Relevant News and Information for
New Avenues and Midwest Behavioral Health Network Providers 
Summer 2018
In this issue
  • Critical Incident Stress Management Team
  • Use of Cell Phones in your Private Practice
  • NASW Sample Social Media Policy for Clinical Social Workers in Private Practice
  • Poll on "Telemedicine"

Critical Incident Stress Management-CISM Team
New Avenues is looking to update and recruit for our Critical Incident Stress Management (CISM) provider team. This consists of providers trained and willing to respond to CISM events whether for grief, trauma, act of violence, threat or disasters. Providers are required to be licensed and certified in CISM. Experience preferred. If you are not certified but are interested in learning more about CISM work, please join us.

We are also wanting to identify providers throughout northern Indiana that are certified in EMDR and other evidence-based trauma treatments to assist with working with our first responders following a critical incident or a natural disaster. New Avenues works with police and fire departments throughout northern Indiana to provide support while they are implementing peer support programs. With this recent partnership, New Avenues is looking to have a group of identified providers to assist our public safety officers on their way to wellness. Immediate access is key to receiving these types of referrals.

Please join us August 1, 2018 for lunch, and a brief training to discuss New Avenues policy and procedures on handling critical incidents and identify any future training opportunities that we may be able to provide as a benefit of being a part of this team of providers. 1 CEU available.

New Avenues is looking for CISM Team members regionally and nationally to support all of our employer groups. If you are interested in participating, please select the "Interested in CISM Team" button and we will send you additional information.

"The Indiana Behavioral Health and Human Services Licensing Board has approved New Avenues to provide Category I Continuing Education for LSW, LCSW LMHC, LMFT, LAC, and LCAC. However, licenses must judge the program's relevance to their professions practice"

Please contact Catherine Herzog, LCSW AT 574-485-1807 or cherzog@NewAvenuesOnline.com with any questions.
CISM Team Meeting
LOCATION
Parkview Atrium, 300 S Saint Louis Blvd., Ste 200, South Bend, IN 46601

DATE AND TIME
08/01/18 11:00am - 08/01/18 1:00pm

For CISM participants unable to attend, select the "Interested in the CISM Team button".
I'll be there!
I can't make it
Interested in CISM Team
Use of Cell Phones with your Private Practice
Healthcare has spent many years, and an enormous amount of money, moving from paper based documentation and care, to electronic health systems and records. Now that providers have everything they need about a patient at their finger tips, providers need to secure communication technology that is HIPAA compliant.

Using mobile devices can be extremely useful in your practice, however it requires due diligence in understanding how these systems work, together with using software and apps that are HIPAA compliant.

  • Texting is insanely useful to your practice, right? but also a potential HIPAA hazard zone. If you're texting PHI, then the full force of HIPAA is going to apply to what you're doing.

  • Solution: To be HIPAA compliant you should be using a HIPAA compliant text messaging system so that text messages are encrypted both in SENDING and RECEIVING of the text message. Look into purchasing a secure text messaging system for your mobile device if you're using your cell phone for your business.

  • Insecure Wi-Fi, You're at your local coffee shop or bookstore soaking up some free wi-fi on your phone and you check your work email, a HIPAA violation? Maybe not, but that email was transmitted from the email server to your phone, depending on how that connection was established, this transfer may have been un-encrypted, flowing through the public wi-fi network. It's like sending a post card through the mail instead of a letter in an envelope. The post card is free game for anyone's reading pleasure.

  • Solution: Using only a Virtual Private Network (VPN).

  • Your Contact List , if you store patient names as contacts, you'll have to ban apps on your phone from accessing your contact list, many social media apps use your contact list as a way of improving yours (and their) social network. Social Media apps might view one of your patients in your contacts as being a likely "friend of a friend" of another of your patients, simply because they share the common connection of you. If your patients are storing your number in their contact list, and their social apps access their contact list, the apps can figure out that two people have the same saved number (yours) likely know each other, this is especially significant in your profession, where simply knowing that someone is a patient is a relevant fact.

  • Solution: Store contacts within apps that have security measures in place and are HIPAA compliant. Ban other apps on your cell phone from accessing your contact list.

  • Your cell phone gets lost or stolen. Modern IOS and Android phones use a whole-disk encryption when their passcode is enabled. Set your phones setting to wipe if too many incorrect codes are entered.

  • Solution: Store PHI only within apps that requires additional authentication after the passcode. If available, enable the ability to remotely wipe your device so you can clear its memory from afar if lost or stolen.

  • The Cloud... it's just someone else's computer. When data is stored "in the cloud" it is simply being stored on a remote computer, this comes with enormous security and HIPAA implications. Many cloud services do not have security that is acceptable for HIPAA purposes, and even if they do, you likely don't have a signed Business Associates Agreement (BAA) in place to keep the HIPAA chain intact.

  • Solution: Look into purchasing a security app for your mobile devise. Turn off any such cloud services that you find unless it is specifically built to be HIPAA compliant and you have a BAA in place with the organization that supplies it.

Included in your Provider Agreement with New Avenues, is a Business Associates Agreement (BAA). By executing your Provider Agreement, you've attested that you have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect Protected Health Information (PHI).

What policies do you have in place to demonstrate that you've put reasonable and appropriate safeguards in your procedures to protect PHI? Address it from both the administrative and technical side, administratively decide what, if any, PHI you really need to access from your phone. Make it your policy to turn on encryption, passwords and other technical features available on your cell phone and always work within software or apps that are HIPAA compliant or that you can sign a BAA with the vendor. Again, if you're using your mobile devices, what safeguards have you put in place to protect your business and PHI.

HIPAA is about processes and systems. Everything depends on the processes that you have designed and your policies surrounding them. When it comes to electronic PHI, the most important of these may be the "risk analysis" process.

The office of National Coordinator for Health Information Technology (ONC) has created a Security Risk Assessment Tool (SRA) to help guide you through a risk assessment. This tool is not required by HIPAA Security Rule, but is meant to assist providers and professionals as they perform a risk assessment.

The SRA Tool takes you through each HIPAA requirement by presenting questions about your organization's activities. Your "yes" or "no" answer will show you if you need to take corrective action for that particular item. To learn more about the SRA visit their website at:


The information provided is meant as general guidance and is not intended to be legal advice.
NASW Sample Social Media Policy
In the Spring issue of the Practice Perspectives, NASW published an article and sample social media policy. Just in case you missed it, Sample Social Media Policy
Does your practice currently provide telemedicine, i.e. Psychiatry or Psychotherapy?
Yes
No
Is your practice interested in offering telemedicine?
Yes
No
Updated Insurance Reference Guide
The Insurance Reference Guide is a resource to assist network providers in identifying the health plans New Avenues Inc. manages and/or rents network access to under the terms of the Provider Agreement.