June 17, 2016
5 Minutes with
BC Advantage (BCA): Can you tell us a little bit about yourself and how you got started in the healthcare industry? Shannon Guanche (SG): I am the proud mother of two incredible children, both in college at Florida State University (GO NOLES!). My son, Brett, is pursuing a major in criminology, and my daughter, Stephanie, in psychology. I have just celebrated my 20th anniversary with my husband Eddy, and my 15th anniversary with Vascular Surgery Associates where I serve as the coder and HIPAA Compliance Officer. I got my start in the healthcare industry working for my mom as a file clerk way back in the olden days when we used paper charts. While I didn't love doing the filing, I did enjoy having the opportunity to fill in in other areas in the office and was eventually trained to do everything from check-in and check-out to assisting with office surgery. It was during this time that I went to nursing school, and while I enjoyed nursing, I decided that wasn't the field for me, but I loved working in the healthcare industry. I was given the opportunity to learn how to do some coding while working for my mom. She taught me the basics, and I found that I loved that it was ever changing, and I was able to be constantly learning. I left my mom's office after I had my daughter, and when I did go back to work, I was blessed with the amazing opportunity at Vascular Surgery Associates that is now my career.
BCA: You are a licensed PMCC instructor and also a HIPAA compliance officer. What does a typical work day entail for you? SG: Along with being a licensed PMCC instructor and HIPAA Compliance officer, I am first and foremost the coder for Vascular Surgery Associates. Although coding is my primary job function, I wear many hats at VSA. A typical day for me begins at 8 a.m. with a big cup of coffee! I go over the patient lists that were left on my desk by the physicians and spend much of my day reviewing procedure and surgery notes and assigning codes and applying these codes to claims. Since I am the only coder for the practice with eight providers, I stay very busy in this aspect. In addition, I am responsible for working claims denials and appeals as they relate to coding issues, such as LCD, CCI edits, etc.
I am also the HIPAA Compliance Officer for the practice and as such, I am responsible for implementing HIPAA Privacy and Security and maintaining our HIPPA and OSHA compliance training for all employees. While this role seemed a bit daunting at first, I have found that with the appropriate policies in place and proper staff straining, HIPAA compliance problems are few and the role is more a routine.
BCA: Being a HIPAA compliance officer, what effective teaching methods work for you when training office staff about HIPAA laws? SG: We use a compliance program through Healthcare Compliance Solutions, Inc., which is a great tool for initial and yearly employee compliance training. This allows the employees to train as their schedule permits rather than having to gather 40+ employees and the providers to train all together. Typically, I only have to login to the program about once a month to verify and notify who is due for training, and the program does the rest! It makes this part of my job very easy! I also receive monthly newsletters from HCSI with tips and information related to both HIPAA and OSHA, and I often share these newsletters with the staff as a supplement to their training.
BCA: What areas of vulnerability do you often see when preparing offices for HIPAA security? How hard/easy would you say these issues are to fix? SG: Workforce security is one of the areas of vulnerability seen. HIPAA Security is only as strong as the team exercising it. HIPAA requires that policies and procedures be in place to ensure workforce members have appropriate access to ePHI; however, too often it seems access is given a bit too freely to employees without thought to exactly what access they really need to complete their job. This is an easy fix, and can be completed by evaluating job duties and assigning minimum necessary access to ePHI.
Internet access and emails are two of the most dangerous activities to a computer and are another area of vulnerability. Viruses can attach themselves to e-mails and other files and then expand to infect the hard drive, changing and/or erasing data then spreading to other machines. This is another easy area to correct by keeping employees aware of potential threats and implementing policies regarding web browsing and email use.
BCA: What exactly does the HIPAA security rule encompass, and what does staff need to know to keep information secure? SG: The HIPAA Security Rule applies to electronic health records. As we have become a more technological society, it has become necessary to have a security plan in place to protect private health information from potential loss, theft, or breach. Computers have made us more efficient, but a computer is a vulnerable place for protected health information. The key premise of HIPAA's Security Rule is to determine what safeguards are appropriate for a given practice and to implement these safeguards.
Each staff member plays a valuable part in protecting ePHI and should be made aware of the HIPAA Security Rule and trained to increase understanding of office policies and procedures as they relate to HIPAA Privacy and Security.
BCA: What is the number one rule you really stress to staff when it comes to HIPAA security and why? SG: Protect your passwords! Because much of today's software requires them to be changed on a fairly frequent basis, passwords can become difficult to remember. This sometimes leads to employees writing down their passwords and leaving these scraps of paper inside drawers or cabinets at the employee's desk, or even taping them to monitors. Passwords allow controlled access to Protected Healthcare Information in the medical office, and should be safeguarded to avoid unauthorized access and potential breach.
BCA: What would you say has been the most challenging thing to learn, teach, or give in your career? SG: I love a challenge but I think the most challenging thing for me is learning that I can't do everything. Although I like to believe I am Wonder Woman, I am still learning that I will sometimes have to delegate tasks to others.
BCA: What has been your greatest achievement so far in your career and why? SG: I always tell people the greatest thing I ever did for my career was getting certified. Being CPC certified has advanced my career and offered me so many great opportunities! It just comes naturally to want to share something you love and I love my career at Vascular Surgery Associates, so obtaining my instructor credential and becoming an AAPC licensed instructor just made sense. I am very blessed that I get to go to a job that I love and enjoy every day, and also to be able to teach and help others toward their career goals.
BCA: What advice can you give our readers who are looking to further their education and obtain a job in the same industry as you have? SG: Medical coding is a challenging, exciting, and growing in demand career, and I encourage anyone with interest in the field to take a look at the AAPC website and explore the many credentials that can be obtained. Take classes with me or with another AAPC Licensed Instructor since these instructors have been approved by AAPC and trained in the AAPC's exclusive Professional Medical Coding Curriculum (PMCC). Students preparing for the exam with AAPC preparation courses are twice as likely to pass the national exam. Getting certified may be one of the best steps you've ever taken in your career!
BCA: Is there anything you would like to add? SG: Medical coding is one of many rewarding careers on the business side of medicine, and I encourage you to venture out and keep on learning! Reach out to me via email at firstname.lastname@example.org. I am happy to help you explore the opportunity to become a certified coder.