Healthcare Compliance Tips
Coding & Billing Risks [Healthcare Compliance Tips]
OIG Federal Register 2000 [Healthcare Compliance Tips]
Healthcare Compliance Tips
Coding & Billing Risks [Healthcare Compliance Tips]
OIG Federal Register 2000 [Healthcare Compliance Tips]

Cybersecurity & Breaches [Healthcare Compliance Tips]

Educate your staff about cybersecurity and breaches.

As we end our series called “Compliant or Complacent: How to Upgrade Your Routine,” you must remain uncomfortable and concerned about:

Cybersecurity & Breaches

Cybersecurity and breaches are a hot topic.

Unfortunately, what worked years ago will not be effective in protecting patient information currently. News reports are consistently talking about cyber-attacks on healthcare more than any other industry.  Even though it appears larger entities are at increased risk, even smaller practices must prepare for a possible attack.

The first step is enacting an appropriate checks and balances system immediately.  Remember, you can’t protect your practice against cyber-attacks if you lack the education about the subject.

It is ok to depend on your IT team.  But doing your own research is a must, so you can be involved in the protective measures they are enacting within your practice.  Once you are informed, you can share this with your team through scheduled training sessions.

The following are ways you can increase your knowledge about cybersecurity and breaches:

Ransomware Fact Sheet & Cybersecurity Checklist

The ransomware fact sheet and cybersecurity checklist share pertinent information about how to prevent and respond to an attack.  Both should be printed and used as a quick reference.

HIPAA Breach Notification Rule

The HIPAA Breach Notification Rule requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Familiarize yourself with the requirements and create policies and procedures to address this rule.

The HIPAA Breach Reporting Tool (HBRT)

The HHS and OCR released this updated web tool on July 25, 2017.  The tool features provide education about breaches, a mechanism for reporting incidents, and tips for consumers.  HHS and OCR will continue to improve the tool’s functionality and features.

Series Conclusion:

Ask yourself:

Is my practice compliant or complacent?

I know this question is tough to answer.  It will require you to reflect on past decisions and challenge you to see things you don’t want to deal with.  But the answer will save you from excessive government investigations, audits, public scrutiny, and financial woes.

Just because your practice appears successful and payments are flowing in regularly doesn’t mean you’re compliant.  Audit, update, and monitor your compliance program regularly.  Celebrate wins, but staying a little uncomfortable after the win will take your team to the next level.

Complacency is a dangerous place to be.  If you don’t believe me, watch or read the news where you find organization after organization subject to government take-downs.

Don’t lose sight of your entrepreneurial dream due to complacency.  Protect your practice. Your legacy depends on it!


**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties.  Research, modify and tailor the advice to fit your specialty.

Joi Sherrod, MPH, CPC, CPCO
Joi Sherrod, MPH, CPC, CPCO
Joi is an educator and owner of JNC Healthcare Compliance Group. After working for distinguished academic teaching hospitals and clinics, she is passionate about helping medical, dental, and behavioral health practices rethink healthcare compliance one trend at a time. Contact Joi at