Free HIPAA Risk Audit Webinars in August

August 14 & 15, 2018 – We are putting on a series of two webinars covering risk to PHI. These two webinars will cover identifying the sources of PHI in your clinic, identifying and classifying sources of risk to PHI, and what it means to take reasonable actions to minimize those risks. We will discuss different software configurations including server based, cloud, and hybrid solutions. There will also be a 10 – 15 Q & A at the end of each presentation for attendees.

WHEN: These two webinars will be held on August 14 & 15 from 12:00 – 1:00 CST. Links to the recorded presentations will be sent to registered participants, so sign up even you can’t make it.

About the Presenter
Matthew Richard, CIOMatthew Richard is the CIO of Mighty Oak Technology, Inc, a certified Project Management Professional (PMP) through the Project Management Institute, he holds a Bachelors of Science in Physics from Southern Oregon University, and is the team lead for Chart Talk. Matt has taken hundreds of clinics through the HIPAA Risk Audits demanded by the Meaningful Use Incentive Program from CMS.

FBI Advises ‘Reboot Router’ to reduce threat from global malware attack

Last Friday the FBI advised all US residents to reboot their routers to mitigate the threat from a Russian initiated threat called ‘VPNFilter’.

This threat is estimated to affect ~500,000 devices from multiple manufacturers. Furthermore, it has been suggested that parts of the threat can persist after reboot and that the only way to be sure that the threat is removed is to reset the device to factory defaults.

Please use this opportunity to update your routers firmware as well. In the course I teach on Performing HIPAA Risk Audits, I go over what a threat an open router is to your data security. Here are a few of the suggestions I give my clients about their routers to improve clinic security:

  1. Reboot your router monthly
  2. Check for firmware quarterly
  3. Do not publish SSID
  4. Disable wireless administration
  5. Enable logging

If you are not sure what any of this means, the manufacturer of your router has a website with the user manual for download. If you don’t like that, a lot of people put out good tutorials on youtube.com. Just search for your router and you will find many videos to help you configure the router yourself.

Your Chart Talk data is not at risk. The information you send is encrypted and the servers that store you patient data are never exposed directly to the internet via the Chart Talk interface. These are just more ways that Mighty Oak Technology looks out for your clinic.


Wi-Fi Security threat a risk to every health care clinic

This week the KRACK (which stands for Key Reinstallation Attack) threat to the WPA2 security framework was announced. KRACK is especially relevant to the small businesses that we work with because usually, you don’t have a dedicated IT person to update your hardware on site.

Details of the danger

This danger makes traffic between wireless devices & your router susceptible to interception by a third party. This third party would just need to be within range of your wireless network without needing to log in. If the communication is encrypted, in the case of secure websites for instance, the third party would not be privy to the content of the communication. In the case of unencrypted communication however, the intercepting third party would see everything.

KRACK is mostly a local threat. Any individuals attempting to expoit the threat need to be in range of your router. I’ve always found that not publishing your network name eliminates the possibility of people discovering your network by chance.

Lock it down

Update all of your wireless devices beginning with your routers & modems.

  1. Run updates on all Windows, Apple, & Android devices.
  2. Here are links to a few popular router manufacters pages to help you get started on securing your own network.

We are putting on a free webinar on HIPAA security and we will cover updating router firmware for sure. If you want to attend it’s going to be from 1:00 – 2:00 PM CST. Register by clicking here


Risk from Kaspersky Lab’s Anti-Virus Software

Common anti-virus, Kaspersky that came pre-install on computers from popular retailer Best Buy was recently found to be a vulnerable to security risks.
(see article)

This just demonstrates, that no matter your best intentions or how proactive you are at security protected health information (PHI) you need to have an updated and dynamic process for addressing HIPAA security issues.
Here are some things we think you need to address with your staff, to protect you work stations and network:

  • E-Mail phishing scams. Never download or open anything on work computers from your e-mail.
  • Never check personal e-mail from work computers.
  • Make sure your wireless password is not the factory default and change it once per year.
  • Make sure employees are not sharing passwords. Each individual employee needs their own log-in.
  • If you are using a data back up service. Make sure you understand how you can restore that data if and when you need it.

There are many other factors in establishing a comprehensive process of maintaining protected health information (PHI). These are some of the easiest to fix and most common dangers to health care providers today.


HIPAA Risk Audit Consultation

lock-circle-green-512HIPAA security risk assessment is an on-going process of discovering, correcting and preventing security problems. The risk assessment is an integral part of a risk management process designed to provide appropriate level of security for your clinic.

Mighty Oak Technology has assisted hundreds of clinics like your own in creating a HIPAA baseline and setting up an annual risk assessment plan. Our proven method has helped many clinics pass rigorous audits and keep their EHR incentive payments.

Don’t get caught with inadequate documentation. Mighty Oak Technology will work personally with your HIPAA security officer to identify, document, and evaluate the protected health information (PHI) that you are responsible for.

If this is your first time working with Mighty Oak Technology’s HIPAA services, we will:

  1. Designate someone in your clinic to be the HIPAA Security Officer
  2. Establish and document a HIPAA baseline
  3. Document all PHI (digital and physical) at your clinic
  4. Identify risks to the PHI
  5. Document risk mitigation efforts

If you have HIPAA risk audit procedures in place, Mighty Oak Technology will work with you to:

  1. Review and update your HIPAA risk baseline
  2. Review and document changes to all PHI (digital and physical) at your clinic
  3. Identify risks to the PHI
  4. Document risk mitigation efforts

Confidence in your HIPAA documentation and knowing that you are making every effort to protect your patients data will let you sleep better at night. Let the professionals at Mighty Oak Technology help you rest easy. Call to schedule your HIPAA Risk Consultation today.


MIPS Certification

After completing a two week course to become a MIPS certified project manager recently, I began reflecting on the evolution of these CMS incentive programs over the last six years. One thing about this new program, compared with meaningful use, PQRS, or the value based modifier is that MIPS brings a lot of what we (software designers and developers) have had to do for software certification in 2011 & 2014 to the clinicians attention. I have clients calling me up asking about exporting QRDA files, choosing quality measures, and submitting data to registries.

It’s going to be a steep learning curve but for the Chart Talk users that have been dilligent about participating in our webinar training series, this switch to quality and the vocabulary associated with it shouldn’t be anything new.

One interesting topic covered in the certification course was developing a strategy for participating in MIPS. Determining the maximum incentive and penalty over the next four years gives you a starting point. Investing your clinics time and resources is expensive and you need to make sure that the return is worth the investment.

Meaningful use required your software to be certified for certain quality measures but did not require any results from you. Now, those same quality measures need to be reported on and you will be graded on a curve. In this first year there is no bar or level to shoot for; You want your quality numbers to peg you at the in the high quality, low cost group of providers.


Quality Payment Program Consulting

The programs MIPS and MACRA are now known as the Quality Payment Program. Payments from CMS will be affected based on providers participation in 2017. Private payers are getting in on the program as well by offering pathways through Alternative Payment Models.

New requirements can be a hard to stay on top of. Determining if you qualify for the program, which path you should take, and what are your best options is just the tip of the iceberg. Demonstrating quality requires a plan. Mighty Oak Technology offers you access to our certified project managers to help your organization build and implement a plan to demonstrate quality at the highest degree of success. There are over 300 quality measures.

Step 1Step 2Step 3

Determine Eligibility and Financial Risk/Gain

Do You Qualify? If you receive $30,000 or more in allowed medicare charges, you qualify to participate in QPP

The first step towards developing a comprehensive plan for your organization is to determine the ROI from participating. If the investment is more than the reward it does not make sense to throw good money after bad money. Factors such as participation level, max reimbursement vs. max deduction, and alternative paths must be taken into consideration at this stage.

Target Participation Level and Success Rate

Once the ROI is determined, participation level will be considered. Simply testing your system, partial and full year reporting, or not reporting at all are options whose reward level must be considered. During this stage we will target the quality measures that best suit your organization. At the end of this process an estimate of cost vs benefits will be submitted as a guide for implementation.

Develop Detailed Plan for All Stakeholders

Using the targeted quality measures and participation level a detailed plan of action will be created. The focus of the upcoming plan will take into account data required to demonstrate each measure, how each measure is tracked and reported, success thresholds for each measure, and a scheduled review to monitor the projects status will all be created. All stakeholders will be identified and instructions for each role will be created and optimized for your organization.

Mighty Oak Technology, Inc.

Has assisted hundreds of organizations to receive millions of dollars in incentive payments through the CMS EHR incentive program, commonly referred to as Meaningful Use. The Quality Payment Program consolidates Meaningful Use, the Physician Quality Reporting System (PQRS), and the Value Base Modifier program into one. This new program is broken into four parts, each part having it’s own unique quality reporting requirements.

Our consultants have been certified as MIPS Quality Project Managers. They are well versed in the MIPS requirements and alternative payments models in place across the country. Our Mighty Oak Team is familiar with the language of quality measures and interpreting the coding required to demonstrate those measures.

To get a quote on joining our registry or hourly consulting please reach us 952.370.5550 and choose Mighty Oak Technial Services from the call tree.


2016 Meaningful Use Attestation Readiness Consultation

Meaningful Use Services
Matthew Richard is CIO of Mighty Oak Technology. Matt has overseen software development teams for Stage I and Stage II meaningful use EHR certifications. Matt wrote the manual on properly conducting and documenting HIPAA protected health information audits.

Mr. Richard has worked with hundreds of chiropractors, CAs, and staff to successfully demonstrate and document Meaningful Use of an EHR. Clinics working with Mighty Oak Technology have collected over a million dollars in incentive reimbursements.

Mighty Oak Technology has been on the forefront of educating Chiropractors on the requirements of successfully demonstrating Meaningful USe of an EHR since 2011. Demonstrating meaningful use in 2016 & 2017 can be confusing when trying to understand the requirements, exclusions and necessary documentation to ensure that you can pass an audit after you successfully attest.

Whether your clinic is at the top of its game or if you are as confused about meaningful use as 90% of other healthcare providers, our consultative services will help.

What you get with our one hour consultation:

  • HIPAA Security Audit Workbook and Report Templates ($300 Value)
  • A Detailed list of Measures that have no exclusions
  • A detailed list of measures with exclusions
  • Instruction on how to properly document measures and exclusion
  • Template for documenting successful meaningful use attestation for your records

Mighty Oak Technology can also review your attestation documentation and help you meet compliance. We have taken hundreds of providers through stages I & II of Meaningful Use attestation. We have helped many clinics with Meaningful Use pre-pay audits. Call today to schedule your clinical evaluation.

Consulting Rates
Meaningful Use Review – Includes all the above listed points. A one-on-one session to review all requirements and exclusions that apply to your clinic, outlining a plan for your clinic to meet all requirements by December 31, and a meeting summary for your record.



2016 Dragon Medical Practice Edition 2.3 Upgrade and Assistance


Today, Nuance announced a FREE UPGRADE for users of Dragon Medical Practice Edition 2 (DMPE 2) to upgrade to DMPE 2.3.


If you are still on an older version of DMPE, you can purchase an upgrade to the DMPE2 version, through Mighty Oak Technology Inc. for $599.


If you prefer that Mighty Oak Technology install the update, we would do the following for the normal hourly rate of $195/hr:

  1. Back up your existing user files to preserve your macros
  2. Download and install the new version of Dragon onto your computer(s)
  3. Check permissions, security and make sure that Dragon is running properly




For more information, or to schedule an installation contact us at:   dragonupgrade@mightyoakinc.com