The HIPAA Journal has spoken with Ty Allen, Founder & CEO of SocialClimb. SocialClimb offers a comprehensive, HIPAA-compliant healthcare marketing platform that aligns with the goals of healthcare organizations of all types and sizes.

Tell the readers about your career in the healthcare industry

I have been building marketing software for years and focused on healthcare marketing software beginning in 2016. I had not previously been in the healthcare space. My company delivers the most comprehensive suite of healthcare marketing tools in an easy-to-use platform.

What are the main challenges in your position?

Enabling healthcare customers to use our innovative marketing systems in HIPAA-compliant ways.

Tell the readers about any significant event in your career.

In 2014 is was involved in an accident that fractured my neck and injured my spinal cord. As I went through surgery and the rehab process I was extremely frustrated with the state of healthcare marketing. I had to make choices on surgeons, rehab doctors, facilities, and therapists and there was little to no data for me to use in that decision process.

I realized that healthcare marketing was 10 to 15 years behind most other businesses in marketing. I saw this as a need I could fill and an opportunity.

Once I recovered enough to drive and work again, I started a company to deliver a healthcare marketing platform that was easy to use, brought modern marketing technology to healthcare, and ensured users were HIPAA compliant.

This page and video provide more details on the journey: https://socialclimb.com/about/

Are you working on any interesting projects?

Four years ago, a physician who was a customer asked me if it was possible to target the patients he wanted. He wanted to work with patients who needed a certain surgical intervention and ideally had non-government health insurance. In response to those requests and dozens of related requests, we have built the most innovative patient-targeting solution on the market. Physicians can target and attract ideal patients. Revenue can grow, and profit can grow.

What products/services do you provide for the healthcare industry and what is unique about them?

Our predictive patient targeting tools enable practices and hospitals to target and attract ideal patients via HIPAA-compliant marketing efforts that are filling a large void in the healthcare marketing space. As 3rd party web cookies are removed from the browsers (Google’s Chrome browser removes them later this year), patient targeting and retargeting are nearly impossible without a platform like SocialClimb.

While other solutions are on the market to target and retarget, SocialClimb costs a fraction of the other available options.

When did you first get involved with HIPAA compliance?

HIPAA compliance has been integral to our business since the day we founded the company in 2016.

What are your main challenges regarding HIPAA?

Our largest challenge is the volume of HIPAA-sensitive data our customers send us on their patients so we can interact with those patients. Our security and compliance make the use/storage/purging of that data a continuous priority.

Do you have any predictions for the future of HIPAA?

Data exchange systems will continue to improve to better enable the easy exchange of HIPAA data. HIPAA and privacy laws will continue to become more stringent.

Do you have any predictions for the future of healthcare technology?

Healthcare technology is still ten years behind general business tech. It will continue to trail behind due to HIPAA and compliance.

|Do you have any predictions for the future of the healthcare industry?

Healthcare must become more self-regulating and find ways to deliver quality care and lower costs. If the industry does not find its own solutions, solutions will be legislated, and they will be poor substitutions for native/industry-grown ideas.

You can contact Ty Allen via LinkedIn: https://www.linkedin.com/in/ty-j-allen/

The post Interview: Ty Allen, Founder & CEO, SocialClimb appeared first on HIPAA Journal.

Dotty Bollinger, Founder, Integrity Healthcare Advisors

The HIPAA Journal has spoken with Dotty Bollinger, who is a healthcare compliance consultant and founder of Integrity Healthcare Advisors.

Dotty graduated with a degree in Nursing from Maria College in Albany, New York, and later received a bachelor’s degree in management and marketing at the University of Maryland University College. Dotty earned a law degree from the University of South Dakota School of Law and holds a Master’s level certificate in healthcare compliance from George Washington University. Dotty Bollinger is an Executive Partner on the Compliance & Risk Management at SCALE Healthcare.

What is your current position?

I am a healthcare compliance consultant for a variety of healthcare practices – some private equity owned and others physician owned. I work across a wide range of healthcare specialties from physician practice to pharmacy services to DME.

Tell the readers about any significant event in your career.

As a registered nurse, I loved regulatory compliance and risk management. I loved the tie between smart application of rules to the outcome of excellent patient care. As a kid I had always dreamed I’d go to law school. My passion for all things risk and compliance, along with a supportive spouse led me to law school. Becoming an attorney really launched my executive healthcare career.

When did you first get involved with healthcare compliance?

DHH released the HIPAA privacy rule standards in December 2000. I was one of the first hires of a new long term care company in August 2001. The COO asked me whether or not these new standards applied to our operation, and low and behold my formal compliance career began!

As a compliance officer, what do you consider the primary challenges in your day-to-day responsibilities?

As a consultant, I often remind the folks I work with to ensure they are always looking to the day-to-day operations for compliance opportunities. It’s great to think about HIPAA compliance policies, or OIG elements, but at the end of the day the only thing that matters is whether or not what the team is doing the right thing, day in and day out. The primary challenge is to combine business sense and savvy along with managing risk. Rules and regulations are black and white. Growing a business isn’t. How can you best help your organization get to yes? Anyone can tell them what they can’t do. How can you help the team be successful AND compliant? It’s the compliance officer’s opportunity to help the team see their work flow or processes in a different way.

Specifically concerning HIPAA, what challenges do you often encounter, and how do you navigate them in your role?

Probably the biggest challenge with HIPAA is that anyone who has been in healthcare for a while has a preconceived idea about whether or not it’s an important regulation, whether patients care about what you do with their PHI, or whether there is anything new they need to know. You have to stay up on HIPAA changes, and make training fresh, new, funny – whatever it takes!

Managing healthcare compliance for large organizations can be complex. What are the key challenges you face, and how do you address them effectively?

Large organizations can have many parts operating independently. Whether its a group of clinics in multiple locations that have come together through acquisitions, or just one very large entity, unless the company is integrating in its systems, programs and procedures, it can be very difficult to manage a compliant operation overall. It is very important for a compliance officer in a large complex organization to have access to systems and support to track and organize compliance efforts. Otherwise, overseeing compliance will feel a bit like that arcade game “whack-a-mole” – you’ll accomplish one thing only to have another pop up.

Do you have any predictions for the future of HIPAA? Specifically in 2024.

From the proposed changes in HIPAA published on govinfo.gov, there may be multiple modifications of the HIPAA rules in 2024.

• Strengthening individuals’ rights to inspect their PHI in person, which includes allowing individuals to take notes or use other personal resources to view and capture images of their PHI;
  • shortening covered entities’ required response time to no later than 15 calendar days (from the current 30 days) with the opportunity for an extension of no more than 15 calendar days (from the current 30-day extension);
  • clarifying the form and format required for responding to individuals’ requests for their PHI;
  • requiring covered entities to inform individuals that they retain their right to obtain or direct copies of PHI to a third party when a summary of PHI is offered in lieu of a copy;
  • reducing the identity verification burden on individuals exercising their access rights;
  • creating a pathway for individuals to direct the sharing of PHI in an EHR among covered health care providers and health plans, by requiring covered health care providers and health plans to submit an individual’s access request to another health care provider and to receive back the requested electronic copies of the individual’s PHI in an EHR;
  • requiring covered health care providers and health plans to respond to certain records requests received from other covered health care providers and health plans when directed by individuals pursuant to the right of access;
  • limiting the individual right of access to direct the transmission of PHI to a third party to electronic copies of PHI in an EHR;
  • specifying when electronic PHI (ePHI) must be provided to the individual at no charge;
  • amending the permissible fee structure for responding to requests to direct records to a third party; and
  • requiring covered entities to post estimated fee schedules on their websites for access and for disclosures with an individual’s valid authorization and, upon request, provide individualized estimates of fees for an individual’s request for copies of PHI, and itemized bills for completed requests.
• Amending the definition of health care operations to clarify the scope of permitted uses and disclosures for individual-level care coordination and case management that constitute health care operations.
• Creating an exception to the ‘‘minimum necessary’’ standard for individual-level care coordination and case management uses and disclosures. The minimum necessary standard generally requires covered entities to limit uses and disclosures of PHI to the minimum necessary needed to accomplish the purpose of each use or disclosure. This proposal would relieve covered entities of the minimum necessary requirement for uses by, disclosures to, or requests by, a health plan or covered health care provider for care coordination and case management activities with respect to an individual, regardless of whether such activities
• Clarifying the scope of covered entities’ abilities to disclose PHI to social services agencies, community- based organizations, home and community-based service (HCBS) providers,7 and other similar third parties that provide health-related services, to facilitate coordination of care and case management for individuals.
• Replacing the privacy standard that permits covered entities to make certain uses and disclosures of PHI based on their ‘‘professional judgment’’ with a standard permitting such uses or disclosures based on a covered entity’s good faith belief that the use or disclosure is in the best interests of the individual. The proposed standard is more permissive in that it would presume a covered entity’s good faith, but this presumption could be overcome with evidence of bad faith.
• Expanding the ability of covered entities to disclose PHI to avert a threat to health or safety when a harm is ‘‘serious and reasonably foreseeable,’’ instead of the current stricter standard which requires a ‘‘serious and imminent’’ threat to health or safety.
• Eliminating the requirement to obtain an individual’s written acknowledgment of receipt of a direct treatment provider’s Notice of Privacy Practices (NPP).
• Modifying the content requirements of the NPP to clarify for individuals their rights with respect to their PHI and how to exercise those rights.

While the list is long and not yet published as final, some of these rules will require organizations with mature tried and true privacy and security policies to alter their duty to warn, and duty to comply as it relates to PHI disclosure to patients in hard copy or EHR form. In some cases, the modifications apply a bit of commonsense approach to the minimum necessary standard that may ease restrictions in care coordination and case management instances.

Are there specific tools or technologies that you find particularly useful in aiding your efforts to ensure compliance?

I’ve had access to a number of compliance software solutions as I’ve supported client compliance efforts. I prefer Compliancy Group’s The Guard. I find it’s easy to use, comprehensive in that I can use the programs it comes with along with customizing my own, it can house my 7 OIG elements, keep track of training and policy attestations, and helps me masterfully manage my business associate contracts, BAAs and audits. I also frequent the OIG workplan website and search for various healthcare sectors to see if the OIG is focused on the kind of healthcare my clients provide. Finally, believe it or not DHHS, SAMHSA and other government websites have some pretty good training videos, and when I find one I like, I can upload it to The Guard and use it in my staff training.

Do you have any predictions for the future of healthcare regulation? Specifically in 2024.

Care will continue to move to the least restrictive and expensive option. Inpatient to outpatient, outpatient to home. The use of technology will continue to play a bigger and bigger role, not just with telemedicine visits, but also remote care staff, remote diagnosticians, and now the use of AI to read test results and identify preliminary care planning, diagnosis and treatment. Every provider must embrace AI because its coming to your sector of healthcare whether we’re ready for it or not.

You an contact Dotty Bollinger via LinkedIn: https://www.linkedin.com/in/dottybollinger/

The post Interview: Dotty Bollinger, Founder, Integrity Healthcare Advisors appeared first on HIPAA Journal.