Click here for more sample CPC practice exam questions with Full Rationale Answers

Practice Exam

Click here for more sample CPC practice exam questions and answers with full rationale

Practice Exam

CPC Practice Exam and Study Guide Package

Practice Exam

What makes a good CPC Practice Exam? Questions and Answers with Full Rationale

CPC Exam Review Video

Laureen shows you her proprietary “Bubbling and Highlighting Technique”

Download your Free copy of my "Medical Coding From Home Ebook" at the top left corner of this page

Practice Exam

2016 CPC Practice Exam Answer Key 150 Questions With Full Rationale (HCPCS, ICD-9-CM, ICD-10, CPT Codes) Click here for more sample CPC practice exam questions with Full Rationale Answers

Practice Exam

Click here for more sample CPC practice exam questions and answers with full rationale

Tag Archives: Vendor

Prevalent Vendor Assess evaluates third-party vendors’ HIPAA compliance

Product watch

Prevalent Vendor Assess evaluates third-party vendors’ HIPAA compliance

by Chris Apgar, CISSP

Much of today’s healthcare industry is reliant on third-party vendors. If you haven’t asked your vendors whether they are compliant with HIPAA and have implemented sound information privacy and security programs, you are likely facing unknown?and possibly significant?risks. Covered entities (CE) and business associates (BA) are required by HIPAA to exercise due diligence when it comes to their BAs and BA subcontractors. Assessing the risk of those vendors is necessary, especially if those vendors support critical functions in support of CE operations.

Prevalent offers Vendor Assess: a software as a service-based tool that can automate a large part of third-party vendor assessments. Its third-party risk management solution can help CEs and BAs manage the risks associated with BAs and BA subcontractors. And Vendor Assess provides the information and tools necessary to require vendors to address risks that could have an adverse impact on business and clinical operations.

Vendor Assess is a subscription-based service which uses industry best practices to efficiently support CEs and BAs to conduct third-party assessments without the need for additional staff or resources. Prevalent Vendor Assess leverages Prevalent’s Vendor Risk Manager platform to generate focused third-party risk assessments and store the results in an easily accessible web portal. Also, Prevalent’s Vendor Threat Monitor is available to support the collection of real-time vendor threat intelligence information. THe subscription includes a single assessment, threat intelligence monitoring, reporting, and assessment recommendations by Prevalent.

Vendor Assess uses predeveloped third-party security questionnaires to identify CE and BA vendor risks. The questionnaires sent to vendors are customized to address areas of risk that are associated with each vendor versus a static set of questions that are not necessarily suited for each vendor. Because risks vary depending on the vendors and the services provided, the customization is an added bonus?especially when evaluating critical vendor information security risk to CEs and BAs.

The tool can be used to electronically generate questionnaires that can be distributed to vendors and takes a lot less time than manually generating, addressing, and sending questionnaires that are geared to identify risks that vendors pose to their CE and BA clients. The tool creates a centralized repository that can be used to track vendor risk management activities and questionnaire returns and create a baseline of vendor risk that can be used for future Vendor Assess assessments.

In addition to providing a sound solution to assess vendor risk, Prevalent’s offerings include the Prevalent Vendor Risk Maturity Assessment. The Vendor Risk Maturity Assessment was created to help CEs and BAs understand the maturity of their vendor risk management program, review specific actions for maturity improvement, and benchmark overall maturity with other Prevalent clients.

The Vendor Risk Maturity Assessment identifies CEs’ and BAs’ vendor risk management program maturity. The assessment involves a question and answer session with the staff responsible for vendor risk management. A Prevalent analyst reviews the data, identifies areas for improvement, develops a specific action plan for improving maturity across all the CE’s BAs and BA subcontractors and creates an executive presentation to show how an entity’s vendor risk assessment program compares to other Prevalent clients.

Pricing for Prevalent services fits the budget of most small and large CEs and BAs. Pricing is, for the most part, tiered by the number of vendors CEs and BAs will be sending questionnaires out to. Prevalent offers a concierge package of services that has, per Prevalent, appealed to smaller CEs and BAs. More information is available from Prevalent at


Editor’s note

Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. Opinions expressed are that of the author and do not represent HCPro or ACDIS. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Email your HIPAA questions to Associate Editor Nicole Votta at – Briefings on HIPAA

FTC fines software vendor over false encryption claims

Henry Schein Practice Solutions, Inc., a provider of office management software for dental practices, agreed to pay $ 250,000 to the Federal Trade Commission (FTC) to settle charges that Schein lied to consumers about the level of encryption its product provides. The charges specifically address the level of security offered by Schein’s Dentrix G5 software, an office and data management tool that was marketed to address the day-to-day operations of a dental office including database storage of patient records. The software, originally launched in 2012, was marketed as offering encryption capabilities that would help a practice meet HIPAA security requirements.

In contradiction to Schein’s statements to consumers, Dentrix G5 did not use the National Institute of Standards and Technology (NIST) industry standard Advanced Encryption Standard (AES) security. Schein was aware that its product used a less complicated data encryption method and continued to explicitly promote the software’s data encryption capabilities and claimed that the software met “data protection regulations” in marketing material, the FTC alleged in its complaint.

The U.S. Computer Emergency Readiness Team (US-CERT) issued a warning in 2013 about the data encryption method Schein used in its software. Dentrix G5 used Faircom c-tree-ACE which offers a weak level of obfuscation. The algorithm used in this method was called Faircom Standard Encryption, but the name was changed to Data Camouflage to distinguish it from standard encryption algorithms. Faircom describes their Data Camouflage as a supplement to existing security and not a replacement for other security systems. US-CERT notified Schein of this vulnerability on June 10, 2013.

Schein is required by the consent agreement to notify all customers who purchased Dentrix G5 that the software does not offer industry-standard encryption. Schein agreed to provide the FTC with ongoing progress reports on its notification program, and is prohibited from using false advertising to mislead consumers about its products’ data encryption and security capabilities.

The FTC published a description of the consent agreement in the Federal Register. The consent agreement is open for public comment for 30 days. The FTC will then decide whether to make the consent agreement final. The deadline for public comments is February 4. – HIM-HIPAA Insider

How to Choose a Radiology Revenue Cycle Management Vendor – Part 1

When a major hospital-based radiology practice realized that their outpatient volume had dropped suddenly, their Revenue Cycle Management (RCM) company stepped up to quickly diagnose the problem. Using their analytic database, they produced a focused referring doctor report that revealed significant outpatient service volume declines concentrated among a handful of providers, one of which had decreased by 60%.  It’s this kind of responsiveness that sets a true RCM partner apart from the average vendor.

Medical Billing and Coding Blog