Small Practice Fined $100,000 for Risk Analysis Breach!

Risk Analysis Breach Can Cost Physicians Dearly!An independent physician gastroenterology practice in Utah had to report a breach related to a dispute with a Business Associate to the Office for Civil Rights department of HHS.

After the investigation into the breach, it was determined that the practice of Steven A. Porter, MD “had failed to complete an accurate and thorough risk analysis, and failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level” and therefore, has agreed to pay a $100,000 fine.

In addition to the monetary penalty, the practice is required to implement a Corrective Action Plan (CAP). According to the investigation resolution agreement, the practice agreed to conduct a thorough Risk Analysis, the Practice must develop a complete inventory of all its categories of electronic equipment, data systems, and applications that contain or store ePHI, which will then be incorporated into its Risk Analysis, and must complete a Risk Management plan. They must also revise and implement actionable policies and procedures, all of which should have been in place prior to the breach incident.

Have you ever read such headlines and doubted whether a small Billing Company or independent physician practice actually ever face penalties?

According to the Resolution Agreement, the practice must also completely reinvent their Business Associate process, and implement a strict protocol to ensure it’s Business Associates are HIPAA Compliant. In addition to ensuring their Business Associate relationships are accurate, the entire staff must undergo security and privacy training that stresses the use of Business Associate services and applications, disclosures to Business Associates that require a Business Associates agreement or other reasonable assurances in place to ensure that the Business Associate will and can safeguard the PHI and/or the ePHI. This puts immense pressure on the Business Associates, such as Billing Companies, to ensure that they are HIPAA Compliant, but also independent physician practices to ensure their Business Associates, “down the chain” are also compliant. This is also known as gaining Satisfactory Assurance of vendor HIPAA compliance.

What can you do?

As we have stressed before, it is important for you to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, a billing company, or other vendor, suspects a breach you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action. Keep in mind, a business associate is a ‘person’ or ‘entity’. This means there is no Billing Company too small or too large to comply with the Federal HIPAA regulations. Again, if you haven’t completed an accurate and thorough security risk assessment prior to that, you could also be penalized under ‘willful neglect’. This category alone is $50,000 per violation!

What we do is keep this from ever being a worry for you! In fact, we have a 100% audit pass rate! For example, Live Compliance has easy to understand HIPAA breach notification training. We perform your security risk assessment and manage all your requirements, including business associates, in a clean, organized cloud-based portal. Don’t risk your company’s future, especially when we are offering a FREE Organization Assessment to help determine your company’s status. It’s easy, call us at (980) 999-1585, email me jim@LiveCompliance.com or visit LiveCompliance.com

[ Contributed by Jim Johnson, President of Live Compliance ].

Maximizing MIPS Score with Health eFilings

targeting a better MIPS scoreThere are many commonly misunderstood aspects and nuances with the MIPS program, particularly in how points are earned.  For a healthcare practice it can be challenging to know exactly what to do to earn points, optimize the score, and protect their Medicare reimbursements.  But, at the same time, the stakes have been raised every year and the final ruling of the program is even more complex than it has been in the past, further increasing the stress, burden and financial risk for a healthcare practice.

The approach a practice takes to report for MIPS will greatly impact the results.  Many do not understand, or have awareness of, the different reporting methods available to them. Many Providers erroneously still think that a registry is the only reporting option available to them or that they are required to use a registry. Or, they think that their EHR covers their reporting obligation or that an EHR’s reports satisfy the MIPS requirements. These misperception and erroneous assumptions are detrimental to the financial interests of any practice.

There is a third reporting methodology that has been established and authorized by CMS, called CEHRT, or Certified EHR Technology (software).  The CEHRT methodology assists CMS with their need for more valid data submitted through technology and to refocus Providers from merely using technology towards Providers leveraging technology to improve outcomes.  Reporting via a CEHRT using software that has been certified by the ONC is a superior approach because it optimizes the points that could be earned and therefore, maximizes Medicare reimbursements for the practice.

Recently an RCM company CEO approached us at Health eFilings with the decision to use six of her clients to conduct a side-by-side comparison of the registry and Health eFilings (CEHRT) methodologies for reporting. In this manner, she intended to validate for herself whether a CEHRT or registry would generate the greatest ROI for her clients. The results of using Health eFilings’ MIPS Accelerator service, on average earned almost triple the points versus a registry for the same year for the same clients.

MIPS score comparison graph

“Due to limited understanding and guidance, we weren’t aware of the differences of the reporting methodologies available for my clients.  We believed there was greater opportunity, but the current registry methodology we had chosen didn’t demonstrate that for our clients.”

Katy, RCM Company CEO

 

 

This side-by-side comparison highlights not only that a CEHRT is the superior method of reporting as Health eFilings was able to leverage technology to facilitate the ease, accuracy and completeness of tracking and reporting, but it also maximize a Provider’s MIPS score.  Additionally, given the levels of Medicare reimbursements for these practices, the higher score resulted in their earning a positive payment adjustment, which significantly improved their bottom line. And, take note that if the Registry were to perform the reporting for the 2019 reporting period, these practices would not earn enough points to avoid the penalty of negative 7%.

Health eFilings with its proprietary ONC certified software has many advantages over any type of registry:

  • Automatically extracts data from any EHR or billing system
  • No staff or IT time required to comply
  • Benchmarks performance versus peers based on CMS standards
  • Proprietary algorithm evaluates 9 million combinations to select best quality measures to optimize score
  • Earn 10% in bonus points for the Quality category
  • eCQM deciles earn more points than registry deciles
  • Almost all eCQM’s have a CMS benchmark versus less than 25% of registry measures
  • Electronically submits the data to CMS

And, important to note that it’s NOT too late to comply for the 2019 reporting period as Health eFilings is able to support new clients, but time is of the essence.  Reach out NOW if you or your client hasn’t reported for 2019—there is NO REASON to accept the 7% revenue hit.

Now EZClaim and Health eFilings want to ensure you can partner with the only complete, end-to-end MIPS compliance solution that saves you significant time and money. To learn more, click the following link: https://healthefilings.com/ezclaim

[ Article written by Sarah Reiter, Vice President of Strategic Partnerships with Health eFilings ].

New Patient Billing Methods by Texting and Email

New patient billing methodsThis article about new patient billing methods was written by Angie Carter with NexTrust.

Communication is easier than it’s ever been, but a lot of practices aren’t taking full advantage of two of today’s most effective mediums of communication: email and texting. Patients, like all other consumers, spend a lot of time on their phones; it’s where they keep in touch with friends and family, as well as businesses they work with regularly.

Most practices rely heavily on phone calls to contact their patients about appointment reminders, insurance issues, etc. But many adults now prefer to communicate via email or text. Often a quick phone call will do the trick, but email and texting gets your foot in the door a lot more often. Furthermore, people are far more likely to respond to a text or email than a voicemail.

Here are a few ways to build your contact list at your practice to improve communication with patients, ensuring greater patient satisfaction and better cash flow.

  1. Collect cellphone numbers & email addresses during new patient registration.

Consider making these required fields. Allow the option to fill out more than one email address or mobile number as well, since most households have several. It would also be helpful to quickly explain why you need this information. BillFlash allows you to send out regular statements and eBills through email and text, and you can also quickly update your patients on any last-minute changes happening at your practice.

If you have a newsletter or regularly send out practice updates, make sure patients know about these as well. This is another opportunity to ensure you have the information you need to better communicate with your patients.

  1. Ask for an email address & cellphone number any time you confirm an appointment.

Even if your current patients have already given you this information, use appointment confirmations as an opportunity to verify the information you have on file is current. Email addresses change all the time, so it’s crucial to ensure they’re up to date so you know your messages are being received. And for patients who haven’t yet provided this information, this is a good time to tout the benefits of being digitally connected.

  1. Encourage mail-only patients to go paperless.

A huge barrier to patients paying their bills on time—or at all—is that it’s often not as simple to pay a medical bill as it is to pay, say, a utility bill. BillFlash simplifies this process tremendously, both for the patients and your practice. By providing an email address and cellphone number, patients can more easily stay current on their medical bills and procedures.

  1. Ask patients to provide feedback on your website.

Give your patients a space to express their thoughts at their convenience. Include a form on your website for patients to fill out—which would include their email address and phone number—and add the info they provide to your database. You could also post signs throughout your office encouraging patients to visit your website to provide feedback about the care they received that day. 

  1. Add cellphone number/email to check-in sheet.

Most practices require patients to sign in whenever they come in for an appointment. Consider adding a column or two that asks for their email and cellphone number. At the top of the column you could include a note that says something like “Want to receive appointment reminders via text or email?” to reiterate the benefit patients will receive by providing this information.

  1. Offer patients an incentive to provide their email address & cellphone number.

People love free stuff—that’s a given. Try running a fishbowl incentive every few months. All patients would need to do is drop their email address and/or cellphone number into a bowl and they’ll be entered into a drawing to win a prize. And why reward just the patients? Incentivize your office staff to collect this information as well.

Everyone has a cellphone number and email address, but it does take some effort to collect them. But it’s effort that rewards you many times over, as this makes it easier to keep patients in the loop and ensure you get paid. BillFlash makes it easy to automate patient billing and payments—including sending reminders via email or text—to improve the financial health of your practice.

BillFlash is integrated into the EZclaim billing application. Click here to view a video that discusses the details.

For more information about new patient billing methods and sending electronic bill notifications through text and email, contact EZclaim or their statement and payment services partner, BillFlash, at 435-940-9123 or sales@billflash.com

Best Practices When Sending Patients to Collections

patients collectionsAs Patient Payment Responsibility continues to increase, sending patients to collections efficiently & effectively is more critical to the financial health of your practice than ever before. Here are some helpful tips to optimize your patient collections process.

  1. Communicate your collection policy upfront
  2. Integrate your collections process with your billing
  3. Consider offering discounts for self-pay patients
  4. Accept multiple forms of payment 
  5. Offer multiple payment options
  6. Require patients to make “good faith” payments

Practices that employ the following practices can help prevent sending patients to collections or make the collections process much more efficient and effective.

1.Communicate your collection policy upfront

Prior to patient appointments, clearly communicate your collection policy. This helps the patient plan ahead to pay in full in the specified time period. This is especially important for patients that must meet a deductible or coinsurance amounts towards the out of pocket expenses. When patients are aware in advance, they are more likely to make some of their payment upfront. In addition to pre-visit communications, specify your collections with signs in your office, intake forms, information documents and on your website.

2. Integrate your collections process with your billing

The current process to send patients to collections is tedious, time-consuming and prone to error and miscommunications. That’s because staff must constantly and manually pull lists of patients eligible for collections and send all the necessary patient information to the agency. Plus, all the complex back and forth communications, followed by posting accounting for the payments.

Leveraging an automated patient billing system like BillFlash, you can create rules based on aging and minimums that queue up patients eligible for collections and send all the necessary information to begin the collections process. Practices can manage the entire collections process right in the patient billing system including setting rules, approving accounts for collections, and reports. To learn more, call NexTrust BillFlash at 435-940-9123 or visit collections.billflash.com

3. Consider offering discounts for self-pay patients

While insured patients receive discounts through their insurance provider, self-pay patients are responsible for their full payment. As an incentive to pay bills in a timely manner, offering self-pay patients a discount to pay in a timely fashion could reduce accounts sent to collections, improve the patient payment experience, and help improve your cash flow.

4. Accept Multiple Forms of Payment

Limitations in accepted payment methods and payment options can be a liability for your practice in getting paid quickly, and sometimes, getting paid at all. You can remove these barriers by incorporating payment systems that make it easy to accept all card types as well as payment plans. The BillFlash Billing and Payment system lets you offer these payment options to your patients simply. Patient billing and payments can then be synced with EZClaim because of the existing integration with BillFlash.

5. Offer Multiple Payment Options

Patients may find themselves in collections because out of pocket expenses are often much higher than they expected and can sometimes be thousands of dollars. Offering various payment methods and payment plans improves the patient experience and overall satisfaction.

Limitations in accepted payment methods and payment options can be a liability for your practice in getting paid quickly, and sometimes, getting paid at all. You can remove these barriers by incorporating payment systems that make it easy to accept all card types as well as payment plans. The BillFlash Billing and Payment system lets you offer these payment options to your patients simply. Patient billing and payments can then be streamlined because of the existing integration with BillFlash.

6. Require patients to make ‘good faith’ payments

If a patient is not paying their balance in full, requiring them to pay a portion of the payment is a helpful first step in keeping their commitment to fully meeting their financial responsibility. These small steps not only make the debt more manageable for patients but creates payment momentum for future payments so that at 90 or 120 days they owe much less and are less likely to be candidates for collections. 

With increasingly more patient payment responsibility, the risk for patients being sent collections can rise as well. So, helping your patients avoid collections and optimizing your collections process when collections become necessary, can bring big financial returns

Call NexTrust today 435-940-9123 or email at sales@billflash.com or go to collections.billflash.com to learn how collections are now integrated with automated patient billing and payments to improve the financial health of your practice.

Make sure you never miss an article from EZClaim and our partners, follow us on Facebook and/or LinkedIn!

Lost Laptop = $65,000 Fine

lost laptopLost laptop = $65,000 fine. Have you ever read such headlines and doubted whether a small billing company or independent physician practice would ever face such seemingly insurmountable penalties? 

What happened? Most recently, an ambulance company out of Georgia paid $65,000 for a lost laptop that happened to be unencrypted. More often, small businesses and practices are taking work outside of the office, so this kind of violation is one that can occur to anyone. 

The laptop contained 500 individual’s Protected Health Information. As a result of the investigation, the ambulance company will undergo a Technical Security Risk Assessment and is required to adopt a Corrective Action Plan. This is a great example of why it is important and mandatory to conduct a Technical and Objective Security Risk Assessment at least annually on all devices. 

Following the investigation, it was uncovered that West Georgia Ambulance never provided a security awareness and training program for its employees! You and your workforce are your first line of defense. This reinforces the importance that both you, and your employees must understand what a breach is and the breach notification requirements! It was later revealed that West Georgia Ambulance failed to implement HIPAA Security Rule policies and procedures as well. 

What can you do? As we have stressed before, it is important for you to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, the Billing Company or independent physician practice, suspects a breach or complaint you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action. Again, if you haven’t completed an accurate and thorough security risk assessment prior to that, you could also be penalized under ‘willful neglect’. This category alone is $50,000 per violation!

What we do is keep this from ever being a worry for you! In fact, we have a 100% audit pass rate since 2010! For example, Live Compliance has easy to understand HIPAA breach notification training. We perform your security risk assessment and manage all your requirements, including business associates, in a clean, organized cloud-based portal. 

Don’t risk your company’s future, especially when we are offering a FREE Organization Assessment to help determine your company’s status. 

It’s easy, call us at (980) 999-1585, email me or visit LiveCompliance.com 

Keep in mind, a business associate is a ‘person’ or ‘entity’. This means there is no billing company too small or too large to comply with the Federal HIPAA regulations. 

LEARN MORE

If you are enjoyed this article about the lost laptop as well as informative content we’re providing and have a specific topic you would like to see covered, we would love to hear from you! Please feel free to send along your ideas via email to sales@ezclaim.com.

Reducing Denials

reducing denialsDenials are a concern for every provider and institution. Denials stress every aspect of revenue cycle management as they eat away at the bottom line, stress cash flow, and subsequent operations, and drain and entangle administrative, clinical, and financial resources during appeals. IMO has the tools you need to aid in reducing denials.

Some estimates suggest that as much as 9% of claims are denied annually and with ~$3.6 Trillion in spending in 2018, ~$324 billion in claims were denied, initially. Fortunately, 63% of claims that were denied were recovered, but not without a cost.¹,²

A closer look at the causes for denials, suggests that missing or invalid claim data and medical coding accounted for 20% of denials.¹ Without a doubt, these mid-cycle and back end processes are critical components to efficient revenue cycle management. 

We understand how important it is for practice managers to align clinical descriptions documented at the point of care to the correct ICD-10CM codes to ensure accurate coding and appropriate reimbursement. 

IMO knows how challenging it can be to translate diagnoses documented in a provider’s clinical language to the appropriate ICD-10CM codes, especially when code sets change. 

Furthermore, we understand the risk to the bottom-line if diagnoses are not accurately captured when they are transferred between systems.

To help our customers tackle coding challenges, simplify their workflow, and manage risk, we developed IMO Core, our industry-leading clinical interface terminology.  

IMO Core can help billing and coding professionals streamline the process of transferring diagnoses and codes from the billing summary or EHR into the practice management system. Additionally, IMO Core helps maintain the clinical, diagnostic, and coding integrity of claims that originate from a different EHR system to help billing and coding professionals easily navigate through interoperability challenges. 

With IMO Core you can:  

Document more credibly

  • Maximize reimbursement by easily capturing secondary conditions
  • Reduce denied claims with accurate, specific diagnosis terminology
  • Increase Medicare Advantage reimbursement by identifying all HCC diagnoses and codes

 

Operate more efficiently

  • Quickly and accurately find and document diagnoses that are mapped to appropriate codes
  • Save time with diagnoses and codes that are automatically updated by IMO subject matter experts (SMEs)
  • Ensure accurate billing and coding with maintenance-free terminology that is always current 

 

About Intelligent Medical Objects

At IMO, we are dedicated to powering care as you intended, through a platform that is intelligent, intuitive, and intentional. Used by more than 4,500 hospitals and 500,000 physicians daily, IMO’s clinical interface terminology (CIT) forms the foundation for healthcare enterprise needs including effective management of EHR problem lists, accurate documentation, and the mapping of over 2.4 million clinician-friendly terms across 24 different code systems. 

We offer a portfolio of products that includes terminologies and value sets that are clinically vetted, always current, and maintenance-free. This aligns with provider organizations’ missions, EHR platforms’ inherent power, and the evolving vision of the healthcare industry while ensuring accurate care documentation and administrative codes. So, clinicians can get back to being clinicians, health systems can get reimbursed, and patients can more easily engage in their own care. As intended.

To learn more please contact Will Caldwell or visit: https://www.imohealth.com/schedule-a-demo/

  1. https://www.changehealthcare.com/blog/wp-content/uploads/Change-Healthcare-Healthy-Hospital-Denials-Index.pdf
  2. https://www.meddata.com/blog/2017/10/26/medical-billing-statistics/

 

If you enjoyed this piece about reducing denials, be sure to read more informative articles from EZClaim and our partners.

CONTACT INFO

337 S. Main Street
Ste 200
Rochester, MI 48307

877.650.0904

FOLLOW US ON


CONTACT INFO

337 S. Main Street
Ste 200
Rochester, MI 48307

877.650.0904

FOLLOW US ON


CONTACT INFO

337 S. Main Street
Ste 200
Rochester, MI 48307

877.650.0904

FOLLOW US ON


CONTACT INFO

337 S. Main Street
Ste 200
Rochester, MI 48307

877.650.0904

FOLLOW US ON


SALES

337 S. Main Street
Ste 200
Rochester, MI 48307

877.650.0904

CUSTOMER SUPPORT

337 S. Main Street
Ste 200
Rochester, MI 48307

877.650.0904

FOLLOW US ON