Connect with us

Best of Eyecare

Oh, The Horror!

mm

Published

on

HIPAA compliance is the financial gamble that could ruin your business

 STORY BY Deirdre Carroll

It’s the 6,000-pound monster in the room. The boogieman under the bed. The thing in the mist … you don’t know what it is, or when it’s coming, but you know it’s out there. It will get you eventually but you have no idea what to do about it. Or maybe you think you’re prepared. Protected. You can handle it. Let’s dispel that myth right now. In this scenario, you’re the nubile young coed who decided to take a shower while a homicidal maniac is on the loose. In other words … you’re an easy target and HIPAA compliance is the axe-wielding lunatic coming to get you.

According to Matt DiBlasi, president of Abyde, a company that guides independent medical practices through the complexities of implementing HIPAA compliance programs, last year after the U.S. Department of Health & Human Services (HHS) — which oversees HIPAA compliance under the Office for Civil Rights (OCR) — did a first round audit of the program, they found that 83 percent of the covered entities audited did not have a complete risk assessment or analysis. A covered entity is any business dealing with protected health information — social security numbers, medical histories, and, yes, lens prescriptions, etc. So, that means you even if you don’t have an OD on site. And a risk analysis is considered just the first step in HIPAA compliance; without it you cannot consider yourself compliant. In fact, 94 percent audited in that first round didn’t have a risk analysis or any other part of the puzzle.

Terrifying when you consider that the minimum fine Abyde has ever seen was $25,000. And it should be noted that the amount of a fine is not determined by the size of the business, but the size of the breach and the steps you have taken in advance to protect patient information. 

Can your business survive a $25,000 fine?

While no specific stats for independent verticals within a heathcare field are currently available because HIPAA does not differentiate between covered entities — meaning your eyewear boutique or one doctor optometry practice is held to the same standard as a large urban hospital — we do know that independent practioners are behind.

Advertisement

“Everyone can agree with that,” says DiBlasi. “The stats we’ve seen are very eye opening.” He estimates that 90-95 percent of eyecare practices are non-compliant “but we don’t blame them. Most haven’t been educated properly so they don’t understand what their formal roles and responsibilities are when it comes to HIPAA.”

Abyde works with independent practices, regardless of specialty, but predominantly in the eyecare field, so we asked DiBlasi the three most common violations a smaller practice might see.

 


 

1. REMOTE THEFT

This includes hackers, viruses and phishing. Any outside person or entity with malicious intent that accesses a network or Practice Management/EMR software. “An OD practice needs to be aware of what remote theft is and how they can react to it,” says DiBlasi. “It’s the number one way criminals get access. Ransomware — someone takes ‘control’ of your IT network or data, locks it down, and you must pay to get access back. Even once you pay, you may still not get access. By that time, the damage is done. On top of that, there are PR ramifications and each individual who had their information stolen needs to be notified. If the breach affects more than 500 individuals, it’s even worse – media must be notified.” In April 2017, the HHS announced a $400,000 fine for an organization in Colorado after 3,200 records were compromised during a phishing attack. The organization was fined for failing to conduct a risk assessment and failing to properly implement documented policies and procedures to prevent, detect, contain, and correct security violations.

Advertisement

 

2. LOSS OR PHYSICAL THEFT OF DATA

This includes accidental disclosure, accidental loss of a device, or theft of USB drives, hard drives, computers, tablets, and/or servers. Say an employee leaves their laptop somewhere or someone comes in and steals a computer. If there is protected health information on those devices they should be encrypted, including scanners or copiers with hard drives. “All information copied or scanned gets stored on internal hard drives and unless the hard drives get scrubbed periodically all patient information is exposed,” DiBlasi warns. To underscore the risk, an organization was fined $2.2M in January 2017 after a USB drive with 2,209 individuals’ complete names, dates of birth and Social Security Numbers was stolen from its IT department, where it was left without safeguards overnight. An investigation revealed the organization’s noncompliance with HIPAA rules, specifically a failure to conduct a risk analysis and implement risk management plans, as well as a failure to deploy encryption or an equivalent alternative measure on its laptops and removable storage media. The organization was also cited for failing to implement or delaying implementing other corrective measures it said it would undertake. 

 

3. LACK OF HIPAA SECURITY & TRAINING

his includes what the practice is doing every day to protect patient information and what they are prepared to do should information be compromised. “There should be formal training,” says DiBlasi. “At minimum, formal training should be done once a year… By training employees on a regular basis, safeguarding patient’s sensitive information becomes ingrained in their everyday habits…  HIPAA education is lacking in the large majority of practices based on settlement statements from the OCR…  Most organizations who have been fined were not trained properly on how to handle patient health information. If trained properly, a risk assessments/analysis would have been conducted and thus immensely reduce their overall risk and eliminate or substantially reduce the fines incurred.” 

Advertisement

If that’s not enough to give you nightmares, fines imposed by the OCR have increased in the last three years. 2016 was a record year, with fines totaling $23.51M. As of May 2017, the OCR has levied $17.1M in fines, putting them on track to almost double what they did in 2016. It continues a trend; 2016 nearly doubled 2014 and 2015 combined. Additionally, the OCR is putting more resources into updating its websites and guidance materials stating it will focus more on small data breaches. DiBlasi says “criminals are focusing on the smaller businesses because they are sitting ducks.”

You are basically gambling with the financial health and longevity of your business if you are not actively implementing, and most importantly, documenting a formal HIPAA compliance program. To make it even scarier, though covered entity audits are selected at random, a disgruntled patient or employee can lodge a complaint that also instigates an investigation and audit. They are protected under the Whistleblower Act and eligible for a cash reward. 

Finally, DiBlasi leaves us with this: “We are all patients somewhere. I think we can agree that we all want our own doctors to implement security standards to protect our private information. By complying with the government regulations, not only will you protect your practice from audits but you will also be ensuring your valued patients are protected from those who have malicious intent.”

 


 

HIPAA COMPLIANCE BASICS

Most of the time violations are accidental breaches. Nonetheless, documenting that you have tried to be compliant by analyzing and mitigating risk, and by documenting policies and procedures, is a good faith gesture that could save your business. There is no ironclad way to assess that risk but here are a few pointers:

1 Perform a risk analysis. There is no formal template for ECPs, but the HHS.gov site offers a helpful 15-page document.

2 Document policy and procedures as they pertain to the accessibility or security of patient information specific to your organization. If generic policy and procedure templates are purchased or downloaded, be aware they must be edited and updated to accurately portray which safeguards your practice has implemented to keep protected information secure.

3 Implement business associate agreements. Any vendors or third party companies or individuals who may have access to private health information need to sign one stating they are HIPAA compliant. Examples of business associates include the IT company that does your maintenance or updates, and who could have access to information on your server, your file storage and disposal service, etc. When signed and executed properly, they protect both companies when there is a data breach. According to DiBlasi, this year a fine was levied on a seven-location practice because the company they contracted to store their physical records discarded them (without their notice) into an unlocked bin. A business associate agreement was not in place and the practice was fined $31,000.

4 Proof of HIPAA training and awareness for doctors and staff. Document completed written quizzes with a certificate of completion, which includes the name of the employee, the date it was given, and the name of the training.

Do it on a continual basis. Always be assessing your risk. Always be documenting what you are doing to mitigate that risk. Conduct training on a regular basis and ensure your business associate agreements are up to date. And remember, “risk assessment is an ongoing process that ultimately never ends,” says DiBlasi.

Lastly, bring in a third-party expert to help. Abyde itself is great resource and DiBlasi puts the cost in perspective: “It’s pennies on the dollar when you’re talking about fines.” Learn more at continualcompliance.com.


This article originally appeared in the January 2018 edition of INVISION.

Advertisement

SPONSORED VIDEO

SPONSORED BY REICHERT

When You’re Passionate About Eye Care, the Right Technology Matters

Lisa Genovese, O.D., strives to give her patients the very best. At Insight Eye Care’s multiple locations, Dr. Genovese provides optimal care for her patients using the Reichert® Phoroptor® VRx Digital Refraction System. In this second Practice Profile Video from Reichert’s “Passionate About Eye Care” series, take a closer look and see how this eye care professional achieved a better work-life balance with equipment that’s designed and engineered in the U.S.A.

Promoted Headlines

America's Finest

Want 15 Years of Growth While Keeping Your Team Close and Building the Optical of Your Dreams? This Tennessee Practice Can Show You How

They knew if they treated patients right, the business would succeed.

mm

Published

on

Spring Hill Eyecare, Spring Hill, TN

OWNER: Rob Szeliga, OD; URL:springhilleyecare.com; FOUNDED: 2005; YEAR OPENED FEATURED LOCATION: 2018; ARCHITECT AND DESIGN FIRMS: Rob Stensland, Optometric Architects (architect); Amy LeAnn Szeliga (interior designer); EMPLOYEES: 13 full-time, 4 part-time; AREA: 8,300 sq. ft.; TOP BRANDS: Dailies Total 1/Multifocals, Kate Spade, Costa, Shamir, neurolens; FACEBOOK: facebook.com/springhilleyecare; INSTAGRAM: instagram.com/springhilleyecare; BUILDOUT COST: $1.6 million


ROB SZELIGA MOVED to Spring Hill, TN, about 30 miles south of Nashville, with his family as a teenager in 1993. They were in the vanguard of an influx that has seen the population grow from 1,200 to over 40,000. He graduated from Southern College of Optometry (SCO) in 2005 and opened Spring Hill Eyecare “ice cold.” He and his wife Amy had a clear idea of what they wanted the business to be: a practice that offers the total package and only refers when surgery is needed. “I spent 100 percent of my time and energy growing my practice — not filling in elsewhere,” he recalls. “Luckily, I had strong support — a wife teaching elementary school and my mom and two sisters as my first employees. We knew that if we treated patients right, the practice would grow.” They started with 1,200 square feet, their newborn son Jackson literally growing up in the office. “My second lane didn’t have a phoropter, it had a crib,” says Szeliga. By their 10th anniversary they already had one major expansion under their belt and needed another.

Spring Hill Eyecare owner Rob Szeliga OD with his wife Amy and family.

The Szeliga’s found their dream location in a vacant 1870 farmhouse, but the structure would require demolition if it was going to work. “Without the proper approach, this would not be well received in a community growing as fast as Spring Hill, and quickly losing its small-town charm,” recalls Szeliga. They posted a letter on their blog explaining their plans, and this honest approach elicited overwhelmingly positive feedback online.
In the months before the house and barns were demolished, Szeliga would leave work, change clothes and get busy reclaiming their great features, including 11 fireplace mantles, original barnwood/beadboard, old doors (now frame boards), giant parlor doors, live edge maple breakroom tables milled from original trees, wavy glass muntin windows, and a cast-iron tub flower bed. The new building’s layout centered around preserving a giant, centuries-old oak tree.

Advertisement

The juxtaposition of the salvaged fixtures and curios with the practice’s modern equipment lends a unique vibe to the exam rooms, each of which has a theme, including “garage” (the practice’s logo painted on a 1940s truck door) and “music” (with 100-year-old instruments) to name just two. Spring Hill Eyecare’s dry eye treatment center is called The Greenhouse after the one on the original property. “You go in the room with dry eyes facing old rusty tools,” says Szeliga. “When you get up from the massaging chair your view is of lush plants and flowers; you leave refreshed.”

Catering to the town’s expanding demographic, the team sees everyone from InfantSEE babies to geriatric patients. Among its numerous specialty facilities is a 900-sq-ft. sports vision/vision therapy center.
Szeliga used to spend about $400 a month on newspaper ads, but he says that all changed when, for a one-time fee of that same amount, he hired a patient to install a marquee sign under the practice’s street sign. “When the sign is not describing an upcoming event, we try to keep it full of puns or statements about pop culture, particularly eye-related ones.” He says simply keeping this sign funny and relevant generates enough community feedback and new patients that he doesn’t bother much with traditional marketing anymore.

Word of mouth is Spring Hill Eyecare’s other main form of advertising, much of it generated by creatively cultivating ties with the community through charitable and other events.  Examples include Kids’ Day and a Pre-Parade Hot Chocolate Party every year before the Christmas parade. “We even begged to get the parade path extended to go by our new location to keep this tradition,” Szeliga says. Spring Hill Eyecare sponsors many schools, teams and causes, but they also enjoy creating their own charitable events, like their “Give A Gobbler” Thanksgiving turkey campaign. The team “gobbles” loudly for donations. “For larger donations even our doctors gobble!”

One of the foundation cornerstones of the 1870s farmhouse that once stood on the site is displayed in the optical.

Szeliga says that while there are ECPs with flashier sites, he’s proud of the genuine feel he’s achieved with Spring Hill Eyecare’s online presence. “Too many websites have just generic stock photos … Our most popular posts are those involving personal photos or stories about myself, my family and my team.”

He credits the trust he has established with his prized team for much of Spring Hill Eyecare’s success. And it’s a quality he repays handsomely. A believer in continuing education, he has taken his team to the state optometry meeting for the last 10 years and to IDOC’s Orlando meeting the last five. But it’s not all work and study. “For our 2018 Christmas party I rented a Hummer limo for a Christmas lights tour and created a jigsaw puzzle to reveal clues about their Christmas gift: a four-night cruise to the Bahamas to celebrate an excellent 2018,” he says.

Advertisement

Crucially, through all the rapid growth, the practice has never lost the close-knit feel of the early days. “While I no longer have family working at my office,” says Szeliga, “we’ve been able to keep the family atmosphere for 13 years.”

PHOTO GALLERY (26 IMAGES)

 

Five Cool Things About Spring Hill Eyecare

1. TV STARS. Szeliga’s repurposing of the old farmhouse that once stood on the site of the practice was featured in DIY Network’s Nashville Flipped series.

2. GOOGLE TOUR. Its website features a Google virtual tour: the photographers liked the building so much they shot extra rooms in exchange for being able to feature them on their website.

3. NEVER LEAVING. The coffee bar has two TVs, charging stations, customized coloring books for grownups, mini-fridge and a Keurig coffeemaker.

4. ACCOLADES GALORE. Office manager Melanie Jenkins was named Tennessee Paraoptometric of the year in 2018, SECO Paraoptometric of the year in 2019 and AOA Paraoptometric of the year in 2019.

5. WALKING ADS. At a community event this year staff had low-cost suns made with their logo and a sticker: “Redeem for $25 off a pair of sunglasses.” Only a few people did, but “others [wore] them around town,” says Szeliga. Next year’s target: high school marching bands.

WHAT THE JUDGES SAID

  • Outstanding community engagement throughout the planning and construction of their new location. Honoring the legacy of the former structure by incorporating materials and elements is a testament to their respect and concern for the community they serve. Nathan Troxell, PPG, Monroeville, PA
  • Spring Hill Eyecare has built an optical business that’s people- and purpose-focused, and they’ve fostered a growing business by organically growing their practice, while remaining true to providing quality eyecare in a welcoming environment. Stirling Barrett, KREWE, New Orleans, LA
  • The space is bonkers! Overall one of our faves! Leigh and Todd Rogers Berberian, Todd Rogers Eyewear, Andover, MA
  • The focus on local, independent optometry is evident across all aspects of the business. The website shines. It is easy to maneuver, has all the info one would be looking for and the imagery is great. I felt like I knew the practice and the doctor after visiting. The themed exam rooms are also a great idea as they create a relaxed, eclectic environment for their high-tech functions. Beverly Suliteanu, Westgroupe, Ville St-Laurent, Québec, Canada

 

Fine Story

Beneath a window in Spring Hill Eyecare’s optical, customers will find a hefty, timeworn, earth-stained rock that, while adding natural charm, clearly bears the marks of human shaping. It was one of the foundation cornerstones of the 1870 farmhouse that once stood on the site. The stone was hand-cut in the 1860s. Says Szeliga, “Opening my practice cold was a lot like the process of forming this hand-cut stone. It took patience — and patients! Like the old house, we started with a strong foundation that was built on two pearls I learned early: ‘What’s good for the patient is good for the practice,’ and ‘See everything we do from the patient’s point of view.’ Trends and tech are constantly changing…but we continually grow based on our strong foundation.”

Continue Reading

Benchmarks

Harnessing the Power of the Selfie to Boost Social Media Engagement, Drive Foot Traffic … and Have Fun

These five practices added an extra dimension to the optical experience and became genuine destinations.

mm

Published

on

ONE OF THE defining characteristics of our modern retail world is that no purchase or experience, whether it’s buying sneakers or sitting down to a gourmet burrito, is really complete until it’s been photographed and posted to social media. iPads are even showing up in clothing store changing rooms. Like it or not, people are going to bring cameras into your store; the question is how to take control of that experience. Selfie walls or stations are a great way of doing this; they grow your social media following, increase customer engagement, drive foot traffic and boost your store’s fun quotient. There are sophisticated options out there—fully integrated systems for retailers, like Halo by Simple Booth, or The Digital Booth’s rental services, which are great for events—but you can get results using a smartphone and a colorfully branded sliver of free wall space in your optical. These five practices show us how it’s done.

Falls City Eye Care
Louisville, KY

Falls City Eye Care boasts two features that get customers taking snapshots of themselves. One is their trusty Polaroid camera—patients and friends are urged to snap a couple of photos, post one on a cork board in the optical and take the other home. The other is a 12-foot sculpture of a pair of frames in the front yard made especially for owners Dr. Michael and Theresa Martorana by a local artist. Falls City Eyecare now sees a steady stream of small groups and individuals stopping by to take selfies with the giant specs. City ordinances prevent them from labeling the sculpture, but customers usually find ways of slipping in a store-related hashtag themselves, Theresa says. “We were easy to walk right by on a busy fun street. Once the sculpture was created and painted, we became a destination.”

Advertisement

Eye Love Optometry
Pinole, CA

EYE LOVE OPTOMETRY’s iPad-based selfie photo station allows photos to be taken and sent to smartphones and e-mail or shared on social media. Branded galleries can be made public, while owner Park L. Hsieh, OD and his team are sent marketing reports to track performance. Patients are given a “Selfie Card” that says, “We love that you love EYE LOVE OPTOMETRY! This is a ‘SELFIE CARD,’ so share your photos of your new eyewear with friends on INSTAGRAM/FACEBOOK.” The station uses Simple Booth’s Halo software, which makes the service fully customizable. “The appearance of the selfies taken are all consistent and in line with our desired brand,” says Hsieh. The sharing function leads to re-engagement long after the experience is over, he adds. “It’s a wonderful word-of-mouth marketing tool, which I think is invaluable.”

Eye Candy
Delafield and Mequon, WI

Eye Candy has smartly branded, professional-looking selfie stations at both of its locations in the Milwaukee area. The stations themselves are alcoves bound by three floor-to-ceiling walls, each covered in custom vinyl wallpaper with the Eye Candy logo. Owner Paula Hornbeck says her original inspiration for the design was the photo wall at the Oscars. When customers pick up their new eyewear, staff ask if they can take a picture for the store’s social media. “Some are shy and decline,” says Hornbeck, “but most are flattered and we encourage them to show us their personality. They take a seat on the stool provided and we take candid shots of them rocking their new look with our iPad. Some are silly, but they always look like they’re happy and having fun.” Family members are invited to join in the photo session. The images are used on Eye Candy’s Facebook and Instagram accounts. Hornbeck says the selfie stations are a definite plus for the business. “Friends and family will go on our FB and IG to see their loved one’s new look and hopefully get excited about coming in to get their own.”

Advertisement

The Eyeglass Lass
New London, CT

What became The Eyeglass Lass’s selfie wall wasn’t originally designed for that purpose. Owner Siobhan Burns wanted to do something with the wall, which is visible from the street. “Local artist Rob Guess covered the wall with funky, graffiti-style eyes. The next day I asked someone to pose in front of it for their ‘glamour shot’ and boom: the selfie/eyeball wall was born.” It’s a low-tech affair. Says Burns: “This one woman show uses portrait mode on her phone!” Simple as it is, the feature “has turned into something great; people recognize frames from posts on social media, and ask if they can have their picture taken before I get a chance to ask them,” Burns says. “If we only see airbrushed models with frames superimposed on their faces, we don’t stop and think, ‘Oh yeah—I could wear that!” Besides which, “It’s another special thing that will stick out to your clientele that wraps up the individual experience they’ve had working with you.”

Optical Connection
Studio City, CA

Armen and Rita Kanberian at Optical Connection had an empty wall they didn’t know what to do with. They decided they wanted an area dedicated to fun. “We imported this beautiful patterned wallpaper from the U.K. and custom ordered our neon light hashtag, #wellframed. This has been such a great hit with clients, especially during our fun trunk shows and events,” says Rita, adding that the feature is now a firm customer favorite. “Having a place to have fun and see yourself try on different frames is what we love… We had a client who bought a dress with glasses and came in just to take pictures.”

Continue Reading

Best of the Best

At This Wellness-focused Pennsylvania Boutique, Eye Health is Just the Start

Combining eyecare and eyewear with a range of self-care offerings, they treat not just the eye, but the rest of the body as well.

mm

Published

on

WHEN SISTERS DR. Giulia and Paola Tinari opened Sorella Optique and Eyecare in Paoli, PA, a suburb of Philadelphia, their aim was to go beyond treating vision and eye health in isolation. They see eyecare as an integral part of overall wellbeing and wanted their practice to reflect that.

THE IDEA

Both sisters have been involved in overall health and wellness since their college days. “We’ve always had a strong belief in healing from within and getting to the root cause of any problem,” says Paola. “We think it is important to blend Eastern and Western medicine when treating not only the eye but the rest of the body. When you practice a healthy way of living, then incorporating it into your business is second nature.”

THE EXECUTION

The emphasis on wellness is evident in the products and services offered at Sorella, the advice Dr. Tinari dispenses, and the overall patient experience. “We created a soothing environment so patients feel at ease the moment they step into the office,” says Paola. “Dr. Tinari stresses the importance of good nutrition, not only for ocular health but overall health, and recommends supplementing with various antioxidants including lutein and zeaxanthin, bilberry, asthaxanthin, omega-3, and vitamin C.” Dr. Tinari likes to keep up with studies in nutrition and often recommends anti-inflammatory products to help reduce inflammation especially in diabetic patients or those with a family history of eye diseases like macular degeneration. Sorella offers vitamins at the office for patients to take home and are looking to bring more into inventory.

The practice’s website also links to PRN, an online vendor of a range of vitamin formulas designed to bolster many aspects of eye and vision health, including products targeting the health of the macular and retina regions of the eyes, and “Dry Eye Omega Benefits,” a formula designed to ease symptoms of the condition, among many others.

Sorella’s dry eye practice also makes use of the MiboFlo Thermoflo treatment. Says Paola: “Dry eye is very prevalent in today’s society. MiboFlo targets inflammation in the meibomian glands. Just like getting a deep tissue massage, this treatment offers patients relief by breaking down inflammatory byproducts and improving their tear film.”

Alongside their independent frame lines, Sorella Optique and Eyecare makes space for body care products such as Zents, a line of organic lotions, soaps, body washes and other items containing ingredients ranging from oolong tea to sandalwood and orris. The products claim to relieve conditions such as psoriasis and eczema, as well as provide de-stressing effects.

To get the wellness message out, the practice relies heavily on its active Instagram presence and has plans to launch a monthly blog that patients will receive via email.

THE REWARDS

The Tinari sisters find the ongoing self-education and patient-education that a devotion to wellness entails enhances their lives as businesspeople and as ECPs. “We recognize that people today have an interest in bettering themselves. We love offering patients alternative ideas to help heal and be preventative in their journey to wellness,” Paola says.

Like any niche, wellness is a passion, says Tinari. “What is it that you are passionate about in our field? If you love seeing pediatric patients and dread geriatrics, then stop, focus on what you are into. You may lose a few patients but gain so much by doing what you love all day long.”

Do It Yourself: Create a Wellness-Oriented Practice

  • HEAL THySELF. “Take care of yourself first,” says Paola Tinari. “If you are burnt out, your patients can sense it and your business will suffer.”
  • CROSS-MARKET. Setting yourself up as a wellness-focused practice opens up joint marketing opportunities; sound out a local spa or vendor of body care goods.
  • UP YOUR SERVICE GAME. In this field, excellent customer service is even more important than ever. Be prepared to always “do what is best for the patient.”
  • pick the right tEAM. Not everyone’s cut out for this line of work. Positivity and creativity are key, says Tinari. “Get rid of toxicity and your business will flourish.”
  • EDUCATE. Create a blog or newsletter to keep patients updated on the latest products and services.

 

PHOTO GALLERY (4 Images)

Continue Reading

Advertisement

Advertisement

Subscribe


BULLETINS

Get the most important news and business ideas for eyecare professionals every weekday from INVISION.

Advertisement

Most Popular