Archive for month: August, 2019

Spotlight: Bill Steuer

Categories: Team Member Spotlight

Family – married? Children? Pets?

Wife and 3 girls- 16,14, and 11.(yes, I have an 11 yr old!)

Where did you grow up? Interests as a child? What did you want to be “when you grew up”?

Clearwater, FL and Daytona Beach, FL. Loved all sports especially  anything on the water. Really never had a specific career/job in mind, but my aptitude test in high school had me leaning towards sales and as a lawyer. I took the easier path and less education requirement 😉

What college did you attend? What did you study? Best memories of those years?

THE Florida State University, business school and Hospitality Administration (hotel & restaurant). FSU was a great place to get an education and have a great social life. One summer I studied abroad with our Hotel & Restaurant faculty and got to live in Switzerland for 7 weeks. During this time we traveled all across Europe as well as classroom time 3 days a week. Really a fantastic experience.

Where in Atlanta do you live? What brought you here?

Dunwoody. Married and bought a house in Decatur which was fun. As we added kids, we wanted more a family-type community and moved to Dunwoody. We live less than a mile from the JCC where my kids and I do a lot of sports, working out and volunteer activities, and can easily get to highway.

Hobbies? Any charity or philanthropy?

I love basketball and staying fit through exercise and cross fit-type movements.

As for charities, I have a few passions and for a variety of reason- probably like how most people are drawn to their charitable giving.

  • Ian’s Friends Foundation (IFF) : My middle daughter was in kindergarten with Ian Yagoda and we learned about Pediatric Brain Cancer and how it is the leading cause of death in children after accidental death. This led to our support and involvement over the past 10 years and a bond to the entire Yagoda family. Fast forward to today, IFF raises over $1.3mm every year and has invested in many types of Brain cancer stem cell research.

Just this year, the FDA has Fast Tracked one of the investments IFF made for a specific treatment for inoperable brain tumors called the “monorail”. Where they can take an inoperable brain tumor and moved to an operable area.

  • Save A Child’s Heart (SACH) : This is an organization in Holon, Israel that I had the pleasure of visiting in 2018 as part of a “mission” of sorts. This group is based inside of a hospital where it utilizes the common operating and recovery rooms for children who have congenital heart disease at No cost to the families. Ironically, this organization does Not treat children of Israel since Israel utilizes a Universal Health Care system and offers “free” healthcare. The organization serves children from undeveloped nations such the Congo, Ethiopia, Zanzibar and Gaza. Religion and Nationality have no bearing on who get helped, it is based solely on need.

In 2017 we started a local chapter to help raise awareness and funds to support the group.

If money were no issue, what would you do with your time?

Spend more time volunteering in the community, as well as helping others network/connect to further their businesses and concepts.

Favorite food? Worst food?

Like most people I love all that is not good for you, like pizza, Italian, etc. I do like Mediterranean a lot too. Reality, I try to eat well most of the time and definitely cheat along the way. I am a fan of Red wine and many bourbons.

Cook or clean dishes?

I am more of a “cleaner “ these days, but there was a time I would cook frequently.

Favorite sports team(s)? Favorite book? Favorite movie?

FSU Seminoles ; grew into a Falcons fan and now, like most locals , Atl United.

Furthest you’ve ever traveled? Best trip of life?

All over Europe  and again to Normandy France for the 50th anniversary of D-Day (1994); and any trip with my family

Speak any other languages?

Barely speak English!@

Mountains, beach, or staycation?


Role model in your life?

Several : Father, best friend, and uncle

What is one tidbit of information about you we wouldn’t expect?

With 3 girls, I am one of the best at blow drying and straightening hair!

‘Ban the Box’ is Most Likely Coming Soon to an Employer Near You

Categories: Articles

According to the National Employment Law Project (NELP), three-fourths of the U.S. population lives in a community that has banned the box. This leads to the question of “Can you legally ask an applicant if he or she has ever been convicted of a crime or involved in any illegal criminal activity,” during a job interview?

The answer is both “yes,” and “no.” It’s complicated. Can you legally include this question on a job application where an applicant has to click the box regarding having a criminal background? Currently you can—in *some states and municipalities, based on private or public entities.

**On the Public Level, over 150 counties and cities and 35 states (at the time of this writing) have initiated the “ban the box” movement in an effort to allow job candidates a fair chance of becoming employed. Depending on the state, county, or municipality’s laws, the candidate may not be questioned about his or her criminal background until later in the hiring process, generally after a firm offer has been made, or sometimes after a second interview where the question may be asked or a criminal background check may or may not be performed (again, this depends on your state or local laws).

**In the Private Sector, 18 counties and cities and 12 states (at the time of this writing) have extended the fair-chance laws to ban the box among them. This is all in an effort to give a potential employee a chance to prove to the employer that he or she is qualified for the position. In the past, most employers would look at the check mark in the box, and make a snap judgement based solely on that and move on to the next applicant before a fair chance was given.

So, what does happen when a potential employee applies for a position and you are genuinely interested in them, only to discover during a criminal background check that he or she has a criminal record? This is up to you. According to a *“SHRM” article dated November 12, 2018, “The dilemma for HR and hiring managers lies in finding the balance between giving applicants with a criminal history a chance to be evaluated on their qualifications and being liable for negligent hiring.”

As the ban the box movement progresses, and it is, things can get even more complicated for employers and the hiring process. It’s a little-known fact that this movement has been around for the past 20 years, but it is gaining momentum as time goes by. These days, more than ever, Human Resources has their work cut out for them, and if you don’t currently have an HR department or someone certified in HR at your disposal, it is imperative that you seek out a reputable HR company like Stellaris Group in Roswell, Georgia.

Stellaris Group is well-versed about Government Compliances, Recruiting and Hiring, Employee and Labor Relations, and day-to-day HR management. If you need to know what you can or can’t do as a business owner or an employer, you can count on Stellaris Group to keep you in the know.

Dawn Stastny, SPHR, SHRM-SCP is the Managing Partner and Founder of Stellaris Group, LLC. To learn more about Human Resources Outsourcing and Consulting, connect with her at 678-935-6001 or by email at Dawn.Stastny@Stellaris.Co



CMS and The Office of Civil Rights takes another step in enforcing HIPAA activities by launching “ASETT”

Categories: Articles

The new program is called ASETTAdministration Simplification Enforcement and Testing Tool.

This is a web based platform is for individuals or organizations to file complaints for potential non-compliance with the non-Privacy/Security provisions of HIPAA. CMS is making an effort to make the “whistle blowing “ process easier for the general public. A streamlined process to allow patients to report what they feel is a violation or misstep with their PHi and the like.

The ASETT system securely captures demographic information about the complainant and the filed-against entity, as well as details of the alleged violation, and any supporting documentation provided by the complainant and the filed-against entity. When filing a complaint, the complainant has the option to remain anonymous to the filed-against entity.

Complainants are urged to provide as much detail as possible to justify and support the allegations, and to ensure that accurate contact information is provided for the filed against entity (full names, titles, phone numbers, and email addresses). Each complaint is reviewed for validity and completeness to ensure that it can be processed.  The site offers Tips to assist the accuser in documenting their compliant. (ie. Add Supporting Attachments to support your complaint. Test Transactions to support Transaction violations)

Once the contact information for the complainant and the information against entity is verified and validated, CMS will officially open a complaint. CMS will contact the filed-against entity by phone/email to notify them of the allegations and to advise them that a letter will be sent with complaint details and a request for follow-up. This exchange permits the filed-against entity to evaluate the information, conduct an internal investigation, and either dispute the allegations or develop a response indicating how the issue will be corrected.

The correction can be done either immediately by their staff,  or through a process outlined by a formal Corrective Action Plan (CAP).

The CAP is created out of performing a Security Risk Assessment and documenting those items that need to be addressed/mitigated. CAPs are considered a “working or live” document since it should be referred to and updated throughout the year. Just about any audit that a covered entity will be faced with will include the delivery of a current Corrective Action Plan.

One of our services includes examining a covered entities current CAP (and Risk Assessment), to help them better understand those how to mitigate those specific risks, and help them prioritize with a plan forward. If you need additional information, feel free to contact us at  or 877-270-8306.

You can find more information about the ASETT web based tool with the link below.

Healthcare’s number one financial issue is cybersecurity

Categories: Articles


The cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity and reputation.

Tuesday July 30, 2019

By:  Susan Morse, Senior Editor, Healthcare Finance


Cyber attacks affect the finances of every hospital and insurer like no other.

“I’ve seen estimates of over $5 billion in costs to the healthcare industry annually,” said Lisa Rivera, a partner at Bass, Berry and Sims who focuses on healthcare security. “That’s enormous and is not going away.”

Beyond the cost to find a solution to fix breaches and to settle any civil complaints are fines from the Department of Health and Human Services Office of Civil Rights. In 2018, OCR issued 10 resolutions that totaled $28 million.

The HHS Office of Civil Rights is stepping up breach enforcement of private health information, according to Rivera, who is a former assistant U.S. Attorney and federal prosecutor handling civil and criminal investigations for the Department of Justice.

What officials want to see is that the hospital or insurer has taken reasonable efforts to avoid a breach.

“There is no perfect cybersecurity,” Rivera said. “They say it’s not perfection, it’s reasonable efforts. That’s going to require an investment up-front to see where data is located, and educating the workforce on phishing incidents.”

Also, hospital finance professionals who are relying more on contractors for revenue cycle management and analytics should take note on the security issues involved in sharing this information.

“Every sector of business has attacks, but healthcare is experiencing the largest growth of cyber attacks because of the nature of its information,” Rivera said. “It’s more valuable on the dark web.”

It’s also not easily fixed.

If an individual’s credit card is stolen, the consumer can cancel his or her credit card. But in health records, the damage is permanent.


Despite the number of breaches, healthcare has been behind other sectors in taking security measures. Four to seven percent of a health system’s IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry, according to Rivera.

Hospitals are behind because first, it’s a challenge to keep up with the move to more information being in electronic form.

“There’s no hospital that doesn’t have mobile EHR information,” Rivera said. “Then there was this transition with incentives from the government to go to electronic medical records. There were vast routes to doing that without a lot of experience involved in doing it. The push to become electronic began happening with this enormous uptick in cyber attacks.”

Also, the focus of healthcare has always been patient care. The population health explosion also involves the sharing of information.

And consolidation across the healthcare industry can potentially make covered entities more vulnerable to lapses in security during the transition and integration phases.


The number one way to cut costs is to prevent a breach. Once one has happened, hospitals must be able to identify it as soon as possible and then be able to respond to it.

Hospitals should be able to determine where certain data goes off the rail, Rivera said. For instance, large systems doing research have outcome information that may not be within the system of protection.

“You don’t want to learn about a data breach because the FBI saw it on the dark web,” Rivera said. And some hospitals have.

It’s a constant battle of software updates and checks. Criminals are pinging systems thousands of times a day. It’s like locking down doors and windows.

The first thing that’s needed for systems large and small is a risk assessment. This is the first thing the OCR wants to see, she said. Many hospitals use an outside vendor to do the job.

Prices for other cybersecurity measures vary from a software purchase that could be in the millions, to having vendor monitoring.

But the cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity, reputation and the service disruption.

Hospitals can also purchase cyber insurance, which varies in cost and coverage. Some obtain it for purposes of class action lawsuits.


OCR enforcement activity during 2018 demonstrates the agency’s continued emphasis on enforcing violations of the security risk assessment and risk management requirements, Rivera said.

Covered entities and business associates are required to: conduct a thorough assessment of the threats and vulnerabilities across the enterprise;    implement measures to reduce known threats and vulnerabilities to a reasonable and appropriate level; and ensure that any vendor or other organization accessing or storing private health information is security compliant.

The OCR concluded 2018 with an all-time record year for HIPAA enforcement activity. The OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This surpassed the previous record of $23.5 million from 2016.

In addition, OCR also achieved the single largest individual HIPAA settlement of $16 million with Anthem, representing a nearly three-fold increase over the previous record settlement of $5.5 million in 2016. Anthem was held responsible for cyber attacks that stole the protected health information of close to 79 million people.

Article provided by Stephen Bradley

© Copyright - Healthcare Services