Archive for month: July, 2015

Manager of the Month

Categories: Practice Manager of the Month

201507_managerElaine Benuck, Practice Administrator
Olansky Dermatology Associates

Elaine Benuck has been with Olansky Dermatology Associates for five years. Prior to this position, she was the practice manager for another dermatology practice and has been in the industry since 1980. She started her career with billing collections then management with Vanderbilt Medical Center in Nashville, TN. She grew up in Nashville, lived some time in Memphis, returned to Nashville, and now here in Atlanta, GA.

Elaine most enjoys the comradery of the people at her job. The physicians and staff are all good people without egos, and everyone helps each other out. It’s a joy to come to work and say hello to everyone with a smile on her face. Her management style is to do anything to help out her staff or a patient. By leading by example, her staff follows suit. She doesn’t expect her staff to do anything she wouldn’t be willing to step in and do.

Some tips that she has used well in her role and can offer to others came from her husband. The first phrase is “Be Firm but Fair”, and the second is “Be in Control, not Controlling.” She takes these to heart each day and believes that by letting her staff know her expectations allows everyone to do their job successfully. Elaine’s focus is on the better patient experience. If the patient is questioning a bill or is trying to get in on a tight day to see a physician, it’s her role to be patient centered and help make it work. It’s important to be patient focused and by being focused on them makes the practice run more smoothly and effectively.

In asking Dr. Jodi Ganz what she likes best working with Elaine, her response was “Elaine always anticipates. She knows what is needed in the office, she knows when healthcare changes will affect us, and she knows what individual staff members need in terms of growth and guidance. On a personal note, she is a pleasure to collaborate with on projects. A meeting with Elaine is a brain-storming session until we get it ‘right.’ Her energy and love of her job is contagious. I love working with Elaine every day that I come to the office!”

The healthcare industry brings with it a lot of changes, constantly. Elaine stays up to date by talking with vendors, listening to webinars, and going to seminars. Her success has been through trial and error and learning from her mistakes and moving on from them.

Utilize Your Partners, But Own The Responsibility

Categories: Articles

More than ever, Covered Entities are at greater risks of falling short on patient privacy requirements.

Since HIPAA was passed in 1996, healthcare has experienced an ever-growing stream of regulation. For example, the HITECH Act of 2009 put a little more “teeth” into the HIPAA fines and penalties as a result of privacy violations.

While there will always be privacy and security risks within a Covered Entity, HIPAA (and HITECH) are stressing to anyone handling PHI (Protected Health Information), to do as much as you can to mitigate these risks.

A good formula to follow for medical practices is: assess, document, make adjustments, monitor and repeat the process consistently. While these steps may seem daunting and time consuming, you and/or your business partners are already doing some of this. What we usually find in medical practices, is that the steps within this “formula” are being done in bits and pieces, not documented, not centralized and without clearly defined roles (ownership).

During the course of a Security Risk Assessment,  or the review of a practice’s last Corrective Action Plan (if there is one), we often find many items that were just not addressed, or just dropped because of lack of ownership of the tasks. For example, there is often a heavy reliance on a practice’s 3rd party IT partner. This reliance for their IT expertise often results in lack of follow-up, documentation and communication within the practice. A frequent event would be when the 3rd party IT company modifies or reconfigures something within the practice’s network or did some reconfiguration that they think is better suited for the practice, but nothing was ever documented or clearly reported to the practice. [Side Note: Always ask your 3rd party IT company if they themselves have had Security Risk Assessment performed by an outside firm – you do not want the “fox watching the hen house”]. As a Covered Entity, you are responsible for protecting the PHI that is created, disseminated and handled by your practice or clinic. While your 3rd party IT company plays a significant role in performing a practice’s Security Risk Assessment, they USUALLY are not qualified NOR are they trying to provide you with a Security Risk Assessment that you would want to submit to the Office for Civil Rights (OCR) or Health and Human Services (HHS).

As previously mentioned, there are many risks and opportunities for mistakes when protecting PHI – we are after all, only human. The key to being successful in protecting the privacy & security of PHI,  is to utilize your resources and partners to best mitigate those risks. 3rd Party IT partners are a great resource and can be the significant piece to maintaining a successful IT environment. However, it is the Covered Entity who must ensure that all of the documented policies & procedures are being followed, assessed and updated on a regular basis. Ignorance is no longer bliss, and “I didn’t know that”, is not a defense.

Provided by Bill Steuer, Partner, GSG Compliance, LLC (877-270-8306 or

Security Risk Assessments — What You Need To Know

Categories: Articles


Earlier this year, the Medical Association of Georgia (MAG) released an alert on their website and email campaign urging practices to confirm they are meeting all of the ‘meaningful use’ requirements in full. The Centers for Medicare and Medicaid Services (CMS) plans to conduct 38,000 retroactive and pre-payment audits in 2015, and it is stressing that it will recoup the incentives from practices that did not meet the requirements in full.

CMS auditors have reportedly stated that “…being found deficient on any one measure will cause a provider to be out of compliance. In this case, CMS will recoup the provider’s entire stimulus for the reporting period in question.” CMS has up to six years to conduct an audit for a given year.

Debra Steen with ACR 2 Solutions, Inc. says that, “In early 2013, nearly 80 percent of phase one audited practices failed their risk assessments. One failed attester in Texas is facing up to five years in federal prison for false attestation and Medicare fraud. Many other attesters have been required to return millions in subsidy funds.”

She adds that, “The number one problem for meaningful use qualification is the lack of a 45 CFR 164.308 compliant risk assessment…despite the requirements of both HIPAA and meaningful use.”

Medicus Solutions specializes in healthcare informatics and we are here to help. We have started to see these audits in practices which we support. Completing the security risk assessment is the responsibility of the practice due to the areas which it involvesWe strongly urge each and every practice to review all of their documentation and specifically your security risk assessments. You should have a completed security risk assessment for each year / reporting period and it must be updated with risks and risk remediation plans.

We have received a number of requests from clients over the past couple months for Medicus to complete the practice’s security risk assessment. A security risk assessment is compiled of at least three (3) areas which include administrative safeguards, technical safeguards, and physical safeguards. Completing a risk assessment requires a time investment and Medicus is here to help its clients with the technical portion of the risk assessments included in our support. Practices will need to complete the administrative and physical safeguard sections.

The Office of the National Coordinator for Health Information Technology (ONC) has worked with the Health and Human Services (HHS) Office for Civil Rights (OCR) and the Health and Human Services (HHS) Office of the General Counsel (OGC) to develop a tool to help practices complete a security risk assessment.

We have provided access to the tool the ONC has released on our website for your convenience. This includes paper-based versions of the tool, iPad version of the tool, a desktop computer version of the tool, and the user’s guide for the tool. There are a total of 156 questions. Resources are included with each question to help you:

  • Understand the context of the question
  • Consider the potential impacts to your PHI if the requirement is not met
  • See the actual safeguard language of the HIPAA Security Rule

Paper Based Version of the Tool

Download Administrative Safeguards [DOCX – 269 KB]

Download Technical Safeguards [DOCX – 240 KB]

Download Physical Safeguards [DOCX – 225 KB]

Computer / Desktop Version of the Tool

Download SRA Tool Here – Computer Version (EXE – 66 MB)

IPad Version of the Tool

Download SRA Tool Here – IPad Version

SRA Tool Users Guide

Download SRA Tool Users Guide Here

For updates, below is the link to site:

MAG Alert:


The Security Risk Assessment Tool at is provided for informational purposes only. Use of this tool is neither required by nor guarantees compliance with federal, state or local laws. Please note that the information presented may not be applicable or appropriate for all health care providers and organizations. The Security Risk Assessment Tool is not intended to be an exhaustive or definitive source on safeguarding health information from privacy and security risks. For more information about the HIPAA Privacy and Security Rules, please visit the HHS Office for Civil Rights Health Information Privacy website.

NOTE: The NIST Standards provided in this tool are for informational purposes only as they may reflect current best practices in information technology and are not required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice or as recommendations based on a provider or professional’s specific circumstances. We encourage providers, and professionals to seek expert advice when evaluating the use of this tool.

Four Ways To Save On Your Disability Insurance

Categories: Articles

Seth Cohn, Founding Partner of WealthMD

I have been providing it financial education to physicians for nearly 12 years, and without a doubt the area that I have received the most questions about is disability insurance. Here are four of the biggest mistakes that people make when deciding how to purchase and maintain a great disability insurance policy.


The policy is not purchased with a discount. Physicians use buying power all across the board when accessing key goods and services. However, more often than not, a physician’s disability insurance policy is purchased at individual rates. This error can cost you tens of thousands of dollars over your lifetime. That is not a misprint. Women especially are affected by this price discrepancy between discounted group policies and individual disability insurance policies. In some cases, women are paying a 40%-50% higher rate by purchasing an individual disability policy. Do not confuse your group disability insurance policy with a discounted individual policy. Individual policy rates are priced by age, sex, and occupation class. All other things equal, women pay more than men for the same coverage. These costs are driven by actuarial data from years and years of claims. Regardless of whether you are a man or a woman, if you can participate in a group discount when you purchase your policy, this can result in a huge savings for you.


Another opportunity to save on your disability insurance premiums is gained by leveraging your employer-sponsored disability insurance plan more effectively. If your employer is paying your disability insurance premiums for you, then your disability income benefits will be taxable should you ever go on claim. A consideration here is to have your employer include any premiums paid for your coverage in your taxable income for tax purposes. You may be saying to yourself, “How does this save me money, Seth? You just increased my tax bill.” Simply stated, most physicians need both group disability coverage and supplemental individual coverage to protect as much of their income as possible. Group disability insurance rates are typically much lower than individual rates, so if you can keep more of your employer-sponsored benefit in the event of a claim, then your need for individual coverage should decrease. The downside to this equation is that your group coverage is not portable if you leave your job. If you believe that this strategy would work for you, I suggest not totally dropping your individual coverage, but rather scaling your individual policy benefits back. You will still have an individual policy that you can take with you if you ever need to leave your employer.


Another error that physicians make, despite their increased net worth, is to maintain the same level of disability insurance coverage that they had when they were young and had little or no net worth. Disability insurance is a risk management tool. If the risk no longer exists, then there is no reason for maintaining insurance. If you can self-insure your loss of income or even a partial loss of income, why are you paying for insurance that you don’t need? Disability insurance in most cases is a pure cost. As the insured, you have the ability to cut benefits if you do not need them. For example, let’s say that you purchased a policy years ago with a benefit of $10,000 per month. At that point in your career you had no emergency cash reserves, and you had a mountain of debt. Years later, you have the necessary emergency reserves, little or no debt, and you have accumulated a significant amount of assets toward it financial independence. Why would you not decrease your disability insurance benefits? Maybe you could decrease the monthly benefit, or discontinue paying for some of those costly riders. If you have accumulated assets throughout the years, now would be a good time to review your policy to determine what you actually need versus what you originally purchased.


Many individuals purchase policies with too many bells and whistles. There are many riders, or add-ons, available in addition to the base coverage on a disability insurance policy. Riders such as residual disability, return of premium, COLA (cost of living adjustment), own occupation, and guaranteed purchase options can be very expensive. Though many of these are important, and in some cases essential, each policy should be designed to your specific needs. If you do not understand the purpose of the riders and additional costs to your policy, now might be a great time to get up to speed.

DISCLOSURE: Seth Cohn is a financial planner and Founding Partner of WealthMD, specializing in representing health care professionals and their practices in the design, implementation, and maintenance of their comprehensive financial plans. He is experienced in working with physicians in all stages of their careers and has served as a guest educator at numerous teaching hospitals, IPAs, and medical associations throughout the Southeast. Seth currently lives in Atlanta, Georgia, with his wife, Valerie. For more information, please contact Seth at 404-926-1317 or

‘Mobile-ly Upward’ Website Design Converts Mobile Searches Into Purchases

Categories: Articles

It wasn’t all that long ago that Search Engine Watch published a study showing that 46% of consumers use mobile device exclusively to research purchases online. Mobile website design became more important just in April of this year when Google put new mobile website algorithms into play when ranking websites. If you depend on your website for customers and clients to engage your services or buy your products, you need to answer today the question: Is my website prepared to attract mobile website searches and convert them into purchases?

We’re guessing you already know the answer. If you answered “no”, some numbers can give you an idea of why it’s important to make sure your website is mobilized for action. For example, according to the blog post, even if consumers are searching on their PCs, they have smartphones in hand to call or do parallel research. Some 57% of smartphone researchers go directly to the brand’s website or mobile app, reinforcing the need to be fully responsive – passively mobile-capable. A couple of other numbers worth noting: 60% of consumers expect a business to be within walking or local driving distance from their current location (retailers and restaurateurs, take heed), and one out of every three smartphone users search for a business’s contact information.

Naturally, there’s really one number that matters: the number of dollars you deposit into your bank account. Forethought and a good strategy can help you make all the numbers add up. Keep in mind that since this report, smartphones have gotten bigger – as well as smarter – and more people are using tablets and smartphones together. We had one client see 90% of their website traffic coming from mobile users according to their Google Analytics report. (For technical purposes, a tablet is a mobile device with a bigger screen.)

Responsive web designs, those that integrate desktop, tablet and mobile website designs in to a single website have become standard fare today. If your site isn’t responsive, we strongly urge you to bring it up to standard. As Tyler Suchman writes in the Silicon Valley Business Journal, Google has essentially told your customers that if they use Google to search on a mobile device, Google will make sure it delivers them to websites that provide a good user experience on their cell phones.

If you want to stay on top of your game and the Google listings, here are eight steps from Suchman:

  1. Test your current website with Google’s Mobile Friendly Test tool to review the homepage and a number of other pages on the website, including blog posts, category pages and shopping cart.
  2. Update to responsive design and, while you’re at it, migrate to a content management system. For websites already on a CMS, switching to a responsive design shouldn’t be too painful or expensive. Google has a Mobile Guide to help with this process.
  3. Make sure your e-commerce platform is also responsive. Conversion rates on websites that are not mobile friendly can often be half that of desktop traffic; a responsive design can have a really fast ROI.
  4. Establish a migration plan with your web developer. This should include a staging location for testing.
  5. Make sure your site loads quickly. Google rewards speed. This means your really-low-budget hosting plan may not meet your needs and actually harm your search engine presence. Now is the time to switch.
  6. Make sure it’s secure. Reliable hosting providers increasingly add layers of protection, most content management systems have security plugins, and any webmaster should utilize best practices such as complex passwords. Hosting providers can also provide a custom SSL certificate, which allows a website to be “forced” to use a secure connection. This can be observed in browsers, where the URL is prefaced with https://, and is an indicator that Google will increasingly factor into its search algorithm.
  7. Authenticate with Google Webmaster Tools. GWT includes security warnings, sitemaps, indexing and much more. An early warning from Google on a hacked site can lead to a quick fix and to maintain search engine results.
  8. Use Google Analytics to benchmark key performance indicators (KPI’s) to monitor your site’s health today and help you plan a more sophisticated site for tomorrow. Be sure to install Google’s new Universal Analytics with Remarketing code.

NicheLabs can help you take any or all of the eight steps to strategically modify or create a responsive website that meets your business goals. We are a full-service agency for businesses that don’t have a CMO or VP of Marketing or that don’t have the people or time to develop websites, manage SEO and digital/direct marketing campaigns. As part of your team, we can create the channels for pushing out your content and work with you to get the information out to your targeted market.

For more tips and insights about attracting more business through organic searches, connect with us on Facebook, LinkedIn or Twitter or subscribe to our monthly newsletter to read summaries of our weekly posts.

Let’s review your strategy or develop one. To speak with our team, please email us at, call 888.978.9254, or visit us at

© Copyright - Healthcare Services