the report, they can email me at jill@dentalenhancements.com or just Google the California HIPAA report. Just came out of the beginning of 2016, and it says what identity thieves are doing. I’ll share that with your audience today- how to protect your dental office from identity theft. So on one way we’re being able to have this extraordinary share information flow. Right, with other dental professionals, labs, insurance companies. On the other hand identity thieves are poking into the dental office or the health care facility to either get their emails link to emails that have ransom ware, have the computers shut down, they have payment they’re requesting in bit coin. Crazy things like that and even breaking into dental offices. You know, in Florida and California they’re targeting health care and dental offices to steal servers that are unprotected, to steal the tape along with backup drives. Really should do away with those and go to a purely automatic and oxide encrypted type backup for your daily data backup. Even laptops that are protected, even your cellphones, you’re using cellphones for texting. You see there’s this big web. So the information is great, for information technology is great for information sharing, but then on the counter side, we really have to protect on the patient information from getting encounters with identity thieves. That’s really the main gist of these new HIPAA Omnibus rules, the big changes in 2013.

Justin: Ok, so you mentioned something about having backup drives and so what, can you recommend like is there a specific company or can you say like what, for the viewers can they do to take action on that aspect of it if they were to do so unilaterally?

Jill: This is a huge change for dentists because since 2003 the dentist has been doing his due diligence, he has his backup, he takes it home, he protects it, it’s his baby. That’s your pride and joy, that’s all of your patient information but nowadays you have a HIPAA breach, something that can hurt your patient, financially, their reputation. Certainly their identity, right? So if you have peridot these three magic identifiers- social security number paired with their name and their birthday. Now those are the magic for an identity thief, that’s what they’re after. So on a server or on a backup drive, what do you have? A thousand, two thousand of your patient information that has social security, name, and birthday. So if you’re taking along that sacred backup drive its best to get educated and choose a reliable oxide encrypted cloud type backup. Do away with those backup drives, I see it all the time. If you have one of those lost installed, here’s the scenario, more than 500 patient files have been compromised. Here’s the first thing you have to do, you have to contact all the patients either verbally and in writing. How do you gonna do that? A thousand to two thousand of your patient, that takes man power. So straight away you have to have a dedicated person to contact everyone about the loss or the theft of the taped hard drive. Next, you have to contact all media in your area- TV, radio, and newspaper. By this time the community starts to know “Wow, this dental office isn’t so great to go to” typically you’ll see about a 50% reduction and retention. You also have to report the loss or the stolen backup drive to the Department of Health and Human Services. Now you have an 18 month HIPAA audit, not fun. I just a trainer, I train offices to the standard of HIPAA Omnibus rules, give them updated forms, new manuals. So we put all the protocols in place, but at this point it’s out of my expertise. So if there’s that stolen backup drive we have to retain a HIPAA lawyer, retainer’s $50,000.  By the end of it all I’ve been through three of these adventures, the fine at the end for an innocent doctor trying to do the right thing take the backup drive home with them as they’ve always done. Now they’re in a $150,000 fine, it destroys the integrity of the practice so please look into choosing a very reliable off-site encrypted could type encryption. I know a lot of people are worried about the clouds, but the backup drive that you take home are even more vulnerable for you. So the law, now under these omnibus rules, your daily data backup should be oxidized and encrypted. The government even want to do reports either annually, biannually to say “How is my IT company or my IT tech protecting our daily data backup?” So that does have to go within the standard of HIPAA auditors, look at your protocols, look at your paperwork and they want to make sure everyone on your team is educated about HIPAA, the omnibus rules, and especially about how to handle patient PHI- protected health information.

Justin: Well sweet, yeah. That answers my next question. I was going to say who needs to be more aware of the HIPAA laws. So it’s really, I mean, obviously the front desk, right?

Jill: Oh my, yeah for sure. You know everyone as to be trained to this new HPAA Omnibus rules standards. So you have to have a proof of training sheet that everyone has been trained. So if you have new employees within 30 days you want to make sure that they have training module that they can get up to par with the rest of the team. Everyone has to be trained, let’s face it, in a hygienist. I take a patient back to my chair, they didn’t get to finish their paperwork. I need to be familiar with the patient forms and the HIPAA protocols because sometimes in going to be, even in a clinical setting, be asked or called upon to explain HIPAA. Your receptionist and your office managers, so many times I get calls, office managers thinking they’re doing the right thing. They’re loyal, there really dedicated to their dental practice, they may withhold patient information. You know the patient always has a balance, I’m not giving up those x-rays even though they requested them I’m not giving it up. Nowadays, under these new HIPAA omnibus rules since 2013, you must give the patient upon written request their x-rays and their records. So that’s the law, I think some of these lawmakers may not have been able to obtain their medical records when they wanted to. So the new law is your x-rays and your records belong to you, the patient. Don’t obscure justice, please make sure that you’re giving any patient who request their records and x-rays. Give those to the patient so I think office managers and receptionists are on the front line. They must be educated to these laws, they must know what guardians can have access to records. Another thing, Justin, has divorced parents. Think about it, parents are divorcing all the time, you have a HIPAA sign-in sheet. Whenever you know that “Wow, couple has kids.” you don’t know what their status is or relationship. Make sure if they are divorced, they need to put ex-grandparents that may take a child to a dental appointment. New boyfriends and girlfriends, and get this, if they’re dating and they’re dating full changes, have them sign another HIPAA Acknowledgement form. You don’t want mothers, I get this all the time, moms are in the reception room and the girlfriend of the parent is bringing the kids to a cleaning and there’s World War 3. The dental office doesn’t want to end up in family court over forms that weren’t signed and unfortunately, you know, the kids sometimes have to suffer by not being able to keep the dental appointment. But if your receptionist and office managers have been trained to have new HIPAA Omnibus rules forms within your office. Namely a patient acknowledgement form make sure that all those guardians are signed, sealed, and delivered. You can have good flow and function with your appointment. So those are two situations that I see all the time, you want to make sure divorcing parents, that you have stability there and that your receptionist and office managers know what information they can share and should share quickly and what information they shouldn’t. As a coach, our team, we answer our phones 24/7 because you never know when someone is going to call and go “Wow, we have a patient here, a situation like this or this happened yesterday and its really bothering me and now it’s a Saturday morning or Sunday morning” and the doctors really nervous so it’s my pleasure to always helping. Your audience can also give us a call or contact us anytime, I really want to be there as a resource for your listeners so that we can make sure you can acclimate getting enlightened and then get yourself on the right track with implementing your employee training, having the right paperwork updated and then getting these protocols for HIPAA in place.

Justin: Excellent, I heard you mention about HIPAA land mines. Can you explain? I know you just mentioned about, you know, some of these forms, some of the different family situations. I assume this is kind of what you’re talking about is you just don’t know what you don’t know, right? So what are HIPAA landmines?

Jill: Exactly, you know, it’s a term that I coined and actually I’ve just recorded a new anytime webinar. Its HIPAA horror stories, its kinds of things where we get calls every day unsuspecting dental office personnel who are really committed, they walk into a landmine. One that I mentioned was not giving up the x-rays for the records, you think you’re doing the right thing and protecting your doctor especially if the patient owes a large balance. We’ll, we give up the x-ray after you pay the balance, please don’t do that. In most states you have 30 days to deliver requested records and when the patient writes you, they can e-mail you, that’s a written request, right? So please give those up except Texas. Texas, everything’s bigger and bolder in Texas. They have a state required HIPAA HP300 laws, every two years in Texas you must study these laws and you must give the records in 15 days. So that’s one land mine, please don’t hold on to x-rays or records, gives those up in all other states 30 days, in Texas you only have 15 days to deliver those documents. Check the parents when children are coming in, please make sure you have guardians signed and make sure that the guardians have consented to bring children, to get the receipt for dental treatment to schedule the next appointment. Another landmine would be not having your vendors, your business vendors, now have to sign an official HIPAA document called a HIPAA business associate agreement. I think a better name for that document would be a vendor confidentiality agreement. So if a business has any access to patient information- the name, address, phone number, social security number, credit card number. You must have those vendors that share your patient identity information sign these business associate agreements. So many times I get calls from a dentist or a great resource to see what’s going on in the dental community. Check out HIPAA journal, these are a group of HIPAA techs, HIPAA technologists and they list all the current finds. So you’ll see a lot of times the current finds in a health care facility or private dental offices is that you have not had a proper vendor sign off that they can share your patient information. You see, it’s far-reaching where you can start stepping around and just walking down a road business in your life. Wow, I’m in a landmine, what do I do? Again, if you’re in a shaky situation and you don’t quite know what to do with the HIPAA situation you can always call us and we’ll try to guide you down the right road and certainly make sure that you have your training and people working for protocols, that’s always the best bet.

Justin: Why do they call it HIPAA laws or omnibus rules? Where does that come from?

Jill: The Omnibus Law, I know it’s a crazy name isn’t it? By definition an omnibus is a volume containing previously published in parts. Funny enough comic books are written in omnibus format so you have a Superman omnibus or Batman omnibus. But this isn’t very funny, so before 2013 or 500 pages of HIPAA, then in March of 2012 they added 80 more pages so the government, they wrote these laws very obtuse because they knew the internet was changing and the world of technology was really going to change. Also, they know that there’s a lot of internet bandits out there, right? So identity thieves, they wrote things pretty obtuse so that the world can change before they have to do another update. So you have to be really careful because these new omnibus rules, 500 original pages plus the 80 new pages, compile the omnibus rules. They are very vague, dental enhancement. I, one summer, I didn’t have a great summer just in the summer of 2012. I took the 580 pages with our legal team and we rewrote them, recondensed them down into a 50 pages workbook, a 15 minute video and then we created 17 new forms for health care. So we took all of those and said “What does a dental office really need? We need a training module, they need the new forms written, you know some of our competitors make forms. They say “Here’s a kit, study the law and then make your own forms.” It takes 800 hours to do that, so we have, for sure, 5 forms that you want to use in the dental office. We have your video, the workbook, an updated HIPAA manual written to the omnibus standard. Please make sure when you go back into your dental offices, check the edition of your HIPAA manual. It should be written after September of 2013 and say that it’s written about the omnibus rules. We include the manual and then we always include 30 to 60 minutes of guided help with one of our HIPA coaches. Don’t you hate getting a compliance update module and it comes to your office like a manual and a video and you’re like “Oh my God” life happens, dentistry happens, you put it off to the side. The next thing you know you have an OSHA or HIPAA inspector coming in and you’re blowing off the dust “sorry we didn’t fill up the manual, it’s not filled in.” We never want that to happen so we take all the components and parts and bits and pieces and paper and checklist and then we’ll spend 30 to 60 minutes with you. Fill in the blanks in the manuals, make sure you start printing and using these new forms that are specifically designed for the dental office and then we give you you’re guided help. So we get everything in place, that’s your training, the paperwork and the facility protocols. By the way, you can use that training video over and over with new hire so I think that the name of our products are HIPAA made easy because we want to give you everything and we want to give you support, we’re pretty passionate of success with this and omnibus rule are complicated. So that’s it, an omnibus is 500 pages of HIPAA law plus 80 more pages. Please make sure when you implement these protocols that you have something that’s comprehensive and you keep the protocols, the paperwork, training for all employees and make sure you have a nice resource so that you don’t get lost as things update because they do. Every week update and things seem to change, get more complex and convoluted.

Justin: Okay, but do they really, I mean, do they really go after like a solo practitioner or small time dentist? Do they, aren’t they looking for the big fish?

Jill: you know, there’s both things going on, there’s institutional and there’s big business, bigger healthcare facilities. It’s like a conglomerate, that’s true, but if you look at the HIPAA journal. I love the hipaajournal.com because these texts put up real life experiences of smaller offices. So, for instance, an office might think, you know, nothing’s going on with a great experience with this patient. Here is one land mine, you want another land mine? Here it is, the patient has a great experience, then at the checkout patients are standing in the back of each other. You always should have your patients not standing in the back of each other within hearing distance of one another. Please have any additional patients, if you don’t want to redesign and reconfigure your dental office make them sit in the reception room. For instance, the patient has a great experience, she’s going to leave the office. The credit card bounces or the receptionist might start talking too loud about her implants for denture, the cost for her dental treatment. That patient’s embarrassed, all of a sudden you take a beautiful experience with a beautiful dental outcome, patient upset, she goes into her car, she has her little cellphone and google everything. You google search, you can put up a bad report on Yelp or give a really bad review to the dental office. Ouch, that hurts, worst yet, these technically savvy patients will also go on to the office of civil rights for the Department of Health and Human Rights, report you for a HIPAA breach. That means that the dental office, then gets contacted and in an 18 month long HIPAA inspection is the result. It’s insidious, they can call your office or come in every week, every month. We have to then jump through the hoops of delivering the paperwork that they want and implementing those protocols. So please don’t let that happen to you. Typically it’s as the result HIPAA reports are, as a result of disgruntled patient. And you never know if someone just walks out and they had a bad experience. The next thing you know, I had last week a call, patient came in for a second opinion. They wanted to use their x-rays from their former dental office. He got them over within the 30 days, no problem. They were cone cut and you couldn’t read any of them, they were horrible. So the new dentist that able to take another FMX, they did a digital set of x-rays but they charge the guy $136, he didn’t like that. They should’ve just comped the x-rays because guess what? He reported them, there’s an 18 month long inspection and the poor receptionist is like “Oh my gosh, I wish we would have just comped him the x-rays, now we know.” So you never know what people want and what they’re capable of. Better to get educated, have everything in place, have of all of your team members aware of what’s going on and what are your protocols. If this happens then we do this, right, get on the phone and be able to call us as a resource, right. Important stuff under these new HIPAA omnibus rules, they’re insidious. So it’s good to get enlightened, educated and just implement everything as soon as possible.

Justin:  I don’t know if we want to say their insidious too loud. I think we.

Jill: For sure, right? You’ll never know. Big brother is watching. Right, Justin

Justin: What we meant was they’re inspiring.

Jill: They’reinspiring. Well, you know they were inspiring once you have things in place, in your office, you feel so much better. You really do feel enlightened, you feel engaged and on top of the loss and you feel like you’re protecting patients as well, you know, so they’re confusing because they’re so vague. That’s where an office doesn’t know what direction to turn, you don’t even know what you might be doing wrong. You’re trying to do the right thing and the next thing you know you’re in trouble and you didn’t even mean to get yourself in trouble with HIPAA officers, you know.

Justin: Yes, so speaking they’re staying out of trouble, I mean, what do they look for? What are the auditors, the HIPAA auditors even look for?

Jill: You know an editor is going to most likely come in because of a report so straight away they’re going to look at the incident. They’re going to look closely at that incident, was it because of paperwork that wasn’t being held out correctly? Is it because of the flow and functionality of the dental office? They’re gonna look at 3 things, they’re gonna look to make sure that you have physical aspects, technical aspects, and administrative aspects of HIPAA in place. This means computers, software, proper daily data backup, make sure that everyone is emailing correctly, protecting that patient information, texting correctly, all of the forms have to be updated, an updated HIPAA manual, and the inspector will question individuals- your hygienist, your dental assistant, even your part time help that might come in, you know, after work to process instruments. So there is a far reach, first the auditors are gonna look at the incident but he is also going to look at those physical, technical, and administrative practices of the office. So you have to be sure everyone’s trained with a signed agreement, that you have all the paperwork, forms, and a manual up-to-date to the HIPAA omnibus standard. We also provide a checklist, 25 different things. The focus and the functions within the dental practice so the protocols have to be updated as well.

Justin: That’s all really interesting. I like how you tied it into patient experience. I actually did not know that reporting someone is the reason why these investigations are kicked off. I thought it was kind of like an IRS thing where they just come through, you know, maybe half a percent per year for people and make sure they’re paying their taxes.

Jill: Yeah, it can be, it can be. It can be just a spot audit, but if you take a look, again, I’m going to back to the great IT guys, my friends the IT nerds at the HIPAA journal. You’ll see a lot of times it’s something totally innocent and it’s somebody who’s disgruntle, a patient who’s disgruntle. Now I will say that OSHA inspections are usually a result of a disgruntled employee or a disgruntled patient. HIPAA, most of the time, these techno-savvy patients get on their phones and they just go to the office of civil rights or the Department of Health and Human Services. It’s so quick and easy to report a breach for a patient, you Google that term, report a HIPAA breach for dental offices, boom it comes right up and they can take 5 minutes and report that breach. The dental office, on the other hand, is going to be in an 18 month long drawn-out inspection and audit.

Justin: And why is it 18 months? Is it always 18 months? Is it sometimes longer? Is it sometimes shorter?

Jill: Sometimes its shorter but they have the right to work with your office and ask for protocols and people are over 18 month target. That’s just how they wrote the omnibus rules because they figured, you know, as an inspection our investigation is going on. Sometimes the technology changes even within that time frame. Think of how we used to use email, phones, texts, Facebook, right. Things like that, so things can change and so they want to make sure that they have enough time to make sure that when they are correcting any kind of wrongdoing that they’re doing it to the best of their ability so that the doctor can have success in number and be able to practice up to these standards. So they are helpful to a degree, but it is a lot of work and they’re trying to sort or course you down the road of compliance. It’s better to get educated and enlightened, just like a root canal, right. Isn’t it better before that root canal is infected, you force to have that emergency treatment. It’s better to treatment, for you to be proactive. So I think while the inspector is trying to help you, you are already down a bad situation so there’s not a lot of proactivity. You’re sort of forced into that compliance at that point.

Justin: Yeah, if a dentist is a procrastinator. I don’t know if he has the right to be upset at his patients for procrastinating on their dental health.

Jill:  This is true and you know you can get an entire HIPAA omnibus module, you can get the manual, all the forms, the training video and the support for under $400. So why procrastinate when the fines start at $10,000 to 1.5 million. So it’s really kind of smart business to just get enlightened, look for a resource that’s going to help you and for under $400, you’re golden.

Justin: And in fact you’re offering a special offer to the listeners. Can you tell us about that?

Jill: I am. Especially for you, Justin, the dental marketing guy and your listeners. So if a doctor wants to get enlightened, please give us a call. You can call us, email us and my coaches and I will, if you mention the dental marketing guy. They’re going to get 15% off their first order, that means if you want our HIPAA module you may need International OSHA Global Harmonization System or Federal Osha. So any first order, you’ll get 15%, which is great. So that even more savings and we’re really happy to do that, we’re so passionate about our services and what we can bring to your office and all the products we deliver and the support. It just makes it so much easier, especially for the office managers and receptionists, also a doctor to understand this. So we’re very dedicated to your success and we’re willing to make that offer and we hope that your listeners will take advantage of that first time, 15% off. Just mention that when you give us a call, just mention the dental marketing guy because we really love the stuff you talk about, Justin. Thank you so much for making sure that in the dental profession, we have a resource like you to come in and you do such a great, compelling interviews like this. I just really think that it’s a great resource. So that’s our offer, 15% off for your listeners.

Justin: Excellent, excellent. Thank you very much. I really appreciate that, I’m sure the listeners will take action on that. Where can they find you again? It’s dentalenhancements.com

Jill: Yeah, dentalenhancements.com. Anyone can email me, jill@dentalenhancements.com and our phone number, if you just want to give us a call, it’s of course on the website. 941-587-2864, so just give us a call 941-587-2864. Forward any email to me, jill@dentalenhancements.com. We’ll be sure to first talk about your needs, talk about your situation, make sure that you have the right solutions chosen for your office. 15% off to the dental marketing guys.

Justin: Excellent, excellent. Now before we come to a close on our time I do want to say, you know, I do online marketing. I do SEO for dentists and you know that includes building websites for dentists. I want to know some things about what are the requirements, as far as HIPAA is concerned and I know some of my colleagues are going to want to know this too. What are some of the HIPAA requirements coming out the gate? I know you spend your summer poring over these prolix legalese, you know. Tell me about the HIPAA requirements as far as dental websites are concerned.

Jill: Wow, and it doesn’t end, you know 2013 was the start of it. but things change and update all the time. So my team and I, with our legal team, really keep progressing with the changes. Two things for your website, please make sure, it’s required to have the new notice of privacy practices. It’s a document, it’s the law, the doctrine of these new omnibus rules. So a notice of privacy practices, you must have that posted on your website. Most IT tax will take the notice of privacy practices, they make a little button that says an OPP or notice this privacy practice and when you click that any patient or any visitors to the site, it will pop up. So if you are a healthcare professional with a website that includes dental offices. You must have the notice of privacy practices attached, embedded, and then able to pop up for your patients. Second thins, if you’re sharing patient forms, right. So you’re attracting new patients and you’re going “Oh, let’s make them a new patient.” It is okay to share the form, I would not have them coming backwards because you have to have certain encryption that can get expensive, you have to have certain code, an encryption code. So ether talk to your IT professional or your webmaster about that. But I say it’s okay to give the new forms out, please make the patient print those. Do it the old fashioned way, have them bring in paper if you can. If you are going to do a backwards sharing of that information, remember there’s a tricky line between “are they considered a new patient or are they considered just a web server?” But once somebody has intention to start becoming a patient you have to make sure that’s patient PHI. You don’t want to have social security number, name, birthday for sure. But if you’re having addresses, email addresses, phone numbers, that’s a tricky one. So please, if you’re sharing those forms, outward bound is okay. But have that patient bring that sensitive health information with them to their appointment. Those are the two tips I have for the website.

Justin: Excellent, excellent. So if our listeners remember nothing besides 15% off of course for that course. What are 3 quick tips we can provide the listeners? Just super, super short and punchy as far as how to protect yourself from HIPAA. I guess you can say HIPAA interference, government interference.

Jill: Number one, get your team trained. Make sure everyone is trained to these new HIPAA omnibus rules. I think the best way is to have a resource. Go through either a live webinar, have a backup video. Make sure that it’s always up to date. So each year you might want to have an update support program. Number two, training is key. Paperwork, you must have a HIPAA manual written to the new omnibus rule standard. Check your manual, make sure it’s published after September 2013 and have at least 5 different forms- a patient form, an employee confidentiality form, that notice of privacy practices, a data backup report, at least annually, and you also want to make sure you have a business associate agreement. 5 forms for sure and the third thing, facility protocols. Anything from the patient checking in and out, making sure that’s private, at least not for conversation over here to how you’re going to text, email, software updates and make sure that computer and software are always to the new standard. So those things- employee training, paperwork, and facility protocols. Those are the hot tips to make sure that you’re building a comprehensive program to be protected to the new HIPAA omnibus rules standards.

Justin: Excellent, well, it’s been very educational. You’ve got a lot of passion for this. I can tell our listeners got a great amount of value. Listen, if you have any question, feel free to reach out to Jill, you can reach out to me. Let me know what you think in the comments below, if you see this on YouTube, Dental Town, the Dental Marketing Guy blog. Wherever you see this, just give it a thumbs up or leave us a comment, let us know what you’re thinking. If you have any questions for Jill, you know, feel free to reach out. That’s dentalenhancements.com and thank you very much one last time for the guest of honor, Jill.

Jill: Thank you so much, Justin. We love what you’re doing out there. The dental marketing guy rocks and we just really appreciate this opportunity. And truly your listeners can reach out to us anytime, day or night. We’re really happy to get them down the right rope when it comes to compliance, OSHA or HIPAA. Thanks a lot for having us, Justin. I was so excited to be your guest, thanks again.

Justin: Well it’s been great, it’s been great. It’s been educational and eye opening and, you know, that hipaajournal.com that sounds really interesting. So you might want to read some of those stories or just reach out to Jill directly. Thank you for watching the Dental Marketing Guy Show.