Tag: Technology

Posted on

AMA letter to CMS: Repeal ICD-10

Written by Jill Raykovicz

On Wednesday, the American Medical Association wrote a letter to the US Department of Health and Human Services calling for a repeal of the ICD-10 implementation, slated to be required by all covered entities October 1st, 2014.  AMA Executive Vice President and CEO, Dr. James L. Madara, reasoned ICD-10  “is not expected to improve the care physicians provide their patients and, in fact, could disrupt efforts to transition to new delivery models.”

Financial Burdens and Vendor Readiness

Dr. Madara voiced particular concern for smaller sized practices, where some estimates of the ICD-10 price tag could reach over $225,000, which, he writes, merely compounds other financial hardships such as costs to comply with Stage 2 Meaningful Use, overcoming any impending ePrescribe and PQRS penalties, as well as mitigating the 2 percent across-the-board sequestration cuts now pushed into 2023.

The letter released the results of a report by Nachimson Advisors, which revealed fewer than half (47 percent) of physicians say their practice management system vendor plans on delivering an ICD-10 software upgrade. Of those who are expecting an upgrade, 26 percent expect to receive it before April, 24 percent before July, 13 percent before October, and 1 percent after the October 1st deadline.  These timelines, the AMA argues, is insufficient to perform the necessary testing to ensure the software is working as intended.

Dr Madara also implored Medicare to conduct true end-to-end testing with at least 100 different physician practices of varying size and specialties.  Dr. Madara writes, “We believe end-to-end testing is essential for ensuring the health industry will not suffer massive disruptions in claims and payment processing and ultimately risk physicians’ ability to care for their patients.”

Advance Payment Options

Dr. Madara also appeals for an “Advance Payment” policy for the more serious cases that would jeapordize a provider’s ability to treat Medicare patients due to non-payment of services. This would apply to those services that have been submitted but not yet paid for date of service after October 1st, 2014, where the provider has already tried unsuccessfully to recoup payment from their contractor but is still weeks or months away from receiving reimbursement.  Dr. Madara reminds CMS a similar policy went into effect after the implementation of the National Provider Identifier (NPI) in 2008, and proposed the following parameters where advance payment would be afforded to providers:

1. When a physician has submitted claims but is having problems getting the claim paid to reach the contractor due to problems on the contractor’s end
2. When a physician has not been paid for at least 90 days
3. When they attest that at least 25 percent of their patients are Medicare and;
4. When they attest that at least 25 percent of their reimbursements are from Medicare.

Two-Year Implementation Grace Period

To battle the learning curve physicians and coders will experience as they gain a better understanding of the specificity required for ICD-10, Dr Madara proposes a two-year “implementation period” during which Medicare will not be allowed to deny payment based on the specificity of the ICD-10 code, and provide feedback to the physician on any coding concerns.  Medicare would also agree not to recoup payment due to lack of ICD-10 specificity during this grace period.

Conclusion

While the AMA confirms their commitment to the successful transtion to new payment and delivery models, and the adoption of technology to promote care coordination,  the letter concludes that  ICD-10 is “unlikely to improve the care physician provide to their patients and takes valuable resources away from implementing delivery reforms and health information technology”.

Posted on

Skype With Patients? HIPAA Says “No Go”

Oklahoma medical board sanction against Thomas Trow, MD, sparked concern over the practices of telemedicine and telepsychiatry. Using Skype, Trow conducted online video appointments and prescribed controlled substances to a patient who ultimately succumbed to an overdose. Trow never saw the patient in person before prescribing the drugs. As a result, the Oklahoma medical board published a ruling on January 16 of this year, stating that telemedicine, “Technology must be HIPAA compliant.”

With growing excitement, doctors and patients are “seeing” each other online through a range of video chat technology platforms. In fact, healthcare innovation like telemedicine is vital to the changing landscape of patient demands and government-driven insurance. For many, the Oklahoma telemedicine ruling brings welcome clarification and an opportunity to educate providers about this new way of practicing HIPAA-compliant telemedicine.

“The last thing the U.S. healthcare system needs is to abandon the idea of telemedicine,” said Daniel Gilbert, president and CEO of CloudVisit Telemedicine. “The technology has tremendously positive implications for providers and patients. To lose out because of one platform — a platform that was never designed as a medical tool — would be real detriment.”

Since the Oklahoma ruling does not specifically cite any brand names, many physicians are left wondering, “Is Skype HIPAA compliant?” Skype’s privacy policy simply states that they, “will take appropriate organizational and technical measures to protect the personal data…” and owner, Microsoft Corp.’s Business Associate Agreement (BAA) explicitly omits Skype. To better understand Skype’s security, one must turn to the Health Insurance Portability and Accountability Act (HIPAA).

  • Telemedicine is a HIPAA-compliant method for patient appointments
  • Online video appointments must be conducted via a HIPAA-compliant telemedicine platform
  • Business Associate Agreement (BAA) must exist between the healthcare provider and the company responsible for the telemedicine technology
  • The BAA must guarantee the HIPAA compliance of all measures for security practices and data encryption
  • Providers must obtain informed patient consent prior to conducting online video appointments
  • In absence of a BAA and informed consent, Skype is not HIPAA compliant

“It’s important to keep in mind that Microsoft never intended Skype to be a medical tool,” reminds Gilbert. “Beyond significant HIPAA issues, Skype has many operational shortcomings. CloudVisit provides tools for scheduling and billing, plus treatment notes and more. Skype has none of these features.”

In fact, a search of the word “telemedicine” on the Skype website comes up empty. They do not claim to be HIPAA compliant, nor do they position themselves as a resource for the medical community.

As stated, healthcare practices and patients have a lot to gain from online video appointments. The right technology can be highly effective and appropriate for follow-up care, routine appointments, and mental health consultations once a provider-patient relationship is established in person.

CloudVisit Telemedicine provides a HIPAA-compliant telemedicine and telepsychiatry platform for scheduling, conducting, tracking, and billing online video appointments with patients. CloudVisit enters into a BAA with every client.

 

Originating Source
Posted on

This 5-Minute Video Could Save Your Practice

Almost every business uses a multi-function copy machine that copies, scans, prints and possibly faxes information. What most people don’t realize is that many of these machines have hard drives that store all information that the machine has access to. Think of these machines as computers that store a digital record of every copy it makes, every document it scans and every page it prints.

Copying patient information

If your organization copies insurance explanation of benefits (EOBs), patient insurance cards or uses a multi-function printer to print out letters to patients, all that information could be sitting on the hard drive of your copier. If this information is not properly destroyed before you return the machine to a leasing company, recycle the machine, sell the machine or throw the machine out; all that patient information might cause a HIPAA data breach.

Watch this video!

The below video from CBS news gives valuable information about the risks of copy machines.

Note: Affinity Health Plan who is featured in the video, received a $1,215,780 HIPAA fine (that’s right… $1.2 MILLION) because of one copy machine that contained 344,579 records with protected health information (PHI)

[youtube id=”TCKr5WgVVN8″ width=”600″ height=”350″]

Posted on

What is Reasonable and Appropriate for Your Specific Environment

These days we deal with resistance and denial towards HIPAA compliance. There are many reasons given for incomplete or ineffective compliance programs. We have heard everything from long rambling rants against the government, claims of not applicable to me and plenty of “we don’t have the _____” (fill in: time, money, resources) to explain away the compliance gaps.

There is, however, one case that concerns me when we find it. A practice or business is given a standard list of HIPAA Security implementation recommendations. The problem is that the list of recommendations doesn’t always include a review of what is reasonable and appropriate for the specific environment. The result is a group frozen by fear, sticker shock or worse paying for services and equipment that may be overkill for them. The Security Rule explains in the General Rules section just what should be considered in determining what is reasonable and appropriate for a specific environment (emphasis added):

HHS recognizes that covered entities range from the smallest provider to the largest, multi-state health plan. Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a particular covered entity will depend on the nature of the covered entity’s business, as well as the covered entity’s size and resources.

Therefore, when a covered entity is deciding which security measures to use, the Rule does not dictate those measures but requires the covered entity to consider:

Its size, complexity, and capabilities,

Its technical, hardware, and software infrastructure,

The costs of security measures, and

The likelihood and possible impact of potential risks to e-PHI.

No, this doesn’t mean you can decide you are so small and the rules are too complex to follow them at all. That is definitely not what reasonable and appropriate means in this context. What it does mean, though, is that you can determine how to implement the standards, both required and addressable, but apply these considerations to your implementation plans.

Our approach is to always define the environment before defining the plan. The Security Risk Analysis is first in the list of requirements for a reason. But, keep in mind, that even the tasks performed in the Risk Analysis should be confirmed as reasonable and appropriate for your specific environment.

 

Reposted with permission from: http://smallproviderhipaa.com/2013/10/31/what-is-reasonable-and-appropriate-for-your-specific-environment/
Posted on

Worker’s Reluctant to Follow Company BYOD Policy

Even at companies with BYOD (bring-your-own-device) policies, users may still be reluctant to officially register their tablets and smartphones with IT, instead preferring to covertly access the network. That’s according to a new study that shows employees are concerned about losing their personal data if they officially register their devices with the IT organization at their company. To ensure compliance with policies, managed services providers (MSPs) may need to win over small and mid-sized businesses (SMBs) employees with promises to protect personal data.

Aruba Networks, Inc. (ARUN) conducted the survey of more than 3,000 employees around the world. American respondents, specifically, fear the loss of personal data more than other regions of the world, the study revealed. Around 66 percent of American respondents claimed that they fear the loss of data, compared to the 45 percent of Europeans and 40 of Middle Easterners who felt the same.

More than 50 percent of Americans said their IT department takes no steps to ensure the security of corporate files and applications on their personal devices, a concern that has forced many employees to keep personal devices away from IT departments. Seventeen percent of Americans have not told their employers that they use a personal device for work. If you think that’s frightening, keep reading.

Eleven percent of American respondents said they would not report a compromised device, while 36 percent said they would not report leaked data immediately.

According to the survey, these numbers come from a distrust of IT departments and employee fear about what IT may do with personal data. Forty-five percent of respondents in the United States worry about their IT department’s access to personal data.

Should MSPs include policies and guarantees to customers’ employees on personal data?

There need to be incentives from the company to persuade employees to follow BYOD policy.  Furthermore, there must be a culture of transparency and trust from IT to help calm the fears workers have.

Our Mobile Device Management (MDM) solutions allow our technicians and engineers the ability to monitor and manage the mobile device but they do not have access to personal items such as text messages or pictures.  If there is ever a question of what we can or can not do, we give the client a complete tour of our MDM platform.

The importance of a highly secure IT environment coupled with the lack of adherence of workers to BYOD policies gives rise to major concerns.  Companies of all sizes need to rethink their policies and procedures regarding BYOD.  Also, ensure the MSP or IT provider is trustworthy and operates in complete transparency.  The goal is to protect your company, your IT environment, your customers and your employees.

Companies, especially small businesses, that ignore BYOD are playing Russian roulette.  Everyday workers are using secure business networks to do things on their mobile devices which are highly unsecured and dangerous to the IT environment.  For some verticals, such as healthcare, these oversights can led to a breach and bring disastrous implications.

Want to have a discussion about protecting your business and your employees?  Give us a call find out how we can help.

Posted on

10 Reasons to Use CRM software Within Your Business

When it comes to using CRM software, there are a number of reasons why you want to use it. You need to do all you can to give your business the edge within the marketplace. Customer relationship management software allows you to focus more on your customers, which in turn will fuel your business for success.

1. More information. When you use CRM software, you have more information about your customers. This includes learning about where they are, what age category they fall into and much more.

2. More customer details. Customer details can help you reach out to customers at more times throughout the year. When you have their birthday and anniversary dates, you can send them emails and reminders, which will help your business be thought of in a more personable way.

3. Better demographic information. There is a lot of demographic information available within CRM software. You need to know who your target audience is. If you didn’t know it prior to using the software, you will by the time you have used it a few times because of the data it is collecting with each order that you take and with each new customer you establish.

4. Create marketing promotions. When you have more information about your customers, you can create more effective marketing promotions. This includes putting specific items on sale as well as deciding how you want to market to your customers – be it Facebook, mobile phones, direct mail or some other strategy.

5. Make suggestions. Suggestions can be made to customers when you use CRM software. When you see what the buying patterns are, you can use your inventory of products to determine what it is that they are likely to want. As you make suggestions, you can increase your sales and become more profitable.

6. Sell more. Suggestive selling is a great way to sell more. Just as restaurants use suggestive selling, you can do the same within your own business.

7. Compete with other businesses. You need to compete with the other businesses out there and CRM software helps you do that. Customers will stray to the competition from time to time – unless you are doing all you can to keep them focused on you and your business.

8. Stay on the brain. When you send more emails specifically for specific groups of people, you can stay on the forefront of your customers’ brains. This way they won’t drift off to go to other businesses throughout the year.

9. Customizable. When you use CRM software, it is customizable based upon what you need it for. You can even choose software that integrates into your other software, such as Microsoft Outlook. This ensures you aren’t entering the same information over and over again.

10. Easy to use. It’s also a good idea to use CRM software because it’s easy to use. When it’s easy, you and your entire staff can benefit from the information housed within the program.  When I started out in business I used a huge dry erase board, make-shift excel spreadsheets and a desk calendar to try to accomplish this.  It is so much easier now with good CRM tools.

For help finding the CRM tool that is right for your business, give us a call.