Monthly Archives: January 2015

Stolen and Lost Devices are Putting Personal Healthcare Information at Risk

Amid a rising tide of compliance pressures, employee mobility, and high black-market values for personal identifiable information (PII) and personal healthcare information (PHI), security and risk professionals at healthcare organizations are dealing with staggering amounts of endpoint-related data loss and exposure when compared with other industries. However, many healthcare organizations struggle with low security budgets, and only about half secure their endpoint data through technologies such as full disk encryption or file-level encryption today.

By all accounts, we’re approaching a new order of integration between technology and medicine. Real time medical diagnostic data obtained from our mobile phones will soon be integrated directly into our electronic medical records where clinicians can use the data to make more accurate (and potentially dynamic) treatment plans. However, with all of this new patient data being collected by insurance payers, medical providers, and third-party services, there are many dangers presented when security and risk (S&R) pros don’t adequately protect PHI. Unfortunately, there are a number of systemic challenges that hinder these efforts to protect PHI, such as:

  • Unclear regulations surrounding endpoint data protection.
  • Perception within management that healthcare data is not an attractive target for hackers.
  • Modest security budgets.

Physicians will return from medical conferences wanting to try the latest clinical apps, information workers tasked with processing sensitive health insurance data will use consumer cloud storage tools to increase their productivity, and medical researchers will take patient data home with them on their personal laptops to save themselves from long hours in the lab. Whatever their role, healthcare professionals are not immune to the workforce mobility trends affecting all other industries.

As healthcare organizations gather and process greater amounts of PHI, data security initiatives become exponentially more important. S&R leaders must work to create awareness and understanding of the associated responsibilities and risks at the highest levels of the organization.

These radical new changes will create new challenges and responsibilities for already overburdened security organizations. However, there are several things S&R professionals can do to prepare for this transformation today:

  1. Move your controls closer to the data itself. Security pros apply most controls at the very edges of the network. However, if attackers penetrate your perimeter, they will have full and unrestricted access to your data.
  2. Look to new solutions for cloud visibility and data protection. Encrypt data before it goes into the cloud.
  3. Discover where the data is located, diligently control access, and watch user behavior. Always remember that every byte of data could contain information about patients. To protect this sensitive data, your first line of defense is to discover and identify where this data is located, and limit data access to only those individuals whose job function requires it.
  4. Focus on behavioral changes, not simply security awareness, for data security and privacy. Technology controls are important, but employee awareness and behaviors are another critical aspect of data protection.

 

Source: ehrintelligence.com

How Practices Can Improve Patient Payment Collections

How Practices Can Improve Patient Payment Collections

4 basic steps that may help practices do a better job collecting from patients:

  1. For new or infrequent patients, ask them to complete a package of materials before their appointment. Access can be provided online before the patient’s visit or the materials can be sent by mail or e-mail for the patient to complete before the visit. The approach taken depends on the practice’s technological capabilities and permission provided by the patient. Successful collection requires complete and accurate patient information.
  2. As discussed in previous blogs, a practice must be upfront about getting paid for its services! It should be made clear to patients immediately that they are expected to cover co-pays and known deductibles at time of service. Patients unwilling or unable to pay should be rescheduled; except in the event of an emergency. Having clear policies that are shared with patients can help a practice collect more fees upfront. Accepting credit cards can also make payment of fees more convenient for patients who prefer this option.
  3. As discussed in previous blogs, a practice must be upfront about getting paid for its services! It should be made clear to patients immediately that they are expected to cover co-pays and known deductibles at time of service. Patients unwilling or unable to pay should be rescheduled; provided, in the event of an emergency I would recommend the patient be seen. Having clear policies that are shared with patients can help a practice collect more fees upfront. Accepting credit cards can also make payment of fees more convenient for patients who prefer this option.
  4. Don’t wait too long to try to collect! In the first year, the probability of a practice collecting a past due account drops by 10 percent every 30 days. This means that the longer a practice waits, the less likely it is to collect.  Make sure you have an effective policy that combines letters and calls to patients and then send the bill to collection as soon as you complete the process. Make sure you work with an agency that lets you approve whether you want a patient to be sued and always use an agency that is licensed and has a reputation for acting lawfully and professionally. Don’t forget that a signed Business Associate Agreement is needed with any agency you choose.

There is no perfect way to collect patient payments, but every practice should have an effective policy, and it should tweak that policy until it gets the best results. Most practices will agree that leaving money on the table is simply not an option anymore!

 

Source: physicianspractice.com

Top 6 Practice Management Challenges Facing Physicians in 2015

Top 6 Practice Management Challenges Facing Physicians in 2015

Physicians still face mountains of red tape in the upcoming year

Challenge 1: Administrative burdens – A Kaiser study, from 2012, estimated that the nation’s physicians spend more than 868 million hours annually on prior authorization activities. Payers say prior authorizations hold down costs, improve treatment efficacy and ensure patient safety. To physicians, however, they are an obstacle to providing the best care for their patients.

Challenge 2: Independence vs. Employment – For some physicians, joining a large hospital system offers a haven from the rising administrative burdens of staying independent and from competitive pressures that can drive a small practice into insolvency. But joining a hospital system is not a panacea for the challenges facing physicians.

Challenge 3: Payers dictating healthcare – Physicians have to deal with a range of audits tied to meaningful use and other programs. The federal government can audit Medicare patients’ charts, while individual states can audit records for Medicaid patients, since they fund Medicaid, up to 10 years after a patient’s treatment, notes Tatiana Melnik, JD, an attorney specializing in technology and healthcare IT in Tampa, Florida.

Challenge 4: Patients dictating healthcare -Balancing the desire to practice quality medicine with the need to obtain positive feedback from patients promises to be a growing challenge for primary care physicians (PCPs) in 2015 and the years beyond.

Challenge 5: Staff retention – As more payers gravitate toward value-based payment models and increased emphasis is placed on effective team-based medicine, maintaining staff will be critical to practice success. Ask any consultant, and they will tell you that a practice is only as good as its employees.

Challenge 6: Avoiding liability – As a way to avoid potential liability, some physicians report practicing defensive medicine. Erring on the side of caution, physicians order more diagnostic procedures than might be necessary to head off litigation.

Source: medicaleconomics.modernmedicine.com