Protect Against Patient Privacy Pitfalls that Could Cost You Millions


If your practice’s patient records are stored or accessed online via a portal, you should be WORRIED. This is called cloud computing and it can include any number of online processes or offsite vendors you work with (i.e. billing companies, transcription firms, efaxing, data storage, etc.).

The bottom line is that the government holds YOU responsible for the security of your patients’ Protected Health Information (PHI) online. Don’t fall into the trap of blindly delegating the safety of your patient records to your IT team, or an off-site vendor. Even if your practice is part of a larger group or hospital system, YOU are still accountable, and not knowing or understanding how your information is stored or accessed online is NOT AN EXCUSE. It will certainly not save you from the massive penalties and fines that will result from a HIPAA or HITECH rule violation.

You don’t need to be an IT guru, but you do need a clear understanding of how your patients’ PHI is managed and accessed online to protect you both. Healthcare attorney and former chief privacy officer, Heidi Kocher, BS, MBA, JD, CHC, can help. Join her on Wednesday, May 8th at 1pm ET for an intensive 90-minute live online training that will finally help you demystify the cloud. This training session will provide you with everything you need to know to protect yourself, your practice and your patients.

Here are just a few of the essential online information protection tactics you’ll walk away with after attending this upcoming 90-minute training:

  • Avoid the biggest cloud computing security threats to your data — it’s not WHO you think!
  • Better determine the safety of your patients’ PHI with offsite vendors
  • Watch out for Security Risk Analysis inadequacies and how to include what’s missing
  • Stop your patient portal from getting you into big trouble with the Feds
  • Who NOT to outsource your data to and why it matters where you do business
  • Recognize vendor contract pitfalls that put you in hot water if your patients’ PHI is exposed
  • Hear about FedRAMP and how it can help you ensure your compliance
  • Master eFaxing rules and avoid getting hit with massive penalties
  • And so much more helpful information …

When the Office of Civil Rights (OCR) recently conducted random desk audits on the security of patient PHI, it found many practices are woefully unprepared and underestimate the risks involved in protecting their patients’ PHI.

If you work in a medical practice, you need to know how to protect PHI when dealing with cloud computing. Remember, under HIPAA and HITECH, and a variety of state and federal laws, it is your obligation to protect your patient information, regardless of your role.

Notice: This is a highly attended training session, and access is going fast. Early registration is recommended to secure admission. Once the session is full, additional registrations will not be accepted for the live online session.

How can you really know If your offshore transcription company keeps your patients’ PHI safe, where your data is stored electronically online and who really has access to it, or if your billing company is protecting your data from unauthorized access? Find out by signing up today to this expert-led online training.

Meet Your Expert

Heidi Kocher
B.S., M.B.A, J.D., CHCHealthcare Attorney, Liles Parker PLLC

Heidi has 20 years of experience in health care legal and compliance related issues. Her experience includes positions at a large hospital corporation, serving as a compliance officer for a sleep lab/DME company and a compliance director, chief privacy officer and interim chief compliance officer at a medical device manufacturer.

In addition, she has represented and advised critical access and long-term care hospitals, physician groups, home health agencies, DME companies, pharmacies (including compounding pharmacies), non-profit organizations, and licensed individuals. As a result, she understands the complexities and challenges that providers large and small face in complying with increasingly varied and complex laws.

She is an expert in all aspects of compliance and privacy programs, including developing and deploying policies, procedures and training. Her experience includes implementing the various requirements and aspects of a Corporate Integrity Agreement, responding to and defending audits from Medicare, Medicaid and private insurers up through the ALJ level, guiding clients through voluntary self-disclosures, seeking advisory opinions from the OIG, and defending FDA audits.

Heidi developed criteria for and implemented an aggregate spend system, permitting a medical device manufacturer to timely report correct information under the Physician Open Payments Acts (also known as the Physician Payments Sunshine Act).

In addition, she is experienced in developing and implementing a compliance program to address Foreign Corrupt Practices Act requirements, including Eucomed guidelines. She also has significant reimbursement experience, addressing coverage policy issues, challenging denials, recoupments, and loss of billing privileges, obtaining HCPCS codes, and other reimbursement related issues.