New Name, Same Great Service

At DataFile Technologies, we’re always growing and learning, and in that spirit, we’ve renamed our Clinical Services department “HIM Services.”

  1. “Clinical Services” was the name originally given to our wide range of remote back office filing, forms, document management and revenue cycle management services. It was meant as a way to indicate that we support YOUR clinical efforts with helpful and timely file indexing, routing and data entry, among other duties we can perform. However, when it comes to providing anything “clinical,” you’re the experts! So as not to confuse anyone, we felt a name change only made sense.
  2. HIM Services is the new name – and is a much more fitting descriptor of what we do every day for our clients. Our health information management team works remotely but operates as seamless members of your staff to complete your HIM functions.
  3. More and more, healthcare practices and organizations are looking to streamline their operations and leverage niche back office services to gain efficiency, maintain or improve accuracy and manage budget. Health information management is a key area of opportunity to outsource, especially as providers look to optimize their staffing budgets with more clinical professionals and customer-facing staff.

If you haven’t checked out our new Health Information Management services, you’re missing out! Talk with your Client Experience Manager to learn more about what our HIM Services team can do to make your life easier today.

Secure Access to Record Requests

As expectations for data availability and real-time updates on healthcare information continue to rise, it’s critical for health information management companies like DataFile to lead the industry in providing better insights. We care a lot about our clients and your need for information and transparency, so our IT team rolled up their sleeves and developed a Client Portal that addresses the gap in visibility, giving your practice valuable information… and peace of mind. Our Client Portal provides access to status updates for release of information (ROI) requests that we’re processing. You’re able to login to your customized portal to track the progress of ROI requests and see first-hand the work being done on behalf of your practice.

What does the Client Portal show me?

You can access updates for ROI requests, and once a request is completed, you’ll see detailed information regarding the requester and how the file was distributed. A copy of what was released is also attached.

What about HIPAA security?

The security of your patient healthcare information is our top priority. Our IT team developed the portal on a secure Microsoft Office 365 platform. The portal underwent multiple security reviews and was developed utilizing industry best practices to ensure secure sign on through the cloud-based service. Users are required to undergo Multi-Factor Authentication (MFA) and abide by password expiry policies. Additional security measures are provided with compliance auditing capabilities that our team actively monitors. These audits can be performed at the file level to tell you exactly who has reviewed a specific patient’s file.

What changes now that we have the portal?

The great news is that the portal is an EXTRA way to help clients and provide visibility. Clients are always welcomed to “Defer to DataFile” and direct inbound status inquiry calls to our friendly customer contact team. The portal is simply an additional way for you to easily find out where requests are and when they’re processed. Interested in receiving a demo of our portal? Send us an email and we’ll get back with you quickly to schedule an appointment.


DataFile’s Out and About in October — Come Say Hi!

If you’re anything like us, you can’t believe it’s almost October. With fall here, we are gearing up for a very busy conference month!  Come see us out and about at these conferences the first half of October:

eClinicalWorks National Conference — October 6th – 8th – Grapevine, Texas:

Kicking off the month, we are breaking out our boots and heading south to the heart of Texas to join our partners at eClinicalWorks for their national conference. This event is a great opportunity for  eClinicalWorks’ users to gather and share best practices and trends.

Stop by booth 624 in the Longhorn Exhibit Hall, and let’s talk the difference between Texas BBQ and the real stuff from our home here in Kansas City. We all know they’ve got nothin’ on KC BBQ! If you’re an eClinicalWorks user and haven’t had the chance, take a look and make sure and schedule a time to stop by and see us!

MGMA National Conference – October 8th – 11th – Anaheim, California:

From the heart of Texas to the home of Disneyland, we’re logging the miles. We’re excited to be a part of the MGMA National Conference again this year in beautiful Anaheim, California. Some of the brightest minds in healthcare practice management will be lighting the halls with ideas and forward thinking under the glowing Southern California sun.

We’ll be at booth 740 where this year we have one of our subject matter experts, Melissa Mitchell, there to answer all your questions on optimizing your workflows to increase revenue and increase efficiency – make sure and schedule your appointment to speak with her today!

Last, but certainly not least, make sure to check out our Regulatory Compliance Advisor Kathryn Ayers Wickenhauser sharing her wisdom on Violation or Breach? Identify and Report HIPAA Incidents. Make sure to check out the interview she did with Shannon Geis of MGMA about unauthorized disclosures to make sure you’re prepared.

AHIMA National Conference – October 8th – 11th – Los Angeles, California:

We’ve decided to open a West coast branch for this week since Southern California is the hotspot for healthcare conferences. The City of Angels is where you will find the HIM gurus, and of course, we’ll be right there too at the AHIMA National Conference.

Stop by and see our team to check out our newly revamped candy buffet and a few other special surprises — hint: we want you to take time to relax 😉.  We have special early entry passes for the exhibit hall – so make sure and schedule an appointment to get in early and beat the rush!


View our entire events calendar and see where else you can see us in October. Not heading to fall conferences? We’d still to talk with you. Schedule a time to meet our team as they travel to your area or book a time to speak by phone.


HIPAA and Harvey: Prepare for When Disaster Strikes

HIPAA requires Covered Entities (CEs) and Business Associates (BAs) protect patient privacy and follow a specific set of standards to disclose protected health information (PHI). But what happens in an emergency situation? Does HIPAA still apply?

The recent visibility and impacts of the hurricanes Harvey, Irma and now others have caused healthcare organizations to pause and question — Are we ready for an emergency situation like this?

Emergencies can vary in size – from a simple power outage as the result of a storm, to a total loss disaster situation as the result of a tornado, hurricane or fire. Disaster can strike at any time, and healthcare organizations know they need to be prepared. However, their level of preparedness and the soundness of their disaster planning can vary as widely as the emergency itself. Moreover, organizations often don’t know the quality and accuracy of their plan until it’s tested in a real-life emergency.

As part of the Security Risk Analysis process, organizations assess and prepare for contingency plans, which include both emergencies and disasters.  For instance, inclement weather could warrant an organization kicking off their Emergency Mode Operations Plan, but a fire could create a need for an organization to implement their Disaster Recovery Plan to restore and safeguard PHI.

Even though organizations annually review and plan for both emergencies and disasters, executing the plans in real life reveal opportunities often overlooked in preparing for disasters. Practice Administrator Michelle Yarnell, of Pediatric Associates of Southwest MO, LLC, recounts while her organization did contingency planning, it was difficult to see elements missing from their planning until their office was destroyed by the 2011 EF5 tornado in Joplin, Missouri. “We certainly learned a lot,” Michelle said.  “We were operating in a temporary office setting for about two years – longer than we expected.”

Recent events including both hurricanes Harvey and Irma have sparked additional conversation regarding ways organizations can be prepared for situations when they need to utilize their contingency plans.  There are four opportunities healthcare organizations have to prepare for an emergency or disaster situation.

  • Network Now, Call in the Calvary Later
  • Store Retired Equipment
  • Maximize Where Your Data Is Stored
  • Deploy a Remote Team

Learn how DataFile can help you evaluate your current Security Risk Analysis and provide feedback on your emergency and disaster preparedness. You can also find out how to create efficiencies in your office and discover ways to maximize your staff for patient-facing activities – even when there’s not a disaster. Request a demo or a free cost analysis now.

The Importance of Being Intrapreneurial

As we continue our core value series, we come to one that may be the most unique – and important. “Be Intrapreneurial” is DataFile’s third and final core value. No, it’s not a typo – we didn’t mean to say “entrepreneurial.” Here’s how we define “intrapreneurialism” at DataFile:

Be Intrapreneurial – Own Your Career Satisfaction
This is a place where you can own your role, your space, your growth plan, your mistakes, your learning-opportunities, your outcomes, and your relationship. Take ownership to achieve impact, results and success.

Being “intrapreneurial” may seem self-serving to the team members within DataFile, but it’s actually equally beneficial to our clients. The more our staff takes ownership of their work and wants to improve all aspects of their environment, the better our services will be for our clients. As we can all relate, when a staff feels disengaged or limited, their attitude suffers, work ethic is diminished and their ingenuity is stifled. We recognized that early on and sought to proactively address the challenges with this unique third core value.

Here’s what the concept of intraprenurialism means in the day-to-day at DataFile and how we translate the core value into actionable information for the team.

  • Adapt and overcome
  • Take ownership of objectives and your contributions, no matter how big or small
  • Find ways to make yourself, our company and the customer better/stronger
  • Be aware of your professional brand as well as the company’s image – nurture and build both
  • Be conscientious and prudent with time and money – yours, the company’s and the customer’s
  • Take initiative to meet/exceed goals and improve the way we do things

You’ll notice these aren’t passive platitudes about customer service – but rather calls to action for the team to lead, own and innovate within their own role to benefit the customer, the company and themselves. We have a passion for action, which is rooted in training, developing and promoting our team and is the reason we focus on the core value of being intrapreneurial. Strong team members at every level who feel empowered come to work are more satisfied, stay more engaged and produce higher quality work with far fewer errors – exactly what you want in a health information management staff! Those same motivated and well-educated team members also become the leading subject matter experts, providing management, oversight and audits to continually improve the work product and ensure you’re receiving the optimal service.

Along with the other core values, “Be Intrapreneurial” rounds out what we feel is critical to an employee-lead culture of excellence. Our first two values, Be Authentic, which shines a light on genuine and true communication, Be Engaging, where employees are encouraged to focus on listening and being proactive, serve as a strong foundation. For our team, the charge to take ownership and be intrapreneurial underscores the importance of empowerment and makes every one of us focused on what we can do to serve our clients each day.

Staffing Hourly Healthcare Employees: Is It Worth the Investment?

Staffing hourly employees in the healthcare environment is the industry norm – but there’s nothing “normal” about it. Some days are an adventure, and other days seem like a soap opera. The reality is hiring and managing hourly staff can be an arduous task for any healthcare leader. Inherent in entry level positions or jobs with modest hourly compensation are myriad challenges such as high turnover, performance issues, attendance problems, etc. Even when you have great people, managing a staff of hourly employees is often burdensome because it’s time-consuming and introduces a host of potential considerations, challenges and compliance risks, especially when your hourly staff handles your PHI and other sensitive information.

Just what are the impacts on today’s healthcare professionals when leveraging hourly staff and how can managers create efficiencies, reduce the management burden and eliminate the compliance risks? Read on to learn more.

Time Commitment

Managing people takes time. A lot of it. Although technology is well-incorporated in the industry, healthcare staffing can never be fully automated and will always require management. While seemingly lower cost to your practice, hourly employees require more time-consuming tasks to manage such as time-tracking, resolving employee conflict, creating and maintaining engagement programs, etc. All of these efforts are valuable areas of focus but require time and attention and take the priority away from other key objectives, not least of which is providing great patient care.

In Their Absence

You love your employees, and giving them allotted vacation time for things like sick-leave, child emergencies and vacations all factor into your hourly employee’s benefits package. Unfortunately, most healthcare providers can’t afford to have tactical redundancies in place with staff, so when your hourly employees take time off, the rest of your in-house salaried and clinical staff will need to pick up the slack of the “off” employee’s duties. Even the practice admin leadership might get called in to help catch up. Pulling your already stretched staff away from their original tasks erodes employee satisfaction and distracts everyone from cultivating the right environment for your patients.

Onboarding Is Just the Start

Staffing changes seem to come in waves. Once one leaves, it’s not uncommon for two more to follow suit. Let’s say you’ve just experienced a recent strain of unexpected turnover, but you have several new employees starting, ready to relieve the burden on your remaining staff. Can’t you feel the pressure lift? Hold on. Before you can truly relax, your new staff needs to be trained.  There’s at least a day or two of paperwork to review, several days of training to provide (in a perfect world), and a steady hand needed from you as your new employees get into the swing of things. While it’s tempting to breeze past these things in favor of “learning on the job,” you owe it to your new (and current) staff to dedicate this time to the initial experience and to your new team’s subsequent success. The better trained your employees are from the start, the better your team can operate.

Training Never Stops

While the healthcare industry continues to innovate to find the most effective and patient-centered methods of practice, you and your staff are left with the never-ending task of staying up to date on the latest features inside the EHR and keeping up with the growing volume of documentation coming in as well as needing to go out. Added to the daily administrative responsibility is the need to stay abreast of the broader trends and laws governing healthcare and PHI. Although often excellent multi-taskers, your hourly staff often needs continuous training and oversight on the tedious back-office tasks inside the EHR.

The Extras

Being in a healthcare career generally means you care about people, which applies to your patients and your staff. As a conscientious employer, you want to provide your hourly staff with good quality health insurance and retirement plans – but the costs of those perks add up. In addition, they become more difficult to manage in more transient and high turnover positions. Just as you want to give your patients the best experience, you want to make the workplace exceptional for your employees by investing in them – and they will sense quickly if you’ve cut corners.

Space Race

While not the first consideration but certainly on the list – where to put all the people.  When it comes to staffing it’s important to ask yourself: do you have enough space for your team at your current staffing level? And is that still the case when you (hopefully) experience substantial growth? There’s also the considerations of real estate costs and/or whether your practice can afford the costs of updated workstations to save space.

Too Good to Ignore?

Managing people, especially hourly employees, can be a difficult task, even for those with considerable experience. While outsourcing may have historically been ignored as an option in healthcare, the realities of staffing hourly employees in the digital era of EHRs opens the door for a remote staff option. Working with a third party to augment HIM functions is becoming much more common – and cost effective – for healthcare organizations looking to simplify their operations, reduce compliance risk and focus their management time on patient care and growth.

We recently published a white paper on the challenges with hourly staffing and the options available to today’s healthcare systems and practices. Download a copy of the white paper today.

DataFile Technologies Expands Leadership Naming Joy Milkowski as CMO

Health information management provider adds a trailblazer in sales and marketing to lead growth initiatives

(Kansas City, Mo. – August 25th, 2017): Health information management solutions leader DataFile Technologies today announced the addition of Joy Milkowski as Chief Marketing Officer. Milkowski’s appointment to the CMO position marks the significant growth opportunity DataFile sees in health IT and medical staff augmentation as the industry moves toward consolidation and interoperability. This addition to DataFile’s leadership team will provide direct influence on marketing strategy, indirect channel partnerships, business development and sales.

“DataFile’s growth opportunities are almost limitless,” said Janine Akers, CEO. “And with a visionary leader in sales and marketing like Joy, we feel well positioned to capitalize on the growth we can predict and, more importantly, seize new channels and revenue opportunities we haven’t even considered yet.”

In addition to leading the sales, indirect channel and marketing efforts, Milkowski is tasked with collaborating with the research and development team at DataFile to bring new service lines to market as well as leading a team that is exploring new strategic initiatives including interoperability and automation.

Prior to her post at DataFile, Milkowski was the founding partner of Access Marketing Company, a full-service marketing agency providing strategy, management and tactical execution for business-to-business clients.  Among other clients spanning the healthcare, IT and telecommunications industries, Milkowski served as a consultant and resource for DataFile periodically over the past 12 years. Her background as an entrepreneur and focused experience in marketing and business development strategy, and her intimate knowledge of DataFile’s solution suite, enables Milkowski to pursue DataFile’s aggressive growth goals while balancing day-to-day leadership responsibilities.

“As fast as healthcare evolves and shifts, we at DataFile have to stay one step ahead,” said Milkowski. “I’m excited to have the opportunity to share the brand, message and outreach efforts that enable our growth and ensure our success.”

About DataFile Technologies

DataFile Technologies, headquartered in Kansas City, Mo., provides turn-key solutions to streamline, standardize and centralize health information management and clinical workflows for healthcare organizations of all types and sizes.  For more information, please visit

United in Uncertainty: Shared Experiences from ACE 2017

As a proud partner of Allscripts and eChart Courier, the DataFile team was excited to attend ACE 2017 in Chicago last week. We were grateful to meet with so many of our clients, partners and friends face to face, sharing conversation and stories which ran the gamut across all facets of healthcare. Through our conversations one theme was truly apparent: uncertainty. So many of the attendees we met with are in a time of uncertainty right now. With the many changes in healthcare spanning from regulatory transformation to reimbursement or even technology, groups of all sizes are sharing very similar experiences, and it seems no practice is immune. Through our interaction with ACE attendees, we heard three common themes regarding uncertainty, including:

Keeping the Doors Open:

While working in the HUB, we were approached by a physician of almost 20 years sharing his powerful story. He came to us asking what we do and we shared the mission of DataFile to provide relief from administrative health information management tasks. From there he looked up with a sadness in his eyes and visible tears forming. This physician who had been in his own practice for over half of my life stated: “This would have been great, but unfortunately it’s too late.”

Not fully realizing what he meant, I asked why? He then opened up and admitted with all of the changes he is facing along with the increasing cost of labor, supplies, technology and regulations, he is in the process of closing his doors. He stated there was no way to get out of the hole and be profitable as a single provider practice.

It was heart-wrenching to be on the receiving end of this story; experiencing this man’s pain as he took a chance and continued independently, despite the uncertainty of the future of healthcare, and unfortunately was not able to remain profitable. While this provider experienced the ultimate defeat, other attendees expressed concern over remaining independent in concurrence with the many changes currently occurring in healthcare.

Changes in Reimbursements:

While speaking to an administrator for a small pediatric practice, we had a great conversation on reimbursement. She stated essentially pediatrics is considered the bottom of the financial barrel when it comes to financial reimbursement. Being mostly immune from MACRA/MIPS is a double-edged sword. While the costs of reporting and having the proper staff to maintain regulatory compliance for MACRA/MIPS aren’t there, they also aren’t receiving the financial benefits other specialties receive to offset other costs in the practice.

MACRA/MIPS reimbursement as it stands currently are geared toward the older population, as the program is governed by Medicare. Rarely is Medicare utilized by those under the age of 18, as typically if a child is on assistance they have Medicaid. She discussed with us the unique challenges they share as a practice and their need to see as many patients as possible in a day just to be profitable enough to keep the doors open.

Luckily for this practice, there may be a light at the end of the tunnel, though it’s uncertain when the help will arrive. We discussed that typically when CMS makes a change private payers do follow suit. Despite the uncertainty of when the private payer change will occur, their goal is to hang on as long as possible, whether that be by making staffing cuts or hiring additional physicians without hiring additional support staff, in order to see as many patients as possible. Regardless of the size of practice, many organizations expressed concern over the great unknown of MACRA/MIPS and its impact to reimbursement.

Financial Challenges Lead to Staffing Reductions Which Leaves No Plan B:

While it may seem at times the brunt of the changes falls on the shoulders of small practices, that’s not always the case. In order to succeed financially, staffing reductions have occurred at some of the largest health care systems in the United States.

With the adoption of new technology which has been acquired to handle functions which have needed a human touch previously coupled with a decrease in staff, what happens when the new technology fails? There’s uncertainty as to who is available to help remedy the issue.

We spoke with a large health system with thousands of employees where technology failing had just an issue they experienced. When their dictation system was unable to input data into patient charts as it had been expected to, employees at this system were left struggling to handle the problem. With thousands of providers relying on these teams to ensure the data was in the system appropriately and clinical staff already stretched to deal with immediate needs like patient care, the team was left scrambling for alternatives. Ultimately, the system was left with no choice but to hire costly temporary medical staff to handle structuring of discrete data and deal with backlogs of information which was unavailable to physicians for patient care, ultimately causing headaches and increased costs. In an increasingly technology-driven industry, technology fails impact patient-care and an organization’s bottom line.

While DataFile was fortunate to interact with many attendees, these three stories resonated with me as examples of larger themes we heard regarding uncertainty. Three different stories, from three different sized groups, from three different parts of the United States. While we are facing an era of somewhat unknown in the future of healthcare, we are united by our shared experiences and narratives. We love hearing your stories, and sharing strategies on how we together can mitigate current issues to the best of our ability. Regardless of the future of healthcare, DataFile remains committed to advancing healthcare delivery and allowing practices to do what they do best – care for patients.

Requirements of a Comprehensive Security Risk Analysis

HIPAA requires covered entities and business associates conduct a Security Risk Analysis (SRA) to ensure compliance with addressable and required elements of the HIPAA Privacy and Security rules. The intent of the SRA process is to identify where protected health information (PHI) lives in both physical and electronic form, to assess risks and vulnerabilities to that PHI, identify current measures through any supporting policies and procedures, and as necessary mitigate and address the identified risks.

As the Office of Civil Rights (OCR) begins to audit Security Risk Analysis documentation and value-based reimbursement programs require a current SRA for participation, completing a comprehensive SRA is more important now than ever. While the components of completing a Security Risk Analysis are not new, it can be difficult to grasp a concise picture of the process. Best practices and considerations for completing a comprehensive SRA are aggregated and outlined below.

Why Analysis instead of Assessment?

While the terms Security Risk Analysis and Security Risk Assessment are often used interchangeably, Security Risk Analysis is the preferred name.  The HIPAA Privacy Rule includes the concept of a Risk Assessment, or analyzing a breach of PHI to determine if there is a low probability of compromise to the unauthorized PHI. As utilizing the term Security Risk Assessment could create confusion between it and the breach Risk Assessment, the term Security Risk Analysis should be utilized when discussing the SRA process.

Requirements of a Security Risk Analysis

There is no required format of a Security Risk Analysis, however, there are specific components which should be considered and included while conducting a SRA.

Timeline for Execution

It is strongly recommended (and required by value-based reimbursement) a Security Risk Analysis is conducted or reviewed on an annual basis. Because of calendar year reporting requirements, many organizations conduct one SRA per each calendar year. While not required by HIPAA to be completed on an annual basis, evaluation of the SRA should be done periodically as the organization’s environment or operations may change, and documentation should be updated appropriately to indicate those improvements or changes.

Required versus Addressable

Various elements in HIPAA are labeled as “required” or “addressable”. If an element is labeled as required, it must be implemented. If an element is labeled as addressable, the organization must implement either the measure or an equivalent measure.  For instance, encryption is considered an addressable element.  If an organization chooses not to implement encryption, they must implement an equivalent standard and explain why the initial element is not reasonable and appropriate in their organization.

Threat Identification

A major component of the Security Risk Analysis process is identifying possible threats to the practice and PHI.  Typically, threats can be natural, human or environmentally based.  Overall, a threat can take advantage of vulnerabilities in the organization if not properly addressed.

Current Controls

One of the most critical components of a Security Risk Analysis is documenting what the organization is doing to satisfy both the required and addressable components of HIPAA.  The organization may identify the current or suggested control as a statement.  Additionally, the organization should highlight what policies and procedures are in place to support the control.  Finally, the organization should identify if there are any known gaps or vulnerabilities with what the organization currently has in place.

Associated Risk

As the organization assesses the associated risk of the control, they will analyze the likelihood of the threat, the organizational impact if the threat were to occur, and the overall risk determination. Many organizations use a stoplight analogy for assessing risk; low risk is equivalent to green, medium risk is yellow, and high risk is red. The classification of risk by color assists an organization in determining and prioritizing their risks as well as their mitigation plans.

Work Plan

As a result of the Security Risk Analysis process, the organization should produce an action plan document which allows them to work on the risks identified in the time prior to the next SRA, frequently referred to as the Work Plan. This document often lives in a spreadsheet, and allows the organization to assign responsibility for mitigation to the identified risks though the SRA process. Furthermore, this document shows progress on addressing identified risks in the time between Security Risk Analyses, something the Office of Civil Rights is looking for in their recent audits. Most organizational Work Plans include the identified threat, current controls, identified vulnerability, likelihood, impact, risk rating, suggested controls, along with an additional column for progress made in addressing the threat.

Value-Based Reimbursement Programs Requiring a SRA

When the Meaningful Use program deployed in 2011 from the Center for Medicare and Medicaid Services (CMS), providers were met with a requirement to perform a Security Risk Analysis in order to participate in the program. The SRA obligation has continued to be a mainstay in quality reporting programs, as it carried through each version of Meaningful Use and is now found as a requirement in the Merit-Based Incentive Payment Systems (MIPS) Advancing Care Information (ACI) measures.  For MIPS, if an organization does not conduct a SRA in the time before or during the reporting period, they receive no ACI category points. The presence of the SRA as a required element in these programs to receive reimbursement illustrates the importance various government agencies like HHS, OCR, and CMS place on the value of the SRA process.


Resources for Completing a Security Risk Analysis

A Security Risk Analysis can be conducted in-house or by an external party.  HHS produced a SRA tool and guide to facilitate the process among smaller organizations.  However, HHS warns the SRA is only as good as the quality of information inserted into the tool. As the process to produce a SRA can be quite cumbersome and overwhelming, it can be worthwhile to use an external party to assist an organization in producing an SRA. Frequently, healthcare attorneys are capable of working with a healthcare organization to produce a SRA, as well as an information technology managed service provider.  In either case, it is critical the external party has experience in conducting a SRA. Other third-parties exist who specialize in HIPAA requirements, like the Security Risk Analysis process.  These organizations typically have extensive experience in gathering and assembling documentation to tell the story of an organization through the Security Risk Analysis.  Some organizations even use a combination of the above methods, reviewing and updating documentation internally some years, and utilizing external parties for conducting the SRA in the alternating years.

Regardless of what methodology an organization chooses for their Security Risk Analysis, it is critical to have an external party at some point review the documentation to assure it meets the expectations of the Office of Civil Rights. Organizations can often fill in holes in documentation with their own knowledge, but an external party can identify those gaps, allowing the organization to improve their documentation in case of an OCR audit.



Overwhelmed by the prospect of completing a Security Risk Analysis before the end of the calendar year?  DataFile Technologies can help! Learn more about our DataFile Security Risk Analysis service.

The Importance of Being Engaging

Don’t let the “technologies” in our name fool you. While we embrace and utilize technology to complete our work, DataFile’s main business is people. Without people, we wouldn’t exist, and as with any relationship, being engaged is key. We rely heavily on proactively cultivating a positive connection and using our communication skills to build and maintain relationships between employees, partners, clients and prospective clients.

In order to achieve continued success in our relationships, we rely on a practice of well-planned engagement, which is why DataFile’s second core value is “Be Engaging.” For us, that means “Ask for help. Offer Help. This is a place that fosters the spirit of asking for help and offering it to others. To ask for help is to gain wisdom. A valuable trait of an engaging team member is to encourage, support and collaborate with your colleagues to achieve team success.”

Day-to-day here at DataFile this core value manifests itself in a few key ways:

  • We’re constantly encouraging the team to ask for help if they need it.
  • In the same vein, we are equally focused on offering proactive help to each other and our clients when we can.
  • Rather than settle for “good enough” – we’re always looking for ways to improve.
  • If one person experienced an issue, chances are more will follow. Share the lessons we learn, and if we fail, fail forward.

Janine Akers, CEO of DataFile, has an interesting take on being engaging. “Everyone will OFFER help as good stewards of our community… but growth, success and stellar customer experiences happen when people feel comfortable that they can ASK for help.”

Originally, we only promoted this concept internally, but we’ve realized good engagement is a founding principle in our service to others. True, purposeful engagement shows strong benefits for those on the other end of the phone, email or board room. Being engaged with our clients is more than just promoting open lines of communication and responding. There are numerous ways that we actively work to be engaged with our customers and partners, including…

Offer Proactive Solutions

We don’t wait until a problem happens – we strive to foresee potential risks, identify recurring challenges and find opportunities to lend a helping hand. Our proactive approach prevents problem-clusters from forming on your end or ours, and keeps issues from springing up down the road.

Raise a Hand to Problems

We’re constantly encouraging our team members to ask for help if they need it; raise your hand and fail forward, we like to say. DataFile employs the same tactic with our customer relationships. Although it doesn’t happen often, when we do cry “UNCLE!” we’re interested in gaining a solution and learning from our mistake. What’s more, we realize that if one person is experiencing an issue, that’s our cue to share our lesson and continue to grow together.

Success Is Everyone’s Job

Our goal is to enable practices across the country to perform at their most efficient, so provider and staff focus can be on the things that matter, like patient care. DataFile sees success coming not through competition but through collaboration that can grow and advance. Rather than settle for “good enough” – we look for ways to improve as a team. And there’s never a time to say, “That’s not my job.” Performing for our clients and working as a team, no matter how big or small the task, is everyone’s job!

“Be Engaging” is the second core principle that DataFile honors, but it is definitely not second in value. A culture of open communication and proactive engagement has cultivated the best experience for our customers, not to mention our industry leading compliance, accuracy and turnaround times on requests. In addition to our first core value “Be Authentic”, being engaged has allowed us to form lasting professional and personal relationships that go well beyond our products or services.