1 / 26

How to sell HIPAA Secure Now! (and increase your sales and profits!) May 2015

How to sell HIPAA Secure Now! (and increase your sales and profits!) May 2015. HIPAA and HSN. This presentation assumes you have a good understanding of HIPAA. You can learn about HIPAA from a variety of sources, including the training provided by HSN.

cherlin
Download Presentation

How to sell HIPAA Secure Now! (and increase your sales and profits!) May 2015

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How to sell HIPAA Secure Now! (and increase your sales and profits!) May 2015

  2. HIPAA and HSN • This presentation assumes you have a good understanding of HIPAA. You can learn about HIPAA from a variety of sources, including the training provided by HSN. • This presentation also assumes you understand the HSN product. • If you are not familiar with either of the above, please spend a few minutes learning, and come back to view the rest of this presentation.

  3. HIPAA: Who is affected? Myth: We are a small organization so we don’t have to worry about HIPAA • All HIPAA regulated organizations (Covered Entities) must comply with HIPAA regardless of size: • Chiropractors -- Dentists -- Health Insurance • Physicians -- Podiatrists -- 3rd Party Admins • Hospitals -- Psychiatrists -- Self insured orgs • Who is regulated? ANY organization which accepts insurance whether private (Aetna, Blue Cross, etc.) or government (Medicare / Medicaid) must comply with HIPAA regulations. • HIPAA compliance is an ongoing process

  4. HIPAA: The Past • Most medical records were on paper; now they are electronic and online • In the past breaches primarily occurred with hospitals and health insurance companies • There was no enforcement for small practices • Smaller organizations were not compliant

  5. HIPAA: What is the problem today? Increasing cyber-security threat Lots of medical data online

  6. HIPAA: What is the risk? • Permanent HIPAA Random Audit Program • Will begin 1Q/2015 • 500 – 800 organizations of all sides will be audited • Will include both covered entities and business associates • HHS - OCR will use fines to fund its budget “A major weakness found during the pilot audit program, as well as through OCR breach investigations, has been a lack of thorough risk analysis” Leon Rodriquez OCR Director

  7. HIPAA: What is the risk • Meaningful Use Audits Are Already Underway • Audits by both CMS and OIG • Pre and Post Payment Audits • Doctors have been fined and forced to return payments • 1 in 20 (5%) participants (doctors not practices) • Failure Triggers • Inaccurate submissions • Missed Requirement: Conduct or review a security risk assessment of the certified EHR technology, and correct identified security deficiencies and provide security updates as part of an ongoing risk management process. • Patients and employees are filing HIPAA complaints • HHS-OCR must formally investigate complaints that appear to be due to willful neglect

  8. HIPAA: What is the risk 4. Cost of remediating a breach Ponemon 2013 Cost of Data Breach Study: Estimate $233 per record – not including penalties Indirect Costs • Turnover of existing customers- Loss of customers / patients • Diminished customer acquisition- customers / patients not using a practice (Reputation is damaged) Direct Costs • Detection and escalation costs– legal, forensics investigative activities, crisis management activities • Notification costs- IT activities to create contact database, determination of regulatory requirements, postage, etc. • Post data breach costs - help desk activities, inbound communications from customers, identity protection services, etc.

  9. Cost of Breach: Reputational Damage

  10. HIPAA: What is the risk? HIPAA Penalties

  11. HHS Wall of Shame • Over 1200 reported breaches of 500 or more records since 2009 • Breaches for all types of CEs and BAs • SALES TIP: Use the list of violators in your state as a sales tool

  12. HIPAA: Real Life Penalties • Alaska Mental Health Provider- $800,000 – no malware patching; using Windows XP • Mass Dermatology Office -- $150,000 – lost unencrypted thumb drive • Idaho Hospice -- $50,000 – use of unencrypted laptops • Arizona Cardiology Practice -- $100,000 – use of unencrypted email and online calendar • Mass Opthalmology Practice -- $1.5 Million -- use of unencrypted laptops • Colorado Pharmacy -- $125,000 – improper disposal of medical records • In all cases the penalties were imposed due to lack of policies and/or Security Risk Analysis • REALITY: HIPAA FINES, AUDITS AND BREACHES ARE ON THE RISE

  13. How to Achieve HIPAA Compliance 4 major elements to HIPAA compliance: • Conduct an annual Security Risk Analysis and produce a Work Plan • Develop Policies and Procedures • Annual Employee Training • Documentation • HSN has all of the above

  14. Why can’t a practice do this themselves? From CMS: “Doing a thorough and professional risk analysis that will stand up to a compliance review will require expert knowledge that could be obtained through the services of an experienced outside professional”

  15. Security Risk Assessment • Biggest HSN differentiator • Follows NIST 800-53 guideline • Personalized interview with a HIPAA expert; not a checklist • HSN has implemented some of the SRA in software • A consultant will do it manually • HSN has a big cost advantage

  16. Other HSN Differentiators • Online training • Compliance Portal & Documentation • Financial Protection • Minimal time and effort required by practice • Affordability • Helps prevent data breaches • Over 2,000 SRAs performed • Audit Support • Over 50 CMS audits survived – no failures

  17. Affordability • Full Service Pricing – Annual Subscription • 1 – 10 Employees $999 • 11- 20 Employees $1,399 • 21 - 50 Employees $1,750 • 51-100 Employees $2,750 • 101-250 Employees $3,750 • It’s worth it to spend a little money today, to avoid potential penalties and breach remediation costs in the future

  18. Unique Benefit: Financial Protection • $100,000 HIPAA Breach and Violation Expense Protection • Breach Related Expenses • To Determine Cause • To Notify Affected Patients • To provide Credit Monitoring Services • HIPAA Federal or State Fines

  19. Overcoming Objections Objection: I can do it myself Answer: CMS recommends that small practices uses a professional Objection: It won’t happen to me Answer: Audits, penalties and breaches are on the rise. Do you really want to take the risk?

  20. Overcoming Objections Objection: I already have a service Answer: Do you have a professional SRA like HSN? Financial protection? How many audits has your provider defended? Objection: Meaningful Use is over, I don’t have to be HIPAA compliant Answer: You always have to be HIPAA compliant

  21. Overcoming Objections Objection: I did it last year Answer: You have to perform an SRA and train your employees every year Objection: My EHR company did it for me Answer: Chances are they haven’t. Get me a copy of what they gave you and I will take a look at it.

  22. Overcoming Objections Objection: A checklist is OK for a Security Risk Analysis Answer: That is not true. In fact, practices have gotten in trouble for assuming that is the case. HIPAA requires a professional SRA, along with an associated Work Plan to remediate security gaps.

  23. What do you have to do to sell? Get the client to a demo; it’s that simple

  24. How to sell HSN • A la carte, as a separate service • Bundled as part of a service offering • Referred; some partners prefer to have clients buy directly from us

  25. How to market HSN • Put it in on your web site • Repurpose our blog • Develop a partnership with: • Local medical association • Billing company • Practice management consultant • Healthcare lawyer • Insurance company

  26. So what are you waiting for?

More Related