Time for your Practice to Revisit your Security Standards

Does your practice have safeguards in place to protect your HIPAA sensitive information? Has your practice participated in security training or conducted a Risk Assessment. Do you have a mitigation plan in place if your practice does experience a breach in your data? These are all important and relevant questions to be asking yourself as a provider moving into the New Year. According to a recent report released by Experian, the potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually in 2015.

Experian’s almanac predicts a stormy forecast is ahead for the healthcare industry as the threats are growing. The report points to many vulnerabilities, the expanding number of access points to protected health information, or PHI, and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the healthcare industry a vulnerable and attractive target for cybercriminals.

“We expect healthcare breaches will increase – both due to potential economic gain and digitization of records. Increased movement to electronic medical records and the introduction of wearable technologies introduced millions of individuals into the healthcare system, and, in return increased, the potential for data breaches,” the report notes.

”Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cybercriminals,” the authors add. “The problem is further exasperated by the fact that many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ PHI. In fact, an individual’s Medicare card – often carried in wallets for doctors’ visits – contains valuable information like a person’s Social Security number that can be used for fraud if in the wrong hands. Currently, we are not aware of any federal or law enforcement agency which tracks data on SSN theft from Medicare cards, but the problem is widely acknowledged.”

The takeaway? Security breaches are a real and increasing threat to the Healthcare industry and taking the proper precautions and implementing security standards, processes and protocols is no longer an option but a necessity. Consult with a security expert today for a Security Assessment and Mitigation Plan at EHR & Practice Management Consultants, Inc. (www.ehrpmc.com) 1-800-376-0212 or contact@ehrpmc.com

Self-Pay Patients are Effecting Your Bottom Line and Decreasing Your Revenue

There has been much debate and scrutiny over Obamacare, leaving many Americans with unanswered questions pertaining to their insurance coverage and their options. But what about the providers? Historically healthcare providers and provider organizations are use to grappling with Medicare, Medicaid and insurance companies for claim reimbursement, but now there is another wrench in the works with the dramatic increase in self-pays. Many providers are struggling to keep up with the new unique financial challenges that self-pay claims create and identifying these patients prior to rendering service and accurately collecting their payments before exiting the office after the encounter. Studies prove that once a patient exits the office without paying their balance that the money owed has a very high likelihood of becoming bad debt. Between 2008 and 2012, multispecialty practices saw their bad debt go up 14 percent, according to a survey by the Medical Group Management Association (MGMA), a trade organization for doctor practices. That’s money that practices were owed but couldn’t collect. Some of them have begun to change their billing strategies to combat those debts, says Ken Hertz, a principal consultant with the MGMA Health Care Consulting Group.

There are solutions, by either outsourcing to a early-out billing company, using price transparency software or by implementing new practices and standards in your office, EHR & Practice Management Consultants, Inc. (www.ehrpmc.com) can assess your practice to better understand which of these options is the best solution for your Practice. We can offer creative solutions to help patients meet their financial obligations and thereby increasing your cash flow and revenue stream. Let us help you by contacting us at 1-800-376-0212 or contact@ehrpmc.com

New Study shows Telehealth is Effective and Less Costly

According to a recent report by the Alliance for Connected Care, telehealth visits are 83% effective and save more than 50% over traditional in office visits. Smaller issues such as sinusitis, UTI and sore throats can be diagnosed and treated in a more cost effective means through telehealth.

“The market for acute care telehealth services is growing rapidly, but is still relatively nascent,” writes author Dale Yamamoto in the study.  The study, which collected data from commercial telehealth vendors and compared that information to costs incurred by Medicare and private insurers, found that the use of a telehealth service, which usually costs between $40 and $50 per visit, can produce a cost savings of anywhere between $136 and $176 dollars typically spent on an in-person visit.  Patient issues, which are usually lower-level complaints, can be resolved in one session in 83% of telehealth visits.  The vast majority of patients only use one telehealth visit per year, and are most often diagnosed with sinusitis, a cold, or the flu.

The data indicates that a telehealth visit would have to cost at least $83 to make it inefficient to treat a Medicare patient who would otherwise do nothing about their symptoms, which falls well above the average expense through a dedicated service.    “To result in additional costs to the Medicare program, more than a third of patients (32.8 percent) would have to decide to use seek a telehealth visit instead of doing nothing to treat their condition,” Yamamoto says.

If your growing healthcare organization is interested in learning more about increasing your revenue by implementing telehealth technology please contact one of our experts at EHR & Practice Management Consultants, Inc. today to learn more at 1(800) 376-0212 or contact@ehrpmc.com

Meaningful Use Attestation deadline for EPs is February 28, Avoid the Penalties!

The New Year is upon us and so is the looming attestation deadline for meaningful use attestation. Are the providers in your organization prepared to attest? In a recent announcement before the close of 2014, the Centers for Medicare & Medicaid Services reminds EPs that the last day of December marked the end of the final quarterly 2014 meaningful use reporting period.

“The CMS Attestation System is open and fully operational, and includes the 2014 Certified EHR Technology (CEHRT) Flexibility Rule options,” the federal agency explained. “Medicare eligible professionals can attest any time to 2014 data until 11:59 p.m. ET on February 28, 2015.”

The reminder carries with it a warning about meaningful use penalties for EPs who failed this past year:

Medicare eligible professionals that did not successfully demonstrate meaningful use in 2014 and do not receive a 2016 hardship exception will have payment adjustments applied beginning January 1, 2016. The application period will open in early January 2015. For more information, please review the payment adjustment tipsheet.

If you are eligible to participate in both the Medicare and Medicaid EHR Incentive Programs, you MUST demonstrate meaningful use to avoid the payment adjustments. You may demonstrate meaningful use under either Medicare or Medicaid.

The announcement comes just a few weeks after CMS revealed that more than 257,000 EPs will receive notice that they are subject to Medicare payment adjustments in 2015 for failing to demonstrate meaningful use in 2013. Perhaps

Also, More than 28,000 EPs will see a two-percent reduction in their 2015 Medicare payments for failure to comply with both the Electronic Prescribing (eRx) Incentive Program as well as the Medicare EHR Incentive Program.

Those payment adjustments for EPs go into effect January 5. As part of the notification, these providers will receive instructions for challenging CMS’s decision. “When they receive the letter, they will receive instructions for how they can apply for reconsideration and we will be taking those applications through the end of February,” the federal agency said.

If you require assistance in meeting the meaningful use attestation requirements call us today at EHR & Practice Management Consultants, Inc. 1-800-376-0212 or contact@ehrpmc.com, we can also assist your practice or healthcare organization to apply for reconsideration.


Are You Prepared for a Malpractice Suit, Will you EHR Protect or Hurt You?

According to recent research providers may be in for a rude awakening. The U.S. Department of Health and Human, the office announced in May 2013 that more than half of all doctors and eligible clinicians had received Medicare or Medicaid incentive payments for adopting or meaningfully using EHRs. Usage by eligible professionals grew by 33% from 2008 to 2012, the agency said in a press release. New pitfalls emerge with such fast-moving technology, Ms. Chestler said[1]. Design flaws, complex templates, and careless usage by health professionals are all factors that can fuel EHR-related lawsuits and contribute to challenges defending claims. Being mindful of the potential legal dangers of EHRs and taking steps to prevent them can save physicians significant time and expense, experts agreed.

Every aspect of EHR selection, implementation, and use may be examined in the course of medical malpractice discovery to find the source of the incident, or undermine the records that are being presented in defense of the malpractice claim. The Health Insurance Portability and Accountability Act (HIPAA) states the healthcare provider is the covered entity responsible for maintaining the integrity of the patient’s medical record — not the EHR vendor, consultant, or the systems integrator. A doctor can be held liable because most vendors’ contracts essentially say, ‘We do not practice medicine; it is up to the physician to make sure this EHR is being used correctly.’ Practices must understand what they’re using and verify that the system is appropriately set up to document the care they provide.”

With this being a highly litigious society it is important for providers and provider organizations for be informed of the dangers that EHR can pose from a legal standpoint. At EHR &Practice Management Consultants, Inc. we have consultants whose sole role it to provide advice on these matters. Of course it is important to be proactive and have an assessment completed prior to any litigation, but we can also assist in the event that a lawsuit has already been filed. Please contact our offices today for more information at 1(800)376-0212 or contact@ehrpmc.com, it may be a determining factor in preventing litigation or assist in your defense.

[1] Alisa L. Chestler, a Washington, D.C.-based health law attorney at Baker, Donelson, Bearman, Caldwell & Berkowitz. She co-wrote a 2013 American Health Lawyers Association report titled “Minimizing EHR-Related Serious Safety Events.”

Healthcare Providers worried about Cyber Crime? Ways to Protect Your Practice!

  1. Use anti-virus software: Your net-savvy friend may tell you that he doesn’t have anti-virus on his computer because it slows things down. But look at it this way, one wrong click and he may have to make the entire college project from scratch.
  2. DON’T CLICK IT: The golden rule: Hackers infect PCs with malware by luring users to click on a link or open an attachment. Social media has helped criminals profile individuals. They can see what you’re interested in or what you [post] about and send you crafted messages, inviting you to click on something. Don’t.
  3. Different site, different passwords: Keeping a common password for all online accounts is a lot like having the same key for all locks. Only difference being that it is a lot easier to get hold of the online key. Also never reuse your main email password. But most online users own accounts in over a dozen sites. So either try and use clever variations or start doing some really heavy memory-enhancement exercise.
  4. If in doubt, block: Just say no to social media invitations (such as Facebook-friend or LinkedIn connection requests) from people you don’t know. It’s the cyber equivalent of inviting home the guy with an eye-patch who stares at you at the bus stop.
  5. Don’t bank on public wi-fi: Most Wi-Fi hotspots do not encrypt information and once a piece of data leaves your device headed for a web destination, any ‘packet sniffer’ (a program which can intercept data) can intercept your unencrypted data. If you choose to bank online on public Wi-Fi, that’s very sensitive data you are transferring.
  6. Only shop online on secure sites: Before entering your card details, always ensure that the locked padlock or unbroken key symbol is showing in your browser. Additionally, the beginning of the online retailer’s internet address will change from “http” to “https” to indicate a connection is secure. Be wary of sites that change back to http once you’ve logged on.
  7. More than one email account: A hacker who has cracked your main email password has the keys to your [virtual] kingdom. Passwords from the other sites you visit can be reset via your main email account. A criminal can trawl through your emails and find a treasure trove of personal data: from banking to passport details, including your date of birth. A separate account for your bank and other financial accounts, another for shopping and one for social networks is a good idea. If one account is hacked, you won’t find everything compromised.
  8. Ignore pop-ups: Pop-ups can contain malicious software, which can trick a user into verifying something. “[But if and when you do], a download will be performed in the background, which will install malware. This is known as a drive-by download. Always ignore pop-ups offering things like site surveys on ecommerce sites, as they are sometimes where the malcode is.
  9. MACs are as vulnerable as PCs: Make no mistake, your shiny new Mac-Book Air can be attacked too. It’s true that Macs used to be less of a target, simply because criminals used to go after the largest number of users – hat is Windows – but this is changing. Determined attackers are able to find new ways to exploit users on almost any platform.
  10. Two-step verification: If your email or cloud service offers it – Gmail, Dropbox, Apple and Facebook do – take the trouble to set this up. In addition to entering your password, you are also asked to enter a verification code sent via SMS to your phone. So a hacker might crack your password, but without the unique and temporary verification code should not be able to access your account. Keying in a password or code 40-plus times a day might seem like a hassle but it is your first line of defence.
  11. Lock down your FB account: Remove your home address, phone number, date of birth and any other information that could used to fake your identity. Similarly you might want to delete or edit your “likes” and “groups” – the more hackers know about you, the more convincing a phishing email they can spam you with. Change your privacy settings to “friends” from “friends to friends”.
  12. Don’t store your card details on websites: Err on the side of caution when asked if you want to store your credit card details for future use. Mass data security breaches (where credit card details are stolen en masse) aren’t common, but why take the risk? The extra 90 seconds it takes to key in your details each time is a small price to pay.

These are only a dozen ways to protect yourself and your business.  There are hundreds of other ways as well we can be of assistance from a breach of your organization, personal or patient information.  Contact us at 1-800-376-0212 or contact@ehrpmc.com to learn more ways we can be of assistance.

Close to 100 New Accountable Care Organizations join the Medicare Program

Eighty-nine new ACOs (Accountable Care Organizations) have joined Medicare’s Shared Savings Program (MSSP) starting this January. This recent collaboration comes in a bid to provide high quality care at lower costs, announced CMS. Along with the ACOs participating in the Pioneer program, the new additions bring the total number of MSSP organizations up to 424, serving more than 7.8 million Medicare beneficiaries, writes Sean Cavanaugh, Deputy Administrator and Director at the Center for Medicare.

“ACOs are one part of this Administration’s vision for improving the coordination and integration of care received by Medicare beneficiaries,” Cavanaugh says on the CMS blog.  “Since ACOs first began participating in the program in early 2012, thousands of health care providers have signed on to participate in the program, working together to provide better care to Medicare’s seniors and people with disabilities.”

“In 2014 alone, existing Shared Savings Program ACOs added almost 17,000 healthcare providers, and the 89 new ACOs will bring approximately 23,000 additional physicians and other providers into the ACO program starting January 1,” he added. “The growth of this program for providing health care has been continued and consistent since its inception, and we are encouraged by that interest.”

The announcement follows what Cavanaugh calls “promising results” for MSSP ACOs. Last year, MSSP ACOs improved on 30 of the 33 quality measures. These measures included screening for high blood pressure, patient satisfaction with clinicians’ communication and overall doctor ratings among beneficiaries.

The Shared Savings Program has proven to be extremely successful producing over $400 million in savings while improving the quality of healthcare. The savings come from the ability of ACOs to keep spending below target levels, offset by financial bonuses provided to organizations that achieve their goals.  As of November fifty-eight MSSP accountable care organizations kept costs $705 million under baseline and earned more than $315 million in incentives.

The eighty-nine new participants will be subject to a recently proposed rule that will require MSSP ACOs to better utilize health IT in their initiative to perform better on quality indicators, improve care coordination, and incorporate population health management into their workflow.

“We continue to believe that ACOs should coordinate care between all types of providers and across all services, and that the secure, electronic exchange of health information across all providers in a community is of the utmost importance for both effective care coordination activities and the success of the Shared Savings Program,” the rule said.

The organizations will be tasked to develop a plan to use health IT, including EHRs, telehealth, and health information exchange in order to achieve their goals.

“Ultimately, today’s announcement is about delivering better care, spending dollars more wisely, and having healthier people and communities,” Cavanaugh concluded. “ACOs drive progress in the way care is provided by improving the coordination and integration of health care, and improving the health of patients with a priority placed on prevention and wellness. We look forward to continuing this partnership with doctors, hospitals, and other health care providers in increasing value and care coordination across the health system.”