Time for your Practice to Revisit your Security Standards

Does your practice have safeguards in place to protect your HIPAA sensitive information? Has your practice participated in security training or conducted a Risk Assessment. Do you have a mitigation plan in place if your practice does experience a breach in your data? These are all important and relevant questions to be asking yourself as a provider moving into the New Year. According to a recent report released by Experian, the potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually in 2015.

Experian’s almanac predicts a stormy forecast is ahead for the healthcare industry as the threats are growing. The report points to many vulnerabilities, the expanding number of access points to protected health information, or PHI, and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the healthcare industry a vulnerable and attractive target for cybercriminals.

“We expect healthcare breaches will increase – both due to potential economic gain and digitization of records. Increased movement to electronic medical records and the introduction of wearable technologies introduced millions of individuals into the healthcare system, and, in return increased, the potential for data breaches,” the report notes.

”Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cybercriminals,” the authors add. “The problem is further exasperated by the fact that many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ PHI. In fact, an individual’s Medicare card – often carried in wallets for doctors’ visits – contains valuable information like a person’s Social Security number that can be used for fraud if in the wrong hands. Currently, we are not aware of any federal or law enforcement agency which tracks data on SSN theft from Medicare cards, but the problem is widely acknowledged.”

The takeaway? Security breaches are a real and increasing threat to the Healthcare industry and taking the proper precautions and implementing security standards, processes and protocols is no longer an option but a necessity. Consult with a security expert today for a Security Assessment and Mitigation Plan at EHR & Practice Management Consultants, Inc. (www.ehrpmc.com) 1-800-376-0212 or contact@ehrpmc.com

Self-Pay Patients are Effecting Your Bottom Line and Decreasing Your Revenue

There has been much debate and scrutiny over Obamacare, leaving many Americans with unanswered questions pertaining to their insurance coverage and their options. But what about the providers? Historically healthcare providers and provider organizations are use to grappling with Medicare, Medicaid and insurance companies for claim reimbursement, but now there is another wrench in the works with the dramatic increase in self-pays. Many providers are struggling to keep up with the new unique financial challenges that self-pay claims create and identifying these patients prior to rendering service and accurately collecting their payments before exiting the office after the encounter. Studies prove that once a patient exits the office without paying their balance that the money owed has a very high likelihood of becoming bad debt. Between 2008 and 2012, multispecialty practices saw their bad debt go up 14 percent, according to a survey by the Medical Group Management Association (MGMA), a trade organization for doctor practices. That’s money that practices were owed but couldn’t collect. Some of them have begun to change their billing strategies to combat those debts, says Ken Hertz, a principal consultant with the MGMA Health Care Consulting Group.

There are solutions, by either outsourcing to a early-out billing company, using price transparency software or by implementing new practices and standards in your office, EHR & Practice Management Consultants, Inc. (www.ehrpmc.com) can assess your practice to better understand which of these options is the best solution for your Practice. We can offer creative solutions to help patients meet their financial obligations and thereby increasing your cash flow and revenue stream. Let us help you by contacting us at 1-800-376-0212 or contact@ehrpmc.com

New Study shows Telehealth is Effective and Less Costly

According to a recent report by the Alliance for Connected Care, telehealth visits are 83% effective and save more than 50% over traditional in office visits. Smaller issues such as sinusitis, UTI and sore throats can be diagnosed and treated in a more cost effective means through telehealth.

“The market for acute care telehealth services is growing rapidly, but is still relatively nascent,” writes author Dale Yamamoto in the study.  The study, which collected data from commercial telehealth vendors and compared that information to costs incurred by Medicare and private insurers, found that the use of a telehealth service, which usually costs between $40 and $50 per visit, can produce a cost savings of anywhere between $136 and $176 dollars typically spent on an in-person visit.  Patient issues, which are usually lower-level complaints, can be resolved in one session in 83% of telehealth visits.  The vast majority of patients only use one telehealth visit per year, and are most often diagnosed with sinusitis, a cold, or the flu.

The data indicates that a telehealth visit would have to cost at least $83 to make it inefficient to treat a Medicare patient who would otherwise do nothing about their symptoms, which falls well above the average expense through a dedicated service.    “To result in additional costs to the Medicare program, more than a third of patients (32.8 percent) would have to decide to use seek a telehealth visit instead of doing nothing to treat their condition,” Yamamoto says.

If your growing healthcare organization is interested in learning more about increasing your revenue by implementing telehealth technology please contact one of our experts at EHR & Practice Management Consultants, Inc. today to learn more at 1(800) 376-0212 or contact@ehrpmc.com

Meaningful Use Attestation deadline for EPs is February 28, Avoid the Penalties!

The New Year is upon us and so is the looming attestation deadline for meaningful use attestation. Are the providers in your organization prepared to attest? In a recent announcement before the close of 2014, the Centers for Medicare & Medicaid Services reminds EPs that the last day of December marked the end of the final quarterly 2014 meaningful use reporting period.

“The CMS Attestation System is open and fully operational, and includes the 2014 Certified EHR Technology (CEHRT) Flexibility Rule options,” the federal agency explained. “Medicare eligible professionals can attest any time to 2014 data until 11:59 p.m. ET on February 28, 2015.”

The reminder carries with it a warning about meaningful use penalties for EPs who failed this past year:

Medicare eligible professionals that did not successfully demonstrate meaningful use in 2014 and do not receive a 2016 hardship exception will have payment adjustments applied beginning January 1, 2016. The application period will open in early January 2015. For more information, please review the payment adjustment tipsheet.

If you are eligible to participate in both the Medicare and Medicaid EHR Incentive Programs, you MUST demonstrate meaningful use to avoid the payment adjustments. You may demonstrate meaningful use under either Medicare or Medicaid.

The announcement comes just a few weeks after CMS revealed that more than 257,000 EPs will receive notice that they are subject to Medicare payment adjustments in 2015 for failing to demonstrate meaningful use in 2013. Perhaps

Also, More than 28,000 EPs will see a two-percent reduction in their 2015 Medicare payments for failure to comply with both the Electronic Prescribing (eRx) Incentive Program as well as the Medicare EHR Incentive Program.

Those payment adjustments for EPs go into effect January 5. As part of the notification, these providers will receive instructions for challenging CMS’s decision. “When they receive the letter, they will receive instructions for how they can apply for reconsideration and we will be taking those applications through the end of February,” the federal agency said.

If you require assistance in meeting the meaningful use attestation requirements call us today at EHR & Practice Management Consultants, Inc. 1-800-376-0212 or contact@ehrpmc.com, we can also assist your practice or healthcare organization to apply for reconsideration.

 

Are You Prepared for a Malpractice Suit, Will you EHR Protect or Hurt You?

According to recent research providers may be in for a rude awakening. The U.S. Department of Health and Human, the office announced in May 2013 that more than half of all doctors and eligible clinicians had received Medicare or Medicaid incentive payments for adopting or meaningfully using EHRs. Usage by eligible professionals grew by 33% from 2008 to 2012, the agency said in a press release. New pitfalls emerge with such fast-moving technology, Ms. Chestler said[1]. Design flaws, complex templates, and careless usage by health professionals are all factors that can fuel EHR-related lawsuits and contribute to challenges defending claims. Being mindful of the potential legal dangers of EHRs and taking steps to prevent them can save physicians significant time and expense, experts agreed.

Every aspect of EHR selection, implementation, and use may be examined in the course of medical malpractice discovery to find the source of the incident, or undermine the records that are being presented in defense of the malpractice claim. The Health Insurance Portability and Accountability Act (HIPAA) states the healthcare provider is the covered entity responsible for maintaining the integrity of the patient’s medical record — not the EHR vendor, consultant, or the systems integrator. A doctor can be held liable because most vendors’ contracts essentially say, ‘We do not practice medicine; it is up to the physician to make sure this EHR is being used correctly.’ Practices must understand what they’re using and verify that the system is appropriately set up to document the care they provide.”

With this being a highly litigious society it is important for providers and provider organizations for be informed of the dangers that EHR can pose from a legal standpoint. At EHR &Practice Management Consultants, Inc. we have consultants whose sole role it to provide advice on these matters. Of course it is important to be proactive and have an assessment completed prior to any litigation, but we can also assist in the event that a lawsuit has already been filed. Please contact our offices today for more information at 1(800)376-0212 or contact@ehrpmc.com, it may be a determining factor in preventing litigation or assist in your defense.

[1] Alisa L. Chestler, a Washington, D.C.-based health law attorney at Baker, Donelson, Bearman, Caldwell & Berkowitz. She co-wrote a 2013 American Health Lawyers Association report titled “Minimizing EHR-Related Serious Safety Events.”

Healthcare Providers worried about Cyber Crime? Ways to Protect Your Practice!

  1. Use anti-virus software: Your net-savvy friend may tell you that he doesn’t have anti-virus on his computer because it slows things down. But look at it this way, one wrong click and he may have to make the entire college project from scratch.
  2. DON’T CLICK IT: The golden rule: Hackers infect PCs with malware by luring users to click on a link or open an attachment. Social media has helped criminals profile individuals. They can see what you’re interested in or what you [post] about and send you crafted messages, inviting you to click on something. Don’t.
  3. Different site, different passwords: Keeping a common password for all online accounts is a lot like having the same key for all locks. Only difference being that it is a lot easier to get hold of the online key. Also never reuse your main email password. But most online users own accounts in over a dozen sites. So either try and use clever variations or start doing some really heavy memory-enhancement exercise.
  4. If in doubt, block: Just say no to social media invitations (such as Facebook-friend or LinkedIn connection requests) from people you don’t know. It’s the cyber equivalent of inviting home the guy with an eye-patch who stares at you at the bus stop.
  5. Don’t bank on public wi-fi: Most Wi-Fi hotspots do not encrypt information and once a piece of data leaves your device headed for a web destination, any ‘packet sniffer’ (a program which can intercept data) can intercept your unencrypted data. If you choose to bank online on public Wi-Fi, that’s very sensitive data you are transferring.
  6. Only shop online on secure sites: Before entering your card details, always ensure that the locked padlock or unbroken key symbol is showing in your browser. Additionally, the beginning of the online retailer’s internet address will change from “http” to “https” to indicate a connection is secure. Be wary of sites that change back to http once you’ve logged on.
  7. More than one email account: A hacker who has cracked your main email password has the keys to your [virtual] kingdom. Passwords from the other sites you visit can be reset via your main email account. A criminal can trawl through your emails and find a treasure trove of personal data: from banking to passport details, including your date of birth. A separate account for your bank and other financial accounts, another for shopping and one for social networks is a good idea. If one account is hacked, you won’t find everything compromised.
  8. Ignore pop-ups: Pop-ups can contain malicious software, which can trick a user into verifying something. “[But if and when you do], a download will be performed in the background, which will install malware. This is known as a drive-by download. Always ignore pop-ups offering things like site surveys on ecommerce sites, as they are sometimes where the malcode is.
  9. MACs are as vulnerable as PCs: Make no mistake, your shiny new Mac-Book Air can be attacked too. It’s true that Macs used to be less of a target, simply because criminals used to go after the largest number of users – hat is Windows – but this is changing. Determined attackers are able to find new ways to exploit users on almost any platform.
  10. Two-step verification: If your email or cloud service offers it – Gmail, Dropbox, Apple and Facebook do – take the trouble to set this up. In addition to entering your password, you are also asked to enter a verification code sent via SMS to your phone. So a hacker might crack your password, but without the unique and temporary verification code should not be able to access your account. Keying in a password or code 40-plus times a day might seem like a hassle but it is your first line of defence.
  11. Lock down your FB account: Remove your home address, phone number, date of birth and any other information that could used to fake your identity. Similarly you might want to delete or edit your “likes” and “groups” – the more hackers know about you, the more convincing a phishing email they can spam you with. Change your privacy settings to “friends” from “friends to friends”.
  12. Don’t store your card details on websites: Err on the side of caution when asked if you want to store your credit card details for future use. Mass data security breaches (where credit card details are stolen en masse) aren’t common, but why take the risk? The extra 90 seconds it takes to key in your details each time is a small price to pay.

These are only a dozen ways to protect yourself and your business.  There are hundreds of other ways as well we can be of assistance from a breach of your organization, personal or patient information.  Contact us at 1-800-376-0212 or contact@ehrpmc.com to learn more ways we can be of assistance.

Close to 100 New Accountable Care Organizations join the Medicare Program

Eighty-nine new ACOs (Accountable Care Organizations) have joined Medicare’s Shared Savings Program (MSSP) starting this January. This recent collaboration comes in a bid to provide high quality care at lower costs, announced CMS. Along with the ACOs participating in the Pioneer program, the new additions bring the total number of MSSP organizations up to 424, serving more than 7.8 million Medicare beneficiaries, writes Sean Cavanaugh, Deputy Administrator and Director at the Center for Medicare.

“ACOs are one part of this Administration’s vision for improving the coordination and integration of care received by Medicare beneficiaries,” Cavanaugh says on the CMS blog.  “Since ACOs first began participating in the program in early 2012, thousands of health care providers have signed on to participate in the program, working together to provide better care to Medicare’s seniors and people with disabilities.”

“In 2014 alone, existing Shared Savings Program ACOs added almost 17,000 healthcare providers, and the 89 new ACOs will bring approximately 23,000 additional physicians and other providers into the ACO program starting January 1,” he added. “The growth of this program for providing health care has been continued and consistent since its inception, and we are encouraged by that interest.”

The announcement follows what Cavanaugh calls “promising results” for MSSP ACOs. Last year, MSSP ACOs improved on 30 of the 33 quality measures. These measures included screening for high blood pressure, patient satisfaction with clinicians’ communication and overall doctor ratings among beneficiaries.

The Shared Savings Program has proven to be extremely successful producing over $400 million in savings while improving the quality of healthcare. The savings come from the ability of ACOs to keep spending below target levels, offset by financial bonuses provided to organizations that achieve their goals.  As of November fifty-eight MSSP accountable care organizations kept costs $705 million under baseline and earned more than $315 million in incentives.

The eighty-nine new participants will be subject to a recently proposed rule that will require MSSP ACOs to better utilize health IT in their initiative to perform better on quality indicators, improve care coordination, and incorporate population health management into their workflow.

“We continue to believe that ACOs should coordinate care between all types of providers and across all services, and that the secure, electronic exchange of health information across all providers in a community is of the utmost importance for both effective care coordination activities and the success of the Shared Savings Program,” the rule said.

The organizations will be tasked to develop a plan to use health IT, including EHRs, telehealth, and health information exchange in order to achieve their goals.

“Ultimately, today’s announcement is about delivering better care, spending dollars more wisely, and having healthier people and communities,” Cavanaugh concluded. “ACOs drive progress in the way care is provided by improving the coordination and integration of health care, and improving the health of patients with a priority placed on prevention and wellness. We look forward to continuing this partnership with doctors, hospitals, and other health care providers in increasing value and care coordination across the health system.”

Meaningful Use, the Technology, the User or the Policy?

The gloves are off and many are now shouting their distain for Meaningful Use from rooftops. Like many before it, the policy was bred out of hope for positive change in U.S. healthcare system, but has it done more bad than good?  30 billion dollars devoted to creating healthcare IT standards and computerizing healthcare organizations in an attempt to forge the digital pathway for the American healthcare system and to what avail, many are asking? I think the bigger question is why is it so difficult for this industry to go digital, why is it even a debate, every other industry is digital so why then, is taking our #1 Gross National Product and making it accountable to the digital standards of other industries so difficult?

Many want to go back to the beginning, to review the history of federal IT policy, some want to blame the vendors who create the EHR software and it’s inefficiencies, while others are content to point out that in order to make a technology successful you must first utilize it in the intended way, pointing their set of fingers at healthcare providers who implement technology but do not utilize it meaningfully.

Two recently published articles, “EHRs continue to be a challenge to HHS, published by, Healthcare IT News, and Meaningful use: Born: 2009—died 2014?, published by, Wachter’s World, address the above mentioned issues, however not in their entirety. This is not an easy battle to win but it is a fight worth having, none of these challenges are singularly to blame, but each are responsible in part to hindering the intended goal of transitioning a historically paper world of healthcare to the digital age. The best approach to reaching this common goal is to elicit consultants who have successfully obtained this feat and make it their mission to implement best practices. In the words of Heraclitus, “Big results require big ambitions.”

Contact EHR & Practice Management Consultants, Inc. (www.ehrpmc.com) at 1-800-376-0212 or contact@ehrpmc.com for help in optimizing your EHR system by having our experienced consultants provide best practices on usage for your particular EHR system.

OIG: Paying Close Attention To HIPAA Security In Meaningful Use Audits

According to the recently released work plan of The Office of the Inspector General will continue to pay closer attention to the healthcare industry’s use of electronic health records – in particular HIPAA security, EHR incentive payments and fraud.

As digitization continues to be a priority so does it’s appropriate implementation and use. In a response to ensure IT security, compliance and electronic health records, the OIG has requested a $400 million FY2015 budget, an increase of $105 million and creating another 284 fulltime jobs to enforce the OIGs audits and reviews.

“Important changes are taking place across the healthcare industry,” wrote Daniel R. Levinson, U.S. inspector general, in OIG’s 2015 work plan justification. These changes, Levinson continued, include “an emphasis on coordinated care and an increased use of electronic health records. OIG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities.”

So how does that translate to healthcare providers and healthcare organizations? Practices can expect closer scrutiny for HIPAA privacy and security compliance. Penalties have increased significantly under the new regulations. Practices can face fines up to $50,000 per occurrence—quickly offsetting or negating the EHR incentives they received.

Physicians can no longer afford to be relaxed about HIPAA compliance. They must have sound privacy and security protocols in place to protect against violations that could result in severe penalties.

A prime example occurred in July 2009, when a physician and two former employees of an Arkansas medical center pleaded guilty to misdemeanor federal charges that they inappropriately accessed the medical records of a local television anchor, thereby violating the HIPAA privacy rule. Each faces a maximum penalty of one year in prison, a fine of up to $50,000, or both.

Meaningful Use Audits are on the Rise!

The HHS Office of Inspector General has stated the OIGs intent to review electronic health records meaningful use incentive payments and the security of electronic health records under the program in 2015. With the recent ask of a $100 million increase in budget and the addition of 284 full-time employees, this should come as a big red warning flag to those providers who either intentionally or unknowing provided inaccurate attestation information in previous years. Although the reviews have not been coined under the term “audit”, the OIG did state that, “We will review Medicare incentive payment data from 2011 to identify payments to providers that should not have received incentive payments (e.g., those not meeting selected meaningful use criteria),” according to HHS OIG’s work plan for 2015. “We will also assess CMS’s plans to oversee incentive payments for the duration of the program and corrective actions taken regarding erroneous incentive payments.” Medicaid incentive payments also will be reviewed.

The scope of the OIG reviews is not clear. A spokesperson says OIG auditors will conduct the reviews and share findings with CMS.

Although the “scope” may not be clear, what is clear is that those providers who reported erroneous data or are not prepared to provide actual data to support their meaningful use attestation and received incentive payments, will be expected to return and the incentive payments and could also be fined.

It is important to hire an expert in Meaningful Use Audits to Conduct a Mock Audit to ensure your information is accurate, it may not be too late to resolve what could potentially be an issue, however once the audited or the appeals process it may take up a great deal of time.  If you would like to conduct a Mock Audit or facing a  Meaningful Use Audit or Appeal Be contact EHR & Practice Management Consultants, Inc. at 1-800-376-0212 or contact@ehrpmc.com.