NMMMA June 2013 Educational Session – HITECH Omnibus Rule (IT Security and Identity Theft in the Medical Practice)

Chris Bevil & Michelle Caswell – Sword & Shield Enterprise Security

by Richard Stokes

Sword & Shield Enterprise Security, Inc., is an information security service provider with corporate headquarters in Knoxville, TN.  Since its inception in 1997, the company has been focused exclusively on delivering security and compliance solutions to many industries, healthcare being one of them.  At June’s North Metro Medical Managers Association meeting, Chris Bevil and Michelle Caswell are going to be talking to us about ‘The Omnibus Rule’ and what that means to your medical practice.

If you haven’t heard of this particular regulation or don’t know enough about it then you need to attend June’s meeting.  Why?  Well, Chris says that for starters you need to know what critical updates you have to make in your practice prior to the deadline of September 23rd, 2013.  It’s summer folks and next thing you know the kids will be back in school and it will be September!

As a former investigator for the Office of Civil Rights (OCR), Michelle says that the OCR is going to be actively looking for compliance with the Omnibus requirements and will be following through by conducting audits.  One way that practices can be exposed to getting an audit is if a patient or customer files a complaint against them.

Michelle and Chris’ goal is to have us all leave with a better understanding of the following:

  • The importance of having written policies and procedures and that they are updated to meet the requirements of the Omnibus Rule.
  • Understand that you can’t just have a policy and expect to maintain compliance – you’ve got to back it up with a written and actionable procedure.
  • A security risk analysis is not just an option and must be completed and reviewed periodically.

Chris says that many practices today are overlooking this critical security assessment and are becoming targets for fines and penalties.  So, to avoid becoming one of these statistics yourself, he suggests you should consider taking the following 2 steps in your practice (if you haven’t already):

  • Update your policies and procedures or start writing them if you don’t have any.
  • Perform a risk analysis.

Michelle and Chris are going to be a great source of information so please feel free to ask questions.  If you like to do your own research they suggest you look into the following areas; they are loaded with good information:

I think it’s safe to say that the world of HIPAA is a very complex landscape.  It’s constantly changing (and frankly it’s a really boring read) so why not hear from a group that can give you the information you need to better protect your practice.  If you haven’t already registered for this month’s event, please do so.  Also, feel free to share this with your peers, colleagues and connections and invite them to attend as well.  North Metro Medical Managers Association.


Network 1 Consulting is a 15-year-old, IT Support company in Atlanta, GA.  We become – or augment – the IT department for professional services companies: law firms, medical practices and financial services firms.  Our IT experts can fix computers – but what our clients really value are the industry-specific best practices we bring to their firms.  This is especially important with technology, along with regulations and cyber threats, changing so rapidly.  We take a proactive approach to helping our clients use technology to gain and keep their competitive advantage.


Richard Stokes: As the Director of Sales for Network 1, Richard identifies “future” clients that can benefit from the support of an experienced, outsourced IT team. He helps clients and prospects find technology solutions they need to achieve better productivity and efficiency so they can focus on making money and growing their businesses.

Network 1 designs, builds and supports the IT you need to run your business more securely, productively and successfully. Whether you want to outsource all of your IT needs to a reliable, responsive, service-oriented company, or need to supplement the work of your internal IT staff, we will carefully evaluate where you are now, discuss where you want to go and implement and support a plan to get you there with as little interruption as possible.

Leave a Comment

Related Posts