• Breach on Puerto Rico

Ricardo Rivera Cardona is the top official at the Puerto Rican government agency that issued a HIPAA fine. He, along with a group of enforcers known as the Puerto Rico Health Insurance Administration, fined insurer Triple S Salud a penalty higher than any HIPAA-related issue delivered by the Department of Health and Human Services’ Office for Civil Rights in the United States.

 “We are sending a message that we are here to enforce. There are no exceptions, no matter how big or small an institution is. ASES will make sure patients have access to medical services, and that their patient information is also protected. We are adamant about this.” Ricardo Rivera Cardona

This article was released Wednesday, February 19, on the online site Healthcare Info Security. This article reflects that even those outside US soil are still within US jurisdiction especially when it comes to US patient’s privacy and safety.

  • PHI Protection Network Conference

The PHI Protection Network Conference was held last Thursday at Double Tree Suites by Hilton Anaheim Resort in Anaheim, California 92802. It was a whole day event wherein PHI Protection was discussed at length along with the ways by which they could be protected.

The HOLD (Health Outsourcing List by Dumatek™) was announced today during the conference and many of the attendees got firsthand information on what the HOLD is. The HOLD is a comprehensive list by DUMATEK of HIMBPO companies in the Philippines that gives due diligence on data security and compliance through the utilization of DUMATEK methodologies. A PRESS RELEASE to be posted on the HOLD will immediately follow to summarize the events that transpired during the conference.

Several keynote speakers who have high influence as well as exposure in the United States Healthcare System have got to know of the existence of the HOLD today. This is another huge step forward for both Dumatek and Dumatek-PI as this is key in the realization of the company’s vision/mission. This could help bring more healthcare entities to gain curiosity and interests to outsourcing healthcare administrative processes – an opportunity for firms to take advantage of the savings of outsourcing in the Philippines. Key players as well as industry leaders are waiting to meet with Dumatek CEO, Mr. Gerry Dumatol, in regards to the developments of the HOLD.

An extensive talk ICD-10 adaptations and conversions were tackled today during the conference – another primary issue revolving around healthcare today.

  • Skagit, WA. Faced with $215,000 Fine for First County HIPAA Violation

Based on a report made by HHS (Human Health Services), Skagit County Public Health Department, a county firm that offers services to individuals without the means to afford healthcare, had violated the HIPAA Privacy, Security, as well as the Breach Notification Rules affecting 1,581 individuals. Investigations on Skagit County began on December 9, 2011 upon being tipped-off with a breach report revealing that money receipts with seven individuals’ ePHI (electronic protected health information) had been accessed by undisclosed parties after the data had been moved to a publicly accessible County server. The investigation had hinted that many patients’ accessible files included sensitive information, counting PHI with testing and treatment of alarming diseases.

From September 14, 2011 until September 28, 2011 had the breach transpired. Some of the violations made by Skagit County are listed below:

  1. April 20, 2005-present – failure to implement sufficient policies and procedures to prevent, detect, contain, and correct security violations.
  2. April 20, 2005-present – failure to  provide security awareness and training to all workforce members, including Information Security staff members, as necessary and appropriate for the workforce members to carry out their functions within Skagit County.
  3. April 20, 2005-June 1, 2012 – failure to implement and maintain in written/electronic form policies and procedures designed to ensure compliance with HIPAA Security Rule.
  4. November 28, 2011-present – failure to provide notification as required by the Breach Notification Rule.

HHS Office of Civil Rights (OCR) Deputy Director of Health Information Privacy Susan McAndrew had stressed that this case with Skagit County is the first settlement with a county government. It gives out a bold importance to HIPAA compliance to local and county governments, with no exception to size. No one is excused to comply with the program ensuring the privacy and security of patients’ information.

In lieu of this, Skagit County will work with OCR in creating a corrective action plan (CAP), securing documented policies and procedures, documentation requirements, training, and other compliance measures with the HIPAA Law. This CAP requires Skagit County to give out regular status reports to OCR. Skagit County has settled to the following corrective action:

-          Provision for substitute breach notification to affected individuals not previously notified

-          Provision for HHS for its review and approval a description of its procedure that ensures the content of any accounting of disclosures

-          Submission of HHS’s review and approval of hybrid entity documents designating its covered healthcare components

-          Conduct accurate and thorough assessment of potentials risks and vulnerabilities to ePHI

-          Creation and revision of written policies and procedures for its covered healthcare components in compliance with Federal privacy and security standards

-          All workforce under Skagit County’s covered health care components having access to ePHI shall receive general Privacy, Security, and Breach Notification Rule training

  • EFT and ERA (835) Operating Rules

 Enrolment, Prior Authorization, and Claims Attachment

New operating rules have been established to increase efficiency in conducting standard transactions. This streamlines the processes between providers and payers. Such improvements in these rules are seen to save an estimated billion dollars in healthcare overhead costs over the next decade.  Providers will also be able to use more time to allocate to patient care over administrative processes.

CMS1500, Version 02/12 Form (New Claim Form)

This new form caters to the reporting needs of ICD-10 along with the requirements of Accredited Standards Committee X12 (ASC X12) Health Care Claim.

Updates on Diagnosis Codes (Box 21) were one of the largest changes in this claim form. It has been expanded to suit 12 diagnostic codes from the previous 4 codes; uses letters for each code (A-L from 1-4). An ICD Indicator, which is for indicating codes for either ICD-9 or ICD-10, has also been added.


This is the 10th revision of the International Statistical Classification of Diseases and Related Health Problems (ICD). It is a medical classification by the WHO (World Health Organization).  This generally codes for diseases, symptoms, abnormal findings, complaints, diagnosis and the like.

  • DumaTek-PI Inaugurated into HIMOAP

The Healthcare Information Management Outsourcing Association of the Philippines (HIMOAP) held its Annual Meeting and Election of its Board of Trustees last December 2, 2013 at the Legazpi Room of the Interncontinental Hotel, Makati City. Our Marketing Administrator and HIMOAP representative, Ms. Dawn Casagnap attended the meeting and received DumaTek-PIs Certificate of Recognition as a Vendor Member along with <name of other company>. Those who were elected as the new members of the board of trustees are:

    • Cristina "Beng Coronel, President - Pointwest Technologies Corp.
    • Michael "Mike" Chua, CEO-President - Transkripsyo, Inc.
    • James Donovan, CEO - Pharma KPO Corporation
    • Fred Kumetz, CEO/President - eData Services Philippines
    • Josefina "Penny" Lauchangco, Director - American Academy of Medical Transcription (AAMT)
    • Myla Rose Reyes, Vice President - SPI Healthcare
    • Danilo "Dan" Reyes, Country Manager - Genpact Philippines
    • Judy Whisenhunt, COO & Director - Teledevelopoment Services
    • Jeffrey "Jeff" Williams, AVP-Global Clinical Services, Operations - MediCall Philippines Inc. a Cognizant Company
  • Press Release of the HOLD

The press release entitled "A Managed Compliance Services Program (MCSP) Introduced for HIMBPO Companioes in the PHILIPPINES to Manage PHI Under HIPAA" introduces DumaTek-PI as a data security and Compliance company that supports HIMBPOs in the Philippines who manages US patients healthcare information known as Protected Healthcare Information (PHI).

"PHI is protected by the US goverment under US HIPAA Laws which have already embarrassed a good number of supposedly reputable US healthcare entities."

Thus, entities are shown on a list called the Breach Notification Rule which is available for viewing on the Office of Civil Rights (OCR) website.

The release also introduces to US healthcare companies the Healthcare Outsourcing List of DumatekTM (HOLD) which is a list of outsourcing companies based in the Philippines that healthcare companies in the United States could trust and hire. As companies listed on the HOLD, US healthcare companies are assured that the companies they hire for outsourcing are not putting their clients’ records in danger by entrusting classified information to non-HIPAA compliant outsourcing companies. The press release was posted on PRNewswire. They are the authoritative source of news and information for leading global media organizations. 

Here is a link.

  • End of Life of Windows XP and Microsoft Office 2003

Windows XP and Office 2003 will no longer be supported by April 8, 2014.  As HIMBPOs, we are expected to keep US patient’s information secure.

According to Microsoft, “the average enterprise deployment can take 18 – 32 months from business case through full deployment” which is why businesses who are still using Windows XP and Office 2003 are encouraged to make the “migration to a modern desktop” as soon as possible.

End of life for Windows XP and Office 2003 users means that beginning on April 8, there will be no new security updates as well as non-security hotfixes; neither will there be any free or paid assisted support options or online technical content updates. Continuing on running Windows XP and Office 2003 without a support may result in data security and compliance risks: particularly to those who deal with a lot of sensitive information. There is also the case of losing hardware support as there are software programs that have specific requirements. 

 Want to know more? Read here...

  • Intensity 10: Propelling Healthcare Information Management to Exponential Growth

Last November 12, 2013, the Healthcare Information Management Outsourcing Association of the Philippines (HIMOAP) organized the 4th HIMOSC with the title Intensity 10: Propelling Healthcare Information Management to Exponential Growth with the help of TeamAsia, an award-winning strategic marketing communications firm that develops place, corporate and personal brand strategies, creative concepts, and marketing communications programs incorporating events, public relations, and Web 2.0 tools for our clients. It was held at Intercontinental Hotel, Makati where it was attended by key industry players and providers to discuss issues and trends in healthcare outsourcing. Read more...

  • HIMOSC 2013: Taking Healthcare Outsourcing-Service to new Heights

The Health Information Managing Outsourcing Services Congress (HIMOSC) is hosting an event with titled Intensity 10: Propelling Healthcare Information. It will be held at The Intercontinental Hotel Manila, Ayala Ave., Makati City. registration begins at 8:00 am for all those who are attending.

In this event, there will be a recap of what the Health Information Management (HIM) industry has achieved for the past decade. Speakers were also invited by HIMOSC to talk about opportunities that rise in new and existing healthcare policies that could and will contribute and impact the HIM industry today. Discussions will also take place on what type of changes can be expected of the HIM industry in the coming next decade.

Want to see more? HERE

  • Gerry arrives in the Philippines!

On September 30, 2013, Mr. Gerard Dumatol will be arriving in the Philippines and he will be staying in the country for 2 weeks. He will be around to meet with HIMOAP members to introduce to them DumaTek - PI and its services. He will be doing workshops with the aim of explaining the process, the agreements and the responsibilities that is required of a HIMBPO company. Check out the events page!

By Sept. 23 hospitals and physicians must comply with the HIPAA omnibus final rule, which strengthens patient privacy protections and provides patients with new rights to their protected health information. Read more...

This video are not DUMATEK-PI videos but OCR videos made public through YouTube.

The information contained in these videos are so important for protecting e-PHI, released by OCR. DUMATEK-PI finds itself responsible to inform covered entities and business associates of this information to protect e-PHI. DUMATEK-PI has taken the liberty to pass this link for CEs and BAs to benefit from its information and prepare for audits.

As frustration with the US health care system mounts, so do calls to outsource our health care. The hope is that medical tourism can provide fixes not only for individual patients, but also for our health system. Read more...

  • DUMATEK-PI (first clients)
  • Announcing the HOLD
  • Business Associates and Sub-contractors
  • Business Associates Agreements
  • Increase in HIMBPO activity
  • Cotifa Data Security for BPO companies in the Philippines (October 2012 at Knott's Berry Farm Hotel)