See DataFile at HIMSS16 Booth #12749 while in Vegas

Large HIMSS16 ImageDataFile Technologies, will be exhibiting in Las Vegas at the HIMSS16 Conference and Exhibition, February 29 – March 4, 2016.

HIMSS16 is the best place to connect with other health IT professionals, clinicians, executives and vendors from around the world. More than 40,000 are expected at this year’s event which will include speakers, education, new products and numerous networking opportunities.

DataFile Technologies is pleased to offer a suite of medical records and clinical workflow solutions. DataFile Technologies mitigates HIPAA liability while providing services that require no integration, interfacing or on site resource consumption.

DataFile provides services that streamline, standardize and centralize workflows for healthcare organizations of all types and sizes.  DataFile is a turn-key solution that provides the following:

  • Remote Release of Information, Including Chart Reviews & Large Chart Pulls
  • Remote eFiling/Indexing of Faxes & Scans
  • Remote eFiling Plus (Structure Data, Order Reconciliation, etc.)
  • eForms completion (FMLA, Disability, etc.)
  • Paper Document Scanning & Conversion (EHR to EHR Conversion)
  • MU Consulting  & Audit Assistance

DataFile can be a fully remote, outsourced, and HIPAA-secure medical records department, or our solutions can be leveraged individually based on your specific needs.  We also provide solutions centered around Chart Abstraction and Security Risk Analysis.  Our goal is to help take the painful and high risk — yet required — functions away from your organization so your focus can be on patient care and high priority projects, all while eliminating HIPAA risk and liability.

HIMSS16 will be held at the Sands Expo Center in Las Vegas, NV.

Come see DataFile at Booth #12749.

New MU Exemptions for 2015 Reporting Periods

gavel and law-1063249_1920New Legislation This Week Intended to Offer Eligible Healthcare Providers Relief from Medicare Payment Adjustment Penalties

President Obama signed the “Patient Access and Medicare Protection Act” into law on Monday, December 28, 2015. Congress passed the bill the prior week as one of their final legislative acts before adjourning for the year.

This new legislation aims to alleviate stress placed on Eligible Providers (EPs) after the Modified Stage 2 Rule — which requires 90 consecutive days of EHR data reporting for 2015 — was released in mid-October. With the late release of the modifications, there wasn’t a full 90-day reporting period remaining in the 2015 calendar year and some healthcare providers didn’t have enough time to comply with the updates.

The statute makes it easier for Eligible Providers (EPs) to obtain hardship exemptions to the Modified Stage 2 Meaningful Use requirements for 2015. Under prior legislation, EPs could apply to the Center for Medicare and Medicaid Services (CMS) for a hardship exemption on a “case-by-case” basis.  This new legislation enables CMS to grant hardships to affected healthcare providers for 2015 impacting 2017 payment adjustments.

This new law extends the opportunity for EPs who’re unable to meet Meaningful Use for 2015 to apply for an exemption. To protect themselves from Medicare Part B Penalties that would be applied in 2017, EPs should apply for exemption by March 15, 2016.  CMS will continue to accept hardship applications after the mid-March deadline, but such applications will revert back to the original case-by-case review process.  More information regarding what the exemption process will entail is forthcoming from the Center for Medicare and Medicaid Services.

Have You Met Your Year-End HIPAA Requirements?

calendar-660670__180There are just a Few Days Left to Schedule and Complete Your Annual Security Risk Analysis for the 2015 Calendar Year 

With the introduction of the Meaningful Use Pay-for-Performance program in 2011, many healthcare organizations noted that they were required to perform an annual Security Risk Analysis (SRA) to meet the required objectives.  However, it is a misnomer that Security Risk Analysis is only required by Meaningful Use.

An annual Security Risk Analysis is required to be conducted or reviewed under HIPAA regulations (CFR 164.308(a)(1)(ii)(A)).  This means, in order to be HIPAA Compliant, healthcare organizations (including Business Associates) should analyze their Policies and Procedures in relation to outlined Administrative, Technical and Physical safeguards on at minimum an annual basis.

Why does this Security Risk Analysis matter?  In a world that is increasingly connected and more and more information is stored electronically, it is critical that healthcare organizations assess and understand their risks related to Patient Health Information (PHI).  At the beginning of 2015, the Office and Civil Rights (OCR) and Health and Human Services (HHS) announced they would begin HIPAA Audits of Covered Entities and Business Associates.  A key component of the audit will be the strength of an organization’s Security Risk Analysis.

Lahey Clinic in Texas failed to conduct a Security Risk Analysis and then had a laptop stolen from their premises.  As a result, last month (November 2015) HHS deemed that Lahey would be required to pay a fine an $850,000 fine and is subject to a corrective action plan, which includes a properly conducted SRA.  This is not uncommon – another major fine announced in November, included Triple-S Management Corporation and their associated entities.  Triple-S is required to pay a $3.5 million fine for lack of a Security Risk Analysis.

Overwhelmed?  Don’t know where to begin?  Let us help you!

At DataFile Technologies, we take pride in cultivating and connecting Healthcare Data Experts.  As such, we provide a variety of healthcare solutions, including Security Risk Analysis and HIPAA tools to address the annual Meaningful Use and HIPAA requirements.

To guarantee the delivery of an annual Security Risk Analysis by the calendar year deadline of December 31, 2015 DataFile must receive a signed engagement letter and payment from your organization no later than Tuesday December 15th.

For a customized quote, contact our Meaningful Use and HIPAA Compliance Consultant, Kathryn Ayers Wickenhauser, at Kathryn.Wickenhauser@DataFileTechnologies.com or at 816-800-0074.

Checks and Compliances

wallet-908569_1280Recent media focus on large data breaches involving laptop thefts or cyber hacking incidents has grown significantly, but basic incidents still abound and can pose greater threat to patients.

Recently, a conference attendee discussed an incident with our HIPAA Compliance Consultant, Kathryn Ayers Wickenhauser.  The attendee’s practice had several checks disappear en route to the bank for deposit.  The attendee questioned if this constituted a reportable HIPAA breach, because the checks were not necessarily written by patients, didn’t contain clinical information, nor did the practice know if the information had been seen or found by anyone.

It’s no surprise that clinic team members wanted to avoid labeling this as a breach.  Labeling this as a breach would mean answering to many patients who would be justifiably angry.  Further, because it was a batch of checks, it would require having to reconcile what payments were lost in the process.

Despite the instinct to turn and run, we must consider whether patient health information (PHI) is unsecured.  The Office of the Inspector General (OIG) defines health information as any form or medium that:

    1. Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university or health care clearinghouse; and
    2. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual.

We can garner that because at least some of these payments are for the provision of healthcare, it would be considered PHI.  In addition, although not clinical data, checks have addresses, names, and phone numbers — all patient identifiers indicating a patient is involved with the clinic.  If we are unaware of where the information is, we know the information is insecure and can safely determine that this is a breach.

As healthcare service providers, we have a duty to protect our patients.  The root of HIPAA is to protect patients and maintain integrity.  Although the checks may not include clinical information, or could have been for a purpose other than treatment, a batch of checks contain bank routing numbers, account numbers, names, and addresses on the check, allowing would-be thieves to write eChecks on the patient’s dime.  If we are to assume that releasing an annual check-up to an uncovered entity is a potential risk to the patient, we can certainly presume that releasing access to one’s bank account could be a potential risk as well.

This blog was recently featured as a “Guest Blog” on The Compliance & Ethics Blog and is a finalist to be re-published as a magazine article in a 2016 edition of Compliance Today.

Meaningful Use or Meaningful Confusion? Part 3 of 3

medical-moneyThis is Part 3 of our Three-part Blog Series, “Introduction of Stage 3,” which outlines the objectives finalized for Stage 3 under the October 16, 2015 Final Rule.

Meaningful Use was introduced as part of the HITECH Act as a means to encourage healthcare providers to adopt electronic health records, and also begin to shift to additional quality care metrics. Yet, since Meaningful Use began in 2011, there have been many critics who assert that the program does not achieve the meaning in Meaningful Use.  As such, there have been multiple iterations of the rule and the various stages.  We will present to you the latest changes that you need to know in this three part blog post series.

Part three of the series, “Introduction of Stage 3” outlines the objectives finalized for Stage 3 under the October 16th Final Rule.  You can view Part One of our series, “Changes for 2015” here.  Part Two of our the series, “Changes for 2016-2017” can be viewed here.

 

Optional 2017 Reporting and Required 2018 Reporting

Stage 3 will be available for attestation in 2017, although it won’t be required as previously thought. Eligible Providers will be given the option of attesting to Stage 3 in 2017 for a 90 day reporting period.  In 2018, all Providers, regardless of what stage they were scheduled to be on, are to attest to Stage 3 Objectives for a calendar year reporting period.  The optional year in 2017 will allow providers to “test the waters” with a shorter reporting period and begin preparing for Stage 3 before they are required to implement it.

 

Eight Objectives

Unlike previous iterations of Meaningful Use, there are no Core and Menu Objective Sets, only required Objectives. Modified Stage 2 set the tone by absorbing previous measures into one set of measures, a precedent that Stage 3 will follow. Stage 3 features many measures from previous of versions of Meaningful Use, often with higher thresholds and less exclusions.

 

Stage 3 Objectives Summary

Objective 1 Protect Patient Health Information Conduct a Security Risk Analysis within the Reporting Period (RP)
Objective 2 Electronic Prescribing More than 60% of permissible prescriptions written by the Eligible Provider (EP) in the RP are queried for a drug formulary and transmitted electronically
Objective 3 Clinical Decision Support 1 – Implement five Clinical Decision Support Rules related to four or more Clinical Quality Measures
2 – Enable Drug-Drug and Drug-Allergy interaction checks for the entire RP
Objective 4 Computerized Provider Order Entry (CPOE) 1 – More than 60% of Medication orders during the RP are created through CPOE
2 – More than 60% of lab orders during the RP are created through CPOE
3 – More than 60% of radiology orders during the RP are created through CPOE
Objective 5 Patient Electronic Access 1 – More than 80% of unique patients seen by the EP during the RP are provided timely access to view online, download, or transmit their health records and can be accessed using the application of the patient’s choice
2 – More than 35% of patients seen by the EP in the RP receive patient specific education resources that were identified by the CEHRT and receive electronic access to those materials
Objective 6 Coordination of Care through Patient Engagement 1 – More than 10% of unique patients seen by the EP during the RP views online, downloads, or electronically transmits their health information or accessing their health information from an application of their choice
2 – More than 25% of unique patients seen by the EP during the RP are sent an electronic message using the secure messaging feature of CEHRT
3 – For more than 5% of unique patients seen in the RP by the EP, patient-generated health data or data from a non-clinical setting is incorporated into the CEHRT
Objective 7 Health Information Exchange 1 – For more than 50% of transitions of care and referrals, the EP that refers the patient should create and electronically exchange the summary of care record using CEHRT
2 – For more than 40% of transitions of care or referrals received by the EP where the EP has never encountered the patient, the EP receives and incorporates into the patient’s record an electronic summary of care document
3 – For more than 80% of transitions of care or referrals received by the EP where the EP has never encountered the patient, the EP performs clinical information reconciliation
Objective 8 Public Health and Clinical Data Registry Reporting 1 – Immunization Registry Reporting
2 – Syndromic Surveillance Reporting
3 – Electronic Case Reporting
4 – Public Health Registry Reporting
5 – Clinical Data Registry Reporting

 

Still confused? Do you need one-on-one guidance regarding your organization? We can help!  Please contact our Meaningful Use Expert, Kathryn Ayers Wickenhauser (Kathryn.Wickenhauser@DataFileTechnologies.com) for guidance about how these changes impact you.

Meaningful Use or Meaningful Confusion? Part 2 of 3

medical-moneyThis is Part 2 of our Three-part Blog Series, “Changes for 2016 and 2017” which describes the realignment of Stage 1 and Stage 2 objectives into a single measure set for 2016 and 2017. 

Meaningful Use was introduced as part of the HITECH Act as a means to encourage healthcare providers to adopt electronic health records, and also begin to shift to additional quality care metrics. Yet, since Meaningful Use began in 2011, there have been many critics who assert that the program does not achieve the “meaning” in Meaningful Use.  As a result, there have been multiple iterations of the rule and the various stages.  We will present to you the latest changes that you need to know in this Three-part blog post series.

Part two of the series, “Changes for 2016-2017” describes the realignment of Stage 1 and Stage 2 objectives into a single measure set for 2016 and 2017.  You can view Part One of our series, “Changes for 2015” here.

 

Realignment of Stage 1 and Stage 2, or “Modified Stage 2”

As an effort to realign and prepare providers for Stage 3 of Meaningful Use, CMS has created a “Modified Stage 2.” All Providers on track to attest to Stage 1 or Stage 2 in 2016 and 2017 will attest to this combined set of ten objectives.

 

2016 and 2017 for “Modified Stage 2” are Full Year Reporting Periods

See the detailed chart below for a summary for the “Modified Stage 2” Objectives.  CMS is continuing complete year reporting periods (for providers beyond their first year of attestation) for 2016 and 2017, despite offering a 90-day reporting period for 2015.   The thought behind the longer reporting period is that CMS has adjusted many of the Meaningful Use measures to make them more attainable for many providers.  With more exclusions and the updates to some existing measures, CMS believes that the updated objective set is achievable for providers over a calendar year.

 

Optional Stage 3 in 2017

In 2014, CMS allowed providers who were slated to attest to Stage 2 a flexible year where they could attest to Stage 1 again if they wished. Similarly, CMS is doing the same thing for Stage 3 Meaningful Use by allowing providers the option of attesting to Stage 3 in 2017.  A huge benefit of participating in Stage 3 in 2017 is the provision that it will only be a 90 day reporting period for those participating providers.  When Stage 3 is required for all provides in 2018 (see Part Three in our Blog Post series next week about this topic!), a calendar year reporting period will be required.  The optional year in 2017 will allow providers to “test the waters” with a shorter reporting period and begin preparing for Stage 3 before they are required to implement it.

 

“Modified Stage 2” Objectives Summary

Objective 1 Protect Patient Health Information Conduct a Security Risk Analysis within the Reporting Period (RP)
Objective 2 Clinical Decision Support 1 – Implement five Clinical Decision Support Rules related to four or more Clinical Quality Measures
2 – Enable Drug-Drug and Drug-Allergy interaction checks for the entire RP

Exclusion: Eligible Providers (EP) who write less than 100 prescriptions during the RP

Objective 3 Computerized Provider Order Entry 1 – More than 60% of Medication orders during the RP are created through CPOE

Exclusion: Any EP who writes fewer than 100 prescriptions during the RP

2 – More than 30% of lab orders during the RP are created through CPOE

Exclusion: Any EP who orders fewer than 100 lab orders during the RP or scheduled to be in Stage 1 during the 2016 RP

3 – More than 30% of radiology orders during the RP are created through CPOE

Exclusion: Any EP who orders fewer than 100 radiology orders during the RP or scheduled to be in Stage 1 during the 2016 RP

Objective 4 Electronic Prescribing More than 50% of permissible prescriptions are queried for a drug formulary and transmitted electronically

Exclusions: Any EP who writes fewer than 100 prescriptions within the RP or does not have a pharmacy that accepts electronic prescriptions within 10 miles of the organization

Objective 5 Health Information Exchange An EP who transitions their patient to another setting of care must use Certified Electronic Health Record Technology (CEHRT) to create a summary of care record and electronically transmit the summary to the receiving provider for more than 10% of transitions of care

Exclusion: Any EP who transitions a patient to another setting of care less than 100 times in the RP

Objective 6 Patient Specific Education More than 10% of patients seen by the EP in the RP receive patient specific education resources that were identified by the CEHRT

Exclusion: Any EP who has no office visits in the RP

Objective 7 Medication Reconciliation The EP performs medication reconciliation for more than 50% of transitions of care in which the patient is transitioned into the care of EP

Exclusion: Any EP who was not the recipient of any transitions of care during the RP

Objective 8 Patient Electronic Access (V/D/T) 1 – More than 50% of unique patients seen by the EP during the RP are provided timely access to view online, download, or transmit their health records

Exclusions: Any EP who neither orders nor created any of the information listed for inclusion of the measures or conducts more than 50% of their encounters in a county that does not have 50% or more of its housing units with 4Mbps broadband availability on the first day of the RP

2 – 2016: At least one patient seen by EP in the RP views online, downloads, or electronically transmits their health information.

2017: More than 5% of unique patients seen by the EP during the RP views online, downloads, or electronically transmits their health information.

Exclusions: Any EP who neither orders nor created any of the information listed for inclusion of the measures or conducts more than 50% of their encounters in a county that does not have 50% or more of its housing units with 4Mbps broadband availability on the first day of the RP

Objective 9 Secure Messaging 2016: At least one patient seen by the EP during the RP sent an electronic message using the secure messaging feature of CEHRT

2017: More than 5% of unique patients seen by the EP during the RP sent an electronic message using the secure messaging feature of CEHRT

Objective 10 Public Health Reporting Must meet two of the three measures in 2016 and 2017
1 – Immunization Registry

Exclusions: An EP who does not administer immunizations in the RP, operates in a jurisdiction where no immunization registry has declared readiness or is capable of accepting immunizations aligned with the CEHRT definition

2 – Syndromic Surveillance Registry

Exclusions: An EP who is not in a category of providers from which ambulatory syndromic surveillance data is collected or operates in a jurisdiction that is not capable or ready to collect syndromic surveillance data

3 – Specialized Registry

Exclusions: An EP who does not diagnose or treat any condition associated with a specialized registry

 

See us back here next Friday for Part Three of this Blog Series which will focus specifically on Stage 3.

Still confused? Do you need one-on-one guidance regarding your organization? We can help!  Please contact our Meaningful Use Expert, Kathryn Ayers Wickenhauser (Kathryn.Wickenhauser@DataFileTechnologies.com) for guidance about how these changes impact you.

Meaningful Use or Meaningful Confusion? Part 1 of 3

medical-moneyThis is Part 1 of our Three-part Blog Series, “Changes for 2015” which Outlines the Specific Differences Finalized on October 16, 2015 for the 2015 Calendar Year

 

Meaningful Use was introduced as part of the HITECH Act as a means to encourage healthcare providers to adopt electronic health records, and also begin to shift to additional quality care metrics. Yet, since Meaningful Use began in 2011, there have been many critics who assert that the program does not achieve the “meaning” in Meaningful Use.  As a result, there have been multiple iterations of the rule and the various stages.

We will present to you the latest changes that you need to know in this three-part blog post series.  Part one of the series, “Changes for 2015” outlines the specific differences finalized on October 16th, 2015 for the 2015 calendar year.

 

2015 Allows a 90-Day Reporting Period

Last January after noting difficulties for eligible providers to implement and meet the Stage 2 attestation criteria, CMS announced their intent to make 2015 a 90-day reporting period for all participating providers. Through this Final Rule, they finally make good on their promise, allowing practices all over the country to exhale a sigh of relief.  Don’t get too comfortable though! The 2016 attestation year will require a full year of reporting for those beyond their first year of attestation.

 

Patient Electronic Access

CMS has allowed an exception for the 2015 attestation year for the Electronic Access measure. For 2015 only, eligible providers can report that at least one patient who has been seen during the reporting period has electronic access and views, downloads or transmits their data.  For 2016 and 2017, the measure will return to original threshold of 5% of patients seen in the reporting period have electronic access.

 

Secure Messaging

One of the most difficult measures for providers to meet within the Stage 2 criteria is Secure Messaging. CMS is giving providers a bit of a reprieve, allowing them to make Secure Messaging a self-attestation measure for 2015 only.  If Secure Messaging is enabled the entire reporting period, the eligible provider may attest “yes.”  This allowance doesn’t last long, however.  In 2016, providers beyond their first year of attestation will be required to attest for a calendar year, and the threshold for this measure returns to 5%.

 

Other Items of Note:

  • 2014 Certified Electronic Health Record Technology (CEHRT) must be used for the 2015 reporting period
  • All Eligible Providers, regardless of Stage 1 or 2, will have 10 total objectives to attest to as part of a realignment effort. Have no fear Stage 1 Eligible Providers! You will be granted lower thresholds and more exclusions to accommodate your Stage. See more information about this in our next blog post in this three-part series scheduled for next week!
  • The CMS Attestation website will open January 4th, 2016 in order for time to accommodate this changes

 

Still confused? Do you need 1-on-1 guidance regarding your organization?  We can help!  Please contact our Meaningful Use Expert, Kathryn Ayers Wickenhauser (Kathryn.Wickenhauser@DataFileTechnologies.com) for guidance about how these changes impact you.

Don’t Take a Chance Responding to Meaningful Use Audits!

On Wednesday of last week, Figliozzi and Company (on behalf of CMS) started issuing the first round of Pre-Payment Audits for attestations for the 2014 reporting year.  It is estimated that 20% of Providers will be audited for each Reporting Year.  If you have not received a Pre- or Post- Payment Audit yet, it is likely that you will receive one soon.

DataFile Technologies’ authority in Meaningful Use, Kathryn Ayers Wickenhauser, has educated and coached over 3,000 Providers to successfully attest for this subject matter.  Kathryn is also experienced in formulating Audit Response Packets for both Pre- and Post- Payment Audits, as well as conducting Mock Audits.

It is critical to respond to Figliozzi and Company in the appropriate manner and not only pass the initial Audit, but also to prevent future Audits of additional Providers and reporting years.

You’ve worked hard to earn your Meaningful Use dollars.  Don’t risk losing that money because of an Audit.  Contact Kathryn today if you are interested in assistance responding to an Audit or preparing for a future Audit. She could be reached at Kathryn.Wickenhauser@DataFileTechnologies.com or by phone at 816-800-0074.

View our latest Webinar on Meaningful Use Audits:

http://www.datafiletechnologies.com/webinar-meaningful-use-audits-horizon-prepared/#.VPDPm_nF-fY

CMS Extends Meaningful Use Attestation Deadline for Medicare Eligible Providers

CMS announced on Wednesday, February 25 that they would be extending the deadline for Medicare Eligible Professionals to attest to the 2014 reporting year of Meaningful Use to March 20th, 2015. Eligible Professionals should submit Meaningful Use data to CMS on an annual basis to ensure additional incentive payments and avoid payment adjustments.  2014 is the last year to begin the Medicare Meaningful Use program and begin to receive incentive payments.  By successfully achieving Meaningful Use in the 2014 year, Eligible Providers will avoid a negative payment adjustment against their Medicare Part B payments in the 2016 calendar year.

Because of the Flexibility Rule for the 2014 year, the CMS Attestation website is much more complicated than in the past.  DataFile Technologies’ Meaningful Use Subject Matter Expert, Kathryn Ayers Wickenhauser, is experienced in attestations and can guide your organization through choosing the appropriate items during the attestation process.  Selecting the most appropriate choices during attestation helps minimize the chances of accidentally triggering a Meaningful Use Audit.  Contact Kathryn today if you are interested in assistance attesting at Kathryn.Wickenhauser@DataFileTechnologies.com.

Massachusetts Practice Takes a $1.5M Hit From New HIPAA Smackdown

The Office for Civil Rights appears to be sending a stern and serious message to practices nationwide as the first stage of Meaningful Use wraps up. Less than four months after the Alaska DHHS’s $1.7 million settlement we reported on in August, another practice has been slammed with a $1.5 million fine for a potential breach of the Health Insurance Portability and Accountability Act.

Two years after alerting the OCR of their own security breach in the form of a stolen laptop, Massachusetts Eye and Ear Associates Inc. and its associated hospital Massachusetts Eye and Ear Infirmary (collectively referred to as “MEEI”) have agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential HIPAA violations.

According to reports, the laptop did not contain patient billing information, and none of the patients in question appear to have experienced any negative side effects as a result of the theft. Regardless, it was enough for the OCR to launch a full investigation as they fell down the rabbit hole of deficiencies and overlooked security gaps in MEEI’s system, exposing them in the following areas:

  • Failing to conduct a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices
  • Failure to implement security measures sufficient to ensure the confidentiality of ePHI that MEEI created, maintained and transmitted using portable devices
  • Not adopting and implementing policies and procedures to address security incident identification, reporting and response

The OCR investigation revealed that these failures continued over an extended period of time, “demonstrating a long-term, organizational disregard for the requirements of the Security Rule,” according to the OCR.

Despite MEEI’s reported “disappointment” in the OCR’s pricey ruling (based on “lack of patient harm” and the hospital’s relatively low annual revenues), the fine stands – and should serve as a reminder that even smaller practices are at risk for crippling fines if found in non-compliance.

We can only anticipate that these audits – and subsequent fines – will become increasingly more frequent and severe. If you aren’t 100% sure your practice would be safe and sound in the face of a scrutinizing review, DataFile can help. We specialize in securing practices with comprehensive security risk analyses and even the option to outsource medical records management including the full transfer of HIPAA liability under the HITECH Act. Make sure your practice doesn’t get caught with red hands. Call us at 816.437.9134 for a free consultation.