Notifications
Clear all
General Discussion
4
Posts
3
Users
0
Reactions
85
Views
Topic starter
Hello,
My providers have hired a third party consultant to "take a look" at our Groupcast Practice Management System and our GE Centricity EMR. He wants full access and disclosure to it all.
1. Has anyone ever had this happen to them?
2. Has any one ever heard of TLK Medical Group? I searched this on line and looked up the president on LinkedIn. His name is A.J. Reilly.
3. What kind of access other than administrative would he want and what would he be looking for?
I am very hesitant to provide him any access but I have to follow the orders of my providers. Any help or advice would be much appreciated.
Posted : March 7, 2019 10:26 am
If he is going to log into the applications, I would definitely make him his own user ID and give him as close to read-only rights as you can for what he wants to do. I would also run audit reports on what his user account is doing. Depending on what you have turned on, you might want to turn up auditing while he is onsite. As far as servers, again, either his own ID or have someone from IT drive while he looks at things. Is he looking at workflows or is this hardware/software performance improvement suggestions or both?
Posted : March 7, 2019 12:55 pm
Topic starter
I believe it to be both. Thank you for responding. I appreciate the advice.
Posted : March 8, 2019 7:33 am
Since this company would likely not be considered a Business Associate, I would recommend having the individual sign a Non-Disclosure/Confidentiality Agreement as he will be exposed to PHI. At the end of the day, you are trying to protect the interests of your physicians, so I wouldn't be bashful about asking them about the purpose of the assessment. Explain to them that you aren't trying to be a road block, you just want to ensure that the practice is doing their due diligence to accommodate the privacy/security provisions in HIPAA. If this company caters to covered entities, they will not have a problem signing this type of document and may even have one themselves. If they are surprised by the request, then that would be a huge red flag to me.
Posted : March 15, 2019 12:03 am
