Tag: Support

Posted on

Skype With Patients? HIPAA Says “No Go”

Oklahoma medical board sanction against Thomas Trow, MD, sparked concern over the practices of telemedicine and telepsychiatry. Using Skype, Trow conducted online video appointments and prescribed controlled substances to a patient who ultimately succumbed to an overdose. Trow never saw the patient in person before prescribing the drugs. As a result, the Oklahoma medical board published a ruling on January 16 of this year, stating that telemedicine, “Technology must be HIPAA compliant.”

With growing excitement, doctors and patients are “seeing” each other online through a range of video chat technology platforms. In fact, healthcare innovation like telemedicine is vital to the changing landscape of patient demands and government-driven insurance. For many, the Oklahoma telemedicine ruling brings welcome clarification and an opportunity to educate providers about this new way of practicing HIPAA-compliant telemedicine.

“The last thing the U.S. healthcare system needs is to abandon the idea of telemedicine,” said Daniel Gilbert, president and CEO of CloudVisit Telemedicine. “The technology has tremendously positive implications for providers and patients. To lose out because of one platform — a platform that was never designed as a medical tool — would be real detriment.”

Since the Oklahoma ruling does not specifically cite any brand names, many physicians are left wondering, “Is Skype HIPAA compliant?” Skype’s privacy policy simply states that they, “will take appropriate organizational and technical measures to protect the personal data…” and owner, Microsoft Corp.’s Business Associate Agreement (BAA) explicitly omits Skype. To better understand Skype’s security, one must turn to the Health Insurance Portability and Accountability Act (HIPAA).

  • Telemedicine is a HIPAA-compliant method for patient appointments
  • Online video appointments must be conducted via a HIPAA-compliant telemedicine platform
  • Business Associate Agreement (BAA) must exist between the healthcare provider and the company responsible for the telemedicine technology
  • The BAA must guarantee the HIPAA compliance of all measures for security practices and data encryption
  • Providers must obtain informed patient consent prior to conducting online video appointments
  • In absence of a BAA and informed consent, Skype is not HIPAA compliant

“It’s important to keep in mind that Microsoft never intended Skype to be a medical tool,” reminds Gilbert. “Beyond significant HIPAA issues, Skype has many operational shortcomings. CloudVisit provides tools for scheduling and billing, plus treatment notes and more. Skype has none of these features.”

In fact, a search of the word “telemedicine” on the Skype website comes up empty. They do not claim to be HIPAA compliant, nor do they position themselves as a resource for the medical community.

As stated, healthcare practices and patients have a lot to gain from online video appointments. The right technology can be highly effective and appropriate for follow-up care, routine appointments, and mental health consultations once a provider-patient relationship is established in person.

CloudVisit Telemedicine provides a HIPAA-compliant telemedicine and telepsychiatry platform for scheduling, conducting, tracking, and billing online video appointments with patients. CloudVisit enters into a BAA with every client.

 

Originating Source
Posted on

ICD-10 – Not Just A Coder’s Problem

by Jill Raykovicz

The deadline to transition ICD-10 for all covered entities is October 1, 2014.   If that seems like a long way off, it isn’t.   In terms of actual work days[1], this timeframe is compressed to six months for medical and other healthcare practices to train staff, communicate with vendors, test software systems and claim files, and evaluate current processes to determine in what areas ICD-10 will affect day-to-day office functions.

IMPACT ON REIMBURSEMENT

If this sounds like a problem reserved for coders and billing staff, it isn’t.   CMS’  ICD-10 Implementation Guide for Physician Practices advises,  “Consider getting a line of credit to cover cash flow disruptions due to changing reimbursement models, delays in claims processing and re-processing, staff learning curve and long-term effects of the ICD-10 transition”[2]

Although  CPT and HCPC based reimbursements will not change with the ICD-10 transition, indirectly, fee-for-service payments may have a potential to be adversely affected for the following reasons:

  • Denials will increase because of  incomplete or inaccurate translation of payment rules in payer systems as they attempt to translate these rules from ICD-9 to ICD-10
  • Payments will be delayed because of challenges in claim processing in the ICD-10 environment.

Increased detail contained in ICD-10-CM means that the documentation required will change dramatically.   The level of severity, comorbidities, complications, sequalae, manifestations, and causes that characterize the patient’s condition increases within the ICD-10 coding guidelines.

 

PLANNING IS EVERYTHING

ICD-10 Coordination Manager

Every office should have an ICD-10 Coordination Manager. Depending on the size of the practice, this could be one person or a committee of persons responsible for communication and coordination with staff, providers, and vendors on key dates and project timelines for an ICD-10 pre and post go-live.

The Coordination Manager will also:

  • Coordinate training schedules and verify staff has attended and completed.
  • Set an ICD-10 project budget in terms of training and software upgrade  costs, coding books and guides, re-printing of encounter or referral forms with the new codes, if necessary, and other costs associated with ICD-10.
  • Determine if re-training is necessary, as we get closer to the October 2014 timeframe.  

He or she (or they) should ensure accurate coding decisions are being made, clinical documentation supports the new ICD-10 specificity requirements, and associated lags in productivity are identified and communicated.

Training

Speaking of training, although most ICD-10 literature advises staff and providers receive training no more than six to nine months from implementation, it is imperative to reserve slots now before classes fill up, or before less than desirable dates and times are the only ones left for either on-site training or off-site seminar.  Don’t wait to contact professional associations around the April 2014 timeframe to find out the on-site ICD-10 trainer’s only availability is the same week Suzie in the business office goes out for surgery.  Or, the only off-site workshop with any seats available is the week before Jane, your charge entry clerk, returns from maternity leave.  

Resources

CMS, the American Academy of Professional Coders (AAPC)American InformationManagement Association (AHIMA) and Workgroup for Electronic Data Interchange(WEDI) all have information on ICD-10 training and factors to success.

WEDI and CMS have partnered in taking a proactive approach to answer questions and concerns regarding the ICD-10 transition.  Organizations can submit questions, free of charge, to an online database.

IN CONCLUSIONExpect no more delays or movement of the October 1st, 2014 deadline.  Ready or not, here ICD-10 comes. Through planning, resource management, and effective leadership, medical and other healthcare practices can mitigate disruptions in cash flow as a result of ICD-10.

[1] Based on regular Monday through Friday office hours

[2] ICD Implementation Guide for Small and Medium Practices, p. 31

Physician Practice Consultants is led by Jill Raykovicz, MHA, CMPE, CPC.  Jill has over 15 years’ experience in physician practice management.  She has a strong passion for leveraging this experience and expertise within the private-practice setting, in order to assist independent practices struggling to keep up with changes in healthcare reform, pay-for-performance quality measures, and shrinking reimbursement from third party payers.

Jill holds a Master of Health Administration from Cornell University, is a board-certified medical practice executive (CMPE) through the American College of Medical Practice Executives, and is a Certified Professional Coder (CPC) with the American Association of Professional Coders.

She is also a member of the National Society of Certified Healthcare Business Consultants and the North Carolina Healthcare Information and Communication Alliance ICD-10 Taskforce.

Jill may be reached at jill@physician-practice-consultants.com

Posted on

What is Reasonable and Appropriate for Your Specific Environment

These days we deal with resistance and denial towards HIPAA compliance. There are many reasons given for incomplete or ineffective compliance programs. We have heard everything from long rambling rants against the government, claims of not applicable to me and plenty of “we don’t have the _____” (fill in: time, money, resources) to explain away the compliance gaps.

There is, however, one case that concerns me when we find it. A practice or business is given a standard list of HIPAA Security implementation recommendations. The problem is that the list of recommendations doesn’t always include a review of what is reasonable and appropriate for the specific environment. The result is a group frozen by fear, sticker shock or worse paying for services and equipment that may be overkill for them. The Security Rule explains in the General Rules section just what should be considered in determining what is reasonable and appropriate for a specific environment (emphasis added):

HHS recognizes that covered entities range from the smallest provider to the largest, multi-state health plan. Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a particular covered entity will depend on the nature of the covered entity’s business, as well as the covered entity’s size and resources.

Therefore, when a covered entity is deciding which security measures to use, the Rule does not dictate those measures but requires the covered entity to consider:

Its size, complexity, and capabilities,

Its technical, hardware, and software infrastructure,

The costs of security measures, and

The likelihood and possible impact of potential risks to e-PHI.

No, this doesn’t mean you can decide you are so small and the rules are too complex to follow them at all. That is definitely not what reasonable and appropriate means in this context. What it does mean, though, is that you can determine how to implement the standards, both required and addressable, but apply these considerations to your implementation plans.

Our approach is to always define the environment before defining the plan. The Security Risk Analysis is first in the list of requirements for a reason. But, keep in mind, that even the tasks performed in the Risk Analysis should be confirmed as reasonable and appropriate for your specific environment.

 

Reposted with permission from: http://smallproviderhipaa.com/2013/10/31/what-is-reasonable-and-appropriate-for-your-specific-environment/
Posted on

Worker’s Reluctant to Follow Company BYOD Policy

Even at companies with BYOD (bring-your-own-device) policies, users may still be reluctant to officially register their tablets and smartphones with IT, instead preferring to covertly access the network. That’s according to a new study that shows employees are concerned about losing their personal data if they officially register their devices with the IT organization at their company. To ensure compliance with policies, managed services providers (MSPs) may need to win over small and mid-sized businesses (SMBs) employees with promises to protect personal data.

Aruba Networks, Inc. (ARUN) conducted the survey of more than 3,000 employees around the world. American respondents, specifically, fear the loss of personal data more than other regions of the world, the study revealed. Around 66 percent of American respondents claimed that they fear the loss of data, compared to the 45 percent of Europeans and 40 of Middle Easterners who felt the same.

More than 50 percent of Americans said their IT department takes no steps to ensure the security of corporate files and applications on their personal devices, a concern that has forced many employees to keep personal devices away from IT departments. Seventeen percent of Americans have not told their employers that they use a personal device for work. If you think that’s frightening, keep reading.

Eleven percent of American respondents said they would not report a compromised device, while 36 percent said they would not report leaked data immediately.

According to the survey, these numbers come from a distrust of IT departments and employee fear about what IT may do with personal data. Forty-five percent of respondents in the United States worry about their IT department’s access to personal data.

Should MSPs include policies and guarantees to customers’ employees on personal data?

There need to be incentives from the company to persuade employees to follow BYOD policy.  Furthermore, there must be a culture of transparency and trust from IT to help calm the fears workers have.

Our Mobile Device Management (MDM) solutions allow our technicians and engineers the ability to monitor and manage the mobile device but they do not have access to personal items such as text messages or pictures.  If there is ever a question of what we can or can not do, we give the client a complete tour of our MDM platform.

The importance of a highly secure IT environment coupled with the lack of adherence of workers to BYOD policies gives rise to major concerns.  Companies of all sizes need to rethink their policies and procedures regarding BYOD.  Also, ensure the MSP or IT provider is trustworthy and operates in complete transparency.  The goal is to protect your company, your IT environment, your customers and your employees.

Companies, especially small businesses, that ignore BYOD are playing Russian roulette.  Everyday workers are using secure business networks to do things on their mobile devices which are highly unsecured and dangerous to the IT environment.  For some verticals, such as healthcare, these oversights can led to a breach and bring disastrous implications.

Want to have a discussion about protecting your business and your employees?  Give us a call find out how we can help.

Posted on

10 Reasons to Use CRM software Within Your Business

When it comes to using CRM software, there are a number of reasons why you want to use it. You need to do all you can to give your business the edge within the marketplace. Customer relationship management software allows you to focus more on your customers, which in turn will fuel your business for success.

1. More information. When you use CRM software, you have more information about your customers. This includes learning about where they are, what age category they fall into and much more.

2. More customer details. Customer details can help you reach out to customers at more times throughout the year. When you have their birthday and anniversary dates, you can send them emails and reminders, which will help your business be thought of in a more personable way.

3. Better demographic information. There is a lot of demographic information available within CRM software. You need to know who your target audience is. If you didn’t know it prior to using the software, you will by the time you have used it a few times because of the data it is collecting with each order that you take and with each new customer you establish.

4. Create marketing promotions. When you have more information about your customers, you can create more effective marketing promotions. This includes putting specific items on sale as well as deciding how you want to market to your customers – be it Facebook, mobile phones, direct mail or some other strategy.

5. Make suggestions. Suggestions can be made to customers when you use CRM software. When you see what the buying patterns are, you can use your inventory of products to determine what it is that they are likely to want. As you make suggestions, you can increase your sales and become more profitable.

6. Sell more. Suggestive selling is a great way to sell more. Just as restaurants use suggestive selling, you can do the same within your own business.

7. Compete with other businesses. You need to compete with the other businesses out there and CRM software helps you do that. Customers will stray to the competition from time to time – unless you are doing all you can to keep them focused on you and your business.

8. Stay on the brain. When you send more emails specifically for specific groups of people, you can stay on the forefront of your customers’ brains. This way they won’t drift off to go to other businesses throughout the year.

9. Customizable. When you use CRM software, it is customizable based upon what you need it for. You can even choose software that integrates into your other software, such as Microsoft Outlook. This ensures you aren’t entering the same information over and over again.

10. Easy to use. It’s also a good idea to use CRM software because it’s easy to use. When it’s easy, you and your entire staff can benefit from the information housed within the program.  When I started out in business I used a huge dry erase board, make-shift excel spreadsheets and a desk calendar to try to accomplish this.  It is so much easier now with good CRM tools.

For help finding the CRM tool that is right for your business, give us a call.

Posted on

How To Select The Best Printer For Your Needs

There are a couple of things you need to first understand before you purchase a printer. They include;

1. LaserJet or Inkjet.
Both LaserJet and Inkjet printers have advantages and disadvantages. 

Inkjet printers are cheaper to buy than LaserJet printers. They also have very good quality print outs. However, the cost of maintaining an Inkjet printer is very high. Also, Inkjet printers make a lot of noise while printing and are slower than LaserJet printers.

LaserJet printers are expensive when buying but very cheap to maintain. Their print quality is very high and they make less noise when printing. They print faster than Inkjet printers.

2. All-In-One or Print-only.
The next thing you need to consider is whether you just want a print-only device or you need to scan copy fax and print. 

Print-only printers are cheaper than All-In-One printers. However, they have limited functionality.

On the other hand, All-In-One printers have scanners, copiers and printers all put in one device. They are a little bit more expensive but very handy especially in an office setting. All-In-One printers also save space as they contain three different devices in one.

Some All-In-One printers have fax. When getting an All-In-One, always confirm if it has fax as not all of them have fax. In most cases All-In-Ones that have fax are more expensive. 

3. Print Or Scan Quality.
Various aspects of print and scan qualities can be compared between different models. Print resolution is usually measured in dots per inch (DPI). The higher the number of dots per inch the better the printer.

Inexpensive inkjet models usually generate black-only prints at least as high as 600×600 DPI. Color models, meanwhile usually start as high as 4800×1200. Laser jets, meanwhile, typically produce 1200×1200 DPI or better black-only prints and 1200×600 or better color prints.

Scan quality is measured using both bit-rate and DPI measurements. If scanning is an important feature, seek an all-in-one device that offers optical scan resolutions of at least 600×1200 DPI and at least a 24-bit scan rate. Again, higher numbers are better (a scanner that boasts 36- or 48-bit technology will produce even higher-quality scans). Be sure to consider the differences between an inline scanner, in which 8.5-inch x 11-inch pages are easily scanned by passing them through a sheet feeder, and a flat-bed scanner, in which odd-size documents can be easily scanned just by placing them on the glass. In environments where multiple-page documents will frequently be scanned, ensure you select a model that boasts an automatic feed tray.

4. Network Capabilities.
The days where parallel cables where used to connect printers to computers are long gone. In fact, most laptops nowadays do not even have parallel ports. Most printers nowadays are connected to computers via USB cables.

Many printers now boast integrated wireless LAN connectivity. Other models feature embedded network interface cards, making it possible to connect printers to a local area network via a standard wired Ethernet cable, and thereby usable by multiple PCs simultaneously. Still others feature integrated Bluetooth support, which makes it possible for laptop users (among others) with Bluetooth functionality to print wirelessly without the requirement that a local area network even be present. 

When reviewing a printer or multifunction device purchase, be sure to consider your organization’s needs. If multiple users will need to access the printer or all-in-one’s scanning functions, network-equipped models can eliminate the need to purchase multiple units or configure a single PC to host print services for other systems. If many users access the local area network wirelessly, be sure to consider a printer model that also includes WLAN connectivity.
Article Source: http://www.articlebiz.com/article/1051611508-1-how-to-select-the-best-printer-for-your-needs/
Posted on

Go The Extra Mile

If you want a quick way to boost your profits, you need to make sure you are going the extra mile to look after your best customers, before someone else does. 

Think hard about your biggest clients or customers. Can you think of something you did that they would say shows you have over-delivered for them? Not just things they would expect as standard, but really going the extra mile? Have you ever sent them your product and given them free samples of something else? Have you supported them in a charity venture they were undertaking? Have you helped them get through a crisis in their business just because you could rather than because you had to? Or have you phoned and taken them for lunch just to talk about how you can help them? 

If the answer to those questions is no, start thinking about how you can differentiate your business and what you can do to show how important those customers are to you. People often go the extra mile when they are trying to win new business, but often forget that retaining customers is more important than winning new ones. 

Don’t mistake these things for the standard “corporate entertaining” stuff. Everyone has been invited to work dos, races, parties and so on – and most people would never make a decision based on these things. I’m talking about personal, relevant and wow things that really show that you are going the extra mile for your customers – not that you have big budgets to spend! 

Keep these principles in mind: 

• Always under-promise and over-deliver, never the other way round;

• Never tell your customers no because that’s “the policy”;

• Have quicker response times to everything than your competitors;

• Think about the long term value of these customers, not what this might cost today;

• If they are in a hole, do whatever you can to get them out of it – even if you aren’t obliged to;

• Be personal in what you do – people do business with people, not faceless companies.

If you haven’t done these things, now is the time to get busy quickly. Customers need to be reminded constantly that you value them and are doing more than just giving them what they pay for. People hate being taken for granted and being treated as if you have the right to their money and you need to make an emotional connection with people to get them to stick with you and your business. 

So, take action NOW – this week, find a way to go the extra mile this week for at least one of your key customers, whenever or however you can.
Article Source:  http://www.articlebiz.com/article/1051611307-1-go-the-extra-mile/