For you and your families, we wish a warm and safe holiday. May we all feel grateful for the good in our lives, for the privilege we experience, for the opportunity to work and to grow, for the people we hold dear . . . and for so much more.

Thank you!

The article below was written by Seth Krieger, SOS President, and shared with SOS users through the SOS Newsgroup and SOS User Group.

There are a handful of current ICD-10 psych-related diagnosis codes that will change on October 1 (the start of CMS’s 2017 Fiscal Year). Specifically:

Did you know that your current Support/Update agreement allows you to get support for SOS products by sending an email or by filling in a request on the SOS Help Desk website? Both of these techniques will create a new service ticket at the Help Desk, and a notification that a ticket is waiting automatically goes out to all support staff.

Emailing a request

Simply address your request to “support@sosoft.com”. Please include a brief description of your issue. (Note that emailing a specific person at SOS is not a good idea. That person could be out of the office or busy with another project and not see your email for a while. Using the Help Desk is the best way to get a prompt response.)

Creating a ticket on the HelpDesk website

1. Open your web browser and go to http://help.sosoft.com. (You will automatically be redirected to the Help Desk address, which is actually https://sosoft.us/hesk.) Here is what it looks like:
   
   
   
2. Click the indicated “Submit a ticket” link to open a ticket form, which looks like this:Be sure to fill in all the required fields (indicated by an asterisk). It is helpful to us if you also fill in your phone number and/or the licensee name that appears at the top of your SOS product’s main screen. If you want to send a screenshot or any other file, you can do so in the Attachments section of the form, but be sure to check anything you are sending to assure it does not include any patient information like names, phone numbers, diagnoses, services rendered or other protected health information (PHI).
   

. . . be sure to check anything you are sending to assure it does not include any patient information like names, phone numbers, diagnoses, services rendered or other protected health information (PHI).

3. When you have completed the form, click the “Submit Ticket” button at the bottom of the screen to send it. When an SOS staffer has responded, you will receive an email notification at the address you left in your ticket.

Then, in 1996, Congress passed a bipartisan bill aimed at allowing continuity of health insurance coverage for workers moving from one job to the next. That same bill adopted standards for claims and other electronic transactions and began the move toward a single paper claim form, the HCFA 1500 . . . with the huge goal of ‘Administrative Simplification.’

Twenty years ago, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Department of Health and Human Services (HHS) to adopt national standards to improve the electronic exchange of health care data. This national standards mandate falls under a part of HIPAA called Administrative Simplification.

As noted in a recent blog post, in 1996 a considerable portion of every health care dollar was spent on administrative overhead for processes that involved:

• Numerous paper forms
• Telephone calls
• Nonstandard electronic commerce
• Many delays in communicating information among different locations

Since the 1996 passage of HIPAA, HHS has released numerous regulations to adopt required standards. Today 93.8% of all health care claims transactions are conducted in standard form. The standards have helped pave the way for the interoperability of health data to enhance the patient and provider experience.

For details about Administrative Simplification laws and regulations, view the CMS timeline.

For most of us today, HIPAA is likely to conjure up thoughts of protecting patient privacy and the security of patient data, PHI . . . what is often viewed as an increase in administrative responsibility rather than a simplification. But for those of us who have been around long enough to remember some of those unique paper forms, and the totally different claim file structures required by various clearinghouse companies and hundreds of payers, state and government entities, HIPAA has simplified our work. Even so, we do still have a long way to go before we can claim to have achieved anything like ‘administrative simplification.’

For those of you who have been in behavioral health practice or administration longer than twenty years, what are your memories of pre-HIPAA practice? Do you think the law has improved things for patients? What about for you?

Please share your comments below.

]]> https://www.sosoft.com/blog/2016/09/13/hipaa-at-20-administrative-simplification/feed/ 4 2638 https://www.sosoft.com/blog/2016/09/07/now-sos-project-sos-how-tos/ Wed, 07 Sep 2016 20:37:41 +0000 https://www.sosoft.com/blog/?p=2615 Continue reading "New SOS Project: Product How-To’s"]]> A couple of months ago, we surveyed our customers about the type of content we share with you and how you receive it. One clear interest was in receiving How-To information for our products. We decided that the best way to accomplish this would be regular posts here in our blog on how to accomplish various things in our software.

So here we go with a simple start….

How-To Use Toolbar Help in SOS products

Introduction

New to SOS products? Or maybe you have been using our software for so long you have forgotten some basics!

As you move from window to window and field to field in SOS Office Manager, Case Manager or Appointment Scheduler, you will find explanations and tips appropriate to the currently selected page, button or field up in the left side of the toolbar. This can be especially useful in parts of the program you do not use often, for example, setting up a sliding scale.

Here’s the process:

1. Go to Lookups and click on Sliding Scale Schedules.
2. Click on the left side of the toolbar to expand the window.
   
3. Follow the instructions in the help box to assure that you correctly enter information.
   
4. As you move from field to field, you will see that the content of the toolbar box changes.
   

   Conclusion

   You can use Toolbar Help in most areas of SOS programs. Still not sure how to do something? If for any reason you are uncertain about how to accomplish a task you want to do, a Support Tech can assist you.

   1. Call Support: 352-242-9100, Option 2.
   2. Support Hours: Monday through Friday, 10 a.m. to 6 p.m. ET
   3. No Support Agreement? Call Trish at 352-242-9100, Option 1 or email Trish@sosoft.com to find out how to remedy that situation!

    

    

One of the blogs Seth follows is provided by a company called Adelia Risk. Early in August, he read a blog post that I want to share with you.

HIPAA Compliant Email: 6 of the Best Ways to Email PHI

How do you send PHI via email and still follow HIPAA? This is one of the most common questions we get.

It’s an understandable question. Email has become the communication tool of choice in the digital age. Most workplaces rely on it heavily.

If you’re a HIPAA-regulated business, email use gets a lot more complicated. It’s even more complicated when you want to email PHI, or Protected Health Information.

Good news: it is possible to send PHI via email, and we’re going to tell you exactly what it takes to ensure HIPAA compliant email.

But before we jump right in, let’s review the basics. . . .

As behavioral healthcare providers, we know you are very concerned about the privacy of your clients. If you are not using a secure email product to send PHI, you are putting that privacy at risk. Please click on the link above or here so you can read the full article. We do not earn anything from this company, but we are sharing this with you because the author, Josh Ablett, appears to know a good deal about his subject.

Please take a look at the article and feel free to add your comments and reactions below. If you are using a secure email product, please share your experience below!

I wanted to be sure you have the information from a recent notice from the Office for Civil Rights (OCR). In an email to the OS OCR Privacy List, OCR announced an initiative to more widely investigate smaller breaches.

Beginning this month, OCR, through the continuing hard work of its Regional Offices, has begun an initiative to more widely investigate the root causes of breaches affecting fewer than 500 individuals.  Regional Offices will still retain discretion to prioritize which smaller breaches to investigate, but each office will increase its efforts to identify and obtain corrective action to address entity and systemic noncompliance related to these breaches.  Among the factors Regional Offices will consider include:

*   The size of the breach;
*   Theft  of or improper disposal of unencrypted PHI;
*   Breaches that involve unwanted intrusions to IT systems (for example, by hacking);
*   The amount, nature and sensitivity of the PHI involved;  or
*   Instances where numerous breach reports from a particular covered entity or business associate raise similar issues.

Regions may also consider the lack of breach reports affecting fewer than 500 individuals when comparing a specific covered entity or business associate to like-situated covered entities and business associates.

Let me explain the thinking behind this initiative. OCR believes that breaches of PHI occur because of certain root causes. They have largely focused on large breaches in order to determine the root causes of such events because they affect so many people.

The root causes of breaches may indicate entity-wide and industry-wide noncompliance with HIPAA’s regulations, and investigation of breaches provides OCR with an opportunity to evaluate an entity’s compliance programs, obtain correction of any deficiencies, and better understand compliance issues in HIPAA-regulated entities more broadly.

Focusing on smaller breaches will allow OCR to begin to determine if root causes in smaller events are the same as or different from those in larger events. This will hopefully result is recommendations about how smaller organizations can remedy any problem situations.

Remember, if the PHI you maintain is located on computers, removable drives, or cloud storage that is fully encrypted (while in motion and while at rest), it is considered a safe harbor. The obvious simplest solution for everyone is to encrypt every place in which the PHI for which you are responsible resides electronically . . . your computers, your storage, your emails . . . and to be sure your file cabinets are locked!

According to OCR, these Desk Audits will cover specific aspects of compliance:

Requirements Selected for Desk Audit Review

Privacy Rule

Notice of Privacy Practices & Content Requirements   [§164.520(a)(1) & (b)(1)]

Provision of Notice – Electronic Notice   [§164.520(c)(3)]

Right to Access  [§164.524(a)(1), (b)(1), (b)(2), (c)(2), (c)(3),  (c)(4), (d)(1), (d)(3)]

Breach Notification Rule

Timeliness of Notification  [§164.404(b)]

Content of Notification  [§164.404(c)(1)]

Security Rule

Security Management Process —  Risk Analysis  [§164.308(a)(1)(ii)(A)]

Security Management Process — Risk Management  [§164.308(a)(1)(ii)(B)]

Starting in the Fall, Business Associates will be up for review.

I wonder if any SOS customers or readers of this blog have been selected for audit. If so, we hope you will share your experience.

I tend to keep things. When it comes to records, I would always rather be safe than sorry. The outcome of this preference is that untoward amounts of paper wind up in our file cabinets.

The ability to scan records for electronic safekeeping has begun to ease this tendency to accumulate. However, because it takes so much time to do the scanning and shredding, the task gets put off and becomes very large.

A few years ago, we had an office-wide clean up, throw-away day. While we devoted one full day to the process, we had actually been doing the tasks over several days and ended with one final event. We brought a couple of tons of paper, old computers, old books and software manuals to our local recycling facility. It was a very satisfying process.

Do you have policies for the records in your organization? Do you know what your state requires for record maintenance? For how long must you keep business records? What about clinical records? Do you have procedures for purging old records of any kind? Or do you just hang onto everything like me?

Please share your thoughts about and experiences with record retention and destruction. I would love your suggestions for how to make this process less onerous! Just enter your comments below.

Christiana Care is an organization that already uses evidence-based care across their organization. They had previously embedded psychologists in their neurology, cardiology and cancer departments. Now they have added psychologists and social workers into their primary care practices.

Linda Lang, M.D., chair of the department of psychiatry at Christiana Care makes the following suggestions for organizations considering such a move.

Integration best practices

For fellow health systems considering whether to integrate behavioral healthcare into their primary practices, Lang offers the following advice:

Be flexible. For behavioral health specialists who are used to sitting in an office, working in a primary care setting can be a jolt.

“It’s a much more fast-paced, ‘anything can happen throughout the day’ kind of thing,” Lang says.

Define expectations. Primary care and behavioral health specialists who will be collaborating need to clearly define their respective roles in their working relationship.

“Helping primary care doctors understand what they can expect from the behavioral health provider is important,” she says. “Some primary care doctors really want to manage their patients fully. Others prefer to have a collaborative approach.”

Understand the value of staff buy-in. When presented with the integrated model, caregivers at Christiana Care were receptive, which helped with implementation.

“We were able to get our psychologists and social workers to sign on for something new and exciting, knowing we were meeting the needs of folks in a much different way,” Lang says. “Training and buy-in are very important for this to be successful. There are some of us who have been doing a certain model for a long time. We have a group of people here interested in learning new models of care. Medicine changes all the time. We practice an evidence-based way of delivering all care, and there’s lots of evidence to show this works better. We all are of similar mindset that we want to do what’s best for the patient. We want to grow and learn new techniques.”

Working in a traditional medical setting is not yet usual for behavioral health specialists who are not psychiatrists or nurse practitioners. It is clear that this is one model for comprehensive patient care that will expand.

What do you think it will take for behavioral health and primary care practitioners to find comfortable and useful ways of practicing together? Please share your comments below.