• Member Statistics

    • 823,356 Colleagues-to-Date [Sponsored by a generous R&D grant from iMBA, Inc.]
  • David E. Marcinko [Editor-in-Chief]

    As a former Dean and appointed University Professor and Endowed Department Chair, Dr. David Edward Marcinko MBA was a NYSE broker and investment banker for a decade who was respected for his unique perspectives, balanced contrarian thinking and measured judgment to influence key decision makers in strategic education, health economics, finance, investing and public policy management.

    Dr. Marcinko is originally from Loyola University MD, Temple University in Philadelphia and the Milton S. Hershey Medical Center in PA; as well as Oglethorpe University and Emory University in Georgia, the Atlanta Hospital & Medical Center; Kellogg-Keller Graduate School of Business and Management in Chicago, and the Aachen City University Hospital, Koln-Germany. He became one of the most innovative global thought leaders in medical business entrepreneurship today by leveraging and adding value with strategies to grow revenues and EBITDA while reducing non-essential expenditures and improving dated operational in-efficiencies.

    Professor David Marcinko was a board certified surgical fellow, hospital medical staff President, public and population health advocate, and Chief Executive & Education Officer with more than 425 published papers; 5,150 op-ed pieces and over 135+ domestic / international presentations to his credit; including the top ten [10] biggest drug, DME and pharmaceutical companies and financial services firms in the nation. He is also a best-selling Amazon author with 30 published academic text books in four languages [National Institute of Health, Library of Congress and Library of Medicine].

    Dr. David E. Marcinko is past Editor-in-Chief of the prestigious “Journal of Health Care Finance”, and a former Certified Financial Planner® who was named “Health Economist of the Year” in 2010. He is a Federal and State court approved expert witness featured in hundreds of peer reviewed medical, business, economics trade journals and publications [AMA, ADA, APMA, AAOS, Physicians Practice, Investment Advisor, Physician’s Money Digest and MD News] etc.

    Later, Dr. Marcinko was a vital and recruited BOD  member of several innovative companies like Physicians Nexus, First Global Financial Advisors and the Physician Services Group Inc; as well as mentor and coach for Deloitte-Touche and other start-up firms in Silicon Valley, CA.

    As a state licensed life, P&C and health insurance agent; and dual SEC registered investment advisor and representative, Marcinko was Founding Dean of the fiduciary and niche focused CERTIFIED MEDICAL PLANNER® chartered professional designation education program; as well as Chief Editor of the three print format HEALTH DICTIONARY SERIES® and online Wiki Project.

    Dr. David E. Marcinko’s professional memberships included: ASHE, AHIMA, ACHE, ACME, ACPE, MGMA, FMMA, FPA and HIMSS. He was a MSFT Beta tester, Google Scholar, “H” Index favorite and one of LinkedIn’s “Top Cited Voices”.

    Marcinko is “ex-officio” and R&D Scholar-on-Sabbatical for iMBA, Inc. who was recently appointed to the MedBlob® [military encrypted medical data warehouse and health information exchange] Advisory Board.

    entrepreneur

    Frontal_lobe_animation

  • ME-P Information & Content Channels

  • ME-P Archives Silo [2006 – 2020]

  • Ann Miller RN MHA [Managing Editor]

    ME-P SYNDICATIONS:
    WSJ.com,
    CNN.com,
    Forbes.com,
    WashingtonPost.com,
    BusinessWeek.com,
    USNews.com, Reuters.com,
    TimeWarnerCable.com,
    e-How.com,
    News Alloy.com,
    and Congress.org

    Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM)

    Product Details

    Product Details

    Product Details

  • CERTIFIED MEDICAL PLANNER® program

    New "Self-Directed" Study Option SinceJanuary 1st, 2020
  • Most Recent ME-Ps

  • PodiatryPrep.org


    BOARD CERTIFICATION EXAM STUDY GUIDES
    Lower Extremity Trauma
    [Click on Image to Enlarge]

  • ME-P Free Advertising Consultation

    The “Medical Executive-Post” is about connecting doctors, health care executives and modern consulting advisors. It’s about free-enterprise, business, practice, policy, personal financial planning and wealth building capitalism. We have an attitude that’s independent, outspoken, intelligent and so Next-Gen; often edgy, usually controversial. And, our consultants “got fly”, just like U. Read it! Write it! Post it! “Medical Executive-Post”. Call or email us for your FREE advertising and sales consultation TODAY [770.448.0769]

    Product Details

    Product Details

  • Medical & Surgical e-Consent Forms

    ePodiatryConsentForms.com
  • iMBA R&D Services

    Commission a Subject Matter Expert Report [$2500-$9999]January 1st, 2020
    Medical Clinic Valuations * Endowment Fund Management * Health Capital Formation * Investment Policy Statement Analysis * Provider Contracting & Negotiations * Marketplace Competition * Revenue Cycle Enhancements; and more! HEALTHCARE FINANCIAL INDUSTRIAL COMPLEX
  • iMBA Inc., OFFICES

    Suite #5901 Wilbanks Drive, Norcross, Georgia, 30092 USA [1.770.448.0769]. Our location is real and we are now virtually enabled to assist new long distance clients and out-of-town colleagues.

  • ME-P Publishing

  • SEEKING INDUSTRY INFO PARTNERS?

    If you want the opportunity to work with leading health care industry insiders, innovators and watchers, the “ME-P” may be right for you? We are unbiased and operate at the nexus of theoretical and applied R&D. Collaborate with us and you’ll put your brand in front of a smart & tightly focused demographic; one at the forefront of our emerging healthcare free marketplace of informed and professional “movers and shakers.” Our Ad Rate Card is available upon request [770-448-0769].

  • Reader Comments, Quips, Opinions, News & Updates

  • Start-Up Advice for Businesses, DRs and Entrepreneurs

    ImageProxy “Providing Management, Financial and Business Solutions for Modernity”
  • Up-Trending ME-Ps

  • Capitalism and Free Enterprise Advocacy

    Whether you’re a mature CXO, physician or start-up entrepreneur in need of management, financial, HR or business planning information on free markets and competition, the "Medical Executive-Post” is the online place to meet for Capitalism 2.0 collaboration. Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds. THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
  • OIG Fraud Warnings

    Beware of health insurance marketplace scams OIG's Most Wanted Fugitives at oig.hhs.gov

Deborah C. Peel MD on Patient Privacy [video]

An Audio-Video Presentation

[Submitted via Darrell Pruitt DDS]

***

***

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements.

Book Marcinko: https://medicalexecutivepost.com/dr-david-marcinkos-bookings/

Subscribe: MEDICAL EXECUTIVE POST for curated news, essays, opinions and analysis from the public health, economics, finance, marketing, IT, business and policy management ecosystem.

HOSPITALS:

“Financial Management Strategies for Hospitals” https://tinyurl.com/yagu567d

“Operational Strategies for Clinics and Hospitals” https://tinyurl.com/y9avbrq5

***

Product DetailsProduct Details

Identity Management is a Challenge Health Plans Must Meet

Is your organization ready?

http://www.MCOL. com

***

***

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements.

Book Marcinko: https://medicalexecutivepost.com/dr-david-marcinkos-bookings/

Subscribe: MEDICAL EXECUTIVE POST for curated news, essays, opinions and analysis from the public health, economics, finance, marketing, IT, business and policy management ecosystem.

***

The PRIME Act

Join Our Mailing List 

Preventing and Reducing Improper Medicare and Medicaid Expenditures Act

demBy Dr. David Edward Marcinko MBA

http://www.CertifiedMedicalPlanner.org

This Act was introduced into congress in 2013 and contains a number of provisions that would increase rewards and incentives for those who uncover healthcare fraud, as well as heighten penalties for those who commit it.

The PRIME Act

The PRIME Act would enact stronger penalties for Medicare and Medicaid fraud; curb improper or mistaken payments made by Medicare and Medicaid; establish stronger fraud and waste prevention strategies with Medicare and Medicaid to help phase out the practice of “pay and chase” (i.e., recouping monies already erroneously paid to providers instead of detecting problems on the front end); curb the theft of physician identities; expand the fraud identification and reporting work of the Senior Medicare patrol; take steps to help states identify and prevent Medicaid overpayments; and improve the sharing of fraud data across state and federal agencies and programs.

fraud

Assessment

The law directs the Secretary to develop a plan to revise the incentive program under HIPAA for the reporting of fraud and abuse to encourage greater participation by individuals reporting Medicare fraud and abuse.

And, it also requires the plan to include certain recommendations for ways to enhance rewards for individuals reporting and an extension of the incentive program to the Medicaid program.

MORE: Ten Ways to Prevent Fraud [Consumer]

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™   Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

PHI RansomWare Just Went Up!

Join Our Mailing List

1-darrellpruitt

[By Darrell K. Pruitt DDS]

Expect malware entrepreneurs to charge what the market will bear, again and again.

“OCR Releases Guidance on Ransomware: ‘Your Money or Your PHI’”. By Dianne J. Bourque for The National Law Review,” July 12, 2016

http://www.natlawreview.com/article/ocr-releases-guidance-ransomware-your-money-or-your-phi

Bourque: “A key component of the guidance provides a ransomware attack that encrypts a Covered Entity’s ePHI is presumed to be a breach. As ransomware can infect a Covered Entity’s entire system, this presumption may lead to enormous breach notification obligations.”

Bourque adds: “OCR indicates that when ePHI is encrypted as a result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals took possession of the information) and is thus a ‘disclosure’ not permitted under the HIPAA Privacy Rule has occurred.”

When patients are notified of data breaches – for any reason – many will quietly change providers. According to The Ponemon Institute, loss of future income is the most costly result of lawfully reporting data breaches…. and ransomware attacks are at “epidemic” levels. I have heard dentists are paying the ransom quickly.

The disincentives to do the right thing were overwhelming providers even before the OCR’s recent ruling. Such is the ugly nature of extortion.

Assessment

Cha-ching! 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Protect Privacy – DO NOT Use EMRs!

Join Our Mailing List 

OCR pays its own way

1-darrellpruittSubmitted By‏ Darrell Pruitt DDS

“OCR unleashes second wave of HIPAA audits, but will it diminish patients’ privacy and security expectations?

Healthcare entities should expect the Office for Civil Rights to levy fines that help fund the program.  And until OCR delivers a draft audit protocol breaches will continue at patients’ expense.”

By Tom Sullivan for HealthcareIT News

[March 23, 2016]

http://www.healthcareitnews.com/news/ocr-unleashes-second-wave-hipaa-audits-will-it-diminish-patients-privacy-and-security

Sullivan: “Here come the HIPAA audits. And even though OCR has yet to clearly outline what healthcare providers should expect exactly, one thing to anticipate is plenty of financial penalties.”

And David Harlow, a health lawyer, consultant and founder of The Harlow Group, tells HealthcareIT News,

“Who loses out as a result? Patients. The breaches continue, free credit monitoring services are offered, and we all move forward with a diminished expectation of privacy and security.”

***

image002

***

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

***

Update on HIPAA Cloud Solutions for Hospitals and Health Systems

Join Our Mailing List 

New-Wave Technology and PHI

Carol S. Miller

[By Carol Miller RN MBA]

To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic cloud communication of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation. Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.

***

d1052a30277425_561bf03a44905

***

But, because HIPAA compliance involves stringent privacy and security protections for electronic protected health information (PHI), many cloud providers are balking at signing new Business-Associate Agreements.

Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plain-text data on their servers, PHI is especially vulnerable to breaches and compliance violations.

HIPAA Not Aging Well

HIPAA was written nearly 20 years ago, before cloud health applications were even envisioned. Because of this, some areas of the law make it hard to determine which applications must be HIPAA- compliant and which are exempt.  Considering the numerous ways security breaches can occur with a cloud solution, it is no wonder that HHS is very leery about how PHI is handled on server farms in the cloud.

Assessment

Regardless of the storage modality – it is important to take all the steps possible to comply with HIPAA guidelines.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™ Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

More on Texting in Medicine and HIPAA

Join Our Mailing List

Clarifying the Confusion about HIPAA

Carol S. Miller

A Special ME-P Report

[By Carol S. Miller RN MBA PMP]

millerconsultgroup@gmail.com

© iMBA Inc. All rights reserved. USA.

Texting is Ubiquitous

Text Messing (or SMS) Messaging has become nearly ubiquitous on mobile devices. According to one survey, approximately 72 percent of mobile phone users send text messages. Clinical care is not immune from the trend, and in fact physicians appear to be embracing texting on par with the general population. Another survey found that 73 percent of physicians text other physicians about work.

(Source:  Journal of AHIMA, “HIPAA Compliance for Clinician Texting”, by Adam Green, April 2012)

Texting can offer providers numerous advantages for clinical care. It may be the fastest and most efficient means of sending information in a given situation, especially with factors such as background noise, spotty wireless network coverage, lack of access to a desktop or laptop, and a flood of e-mails clogging inboxes. Further, texting is device neutral—it will work on personal or provider-supplied devices of all shapes and sizes. Because of these advantages, physicians may utilize texting to communicate clinical information, whether authorized to do so or not.

Risk Levels

All forms of communication involve some level of risk. Text messaging merely represents a different set of risks that, like other communication technologies, needs to be managed appropriately to ensure both privacy and security of the information exchanged.

Text messages may reside on a mobile device indefinitely, where the information can be exposed to unauthorized third parties due to theft, loss, or recycling of the device. Text messages often can be accessed without any level of authentication, meaning that anyone who has access to the mobile phone may have access to all text messages on the device without the need to enter a password.

Texts also are generally not subject to central monitoring by the IT department. Although text messages communicated wirelessly are usually encrypted by the carrier, interception and decryption of such messages can be done with inexpensive equipment and freely available software (although a substantial level of sophistication is needed.  If text messages are used to make decisions about patient care, then they may be subject to the rights of access and amendment. There is a risk of noncompliance with the privacy rule if the covered entity cannot provide patients with access to or amend such text messages.

According to 2012 data from CTIA–The Wireless Association, U.S. citizens alone exchange nearly 200 billion text messages every month. So it’s not surprising that an increasing number of clinicians are using text messaging to exchange clinical information, along with a wide range of other modes — smartphones, pagers, computerized physician order entry, emails, etc. Electronic communication is certainly faster, can be more efficient, enhances clinical collaboration and enables clinicians to focus on patient care. But with these benefits comes an increased risk of security breaches.

(Source:  Clarifying the Confusion about HIPAA – Compliant Texting, by Megan Hardiman and Terry Edwards, May 2013)

***

cell

***

Hype over the Health Insurance Portability and Accountability Act

Unfortunately, vendor hype about the Health Insurance Portability and Accountability Act is causing many hospitals and health systems to implement stop-gap measures that address part — but not all — of a problem. To identify all vulnerabilities, health care leaders need to consider not only text messaging, but all mechanisms by which protected health information in electronic form is transmitted — as well as the security of those mechanisms.

Mobile device-to-mobile device SMS text messages are generally not secure because they lack encryption.  The sender does not know with certainty that his or her message is indeed received by the intended recipient.  In addition, telecommunications vendor/wireless carrier may store the text messages.  Recent HHS guidance indicates text messaging, as a means of communicating PHI, can be permissible under HIPAA depending in large part on the adequacy of the controls used.  A hospital or provider may be approved for texting after performing a risk analysis or implementing a third-party messaging solution that incorporates measures to establish a secure communication platform that will allow texting on approved mobile devices.

A study reported in Computer World in May 2013 by the Ponemon Institute with 577 healthcare and It professional in facilities that ranged from fewer than 100 beds to over 500 beds stated that fifty-one percent of the respondents felt HIPAA compliance requirements can be a barrier to providing effective patient care.  Specifically HIPAA reduces time available for patient care (85% of the respondents), makes access to electronic patient information difficult (79% of the respondents) and restricts the use of electronic mobile communications (56% of the respondents).

The study stated “respondents agreed that the deficient communications tools currently in use decrease productivity and limit the time doctors have to spend with patients. “ They also stated “they recognized the value of implementing smartphones, text messaging and other modern forms of communications, but cited overly restrictive security policies as a primary reason why these technologies were not used.”  Clinicians in the survey stated that only 45% of each workday is spent with patients; the remaining 55% is spent communicating and collaborating with other clinicians and using the electronic medical record and other clinical IT systems.

Several other statements:

  • Because of the need for security, hospitals and other healthcare organizations continue to use older, outdate technology such as pagers, email and facsimile machines. The use of older technology can also delay patient discharges – now taking an average of 102 minutes.
  • The Ponemon Institute estimated that the lengthy discharge process costs the U.S. hospital industry more than $3.189 billion a year in lost revenue, with another $5 billion lost through decrease doctor productivity and use of outdated technology. Secure text messaging could cut discharge time by 50 minutes.

(Source:  Computer World, “HIPAA rules, outdate tech cost U.S. hospitals $3.38 B a year”, by Lucas Mearian, May, 2013)

***

Mobile-Security

***

Suggestions

Several suggestions offered for these preferred mobile devises are:  1) ensure encryption and access to individuals who need to have access; 2) use secure texting applications; and 3) even consider alerting employees with warnings before they send an email or share files that lets them know they are liable for the information sent. 

More:

About 

Ms. Carol S. Miller has an extensive healthcare background in operations, business development and capture in both the public and private sector. Over the last 10 years she has provided management support to projects in the Department of Health and Human Services, Veterans Affairs, and Department of Defense medical programs. In most recent years, Carol has served as Vice President and Senior Account Executive for NCI Information Systems, Inc., Assistant Vice President at SAIC, and Program Manager at MITRE. She has led the successful capture of large IDIQ/GWAC programs, managed the operations of multiple government contracts, interacted with many government key executives, and increased the new account portfolios for each firm she supported. She earned her MBA from Marymount University; BS in Business from Saint Joseph’s College, and BS in Nursing from the University of Pittsburgh. She is a Certified PMI Project Management Professional (PMP) (PMI PMP) and a Certified HIPAA Professional (CHP), with Top Secret Security clearance issued by the DoD in 2006. Ms. Miller is also a HIMSS Fellow.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

[PHYSICIAN FOCUSED FINANCIAL PLANNING AND RISK MANAGEMENT COMPANION TEXTBOOK SET]

  Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™  Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

The Preventing and Reducing Improper Medicare and Medicaid Expenditures Act

Join Our Mailing List 

The PRIME Act

[By Carol Miller RN MBA PMP]

Carol S. Miller

First there was Amazon PRIME; now there is another PRIME.

The Act

This Act was introduced into congress in 2013 and contains a number of provisions that would increase rewards and incentives for those who uncover healthcare fraud, as well as heighten penalties for those who commit it.

What it is

The PRIME  Act would enact stronger penalties for Medicare and Medicaid fraud; curb improper or mistaken payments made by Medicare and Medicaid; establish stronger fraud and waste prevention strategies with Medicare and Medicaid to help phase out the practice of “pay and chase” (i.e., recouping monies already erroneously paid to providers instead of detecting problems on the front end); curb the theft of physician identities; expand the fraud identification and reporting work of the Senior Medicare patrol; take steps to help states identify and prevent Medicaid overpayments; and improve the sharing of fraud data across state and federal agencies and programs.

***

199H

***

HIPAA

The law directs the Secretary to develop a plan to revise the incentive program under HIPAA for the reporting of fraud and abuse to encourage greater participation by individuals reporting Medicare fraud and abuse.

Assessment

The law also requires the plan to include certain recommendations for ways to enhance rewards for individuals reporting and an extension of the incentive program to the Medicaid program.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

ABOUT

Ms. Carol S. Miller has an extensive healthcare background in operations, business development and capture in both the public and private sector. Over the last 10 years she has provided management support to projects in the Department of Health and Human Services, Veterans Affairs, and Department of Defense medical programs. In most recent years, Carol has served as Vice President and Senior Account Executive for NCI Information Systems, Inc., Assistant Vice President at SAIC, and Program Manager at MITRE. She has led the successful capture of large IDIQ/GWAC programs, managed the operations of multiple government contracts, interacted with many government key executives, and increased the new account portfolios for each firm she supported. She earned her MBA from Marymount University; BS in Business from Saint Joseph’s College, and BS in Nursing from the University of Pittsburgh. She is a Certified PMI Project Management Professional (PMP) (PMI PMP) and a Certified HIPAA Professional (CHP), with Top Secret Security clearance issued by the DoD in 2006. Ms. Miller is also a HIMSS Fellow.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM) 

Product DetailsProduct Details

How Secure Is Your Password – Doctor?

Join Our Mailing List

Tips on using strong passwords 

[Securing yourself from a world of hackers]

By Shahid N. Shah MS

Shahid N. Shah MS

What is at Risk?

Here are some specific tools, gadgets, cloud servers, EHRs and other reasons you should secure your PWs:

  • Fax Server – a fax server allows you to centrally manage all incoming and outgoing faxes. Since most medical practices live on fax, this is one of the fastest investments you can recoup.
  • Shared drives – start using shared drives either using your existing software or you can purchase inexpensive “network disks” for a few hundred dollars to share business forms, online directories, reports, scanned charts, and many other files.
  • Online backups and Internet PACS storage – there are online tools like JungleDisk.com that allow you to store gigabytes of encrypted data into the Internet “cloud” for just a few dollars a month.
  • E-mail (beware of HIPAA, though) – internal office messaging and email is a great place to start. If you haven’t started your office automation journey here you should. If you’re going to use it for patient communications you’ll need to make sure you have patient approvals and appropriate encryption. If you’re on Gmail today and you want to have customers immediately be able to communicate with you on Gmail, that’s generally HIPAA compliant because communications between two Gmail accounts stays within the Google data center and is not sent unencrypted over the Internet.
  • E-Prescribing – e-prescribing is a great place to start your automation journey because it’s a fast way to realize how much slower the digital process is in capturing clinical data. If e-prescribing alone makes you slower in your job, EMRs will likely affect you even more. If you’re productive with e-prescribing then EMRs in general will make you more productive too.
  • Office Online and Google Apps (scheduling, document sharing) – Google and Microsoft® have some very nice online tools for managing contacts (your patients are contacts), scheduling (appointments), dirt simple document management, and getting everyone in the office “on the same page”. Before you jump into full-fledged EMRs see if these basic free tools can do the job for you.
  • Modular clinical groupware – this is a new category of software that allows you to collaborate with colleagues on your most time-consuming or most-needy patients and leave the remainder of them as-is. By automating what’s taking the most of your time you don’t worry about the majority of patients who aren’t.
  • Patient registry and CCR bulletin boards – if you’re just looking for basic patient population management and not detailed office automation then patient registries and CCR databases are a great start. These don’t help with workflow but they do manage patient summaries.
  • Document imaging – scanning and storing your paper documents is something that affects everyone; all scanners come with some basic imaging software that you can use for free. Once you’re good at scanning and paper digitization you can move to “medical grade” document managements that can improve productivity even more.

eHRs

  • Clinical content repository (CMS) – open source systems like DrupalModules.com and Joomla.org do a great job of content management and they can be adapted to do clinical content management.
  • Electronic lab reporting – if labs are taking up most of your time, you can automate that pretty easily with web-based lab reporting systems.
  • Electronic transcription – if clinical note taking is taking most of your time, you can automate that by using electronic transcribing.
  • Speech recognition – another “point solution” to helping with capturing clinical notes; you can get a system up and running for under $250.
  • Instant Messaging (IM) – IM gives you the ability to connect directly with multiple rooms within your office using free software; if you want, you can also connect with patients and other physicians during work hours.

How to avoid the most common and dangerous passwords?

***

password

***

More:

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Emerging New-Wave Cloud Technology for HIPAA

Join Our Mailing List

Securing Electronic Communication in the Cloud

[By Carol S. Miller BSN MBA PMP]

Carol S. MillerTo help hospitals and health systems comply with burdens of the Health Insurance Portability and Accountability Act [HIPAA] regulations, best practices are emerging for securing all electronic communication – cloud, wireless, and texting –  of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.

And so, below is a very brief description of one: cloud solutions.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation.  Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.

***

USB drive

[A.I. and the “SINGULARITY”]*

***

Because HIPAA compliance involves stringent privacy and security protections for electronic protected health information (PHI), many cloud providers are balking at signing new Business-Associate agreements.

Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plaintext data on their servers, PHI is especially vulnerable to breaches and compliance violations.

Note:

The SINGULARITY is that hypothetical moment in time when Artificial Intelligence [AI] will have progressed to the point of a greater-than-human intelligence.

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

ABOUT THE AUTHOR

  • Carol S. Miller; BSN, MBA, PMP
  • ACT IAC Executive Committee Vice Chair at-Large
  • HIMSS NCA Board Member
  • President – Miller Consulting Group
  • 7344 Hooking Road
  • McLean, VA 22101
  • Phone: 703-407-4704
  • Fax: 703-790-3257
  • email: millerconsultgroup@gmail.com

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

The Impact of Medical Identity Theft on Health Care

Join Our Mailing List

Health Plan Related Breaches Since 2009

By http://www.MCOL.com

ImageProxy

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

More:

Conclusion

How does this relate to emails? Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product DetailsProduct Details

 

On Physicians Texting [SMS]

Join Our Mailing List 

Some Technical Considerations

By Carol Miller BSN RN MBA PMP [Miller Consulting]

Carol S. Miller

Text (SMS = Short Message Service) Messaging has become nearly ubiquitous on mobile devices. According to one survey, approximately 72 percent of mobile phone users send text messages (TMs).

Clinical medical care is not immune from the trend, and in fact physicians appear to be embracing texting on par with the general population. Another survey found that 73 percent of physicians text other physicians about work.

(Source:  Journal of AHIMA, “HIPAA Compliance for Clinician Texting”, by Adam Green, April 2012)

Advantages

Texting can offer providers numerous advantages for clinical care. It may be the fastest and most efficient means of sending information in a given situation, especially with factors such as background noise, spotty wireless network coverage, lack of access to a desktop or laptop, and a flood of e-mails clogging inboxes.

Further, texting is device neutral—it will work on personal or provider-supplied devices of all shapes and sizes. Because of these advantages, physicians may utilize texting to communicate clinical information, whether authorized to do so or not.

Risks

All forms of communication involve some level of risk. Text messaging merely represents a different set of risks that, like other communication technologies, needs to be managed appropriately to ensure both privacy and security of the information exchanged.

Text messages, like all digital data,  may reside on a mobile device indefinitely, where the information can be exposed to unauthorized third parties due to theft, loss, or recycling of the device. Text messages often can be accessed without any level of authentication, meaning that anyone who has access to the mobile phone may have access to all text messages on the device without the need to enter a password.

***

AA9tsnE

***

Texts also are generally not subject to central monitoring by the IT department. Although text messages communicated wirelessly are usually encrypted by the carrier, interception and decryption of such messages can be done with inexpensive equipment and freely available software (although a substantial level of sophistication is needed.

If text messages are used to make decisions about patient care, then they may be subject to the rights of access and amendment. There is a risk of noncompliance with the privacy rule if the covered entity cannot provide patients with access to or amend such text messages.

The Wireless Association

According to 2012 data from CTIA–The Wireless Association, U.S. citizens alone exchange nearly 200 billion text messages every month. So it’s not surprising that an increasing number of clinicians are using text messaging to exchange clinical information, along with a wide range of other modes — smartphones, pagers, computerized physician order entry, emails, etc. Electronic communication is certainly faster, can be more efficient, enhances clinical collaboration and enables clinicians to focus on patient care. But with these benefits comes an increased risk of security breaches.

(Source:  Clarifying the Confusion about HIPAA – Compliant Texting, by Megan Hardiman and Terry Edwards, May 2013)

Unfortunately, vendor hype about the Health Insurance Portability and Accountability Act [HIPAA] is causing many hospitals and health systems to implement stop-gap measures that address part — but not all — of a problem. To identify all vulnerabilities, health care leaders need to consider not only text messaging, but all mechanisms by which protected health information in electronic form is transmitted — as well as the security of those mechanisms.

Mobile device-to-mobile device SMS text messages are generally not secure because they lack encryption.  The sender does not know with certainty that his or her message is indeed received by the intended recipient.  In addition, telecommunications vendor/wireless carrier may store the text messages.

Recent HHS guidance indicates text messaging, as a means of communicating PHI, can be permissible under HIPAA depending in large part on the adequacy of the controls used.  A hospital or provider may be approved for texting after performing a risk analysis or implementing a third-party messaging solution that incorporates measures to establish a secure communication platform that will allow texting on approved mobile devices.

***

AA9tvIj

***

The Ponemon Institute

A study reported in Computer World in May 2013 by the Ponemon Institute with 577 healthcare and It professional in facilities that ranged from fewer than 100 beds to over 500 beds stated that fifty-one percent of the respondents felt HIPAA compliance requirements can be a barrier to providing effective patient care.

Specifically HIPAA reduces time available for patient care (85% of the respondents), makes access to electronic patient information difficult (79% of the respondents) and restricts the use of electronic mobile communications (56% of the respondents).

The study stated “respondents agreed that the deficient communications tools currently in use decrease productivity and limit the time doctors have to spend with patients. “ They also stated “they recognized the value of implementing smartphones, text messaging and other modern forms of communications, but cited overly restrictive security policies as a primary reason why these technologies were not used.”

Clinicians in the survey stated that only 45% of each workday is spent with patients; the remaining 55% is spent communicating and collaborating with other clinicians and using the electronic medical record and other clinical IT systems.

Several other statements made were:

  • Because of the need for security, hospitals and other healthcare organizations continue to use older, outdate technology such as pagers, email and facsimile machines. The use of older technology can also delay patient discharges – now taking an average of 102 minutes.
  • The Ponemon Institute estimated that the lengthy discharge process costs the U.S. hospital industry more than $3.189 billion a year in lost revenue, with another $5 billion lost through decrease doctor productivity and use of outdated technology. Secure text messaging could cut discharge time by 50 minutes.

(Source:  Computer World, “HIPAA rules, outdate tech cost U.S. hospitals $3.38 B a year”, by Lucas Mearian, May, 2013)

***

smart phone mobile ME-P

***

Assessment

Several suggestions offered for these preferred mobile devises are:  1) ensure encryption and access to individuals who need to have access; 2) use secure texting applications; and 3) even consider alerting employees with warnings before they send an email or share files that lets them know they are liable for the information sent

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

ABOUT CAROL MILLER; BSN, MBA, PMP millerconsultgroup@gmail.com ACT IAC Executive Committee Vice Chairwoman at-Large HIMSS NCA Board Member [President – Miller Consulting Group] Phone: 703-407-4704 and Fax: 703-790-3257

Ms. Carol S. Miller has an extensive healthcare background in operations, business development and capture in both the public and private sector. Over the last 10 years she has provided management support to projects in the Department of Health and Human Services, Veterans Affairs, and Department of Defense medical programs. In most recent years, Carol has served as Vice President and Senior Account Executive for NCI Information Systems, Inc., Assistant Vice President at SAIC, and Program Manager at MITRE. She has led the successful capture of large IDIQ/GWAC programs, managed the operations of multiple government contracts, interacted with many government key executives, and increased the new account portfolios for each firm she supported. She earned her MBA from Marymount University; BS in Business from Saint Joseph’s College, and BS in Nursing from the University of Pittsburgh. She is a Certified PMI Project Management Professional (PMP) (PMI PMP) and a Certified HIPAA Professional (CHP), with Top Secret Security clearance issued by the DoD in 2006. Ms. Miller is also a HIMSS Fellow.

Conclusion

How does this relate to emails? Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Dentists for De-Identification

Join Our Mailing List 

A Start-Up Idea

[By Darrell K. Pruitt DDS]

1-darrellpruittAn early, shoestring proposal for a non-profit dedicated to common sense security solutions.

Why? if patients’ identities are unavailable, they cannot be hacked.

Recently, I’ve considered starting a non-profit dedicated to keeping patients’ identities off of dentists’ computers where they are far too easily fumbled thousands at a time. I think I might call it “Dentists for De-identification.” What do you think?

My son Ryan and I have discussed putting together an educational YouTube cartoon – comparing the cost, convenience and security of encrypted Protected Health Information (PHI), to storing PHI, including medical information, only on paper in bulky metal filing cabinets – leaving only nameless, unencrypted dental records on the computer. De-identification is the “other” HIPAA Safe Harbor, meaning if patients’ de-identified dental information is stolen or hacked, nobody has to be notified. And, since the patients’ nameless dental records remain unencrypted, de-ID should not slow down work flow like encryption does.

***

eHRs

***

One could call employing in-house reference numbers to re-connect patients’ digital dental information to paper-based PHI a hybrid solution to an otherwise intractable security problem. The solution is nothing new, and has a long history of success. For decades, police departments have been substituting in-house reference numbers for citizens’ names to protect the owners. I see no reason it cannot work for dental radiographs as well.

Depending on staff’s familiarity with the alphabet, pulling a patient’s thin paper record from a loud filing cabinet might even take less time than correctly typing in an encryption key (on the first try). What’s more, since there is a limit to the number of patients even the fastest dentists can treat in one day, 4000 or so active patients per dentist is a reasonable estimate of the number of records in a  busy dental practice – which is probably one third of the records in the average physician’s practice. Since the dental information remains digital and only a couple of sheets of paper are needed to reveal the patients’ reference number along with a brief medical history, very little filing space should be needed.

The problems with encryption don’t end with correctly entering the key. Once permitted access to encrypted ePHI, it will take much more time to de-crypt one radiograph than it takes to open a manila folder. Depending on the number of radiographs and other digital images – including complex cone-beam radiographs – a patients’ encrypted diagnostic history could require several minutes to view.

I would want to witness the De-ID non-profit professionally investigate whether de-identification indeed offers a cheaper and more secure solution to data breaches from dental offices. I think we all know by now that full disk encryption will never be the answer.

***

Medical Charts

***

Assessment 

Still too soon? Give it time. The FBI assures us that more massive data breaches are just around the corner.

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

More:

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

 

Understanding “Meaningful Use” Attestation Numbers for 2014

Join Our Mailing List

Providers versus Hospitals

By CMS

ME121014_PAGE_16

Assessment

So, what do the hospitals know –  that the doctors do not?

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Product Details

There’s a New HIPAA Sheriff in Town

Join Our Mailing List 

On OCR Director Jocelyn Samuels

1-darrellpruitt

[By D. Kellus Pruitt DDS]

When the explosions of breaches of patients’ medical identities occur – as predicted by the FBI and others – will the new OCR Director Jocelyn Samuels continue to be as sympathetic and forgiving as Leon Rodriguez has been?

Or; will she take on the role of bad cop?

 

The Replacement

Samuels, who is tying up loose ends in her current position with the civil rights division at the Department of Justice, has replaced Rodriguez as the new head of the HHS’ Office for Civil Rights – which prosecutes HIPAA violations. Many are wondering about her level of enthusiasm for enforcement, especially since data breaches are only getting worse, not better.

Privacy and security attorney Adam Greene, who once served as a member of the OCR staff, tells GovInfo that the challenge for Samuels is “to strike the balance where HIPAA is seen as having ‘teeth’ but covered entities and business associates can still count on OCR as being reasonable when there are areas of ambiguity or privacy or security issues occur despite good efforts at compliance.”

(See: “Impact of New HIPAA Enforcement Leader – Are New Strategies, Directions on the Horizon?” by Marianne Kolbasuk McGee for GovInfoSecurity.com, July 11, 2014).

http://www.govinfosecurity.com/impact-new-hipaa-enforcement-leader-a-7049/op-1

Healthcare Harm

Principals in healthcare – providers and patients – continue to be harmed by EHRs designed to satisfy third-parties’ questionable Meaningful Use requirements rather than principals’ needs. For example, on April 8, the FBI warned that EHRs are becoming increasingly vulnerable to hackers. (See: “Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain”).

http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-intrusions.pdf

Under Rodriguez, OCR has arguably spared the rod (mostly), choosing instead to discuss and correct HIPAA violations in an informal, private, non-punitive manner. I think both Rodriguez and Secretary Sebelius backed off of more aggressive enforcement because they recognized that without cooperation from doctors and patients, EHRs are certain to fail – mandate or no mandate. Nevertheless, it has proven to be far too easy for stakeholders who cannot be held accountable to patients, to marginalize their needs.

Jocelyn Samuels

[New OCR Director Jocelyn Samuels]

Example

Rodriguez did his best to appease all sides. For example, it was under his watch that the name of the HHS website listing breaches of 500 or more patients’ identities was changed from “Wall of Shame” to the more benign “HHS Breach Reporting Tool.”

For hapless providers whose data breaches were unavoidable, the name change eliminates some of the shame associated with being nationally recognized as a careless doctor who cannot keep thieves from stealing patients’ identities.

Assessment 

As long as there is nothing holding down the cost and liability of HIPAA compliance, there will always be room for more regulation, and the cost of healthcare will never be cheaper.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

FOR SALE: Physician E-mail Lists with NPI Numbers

Join Our Mailing List

Sensitive Data for Sale

[By Dr. David Edward Marcinko MBA]

Dr. DEMI received this email recently. Are you as incensed over it, as I? OR, am I being overly sensitive? Feel free to call or email John Edward, the sender, to tell him what you think: pro or con?

Hi ME-P,

I’m writing to check if you would be interested in reaching Physicians or Healthcare Executives?

We at AccurateB2Blist maintain a permission passed email list for physician practitioners with NPI numbers.

Our Lists

Below given are few additional lists we maintain within Medical Industry

  • Nurses
  • Dentists
  • Veterinarians
  • Healthcare Executives Email List
  • Physicians – Offices and Clinics of Doctors of Medicine
  • Physicians – Offices and Clinics of Doctors of Osteopathy
  • Doctors, Physicians and Surgeons Email List with NPI Number

Healthcare executives: 518,900 out of which 123,200 contacts are senior management level contacts.

Assessment

Please let me know if you would like to discuss further on your target audience? Looking forward to hearing from you. And, please do not print this email unless it is absolutely necessary. To opt out reply with ‘Leave out’ in the subject line!

By John Edward [Business Development Executive] AccurateB2Blist

+1951-373-6718

For Sale

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

Product Details

Can Politically-Correct Names Save Obamacare?

Join Our Mailing List

Saving Electronic Health Record Interoperability?

1-darrellpruittBy D. Kellus Pruitt DDS

If HHS successfully persuades Americans to use happy names for its bad ideas, will the cheap trick save electronic health record interoperability which is critical to the success of Obamacare?

Healthcare Lexicon 

According to the government’s modernized healthcare lexicon, doctors have been demoted to “providers,” insurance companies, including Medicare/Medicaid, have been promoted to “payers,” and patients’ position in the hierarchy has diminished from “principals” to “stakeholders” – a rank on par with 3rd parties such as insurers, HHS and other unaccountable parasites.

Wall of Shame

Ominously, HHS recently changed the contentious name “Wall of Shame” to a more innocuous“ breach reporting tool,” to describe the public list of data breaches involving the medical records of more than 500 patients. It turns out that the growing list of major data breaches is unexpectedly shaming  far too many providers and payers – including Medicare/Medicaid. Imagine that!

In fact, since Americans’ growing disgust with privacy breaches threatens the very success of Obamacare, there is evidence that HHS has turned to betraying its lawful obligation to the nation by hiding breaches from those who are most vulnerable – Americans.

HIPAA Failure

The half-baked plan to shame providers who experience data breaches – perhaps through no fault of their own – is not working out like HHS had hoped. Due to HIPAA’s abysmal failure to halt data breaches, the Wall of Shame has become a national embarrassment and an obstacle to EHR adoption. I expect the public listing of major breaches to be quietly scrapped soon in favor of keeping patients in the dark concerning their risks of identity theft.

Dentistry 

In dentistry, on the other hand, common sense as well as market resistance evidently caused HHS and other stakeholders to give up trying to prohibit use of the 8 syllable “electronic dental records” in favor of the 14 syllable “electronic health records for dental practices.”

Nevertheless, holdouts (including Dissent Doe) still occasionally feel it is important to correct this dentists when I use “EDR” instead of “EHR.” You got to love ‘em.

Obama Care 

Assessment 

Transparent silliness suggests that HHS is failing in its duties. Due to lack of accountability, we can expect EHRs and EDRs to become even more expensive and more dangerous, possibly bringing an end to Obamacare.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Are Dentists Satisfied with their EDRs?

Join Our Mailing List

Major Discontent With EHR Adoption

[By D. Kellus Pruitt DDS]

1-darrellpruittUnlike physicians, dentists never complain. That means they are probably 100% satisfied with their electronic dental records.

What do you think, Doc?

MarketWatch 

Recently, the Wall Street Journal’s MarketWatch posted a press release titled, “Physicians Cite Major Discontent With Adoption And Use of Electronic Health Record Systems, Despite Government’s $27 Billion Incentive Program”

http://www.marketwatch.com/story/physicians-cite-major-discontent-with-adoption-and-use-of-electronic-health-record-systems-despite-governments-27-billion-incentive-program-2014-02-07

“CLEVELAND, Feb. 7, 2014 /PRNewswire/ — The $27 billion government experiment to incentivize physicians to convert to electronic health records (EHRs) has not been worth it, according to nearly 70% of physicians surveyed.

Medical Economics 

***

In fact, a national [Medical Economics] survey of nearly 1,000 physicians, set for release on February 10, 2014, shows widespread dissatisfaction related to the functionality and cost of these patient record systems. About 45% of physicians believe patient care is actually worse as a result of adopting EHR technology, two-thirds would not purchase their current EHR system again, and 43% of physicians say these systems have resulted in significant financial losses.

In addition, the current state of technology has not improved the coordination of care with hospitals, physicians say.”

***

It is probably better for HHS that very few dentists were able to participate in the ARRA stimulus giveaway. Otherwise, tax-paying citizens might have learned about the wastefulness of Meaningful Use requirements for dentists – which nobody has the guts to reveal. That pretty much rules out brilliant Meaningful Use ideas.

Those who might patriotically defend the benefits of the tasks would do so, if they were idiots.

So how do dentists feel about their electronic dental records? It’s hard to tell. Over 96% of them are HIPAA-covered entities, making them vulnerable to audits, which can be “random” now. As one can imagine, very few dentists openly discuss EDRs. Do you think the silence is more likely to improve or harm patient care?

doc

Even though thousands of physicians have participated in dozens of national surveys like Medical Economics’ over the last few years, as far as I know, not one survey of dentists’ opinions has ever been published. Perhaps someone can prove me wrong. I doubt it.

The Survey

The results from the Medical Economics survey include:

  • 67% say that system functionality influences their decisions to purchase or switch systems.
  • 48% say that cost is influencing their decisions to purchase or switch systems.
  • Nearly half of physicians say that implementation of EHR systems has made the quality of patient care worse.
  • 69% of respondents say that coordination of care with hospitals has not improved.
  • 45% say they have spent more than $100,000 on an EHR
  • 77% of the largest practices (more than 10 physicians) spent more than $200,000 on an EHR.
  • 38% doubt their systems will still be viable in 5 years.

Assessment

Not long ago, Wisconsin became the first state to outlaw paper dental records, which are both cheaper and safer than digital.

So, is it still too soon for dentists and patients demand more transparency in dentistry? When costs and danger are hidden in dental care, it is always the last in line who suffer the most – clueless, trusting dental patients.

Am I right, Doc?

More:

  1. Sales of Dental Equipment and eDRs Down
  2. Military Electronic Dental Records [eDRs]
  3. Dr. Pruitt Invites Dr. Cohen to Discuss eDRs
  4. Cyber Insurance for Dentists

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Product Details

On the Notice of Privacy Practices

Join Our Mailing List 

Encryption and HHS are Taking Hits

[By D. Kellus Pruitt DDS]

1-darrellpruittIt is bad politics for the President’s Department of Health and Human Services to get caught deceiving voters.

Word gets around much faster than it did before transparency sucked the power from the entrenched.

The NoPP

You know those Notice of Privacy Practices (NoPP) forms we are asked to sign in doctors’ offices? Since it makes no difference to anyone whether patients sign them or not, why needlessly waste everyone’s time? The NoPP is not an agreement, and just because virtually everyone is tricked into signing it, does not mean anyone reads it. HIPAA has become a source of danger to patients, with no redeeming value.

HHS Estimates 

According to the US Department of Health and Human Services own recent estimate:

“… many centuries of time—nearly 35 centuries, in fact, or just short of 30.7 million hours—will be devoted each year by healthcare providers and patients for the dissemination to patients and their acknowledgement of HIPAA notices of privacy practices [NoPP] for protected healthcare information, HHS estimates. Even at just 3 minutes apiece, with 613 million of these routine privacy notices to be delivered, signed and stored, the time adds up…”

-Joseph Conn

… “HHS estimates 32.8 million hours of interaction required to comply with privacy, security rules” …

-ModernHealtcare.com [September 5, 2013]

http://www.modernhealthcare.com/article/20130904/BLOG/309049995?AllowView=VW8xUmo5Q21TcWJOb1gzb0tNN3RLZ0h0MWg5SVgra3NZRzROR3l0WWRMWGJYZjBGRWxyd01qUzMyWmVpNTNnWUpiV2s=&utm_source=link-20130904-BLOG-309049995&utm_medium=email&utm_campaign=hits

Censorship Concerns? 

I tried to bring attention to this absurdity over a year ago – back when HHS was still keeping unfavorable news about EHRs hidden from voters using censorship:

… “Put another way, the ONLY reason for a doctor to ask patients if they feel like signing the NoPP is to protect already busy doctors from a HIPAA fine. How is that not senseless, yet admittedly humorous bureaucratic waste?” …

On July 3, 2012, my opinion of the waste that HHS recently confirmed was censored by an HHS employee from the taxpayer-supported Linkedin site, Health IT and Electronic Health Records. If that is not against federal law, it damn sure should be.

http://www.linkedin.com/groups/IT-in-Healthcare-Why-Building-3993178.S.216432610?qid=bafac2e5-fb9c-4a39-8348-5a3074abff67&trk=groups_items_see_more-0-b-ttl

Among the items that HHS requires providers include in Notices of Privacy Practice is a one-sentence statement addressing data breaches:

…“We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information [unless it is encrypted]”…

http://www.hhs.gov/ocr/privacy/hipaa/npp_booklet_hc_provider.pdf

Now that it is widely known that encryption is no longer acceptably secure, protection from accountability is encryption vendors’ only remaining selling point. HIPAA stipulates that if breached patient information is encrypted according to standards set forth by the National Institute of Standards and Technology (NIST), doctors are freed from the tremendous cost of notifying (former) patients – even though patients’ privacy and security have been nevertheless compromised.

For example, two weeks ago, the NIST abandoned the very encryption standards that HIPAA demands. Oops! (See: “Government Standards Agency ‘Strongly’ Suggests Dropping its Own Encryption Standard,” by Jeff Larson and Justin Elliott, ProPublica, September 13, 2013).

http://www.propublica.org/article/standards-agency-strongly-suggests-dropping-its-own-encryption-standard

###

eMR Privacy

###

NSA Secrets 

US spy agency NSA’s secret success at decrypting previously impenetrable codes – which was revealed by former NSA contractor Edward Snowden – proves that today’s best encryption is tomorrow’s crossword puzzle. What’s more, once an individual’s medical identity is lost in the cloud, it can never be reeled back in.

And, when DNA records are included, a breach today could put the welfare of generations of Americans at risk.

A Gut-Check 

The ultimate gut-check: If your encrypted identity were fumbled, wouldn’t you want to be notified? Of course you would.

Assessment 

In my opinion, the HIPAA Rule should be immediately amended to demand notification of all individuals involved in all data breaches unless they allow opt out. Who knows? Some might prefer not to be bothered.

What is your opinion; doctor, patient and/or consultant?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Cyber Insurance for Dentists?

Join Our Mailing List

Are we de-facto targets?

By D. Kellus Pruitt DDS
pruitt

Have you purchased cyber insurance yet, Doc?

If you are a HIPAA covered entity, you’re going to need it.

Press release: “AIG among insurers seeking more sales as small firms get hacked” (no byline).

“Smaller companies [including dental offices] are learning that, as more data is shared online, they, too, can be targets for the kinds of attacks that larger firms endure. American International Group Inc. and Travelers Cos. are among insurers tailoring cybersecurity products to those customers.”

http://www.delawareonline.com/article/20130322/BUSINESS09/303220034/AIG-among-insurers-seeking-more-sales-small-firms-get-hacked

The Expert Speaks

Bob Parisi, network security and privacy practice leader at the insurance brokerage of Marsh & McLennan tells DelawareOnline that small and mid-size companies are “where we’re going to see some of the most aggressive growth in the next couple of years, because it’s been a part of the market that was ignored.”

The ad describes how a California-based online print shop was targeted by hackers who exposed clients’ names, addresses and credit-card numbers last year. Much like dentists whose EDRs are hacked, after discovering the breach, business owner David Handmaker had to notify affected customers. The Ponemon Institute predicts that 20% or more of the customers notified will instantly become former customers.

“We’re just much, much more aware of the fact that being a small company” makes us more of a target,” Handmaker tells DelawareOnline. He adds that larger businesses have “more resources, and so I think their security practices are maybe a little more evolved.”

Assessment

Small businesses such as print shops and dental practices have become de-facto targets – and according to security experts, easy pickings. I’m not wrong. I’m early.

More

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details

Product DetailsProduct Details

How I Lost my Battle Against the NPI

Join Our Mailing List

Refusing a National Provider Identifier Number

By Darrell K. Pruitt DDS

pruittI can no longer refuse to apply for a National Provider Identifier (NPI). I lost that long battle. Anyone rejoicing?

I’m spent. My leverage has vanished. Telling insurers “I have no NPI” held much more inherent power than “I have an NPI but I won’t share it with you on principle.” Far too many words. My profession has become dominated by unresponsive, unaccountable 3rd parties that dental leaders in the ADA welcome as policy. Working together, they promote and commandeer the technology dentists purchase and clueless patients pay for in increased fees. I have painfully learned that principles are only for dentists who can still afford them, and it’s a bad economy for luxuries.

Non-HIPAA Entity

Since I am not a HIPAA-covered entity and therefore not required by law to adopt an NPI, my capitulation to extortion disappoints me as an American citizen. I still find it hard to believe that an anti-consumer HIPAA rule enthusiastically enforced by the dental benefits industry could force me to “volunteer” for a PERMANENT identifier. As I and 96% of dentists become jerked around by our NPIs, I hope dental historians note that I am the ONLY dentist who publicly asked “Why?” instead of “Why not?” After 6 years, I’m still awaiting an answer to that question from leaders who continue to promote the NPI to dentists while ignoring their questions.

Dental Benefits Providers

I was able to hold out up until Aetna, Delta Dental and other dental benefits providers deprived my office of access to details of patients’ dental benefits unless I have an NPI. I’m waiting for someone – anyone – to tell me how the identifier can possibly improve the dental care of those who pay Aetna and Delta Dental premiums, especially if their benefits are intentionally kept secret from their dentists. I am certain that if the nation’s employers who purchase dental benefits were aware of the transparent nonsense, they would never purchase such products. Where’s the US Chamber of Commerce? Where’s the FTC? How about the US Constitution?

This is exactly why there needs to be more openness in our profession, Doc. The cockroaches who were invited to quietly overrun dentistry cannot withstand transparency, yet I don’t know how much longer I can fight for it without further risking the health of my practice.

As anyone can understand – and as anticipated by corporate executives in the insurance industry as well as by those with vested interests in the ADA Department of Dental Informatics – to have to explain to new patients why I cannot estimate how much they will owe for treatment would destroy my practice. Outside the US, other societies deem it unethical to deny patients informed consent to treatment for any reason. The NPI is such an egregious blunder that I never expect those who promoted to accept ownership.

###

NPI

Assessment

If I lost the battle, who won? Do EDR enthusiasts in the ADA call this a glorious victory and a likely source of ADA pride for decades to come? Or is it much more shameful? Since I lost freedom, I want to know who won?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Hospitals: http://www.crcpress.com/product/isbn/9781439879900

Physician Advisors: www.CertifiedMedicalPlanner.org

Product DetailsProduct Details

Protecting Patient Privacy

Join Our Mailing List

How Important Is It – Really?

By Dr. David Edward Marcinko MBA

DEM blue

By Matthew Pelletier [safety consultant]

The U.S. Health Insurance Portability and Accountability Act (HIPAA) is the federal law protecting the privacy and security of patients’ health information and was enacted in 1996.

HIPAA laws also protect electronically communicated information. Understanding the significance and importance of HIPAA laws is vital to all medical and health organizations. Companies are required to follow HIPAA laws and protect patient privacy.

Share and Share Alike – NOT!

The privacy rule is an important aspect of HIPAA and makes it illegal for patient’s private health information to be shared by health professionals unless the patient consents. This encompasses patient information which is written, verbal or electronically communicated. Many health care and medical organizations use healthcare training videos in order to educate their workforce on the importance of patient privacy laws.

###

privacy

Review

As the infographic above illustrates, patient privacy is very important and the cost in breach of privacy can be costly:

• With 60% of hospitals having a minimum of 2 breaches in privacy the cost per hospital is estimated at $2 billion dollars.
• The average number of records which are lost or stolen in each violation of privacy is 1,769.
• The main causes of electronic patient information breaches is due to employees, portable electronic devices and third-party errors.
• 7 out of 10 hospitals don’t view patient privacy as a priority though it costs them money if breached.

With 38% of hospitals choosing not to inform anyone of patient privacy breaches while over 40% of breaches are only reported by the patients themselves, HIPAA violations can result in being very costly to medical and healthcare organizations, not just hospitals. HIPAA training videos are a solution to help the workforce understand the importance of patient privacy laws.

Assessment

Conclusion

Your thoughts and comments on this ME-P are appreciated. And, are these issues a moral equivalency? Does privacy even exist anymore in an era of social media, the Internet, Google Earth and Google Maps, etc.

Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details  Product Details

The Horrific Waste & Dangers of Paper Medical Records?

Join Our Mailing List

Will that be Paper or Electrons?

[By Staff Reporters]

Paper medical records continue to be a serious waste and posses potential HIPAA violations as paper charts are vulnerable to being lost, stolen, or destroyed.

According to some reports, managing paper charts, from transcriptions to labor needed to pull and re-file charts, costs medical practices $116,375 a year on average.

Taking a Look

The waste & dangers of paper medical records infographic shown below created by IBX Vault takes deep look into the administrative, physical, and technical safeguards required by covered entities and business associates per the HIPAA privacy rule to secure patient data. The visualization also compares the potential security risks of paper medical records vs. EMRs stating that only 7 out of 479 breaches were related to EMRs.

[See also: The High Cost of HIPAA Violations Infographic]

Privacy and Treatments

While it is important to note that the adoption of EMRs present some security risks of its own as many critics have cited potential privacy concerns that may lead to expensive medical treatments.

Assessment

Additionally, it is imperative to note the tremendous financial harm that implementing an EMR does to a hospital’s bottom-line.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Our Healthcare Referral System is Broken

Join Our Mailing List

About the Management Process

[By Staff Reporters]

Our healthcare referral system is broken, according to Referral MD. The firm reviews some of the key factors that contribute to this system.

The Paper Trail

The following infographic highlights a key pain point in the healthcare referral system management process that despite healthcare providers adopting an EMR system, they are still utilizing paper.

A large percentage of processes in healthcare involve documents and forms that must be scanned and stored outside their existing EMR system such as records from referring physicians, patient consent forms, patient instructions, insurance authorization, etc.

Assessment

With so much paper still floating around, opportunities for HIPAA violations increase with as high as 86% of mistakes made in the healthcare industry stem from administrative activities.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

EHRs – Still Not Ready For Prime Time

Join Our Mailing List 

At Least … Not Yet!

By David K. Luke MIM, Certified Medical Planner™ candidate

www.NetWorthAdvice.com

www.CertifiedMedicalPlanner.org

Since Feb 17, 2009 when President Obama signed into legislation the Health Information Technology for Economic and Clinical Health Act (HITECH) as a part of the 2009 stimulus package, the incentives were promised for the adoption in health care practices of Electronic Health Records (EHRs).

The Carrot and the Stick

The incentives payments for “meaningful use” range from $63,750 over 6 years by Medicaid to maximum payments of $44,000 over 5 years for Medicare. The penalty for not adopting by Medicare will be 1% of Medicare payments in 2015, increasing to 3% over 3 years. Stimulus money is granted based on meaningful use of an EHR system.

The Reality

Stories are rolling in by early adopters now that give cause for a prudent physician to rethink implementation anytime soon of an EHR for his/her practice. Here is a sampling:

  • EHRs can be hacked and doctors will be held accountable. A total of 385 breaches of protected health information affecting over 19 million records have been reported since August 2009 (Redspin Breach Report 2011). Redspin also reports that industry estimates have put the value of a stolen health record on the black market at about $50 per record. For me, this is the biggest red flag for implementing an EHR now. Vendors are offering solutions in the form of data “masking”, but this could increase the cost of the systems.
  • EHRs have stringent audit requirements under the HITECH Act. Health care organizations are expected to monitor for breaches of PHI. Audit logs must be kept. Audit strategy, process, and implementation tools must be used to meet stage 1 meaningful use criteria. Sanctions to employees for not following protocol. Healthcare facilities leave themselves vulnerable to individual and class action lawsuits when they do not have a strong enforcement and audit program in place for their EHR.
  • EHRs are expensive to implement, both in terms of money and in terms of time. Dollar costs range from free (Practicefusion) to $50,000+ for such EHR vendors as Allscripts or eClinicalWorks + ongoing maintenance costs. But don’t’ forget the time investment. Even small EHR systems can take 2 years to implement. I have just witnessed a client’s large pediatric practice literally crippled with the initial time investment required for staff and physicians to learn the system. Half staffing the front desk and other areas so employees can go to training has caused a drain on both patient and employee morale.
  • Legal concerns are still unanswered regarding EHRs. Currently the debate is still on about who owns the electronic data. The EHR vendor will tell you that you do. HIPPA gives the patient the right to see their record or chart, and the right to have a physical copy of their record based on a reasonably cost for copying and postage. Typically doctors share medical records with other health care providers as a professional courtesy. Empowered patients think they own their records. According to a reference regarding an HIMSS white paper, a patient owns the data in a Continuity of Care Document and has the ability to input and access that information.
  • Obtaining meaningful use stimulus payments is not a given. I met with a physician owner client a few months ago in Arizona that has implemented an EHR for their pediatric practice and was hoping to receive the stimulus payment for stage one by completing the 20 criteria needed. After plowing through the 31-page “Arizona Medicaid EHR Incentive Program” guide provided by The Arizona Health Care Cost Containment System Administration or AHCCCS, which is the Arizona arm of Medicaid he turned in his application, which was denied. His initial reaction was that the program did not have the funding in Arizona, but that seems not to be the case as a number of large payments have been made now in the state. Banner Healthcare, which operates the largest hospital system in the state with thirteen inpatient facilities, reported a total of $12.4 million in Medicaid booty for implementation of its NextGen Healthcare EMR systems in 2011. It appears that there is a learning curve involved here and the smaller practices will catch up while the hospitals currently seem to have better systems in place to capture the stimulus money. An entire MU industry has emerged to help physicians such as my client perfect their stimulus applications.

Risk vs. Reward

In the investment world I am always comparing risk vs. return when managing my client’s portfolios. At times in the marketplace, for various reasons, it just does not make economic sense to make certain investments as the possible risks far outweigh the potential return. An easy example now is the investment in “safe” longer-term treasury bonds. With a near 40-year low in interest rates, the 30-year treasury today yields 3.18 %. Yet if interest rates rise 1% in the marketplace, that 30-year treasury can drop 12%. A 2% rise can result in a fall of 22% in value. It would take 7 years accumulating 3.18% to offset the loss in value caused by a 2% rise in rates. I do not think rates are going up 2% tomorrow, but I just do not like the risk/reward spectrum here. Likewise, the biggest concern currently I have with EHRs is data breeches, as mentioned above, and the stiff penalties involved currently. Paper systems look a whole lot cheaper and safer when considering the ease at which a data breech can occur with electronic data. Fines, criminal sentencing, and disciplinary action by licensing boards are risks not worth taking considering current history on data breeches. Losing your license or your business or personal freedom because of an employee’s careless actions is not worth it. Lest you think I exaggerate, consider the following examples from the past few years enforced by the Office for Civil Rights (OCR), the enforcement side of the US Department of Health and Human Services that enforces HIPAA, and by employers and licensing boards:

Incident: A terminated researcher at UCLA School of Medicine retaliated by accessing UCLA patient records (many celebrities) 323 total times over the next four weeks.

Penalty: 4 years in prison for the terminated researcher for violating HIPAA Privacy Rules

Incident: Thirteen staff members at UCLA hospital accessed Britney Spears’ medical records without authorization.

Penalty: UCLA fired the 13 individuals, suspended another six.

Incident: A doctor and two hospital employees accessed the medical records of a slain Arkansas TV reporter. Details were leaked to the press of her attack.

Penalty: All pled guilty to misdemeanors for violating HIPAA privacy rules and were sentenced to one-year probation. The three all were curious about the case and “peeked” at the patient’s record as employees of the hospital, even though she was not their patient. The doctor’s privileges were suspended by the hospital for two weeks; he was fined $5,000 and ordered to perform 50 hours of community service by speaking to medical workers about the importance of patient privacy. The two other employees were terminated.

Incident: Cignet denied 41 patients, on separate occasions, access to their medical records when requested.

Penalty: Initial violation was $1.3 million. OCR concluded that Cignet committed willful neglect to comply with the Privacy Rule and fined an additional $3 million.

Incident: 57 unencrypted computer hard discs containing PHI of more than one million people was stolen from a storage locker leased by Blue Cross Blue Shield of Tennessee (BCBST).

Penalty: OCR fined BCBST $1.5 million in settlement. The fact that BCBST secured the information in a leased data closet that was secured by biometric and keycard scan in a building with additional security was not enough. BCBST also spent $17 million in investigation, notification and protection efforts and had increased future compliance costs.

Incident: Health Net discovered that nine portable hard drives that contained PHI and personal financial information of approximately 1.5 million people were missing. The hard drives in question went missing from an IBM-operated datacenter in Rancho Cordova, California.

Penalty: The complaint alleged violations of HIPAA. Connecticut Insurance Commissioner wins a $375,000 fine for failing to protect member information and not reporting in a timely manner just months after the Connecticut AG won a $250,000 settlement for the breach. Vermont’s AG jumps in and gets a settlement of $55,000 to the State because 525 Vermonters were on the lost drive.

Incident: WellPoint / Anthem Blue Cross became aware that its customers’ health applications and information website, which contained up to 470,000 applicant’s information, was potentially publicly accessible when an applicant alerted the company that altered URLS after an upgraded authentication code could allow access to other people’s information.

Penalty: WellPoint / Anthem agreed to the terms of a class action lawsuit filed in California that will provide $1.5 million in general settlement, with an additional donation of $250,000 to two non-profit organizations aimed at protecting consumer’s rights, $150,000 donated to Consumer Action and $100,000 donated to the Public Law Center in Orange County. WellPoint / Anthem also agree to pay $100,000 to the state of Indiana for the data breach that exposed 32,000 state residents. A 2009 Indiana law requires companies to notify the state of certain data breaches within a certain period that was not met.

An Investment?

I bring up these examples to make a point. The EHR vendor will talk about your EHR being an “investment”. You cannot have an ROI if you lose money. Notice that most cases were due to careless, innocent lapses of judgment. Also in many cases actual damages either did not occur or were hard to prove. The new HITECH act extends HIPAA to allow the states’ attorney general to also bring actions, which adds more salt to the wound. Some of these cases do not appear to be done yet either as far as the lawyers are concerned. Also, notice that even when the health care provider regarding storing the data exercised extreme care (BCBST with biometric, keyscan leased lockers and Health Net employing IBM’s “secure” datacenter), the health provider was sued and fined. Smaller medical practices I believe are even more susceptible to EHR data breaches, where bad password management practices and website maintenance problems are more common and often protocols and training are not firmly in place.

Assessment

The widespread use and integrated implementation of EHRs are going to happen, no doubt. Your practice will eventually have one. 2015 is still a few years off before the first 1% Medicare penalties hit. Tell the EHR vendor to call back in 2014 once the kinks are worked out. Waiting two more years may not prevent a costly incident due to the vengeful fired employee or due to a careless slip in protocol. Those landmines will always be there.

But, two more years will allow the EHR stakeholders more time to improve their product, namely the security and encryption of the data in case of a breach, and two more years will allow the OCR and the state AG’s to fill up on the low hanging fruit and make their point.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details Product Details

Product Details

Enter the HIPAA Fear Mongers

Join Our Mailing List

Fear of HIPAA Sells

[By Darrelkl K. Pruitt DDS]

“The HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.”

– Gene Kraemer [Customer Relationship Director at The Coding Institute]

http://www.audioeducator.com/hipaa-audits-and-enforcement-042412.html?utm_medium=email&utm_source=E99NAGAJ&utm_campaign=E99NAGAJ

The most successful of opportunistic HIPAA consultants are the scariest

As a dentist for almost 30 years, I’ve noticed that along with even rumors of mandate enforcement, ambitious compliance consultants’ fear-inspiring ads start interrupting happier thoughts. It happened with OSHA’s push into dentistry 20 years ago and we clearly see the aggressive sales pitches with HIPAA as well.

The scariest part of Gene Kraemer’s description of HIPAA’s tedious requirements and bankruptcy-level liabilities is that he is simply telling the truth. So if you are a HIPAA covered dentist, be scared.

On the other hand, if you don’t store or send your patients’ digital PHI – choosing instead to use the US Mail – you are increasingly fortunate in the dentistry market. For one thing, our patients are fed up with identity thefts, and paper dental records are the gold standard in security. In addition, nothing is holding down your competitors’ costs for HIPAA compliance and it is increasing much faster than the cost of postage.

De-identify now or lose computerization, Doc. If your patients’ PHI is not present it simply cannot be hacked by an identity thief. Guaranteed more secure than Cloud. Arguably more secure than even paper dental records.

Or … You can hire The Coding Institute.

You can bet Gene Kraemer isn’t someone who would hold down the cost of compliance.

 

From: Gene_Kraemer@mail.vresp.com

Subject: HIPAA Audits & Enforcement: New Penalties & Push for Compliance – Final Notice!

Good Morning,

The US Department of Health and Human Services (HHS) is currently implementing audits to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA) for performing periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed by the end of 2012.  While in the past, audits had been performed only at entities that had had a complaint filed against them, the new rule calls for audits whether or not there is a complaint.  This means, the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.

Join us for this live audio conference on Tuesday, April 24, 2012 at 1 pm ET | 12 pm CT | 11 am MT | 10 am PT. This conference is being presented by Jim Sheldon-Dean, the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to health care firms and businesses throughout the Northeast and nationally. He serves on the HIMSS Information Systems Security Workgroup, the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates sub-workgroup.  Sheldon-Dean is a participating member of the advisory board of Vermont Information Technology Leaders (VITL), and has participated in VITL’s Vermont Health Information Technology Plan working group, VITL’s Physician EMR adoption project, and the Security Workgroup of the New Hampshire/Vermont Strategic HIPAA Implementation Plan (NHVSHIP).

Highlights of the session :

• Fines and penalties for violations of the HIPAA regulations have been significantly increased and now include mandatory fines for willful negligence that begin at $10,000 minimum.

• HIPAA Audits have been few and far between in the past, but that’s now changing – the HHS will be auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported.

• What HHS OCR is likely to ask you if you are selected for an audit, and what you’ll have to have prepared already when they do.

• The rules are that you need to comply with will be explained. Learn about the policies you can adopt that can help you come into compliance and be prepared for an audit.

• How the HIPAA rules have changed and how you may need to change. How you work to keep up with them.

• How having a good compliance process can help you stay compliant and respond to audits more easily.

• The documentation needed to survive an audit and avoid fines will be described.

• A discussion on what you’ll need to think about to deal with current and future threats to the security of patient information.

If interested, please click the following link to register and get your early bird discount : –

http://www.audioeducator.com/hipaa-audits-and-enforcement-042412.html?utm_medium=email&utm_source=E99NAGAJ&utm_campaign=E99NAGAJ

Please apply discount code “GENE20” at checkout to get your $20 discount on early registration.

Looking forward to having you onboard here.

Thanks,

Gene Kraemer

Customer Relationship Director

The Coding Institute LLC

2222 Sedwick Drive,

Durham, NC 27713

************************************************************************************8*************************

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Product Details

Challenging the NPI Requirement of Blue Cross Blue Shield of Texas Again

Join Our Mailing List

How Far Can They be Pushed?

By D. Kellus Pruitt DDS

Command-and-control organizations like BCBSTX find Facebook difficult to control. Even a small nidus of a complaint posted by a client named Mark about poor service can attract a huge bolus of payback by a dentist, and nobody respects anonymous gatekeepers for huge, unresponsive companies like BCBSTX anyway:

https://www.facebook.com/bluecrossblueshieldoftexas

Mark, as a dentist, I’m very familiar with BCBSTX’s inconsiderate behavior in our communities. At least the anonymous moderator invited your feedback. When I sincerely asked her on Wednesday what federal employees are told about BCBSTX’s NPI requirement, she acted as if the absurd policy hadn’t already wasted enough of my time that day when she provided me an irrelevant link to nowhere – just to get rid of me.

Secret Requirement?

I would actually love to treat federal employees who have BCBSTX insurance because they are some of the nicest people I’ve met. But, BCBSTX’s secret requirement that their clients see only dentists with arbitrary NPI identification numbers (not required by law) makes their employment benefit purchased with taxpayer money worthless if they receive treatment in my office. My office has been told that it has become impossible for paper claims to enter BCBSTX’s modern, computerized system without NPI numbers, and nothing humanly possible can be done to correct the unfortunate problem for dentists who choose not to be HIPAA covered entities.

Evasion?

The moderator’s evasion confirms that even though BCBSTX’s federal customers are led to believe that they can use their dental benefits to help pay for treatment at any licensed dentist’s office, they are not being informed of the NPI requirement, and if they pay the dental bill in full for work done by a dentist without an NPI number, BCBXTX pockets the reimbursement. It just cannot be helped. That’s technology. Tough-luck!

BCBSTX executives naturally prefer that my office manager tell their clients about the obscure restrictions of the dental plans they sell. She catches most federal employees before blocking out time in our schedule to treat them, but nevertheless, one got through on Wednesday morning. It wasted my time as well as the federal employee’s.

Congressional Action?

It’s troublesome to know that the government callously encourages such waste of small business owner’s time and money, not to mention the inconvenience to patients. I’m simply fed up with open appointments for uninformed BCBSTX clients. What’s it take to force BCBSTX to take some responsibility in the community and warn their customers about the limitations of their dental policy before they call my office? Congressional action?

Assessment

I do hope the anonymous BCBSTX employee doesn’t choose to delete this post. Since it seems obvious that their windfall profit is a powerful disincentive for BCBSTX to warn their clients about the NPI restriction any time soon, the more federal employees I can ethically warn through BCBSTX Facebook, the fewer open appointments I’ll have, and less taxpayer money will be wasted on silliness.

cc: Senator John Cornyn

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Product Details  Product Details

Product Details

Don’t Co-operate with eDR Vendors, Doc!

Join Our Mailing List

My Opinion of eDRs and eDR  Vendors

By D. Kellus Pruitt DDS

Don’t cooperate with those you don’t trust, Doc.

eDR Stakeholders

If you allow Dentrix, the W. K. Kellogg Foundation, the ADA and other ambitious EDR stakeholders talk you into switching from paper dental records to digital before 2014, it will be the most regrettable business decision you have ever made.

PHI Breaches

Regardless if a data breach of your patients’ Protected Health Information (PHI) is your fault or not, it can easily cause bankruptcy, and the odds aren’t in your favor. According to a recent Redspin study, the number of breaches doubled between 2010 and 2011. (See “Health data breaches up 97% in 2011” by Diana Manos in Healthcare IT News, February 1, 2012).

http://www.healthcareitnews.com/news/health-data-breaches-97-percent-2011

Procrastination and Late Adopters

So even if unlike Americans who enjoy freedom, professionalism keeps you from publicly expressing an opinion, there’s never been a better time to drag your feet in our usual way. Besides, what have you got to lose by waiting? If consumers prefer EDRs, don’t you think we would see dentists touting their safety in their ads?

RedSpin

Daniel W. Berger, President and CEO of Redspin, is quoted in Diana Manos’ article: “Information security breach is the Achilles’ heel of PHI. Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records.” So why allow selfish EDR stakeholders who cannot be held accountable for harming your patients rush you into buying their favorite technology?

Note that the ineffective “further protective measures” will make EDRs even more expensive compared to paper dental records – allowing paper dentists to charge less than paperless practices, while still making more profit. Indeed, Doc. What have you got to lose by waiting?

Over the last 6 years, virtually all of my predictions about HIPAA have been right, and following the recent Redspin report, I feel even stronger about this one: The national failure of HIPAA will become noticeable in dentistry first.

OCR Culture

Not only is the Rule ineffective at protecting dental patients’ identities, but the tedious, mostly worthless compliancy requirements are so unreasonably time consuming and costly that no dentist can ever be 100% compliant. What’s more, eager HIPAA auditors working on commission to enforce the Office of Civil Rights’ “culture of compliance,” can find a dentist “willfully negligent.” Is that not subjective? The fines for such an auditor’s opinion are obscene. If you unfortunately experience a data breach, you don’t want to lose even more sleep over an audit that you cannot win, do you? Dentists don’t have to take this.

Dentistry Is Billing Simple

Unlike the complex administrative tasks in physicians’ offices, the business of dentistry is simple: Billing involves ten times fewer patients and CDT codes cover fees for procedures only involving the lower third of patients’ faces. Ledger cards, pegboards and lots of carbon paper have functioned adequately and safely for busy dental practices for decades. Besides, computers still haven’t shortened the time it takes to do a technique-sensitive filling in a squirmy kid’s mouth. If the front desk is the bottleneck rather than the speed of the dentist’s hands, someone needs to brush up on their alphabet skills.

If you think you might miss your computer, now is a perfect time to encourage dentistry’s leaders to consider de-identifying EDRs… Or if like me, you aren’t a HIPAA covered entity, we could wait a little longer if you’d like. Within a year, Americans will be noticeably seeking dentists who don’t put their PHI on computers.

Assessment

The hope for miracle discoveries derived from safely data-mining interoperable dental data doesn’t have to end like this, but I certainly don’t mind the windfall profits that expensive HIPAA regulations and patients’ fear of identity theft will bring to my practice.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

   Product Details

Clarifying Some NPI Number Mis-Understandings

The NPI Number: What is is – How it works?

By Carol S. Miller RN, MBA

The National Provider Identifier (NPI) is a HIPAA Administrative Simplification Standard that provides a unique identification for covered health care providers, all health plans and health care clearinghouses.  The NPI must be used in administrative and financial transactions adopted under HIPAA and with one identifying number will simplify security and allow greater protection or encryption of the provider number.  The NPI can be used to identify the health care provider on prescriptions, COB between health care plans, inpatient medical record systems, program integrity files, and other areas.

Dependent on his/her medical practice, the provider can obtain an individual or group NPI; however, there are situations where an individual NPI number is required such as with the submission of pharmacy and lab claims.  The NPI remains with the provider regardless of job or location change.  NPI will eventually be the standard identifier for all e-prescribing under Medicare Part D.

A Ten Digit Number

The NPI is a ten digit, intelligence-free numeric identifier with a check digit in the last position to help detect keying errors.  If there is a security breach, the number in itself cannot identify the protected health organization.  The use of one identifier with a check digit simplifies encryption of this number when transmitted electronically and thereby enhances security.

On HIPPA

HIPAA also requires that employers have standard national numbers that identify them on standard transactions.  The Employer Identification Number (EIN), issued by the Internal Revenue Service (IRS) was selected as the identifier for employers.  This number is used as a Federal tax identification number for the means of identifying any business entity and for the purpose of reporting employment taxes.  The EIN number should be protected as a social security number is.

ITL and NIST

Both the Information Technology Laboratory (ITL) and the National Institute of Standards and Technology (NIST) are involved in the development of technical, physical, administrative, and management standards and guidelines for cost-effective security and privacy of sensitive unclassified information in federal computer systems.  These standards and guidelines can be applied to the management of medical IT.

Assessment

Additional reference material for NPI can be found at: www.cms.gov/nationalprovidentstand.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Please review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

PRE-ORDER HERE

http://www.crcpress.com/product/isbn/9781439879900

On e-Claim Only Dental Plans

About their Hidden Costs – I’m Talking PHI Breaches

By D. Kellus Pruitt DDS

If the rumor is true about Bluebell Ice Cream’s “e-claim-only” dental benefit plan that is to go into effect in March, how many in the east-central Texas town of Brenham (pop. 16,000) will be properly warned about the danger to themselves, their families and Bluebell officials’ reputations because of reckless policy?

Transmissions Risks

Each time their dentists send an electronic dental claim (e-claim) over the internet to insurance employees in Chicago as a favor to a patient – and especially the insurer – the Bluebell employee’s digital medical identity which is worth fifty bucks on the black market, rides along to destinations unknown. It’s my guess that very few Bluebell employees are yet aware of the increasing risk of medical identity theft from dentists’ e-claims – much less given the opportunity to opt out of the risk by simply visiting a dentist who still uses the telephone, fax and US Mail.

Security Risks Growing

It certainly won’t improve my popularity with 9 out of 10 dentists for saying this, but risks of identity theft from HIPAA-covered dental offices are climbing daily. In the introduction to a recent interview with Larry Ponemon, chairman and founder of the Ponemon Institute, GovernmentIT.com editor Tom Sullivan ominously described the ever-increasing risk of a massive “data spill” of perhaps millions of patients’ protected health information (PHI):

 “The street value of health information is 50 times greater than that of other data types. Even worse, the healthcare industry is among the weakest at protecting such information. With organized criminals trying to steal medical IDs, sloppy mistakes becoming more commonplace, mobile devices serving as single sign-on gateways to records and even bioterrorism now a factor, healthcare is ripe for some a wake-up call – one that just might come in the form a damaging ‘data spill.’” (See: “Q&A: How a health ‘data spill’ could be more damaging than what BP did to the Gulf.”

Tom Sullivan – Editor [December 05, 2011]

http://govhealthit.com/news/qa-how-health-data-spill-could-be-worse-what-bp-did-gulf?page=0,0

According to Dr. Ponemon:

“The basic issue, when you think about data theft not data loss – because it’s hard to know whether that lost data ultimately ends up in the hands of the cybercriminal and all of these bad things occur – but in the case of identity theft, the end goal has been historically to steal a person’s identity, and just like getting a financial record, getting a health record probably has your credit card, debit card, and payment information contained in that record.”

Of Credit Cards … and More!

But that’s not all. Credit cards are just chump change. He continues:

“The financial records are actually lucrative for the bad guy, but the health record is actually much, much more valuable item because it not only gives you the financial information but it also contains the health credential, and it’s very hard to detect a medical identity theft. What we’ve found in our studies is that medical identity theft is likely to be on the rise and, of course, there’s an awareness within the healthcare organizations that participate in our study that they’re starting to see this as more of a medical identity theft crime. It’s not just about stealing credit cards and buying goodies, it’s about stealing who you are, possibly getting medical treatment and, therefore, messing up your medical record.”

Dr. Ponemon suggests that the victim may not know about the theft until he or she “stumbles on something that alerts them their medical identity was stolen.” Perhaps something like death following anaphylactic shock from a medication that was once digitally highlighted as “Allergic to.” Understandably, Ponemon adds that respondents recognized altered medical histories as an emerging threat they believed was affecting the patients in their organizations. Such danger for dental patients is almost non-existent if their dentists simply don’t put PHI on office computers.

Should a data breach of Bluebell Ice Cream employees’ identities occur in Brenham or Chicago, which is more likely than not, the fact that electronic dental records do nothing to improve the quality of dental care won’t make Brenham citizens any happier with local Bluebell officials. 

Conclusion       

And so, your thoughts and comments on this ME-P are appreciated. Please review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise


Product Details

Medical Identity Theft on the Rise

Join Our Mailing List

Open Up Dentists – and Physicians, Too!

[By D. Kellus Pruitt DDS]

If I tell you that your patients’ insurance identities can be sold for $50 each, how much will you trust your employees on Monday, Doc?

The Experts Speak

According to a panel of cyber-security experts at a recent Digital Health Conference, medical identity theft has become one of the most lucrative forms of identity theft. “DHC: EHR Data Target for Identity Thieves” by MedPage Today Associate Staff Writer Cole Petrochko, was posted last week

http://www.medpagetoday.com/PracticeManagement/InformationTechnology/30074

“Presentations at the Digital Health Conference here indicated that a single patient’s electronic health records can fetch $50 on the black market — a much fatter target than more familiar forms of identity theft, such as Social Security numbers ($3), credit card information ($1.50), date of birth ($3), or mother’s maiden name ($6).”

eMRs Not Like Credit-Cards

“And, unlike a credit card number, patients’ healthcare records cannot be cancelled or changed to prevent stolen data from being used by criminals”, said John DeLuca, of EMC Corp., an information technology company.

The Street Value of eDRs 

What do you want to bet that medical identities downloaded from dentists’ computers bring $50; as well. I’d like to share a special, visceral sentiment with my shy, HIPAA covered colleagues:

I warned you, damn it! And, I assume, just like virtually all other silent dentists in the nation, you’ve done NOTHING to safeguard your patients’ identities. Even if you don’t like truth served bluntly, this dentist has your reputation in mind when I warn that if your practice experiences a reportable data breach of over 500 records, and your patients’ identities aren’t encrypted, those who choose to remain with your practice will never trust you as much as they do today – even if you properly report the breach. Of the estimated 20% who will never return, many will probably look for a gentle dentist who doesn’t store patients’ Protected Health Information (PHI) on computers …. Like me. (Yea, that was a sales pitch. As one might expect, I certainly welcome discussion of it with anyone).

ADA Laggards 

After 5 years of awaiting responses from unaccountable leaders inside and outside the American Dental Association concerning HIPAA and EDRs, It feels really good to aggravate 9 out of 10 dentists still reading this – challenging those who normally take offense with professional stoicism to loosen up and share their feelings with everyone for once … God help me, I do love this so.

More About the Black Market 

The black market price for EHRs has increased ten-fold in the last 5 years. In 2006, I warned in a guest column on WTN that it only takes one dishonest employee needing a couple of thousand quick dollars to potentially bankrupt a practice almost without risk of being caught. Back then, the black market price for a stolen medical identity was estimated at only $5 (See: “Careful with that electronic health record, Mr. Leavitt,” WTN News, October 18, 2006).

http://wtnnews.com/articles/3407/

It’s no secret that reticent ADA officials like President-elect Dr. Robert Faiella have suspiciously failed in their duty to be transparent with dues-paying members about the liabilities of the EHRs – even as they continue to recklessly promote paperless practices. The result: Almost all dentists in theUSstill maintain patients’ unencrypted medical identities on their office computers – often guarded by a flimsy password that is still cute a decade later. (Did I hear a gasp?).

Consider This!

Consider this, Doc! If a practice has 3000 active patients with identities worth $150,000, all one dishonest employee needs for dreams to come true is a flash drive and private time with your computer.

Assessment

Show me a dentist who thinks the benefits of EHRs to dental patients still outweigh the liabilities and I’ll show you a dangerously naive healthcare provider who probably doesn’t know about KPMG Auditors. Let’s face the facts bravely, Doc. Now would be a terrible time to invest in an EDR system – even cloud based. The proven, avoidable danger EDRs bring to American dental patients is unacceptable and only getting worse. Give it a year or so.

Channel Surfing the ME-P

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register. It is fast, free and secure.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Product Details

The Texas Dental Association Board Must Face the Truth

More on NPI Numbers

[By D. Kellus Pruitt DDS]

Dear Past TDA Board Members

I have some questions similar to the ones that got me suspended from the TDA a year ago: Who among you can defend your decision to persuade trusting TDA members to volunteer for National Provider Identifier (NPI) numbers?

And, why did you give up on the effort while BCBSTX continues to unfairly force dentists who aren’t even HIPAA covered entities to adopt the identifiers?

If you’re still unaware that everyone can see TDA leaders allowed themselves to be manipulated by stakeholders like BCBSTX, prepare yourself. It won’t be long before at least a few TDA members blame you personally for the bad things I warned would come to dentists with NPI numbers. Since the identifier does nothing to improve the quality of care, its promotion cannot be reconciled with the mission statement of the TDA, leaders. I hope angry dentists throughout the state seek the names of those of you who misled them.

A Non-Profit 

BCBSTX is a non-profit whose handsome profits are paid by taxpayers. The healthcare parasite sells dental insurance to theUSgovernment for federal employees. In their letter to me that I’ve attached, you can see for yourself that along with BCBSTX’s stated refusal to process any of their clients’ dental claims that come from my office, it says in capital letters, “DO NOT FORWARD THIS NOTIFICATION TO THE MEMBER!” How proud does it make you feel to know BCBSTX defines your level of ethics, TDA Board? Two years ago, your Director of Membership censored from the TDA Facebook this dentist’s criticism of BCBSTX’s NPI demands. Sometimes, you bozos are idiots.

I have no contractual relationship with BCBSTX, so as soon as could, I defied BCBSTX’s order and sent their client the letter – making sure to point out that BCBSTX ordered me to keep it secret from her. As you might expect, she’s pissed at BCBSTX! I hope she looks into a class action lawsuit. I bet BCBSTX has been secretly extorting their customers’ dentists by the thousands … but then, do you even care, TDA? What did BCBSTX offer the TDA that caused you to betray dentists and patients who used to have faith in your honesty?

BCBSTX is a Tyrant, and the TDA is an Enabler

There’s more: As a favor to our patients, my office has traditionally called their insurers for coverage information so that those who purchased the dental benefits will know how much of the bill they are responsible for before we start treatment. It’s called transparency.

Today, my office manager informed me that according to alerts she has received from insurers, if I don’t “volunteer” for a National Provider Identifier (NPI) number by 2012, my office will be deprived of the right to product information about BCBSTX’s plans. How does that help anyone, TDA?

Assessment 

Were you aware that this was the purpose of the NPI number when you pushed TDA members to sign up? Do you even care? Because of your silence inTexas’ dental community, it’s really hard to tell.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Medical [Dental] Anti-Defamation Contracts and Doctor Accountability

Join Our Mailing List

Was the ADA Complicit?

By D. Kellus Pruitt DDS

If you were to walk into my dental office with a toothache, and I told you that before I relieve your pain, you have to agree not to say bad things about me on the internet, how badly would the tooth have to be hurting to keep you from walking out the door?

The article, “Toothache lawsuit may stifle medical gag orders against online rants”, by JoNel Aleccia, was posted yesterday on MSN.com.

http://vitals.msnbc.msn.com/_news/2011/11/30/9124107-toothache-lawsuit-may-stifle-medical-gag-orders-against-online-rants

The Patient

“[Robert Lee, 42] who had a bad toothache has filed a class-action lawsuit against his New York dentist after she required him to sign a contract promising not to trash-talk her online — and then fined him thousands of dollars trying to enforce it.”

Aleccia adds: “[Dr. Stacy Makhnevich] was among hundreds of medical professionals nationwide in recent years who refused to care for patients unless they signed anti-defamation contracts. In the contracts, the doctors and dentists promised not to evade federal patient privacy protections in exchange for patients’ agreeing not to post public comments about them.”

The Dentist

Other than its obvious ineffectiveness for this particular Manhattan dentist, whose practice is on the 69 th. floor of the Chrysler Building, Lexington Avenue at East 42St., (212) 697-4400, what’s wrong with this business plan?

First of all, aside from the insult, if a dentist required you to sign a contract forfeiting your right to express your opinion about the quality of care even before being seen, how confident would it make you feel about the doctor’s abilities?

The HIPAA Question

Then there’s HIPAA. It’s sad that healthcare providers on the 69th.  floor of the Chrysler Building would take advantage of vulnerable Americans who don’t understand that their right to privacy isn’t something that can be withheld – even as part of a twisted “copyright” deal intended to enable a dentist to dodge accountability. It seems to me like the Office of Civil Rights as well as the Attorney General should be alerted. How is threatening a patient’s privacy in return for direly-needed treatment different than extortion?

The Gotcha!

Mr. Lee had forgotten the contract until months later when he allegedly discovered that Dr. Makhnevich had overcharged him by about $4,000, improperly filed the insurance and then refused to provide him with the documents he needed to file the claim himself. That’s when he started posting rants on sites like Yelp and DoctorBase, such as, “Avoid at all cost! Scamming their customers!” and “Honestly, how do you live with yourself? Just try being a decent human being.”

“Within days, Makhnevich demanded that the sites remove the comments and threatened to sue Lee. She also said he was infringing on her copyright provisions and started sending invoices for fines of $100 a day. By October, the total topped $4,600, he said.”

The Service

Since the dentist purchased the right to use Medical Justice Inc. anti-defamation contracts to prevent complaints from dis-satisfied customers from being discussed on the internet, I say she is due a refund. What’s more, if she’s given any trouble about it, she should get on the internet and complain – if she didn’t forfeit that right as part of the agreement.

The ADA

So where did Dr. Stacy Makhnevich learn about Medical Justice Inc.’s ineffective, unethical and probably illegal anti-defamation contract service? Of all places, it may well have been in ADA Headquarters, 211 E. Chicago Ave., Chicago, (312) 440-2500

Dr. Jeffrey Segal [MD, JD], the neurosurgeon and founder of Medical Justice Services Inc. which sold providers like Dr. Makhnevich the right to use his company’s contracts, was a featured speaker at the American Dental Association’s [ADA] annual Benefits Conference last year.

The ADA leadership’s decision to invite Dr. Segal to advertise his product at a benefits conference (?) reveals the old timers’ underlying paranoia that makes them prefer silence from members as well as their own dental patients.

Assessment

Since the ADA effectively put its stamp of approval on Medical Justice’s anti-defamation contracts, don’t you think the ADA News should at least post a warning about the liability to members who attended Dr. Segal’s presentation in ADA Headquarters? Let’s watch dentistry’s leaders ignore the abysmal results of yet another half-baked blunder caused by people too proud to listen.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details  Product Details

Product Details

Newt Gingrich has his Way with the ADA

Dentists should be furious with Gingrich for commandeering the ADA

By D. Kellus Pruitt DDS

On This Week roundtable discussion this morning [Sunday], George Will began his comments about Newt Gingrich, now a frontrunner, by saying that he “embodies everything disagreeable about modern Washington.”

Dentists should be furious with not only Gingrich, but with our inattentive dental leaders as well.

Why? 

A couple of days ago, Steve Chapman posted “Gingrich’s corruption” on the ChicagoTribune.com.

http://www.chicagotribune.com/news/opinion/chapman/chi-gingrichs-corruption-20111118,0,4581968.story

Chapman writes:

“Conservatives may be able to forgive Newt Gingrich for being an adulterer and for his flip-flops on climate change and mandatory health insurance. They are willing to put those aside because they think he’s shown a fierce attachment to their cause. But, the latest revelations will be harder to digest, because they suggest that his allegiance is for sale.”

He punctuates the condemnation with a quote from USA Today:

http://www.usatoday.com/news/politics/story/2011-11-16/newt-gingrich-think-tank-opeds/51246512/1  

“In a series of op-eds stretching over several years, Gingrich repeatedly advocated for various health-care related issues, including electronic health care records, ways to improve the health care sector, and medical malpractice reform without acknowledging the issues were directly connected to members of the Center for Health Transformation, a for-profit think tank he founded in 2003.”

Newt, for a Freddie Mac historian, you’re pretty sly!

According to information that Center for Health Transformation [CHT] spokeswoman Susan Meyers provided USA Today, healthcare stakeholders participating in Gingrich’s “think tank” can expect to pay Gingrich between $5,000 and $200,000, “depending on how many employees attend the center’s meetings and use other services.”

Wouldn’t you just love to ask Ms. Meyers if Gingrich’s think tank members are more likely to realize a return on their investment than their software offers dentists?

I suggested to the editor of the Chicago Tribune to specifically ask ADA President-elect Dr. Robert Faiella questions about the cost and safety of EHRs in dentistry. Then I followed the comment with,

 “And, be sure to tell Dr. Faiella that D. Kellus Pruitt DDS referred you to him. Though we’ve never met, he knows who I am. If you get around to it, you might ask him how much HIPAA compliance raises the cost of dentistry. There are thousands of dentists who would find the President-elect’s answer to that question truly enlightening.”

I Do Find this Fun

Psst…! Chicago Tribune Editor; want a hot tip? I know of a local but far-reaching lead concerning the malignant, corporate corruption described by Steve Chapman in his article. A reporter wouldn’t have to travel far to aggravate employees of a secretive, command and control organization. The ADA National Headquarters is just down the street at 211 East Chicago Avenue. In 2004, the widely-overlooked, not-for-profit’s lack of transparency made it especially vulnerable to Gingrich’s deceptive selling points!

ADA Officials

I think everyone agrees that asking ADA officials reasonable questions about the cost and safety of any high-tech dental product they recommend – including electronic dental record systems – is not unreasonable.

In fact, now that Steve Chapman has shown Newt Gingrich’s profit motives for misleading our dental leaders, caution seems prudent.

This could be ornery-fun if, like me, someone on your staff gets a kick out of asking shy good ol’ boys questions they are hardly ready to answer. I wish the Tribune luck getting past anonymous, unaccountable gatekeepers who shield ADA officials from accountability. I suggest sending your questions to Dr. Robert Faiella. He is not only the unresponsive Chair of the ADA Electronic Health Record Workgroup, but he is the ADA’s latest insensitive President-elect.

Dentists should be furious with Newt Gingrich for commandeering the ADA

Psst…! Chicago Tribune Editor! You interested in another hot tip? I know of a local but potentially far-reaching lead concerning the malignant, corporate corruption described by Steve Chapman in his article exposing Newt Gingrich’s poor manners.

Should you choose to do so, you won’t have to travel far to aggravate employees of a stoic, command and control organization. The national headquarters for the American Dental Association is just down the street at 211 East Chicago Avenue. The widely-forgotten, not-for-profit’s traditional lack of transparency made it especially vulnerable to Gingrich’s deception back in 2004.

I think everyone agrees that asking ADA leaders reasonable questions about the cost and safety of any high-tech dental product they recommend – including electronic dental record systems – is not unreasonable.

In fact, now that Steve Chapman has shown us Newt Gingrich’s motives for misleading our dental leaders, caution seems prudent.

This could be ornery-fun if someone on your staff gets a kick out of asking shy good ol’ boys questions they are not yet ready to answer.

Nevertheless, the ADA will refuse to respond to questions, Editor. Even while I was still a member of the professional organization up until a year ago, it clearly aggravated dental leaders when I repeatedly questioned the cost and safety of EDRs on local, state and national levels of the organization.

I always find evasion intriguing. Maybe you will have better luck getting past anonymous, unaccountable gatekeepers who shield the good ol’ boys from transparency.

Assessment 

Join Our Mailing List

Here’s the official to whom I suggest you futileyly address your questions: Dr. Robert Faiella. He is not only the unresponsive Chair of the ADA Electronic Health Record Workgroup, but he is theADA’s latest insensitive President-elect.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details

In Defense of the eDR Industry

One Dentist Consultant’s Opinion

By Paul L. Child Jr, DMD, CDT
CR Foundation
3707 North Canyon Road, Building 7
Provo, UT 84604

Three days ago, I shared the email I sent to Dr. Paul Child and Kathleen Noll concerning their claims that electronic dental records offer dentists a return on investment (ROI). Dr. Child responded yesterday.

Darrell K. Pruitt DDS

———————————————

Dear Dr. Pruitt,

Thank you for your recent communication and questions regarding my recent article in Dental Economics, specifically your question: Does the ROI for Practice Management systems include the cost of HIPPA compliancy?

In regards to your communications with QSI, I cannot comment as I do not represent them. Unfortunately, I too am not able to give you the “proof” you are seeking, as I do not have a specific chart nor do I plan on fabricating one to “prove” the efficacy of computers in the dental office (although a controlled study would be interesting, I’m not sure it would be an effective use of funds to prove something that is already proven in every other industry).

However, I will provide you with information from thousands of our readers at CR as well as many more in our lectures worldwide.

The section of the article to which you are referring is under the title of: Practice and patient records management and patient education. Specifically, the paragraph states:

“Implementation of computers into each operatory and throughout the practice is the first and most frequent adoption of digital dentistry. In North America and most developed countries, this has reached the “early majority” stage as all of the criteria for being an advantage have been met. Dentists who have not yet adopted this prerequisite for digital dentistry should do so now! Daily advances and improved software adapted from other industries allow this technology to be affordable, attain the fastest adop¬tion rate, and offer a high return on investment. Current and highly effective systems include Eaglesoft (Patterson), Dentrix (Schein), PracticeWorks (Carestream Dental), and Web-based software such as Curve Dental” (underlines added for emphasis).

Please note that the sentence in which “high return on investment” is mentioned is referring to “advances and improved software adapted from other industries”. As such, other industries (too many to count) have proved without a doubt, the massive improvement in return on investment in the following areas: improved efficiency (eg. Legible records vs. scribbles, or worse off, incomplete records), improved accuracy of records, use of computers for rapid recollection of stored data, rapid recording of data, time savings, standardization, and many more. A brief look at the medical industry and literature (our closest industry – of which we are a part of) can demonstrate the above. In addition, the observations I made are directed to the use of computers in a practice.

Finally, proper implementation of practice and patient management systems can easily improve ROI, via better record taking, accurate financial statements that can be easily generated daily for better practice management, treatment planning with all options, benefits, and risks recorded – then printed for the patient, and most of all – time savings. What is a dentists time worth? My time is priceless (as is most dentists I know). Yes, there are clearly unknown aspects of this digital transformation from paper to digital. Government and controlling organizations may make new rules and regulations that can positively or negatively affect this process.

But, from our observations of thousands of other dentists that have made this transition, very few – if any, would even think about reverting back to paper.

To your question regarding HIPPA compliance, YES, the overall ROI would include even this. HIPPA compliance is still relatively new to many dentists, even though it has existed for years. This compliance in important for all the reasons you already know. As dentistry evolves and new technologies are introduced (and ruling bodies continue to make new rules and regulations), this digital evolution will continue to prove itself an EXCELLENT ROI for today’s and tomorrow’s dentists.

Best regards,

Paul L. Child Jr., DMD, CDT

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

“Health Care Organizations” [Announcing our Newest Print Book for 2012]

Management Strategies, Operational Techniques, Tools, Templates and Case Studies [in-progress]

By Dr. David Edward Marcinko; MBA CMP

By Prof. Hope Rachel Hetico; RN MHA CMP

Price:  $69.95 est.
Cat. #:  K13750
ISBN:  9781439879900
ISBN 10:  1439879907
Publication Date:  April 15, 2012 est.
Number of Pages:  400 est.
Binding(s):  Hardback

TABLE OF CONTENTS [tentative] 

  1. Market Competition in Healthcare [Understanding the Current Strategic Eco-System]
  2. Medical Career Development [Transformation of Next-Generation Physician Executives and Leaders]
  3. Medical Process Strategic Improvement [Tracking Care with Outcomes Reporting] 
  4. Capital Formation Strategies for Hospitals [Institutional Types, Essentiality and Governance]
  5. Hospital Revenue Cycle Management [Strategic Monitoring and Augmentation] 
  6. Managing Health Information Technology [Exchanging Patient Data – The Benefits and Rewards]
  7. Strategies for Health Information Technology Security and Privacy [Understanding the Rules, Regulations, Penalties and Recovery Efforts]
  8. Lean Six Sigma Healthcare Operations [Improving Healthcare Quality]
  9. Strategic Financial Management Implications of the USA PATRIOT and Sarbanes-Oxley Acts [Health Policy for Affected Hospitals and Healthcare Organizations] 
  10. Collaboration to Improve Operating Performance [Opportunities are Widespread] 
  11. Healthcare Supply Chain Inventory Management [Data Capture, Just-in-Time Strategies and Economic Order Quantity Analysis]
  12. Improving Hospital Flow Through Efficiency, Operations and Logistics [Seeking Leaner and Faster Organizations with Sustainable Improvements]

Pre-Order Now

In-Process from: (c) Productivity Press 2012
http://www.crcpress.com/product/isbn/9781439879900

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

On Practice-Based Research Networks

In Dentistry – if only it were that easy

By D. Kellus Pruitt DDS

I like the concept of a Practice-Based Research Network for teasing out latent miracles from dentalcare data, but I’m afraid any hope of networking success is limited by insurmountable cost and safety concerns of EDRs that few in the dental industry are yet willing to recognize.

Dr. Schleyer 

Titus Schleyer, DMD, PhD, Associate Professor and Director, Center for Dental Informatics, University of Pittsburgh published “The feasibility of an electronic dental practice-based research network” a few days ago.

“The long-term goal of our research is to use data from EDRs to improve patient care and its outcomes. The objective of this project is to develop a generalizable method for extracting EDR data for practice-based clinical research, using Dentrix as the test system.

In our first specific aim, we will determine the utilization of clinical data elements useful for research by practitioners by mining the electronic dental records of 100 Dentrix users and generating summary statistics about patient documentation patterns by data field.

The second specific aim will develop a technical Infrastructure for extracting data from Dentrix and integrating them with manually collected research data. The main outcome of this project will be the electronic Dental Practice-Based Research Network (ePBRN), a generalizable method for extracting clinical data from EDRs and reusing them for practice-based research. This project is a first step in making the increasing amount of electronic clinical data available for improving research, clinical care and patient outcomes.”

-Abstract: September 30, 2011

http://halley.exp.sis.pitt.edu/comet/presentColloquium.do?col_id=2348

I agree with Dr. Schleyer. However, until dentists perceive value in EDRs instead of liabilities, the dreams that he and I share about real-time, evidence-based research on an internet platform will be nothing more than just a cool-sounding fantasy of a handful of geeky dentists hoping to get a better peek at an obscure healthcare niche.

On Transparency 

Transparency in dentistry, rather than NPI numbers, has a better chance of revealing cost-effective solutions for painful and even life-threatening health problems. In addition, nothing is holding down the cost of HIPAA compliance, and data breaches from healthcare facilities – including dental offices – are only becoming more common.

Assessment 

Sidestep liability. De-identify now. If a dentist’s EDR system is breached, yet it contains no Protected Health Information [PHI], who cares?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

OCR Imposes Penalties for Employee’s Unauthorized Viewing of PHI

By Garfunkel Wild, PC

Join Our Mailing List 

Early in July, the Department of Health and Human Services Office of Civil Rights (“OCR”) entered into a settlement for $865,500 with UCLA Health System (“UCLAHS”) as a result of complaints alleging that UCLAHS employees repeatedly and without permissible reason looked at the electronic protected health information (“ePHI”) of celebrity patients.

Initial Complaints

Although the complaint was initially made by only two patients, in its investigation OCR determined that from 2005-2008 unauthorized employees of UCLAHS repeatedly looked at the ePHI of numerous other patients as well. In addition to paying the settlement, UCLAHS committed to a correction action plan that includes (1) implementation of policies and procedures; (2) robust training for employees; (3) a commitment to sanction offending employees; and (4) designation of an independent monitor to assess compliance over 3 years.

Assessment

This settlement is the fourth settlement in a year and highlights OCR’s increasing enforcement of violations to HIPAA Privacy and Security Rules. Failure to have an effective HIPAA compliance program can result in significant monetary penalties, and therefore, providers and business associates alike should be evaluating their HIPAA compliance programs to ensure that appropriate safeguards are in place.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Can Americans Trust the ADA?

Join Our Mailing List

Trusting the American Dental Association?

[By D. Kellus Pruitt DDS]

In January 2011 – the same month a new Minnesota law demanded dentists purchase e-prescription software whether they want it or not – the ADA Standards Committee on Dental Informatics published White Paper No. 1070: “Implementation of the Electronic Prescription Standard for Dentistry.”

Minnesota lawmakers who logically turned to the respected ADA for what they expected to be reliable and unbiased professional advice, were assured by the Committee that e-prescribing  will not only “insure the elimination of illegible prescriptions” but it will also “reduce preventable errors such as drug to drug interactions, drug-allergy reactions, dosing errors, therapeutic duplication, and other error types.”

http://www.ada.org/sections/scienceAndResearch/pdfs/ADA_White_Paper_No._1070.pdf

Really, ADA? On what evidence did the ADA Department of Dental Informatics base their self-serving claims?

This week, MedicalNewsToday.com reporter Christian Nordqvist posted “11.7% Medication Error Rate In E-Prescribing,” which directly contradicts the ADA’s advice to trusting Minnesota lawmakers and ADA members. Nordqvist writes: “The chances of mistakes occurring in prescriptions sent electronically are no lower than in those written out by hand, a researcher from Massachusetts General Hospital in Boston wrote in the Journal of American Medical Information Association. This will be a disappointment for health reform experts and policymakers [and ADA officials] who assured that E-prescribing would have fewer medication errors, as well as saving the government billions of dollars.”

http://www.medicalnewstoday.com/articles/230296.php

If one considers the JAMIA a credible Journal, research clearly suggests that e-prescribing is a bust for physicians who write many more prescriptions than dentists. Yet ADA officials continue to encourage dentists to adopt paperless practices without mentioning that e-prescriptions not only produce just as many errors as paper, but that they are hundreds of times more expensive because of the cost of computers, software and HIPAA requirements.

In addition, if a dentist’s computer is stolen or hacked – even if he or she properly reports a breach of e-prescription records – the tragedy can easily bankrupt a practice between the HIPAA fines, state attorneys general lawsuits, patient notifications and local media coverage of the breach (as required by HIPAA/HITECH). The Ponemon Institute estimates the cost to be over $200 per dental patient. And the price is only increasing. I just read that HHS is to conduct 150 HIPAA audits in 2012. Ka-ching!!!

https://www.fbo.gov/index?s=opportunity&mode=form&id=9e045aa4f7e6f8499c5b6f74d5b211e9&tab=core&_cview=0

That announcement from HHS should also conveniently boost sales of “The ADA Practical Guide to HIPAA Compliance” (on sale now at ADA.org for $220 while supplies last).

Sounding the Alarm

I personally started warning ADA leaders about this over 5 years ago. Yet as far as I can tell, they continue to blissfully ignore the IT disaster in dentistry. They don’t have to listen to nobody. And it shows.

As illogical as it sounds for an organization whose only purpose is to serve the interests of dues-paying members, the ADA hasn’t a single “vetted” EDR expert who will allow him or herself to be accessed on the internet. One such rumored expert is long-time ADA Trustee Dr. Robert Faiella. Since the Osterville, Massachusetts periodontist is so secretive with the ADA members he serves, like Soviet leaders of the 1970s, it’s hard to tell for sure if he is still in power or even alive.

Suspiciously, in these days of rapidly-expanding openness through social networks, the ADA cannot even contribute experts’ answers to Sharecare.com as promised – much less open a Facebook with over 12,000 waiting fans. So instead of ADA members’ questions about e-prescribing being answered by ADA experts on a convenient venue like a Facebook, ADA members must turn to irrelevant, Committee-approved publications… just like the Soviet Union of the 1970s.

I have personally found it is easier to obtain responses from my US Senator John Cornyn than from shy ADA officials. But then, I’ve discovered that Senator Cornyn is a remarkably caring individual. Not an evasive not-for-profit apparatchik with nice teeth.

Assessment

How long before dentistry’s handful of entrenched ADA leaders apologize for the harm they’ve caused and stop deceiving Americans about electronic dental records? It’s the least Dr. Robert Faiella could do before resigning his ADA position.

As long as obsolete ADA officials wink at a bankrupt policy of deception, can the reclusive not-for-profit organization ever regain America’s trust?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

   Product Details 

Proposed Regulations on HIPAA Accounting of Disclosures

New Rules and Regulations for Covered Healthcare Entities

ADVERTISEMENT

Join Our Mailing List 

By HCR@garfunkelwild.com

Proposed regulations regarding HIPAA accounting of disclosures have been recently published and are open for public comments.  If enacted in their current form, the new regulations will require Covered Entities to make significant revisions to their current HIPAA procedures and may require modifications to current computer systems.  

The HI-TECH Act

Under the HITECH Act, regulations must be enacted that allow individuals to receive a much expanded accounting of disclosures of electronic health information, including disclosures made for treatment, payment and health care operations. 

In order to accomplish this, the proposed regulations differentiate between “accountings of disclosures” and “access reports.”  Accountings will continue to be a list of certain limited types of disclosures.  Access reports will be similar to “audit trails” and must include information regarding each access to an individual’s electronic health information.  Covered Entities must be able to provide, upon request, both accountings and access reports.

Covered Entities

The proposed regulations also include specific requirements, including the following:

  • Accountings and access reports must be available in regard to disclosures or access, as applicable, for 3 years and must be provided within 30 days of the request. 
  • Accountings and access reports will be required only for health information maintained in designated record sets (e.g., medical records, billing records).
  • Accountings and access reports must include information about disclosures of, and access to, information maintained by business associates.
  • There are additional exceptions to the types of disclosures that must be included on an accounting (e.g., exceptions will include disclosures about abuse and to medical examiners).

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

A Review of HIPAA EHR Security Regulations

Join Our Mailing List

Focus on the Hospital Industry

Carol S. MillerBy Carol S. Miller BSN MBA

With the implementation of EMRs, Internet access, intranet availability throughout the hospital and physician complexes, as well as from home or any virtual site, the potential for security violations and associated vulnerabilities may have already caused serious harm to many hospitals and to the IT community in general.  Implementation of HIPAA security standards across the United States at hospitals, clinics, medical complexes, universities, federal facilities such as the VA, DoD or IHS and others have been inconsistent.  In addition, the HIPAA privacy regulations have given the responsibility for the patient health record to the patient — the impact of which has not been fully addressed nor is it supported by healthcare IT rules and regulations.

In Control?

Throughout the entire healthcare industry, there are concerns over who has access, who is in control, and whether the release of information impacts the privacy and security of the patient medical information or presents a risk to patient well-being, the quality of patient care, compliance issues, and potential fines to the hospital community.

The simple fact is that security is a problem that could have a catastrophic effect on any hospital.  Most Chief Information Officers have increased their “security-related” and “computer specialist” staff to address security issues, but most believe that their security is still vulnerable and needs to be improved.  Understanding a complex group of technologies and processes that have been built and modified many times over the years, especially at a large university or medical center complex, will be not only time-consuming, but also costly.  Security, like complex IT systems, was never designed in any organized manner.  It simply expanded as more and more access was made available, patient rights were defined, technology capabilities expanded, and more Internet-related communications and document-sharing occurred.

Hospital Security Concerns

Further, HIPAA security requirements were thrown into the mix in an era when hospital budgets were shrinking, and hospitals were trying to meet their costs through consolidation or reduction of programs and staff.

The prime concerns for information security are:

  • confidentiality – information is accessible only by authorized people and processes;
  • integrity – information is not altered or destroyed; and
  • availability – information is there when you need it.

Hospitals will continue to review, update and further document their security issues, monitor changes, and develop processes to mitigate the problems.  Gap analyses will continue to determine where vulnerabilities are or potentially could occur.  This process will be time consuming, but will enable the hospitals to determine how each system is integrated into their portfolio of systems and applications, and how it will be integrated with new technology.  Most importantly, it will facilitate identification of the detailed process of requesting, securing, and approving access to confidential patient records, systems, or applications.  It will enable hospitals to move forward with other technology enhancements in a secure manner.

Patchwork Security Quill

As stated previously, security has grown piecemeal as needs have been integrated with system, application, and software program growth.  It is literally a patchwork of various security functions and restrictions that may just be applicable to a certain application or software product or may be applicable to several applications but not all.  Various security software or SaaS packages have been deployed at different facilities across the United States that provide firewalls, access controls, tracking systems, and various other HIPAA security compliant capabilities; however, even with all these controls no one person within a hospital environment is fully aware of all the security requirements, security structures, the integration of the security network or whether any of the security network works efficiently and effectively.  Building a basic understanding of the entire network is the basis for developing and improving the entire HIPAA-related security process.  Besides the security involved within the hospital systems and through the Internet, there is still the issue of physical security, security theft or inappropriate access to patient information.

Typical Security Queries

The following list provides examples of typical questions related to security of information stored either on the laptop or on an accessible Intranet site from the laptop that should be addressed. All of these questions relate to additional time and expense in having an assigned individual monitor all aspects of this tracking process:

  • Is there an accurate record or log of each piece of equipment referenced at the hospital?
  • Do I know how many of the laptops are portable and used at home?
  • Are personal digital assistants (PDAs) and laptops encrypted and is the employee required to change passwords frequently?
  • Do I know how many of these portable systems are used for personal services?
  • Do I know how many of these laptops are used by family members?
  • Do I know how secure the portable systems are?
  • Do I know if they are just password protected or whether other security measures are in place?
  • Is every piece of equipment accounted for when employees leave, including PDA, laptop, CD, DVD, or other storage devices?
  • Do I know who can access confidential patient information from a remote office or home?
  • Is there a defined process for discarding old computers and old media?
  • Do employees know the hospital’s reporting process if their laptop is stolen or hacked?
  • Is virus and spyware software continually updated?
  • Are employees provided with information on how to secure their laptops or blackberries?
  • Do employees know what to do when attachments from unknown sources are sent and/or downloaded?
  • Does the employee use home-burned CDs/DVDs on their laptop?
  • Is system backup maintained by every employee?
  • Do employees know to “log off” when leaving their desktop or is there an automatic “log off” capability built within the system?

Security Administrators and Managers

Hospitals are employing security administrators and security staff to identify potential risks, vulnerabilities, risk scenarios, and develop policy and procedures to address all of these issues.  HIPAA compliance reviews and approval processes from HIPAA officers or legal counsel will be an added process for the hospital as part of any security consideration.  All of these security review processes, requirements, and staffing represent new and most likely unbudgeted costs with higher-than-anticipated associated costs to the hospital.  Costs need to be based on the affiliated risk, and the associated manpower or technical systems/software required to fix the risk; these indirect costs (i.e., not direct labor costs related to patient care) are being met from the hospital profits.

Risk Assessment Queries

Every covered entity should complete a risk assessment and review it periodically.  Focus areas that need to be addressed in the risk plan include the following:

  • workforce clearance (does the job require access to patient information and is it documented in the job description);
  • training (ongoing awareness and reminders); and
  • termination (what are the processes and procedures for assuring that a terminated employee does not have future access to any confidential patient information).

Today it is important for all hospitals to focus on contingency plans and disaster recovery to prevent any arbitrary loss of patient information.  Hospitals need to plan for and demonstrate that disasters such as Katrina or 9/11 or Japan or Alabama will not affect the security of the systems or access to patient information.

Many hospitals provide routine reviews, and system maintenance and updates to combat potential security problems or concerns with regard to confidential patient information.  However, inadvertent or even intentional changes to systems can cause serious data problems as the data integrates throughout the hospital IT environment.  Security breaches at this level can come from inside or outside the hospital.  They can be malicious or accidental and they can be related to system function disruption or data degradation.  They can relate to potential failures to properly share data and coordinate information.  They can also be the cause of major patient clinical errors, physician dissatisfaction, inaccurate record information, duplication of records, and as always, additional cost to the hospital that must identify the potential breach, develop a solution, and correct the issue at hand.

Main Concern

Direct access to information is probably the biggest security issue.  It affects personnel access to the systems they need in their daily jobs and tends to be poorly controlled.  Because hospitals need to provide access to information, they are sometimes lax about who has that access.  As an example, ask any hospital to not only identify each access user on the system, but also identify who uses each specific application.  Few hospitals have that capability. They would require additional resources to develop not only a major computerized index, but also the time and attention to monitor and to change users’ rights to access.  Many hospitals routinely request that the business or IT manager provide access for new employees that is similar to what another comparable staff person has — not really addressing the particular “right to know” or determining whether the new employee really needs a particular level of access.  Experience within the hospital environment also shows that many of the staff still have the same access to systems that they have had for years, even though they may have changed positions several times.

Finally, many staff have access to confidential patient information, yet few of the hospitals have ever linked this “right of access” to a background check.  Access to the hospital system is given to employees to perform a job.  In turn, the hospital is widely opening its doors to access a wide range of financial or confidential information, or even competitive information.  Many of these hospitals have employed designated staff to change and delete access rights, or allow read-only access, or read/write access; however, vulnerability still can exist.  Security is a trade-off between control and flexibility and there will always be weak points.  For those hospitals that have in place a comprehensive security review process, policy and procedures, and a contingency plan, the risks and liability can be limited.

Assessment

Regardless of the cost, HIPAA security and privacy regulations have changed the hospital environment.  The hospital and its IT and security staff need to be proactive.  There is simply too much at stake and potentially too many issues where mistakes could cause the hospital a serious system problem or result in a large fine.  HIPAA and the responsibility to provide reasonable patient care risk reduction mandate secure healthcare IT operations.  To do less simply allows patient care and healthcare delivery outcomes to be exposed to unacceptable levels of unnecessary risk.

About the Author

Carol S. Miller has an extensive healthcare background in operations, business development and capture in both the public and private sector. Over the last 10 years she has provided management support to projects in the Department of Health and Human Services, Veterans Affairs, and Department of Defense medical programs. In most recent years, Carol has served as Vice President and Senior Account Executive for NCI Information Systems, Inc., Assistant Vice President at SAIC, and Program Manager at MITRE. She has led the successful capture of large IDIQ/GWAC programs, managed the operations of multiple government contracts, interacted with many government key executives, and increased the new account portfolios for each firm she supported.

She earned her MBA from Marymount University; BS in Business from Saint Joseph’s College, and BS in Nursing from the University of Pittsburgh. She is a Certified PMI Project Management Professional (PMP) (PMI PMP) and a Certified HIPAA Professional (CHP), with Top Secret Security clearance issued by the DoD in 2006. Ms. Miller is also a HIMSS Fellow, Past President and current Board member and an ACT/IAC Fellow.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Search Guidance for a Chief Medical Security Officer

A Business Case Model

By Richard J. Mata MD MS CIS

Dr. Mata

Join Our Mailing List

The Mighty-Soft Hospital is a futuristic 1,500 bed fortress-like facility operating with a state-of-the-art dual wired-wireless infrastructure complete with computerized physician order entry  system, radio frequency inventory device (RFID) control tags, and integrated electronic medical records (EMRs) that are the envy of its competitors and vendors, and offer a formidable strategic competitive advantage in the marketplace.

Now, imagine the potential liability, PR disaster and chagrin when its enfant terrible CEO is told of a massive security breach similar to the ChoicePoint and Lexis-Nexis fiascos.  The ID theft involves release of critically protected healthcare financial, employment, clinical, and contact information for all of its patients, employees, physicians, business associates, and affiliated medical personnel.

Suddenly, senior management is charged with the task of establishing the new position of Chief Medical Security Officer (CMSO) for Mighty-Soft, and navigating a crisis management dilemma never previously faced by the formerly HIPAA-compliant electronic giant.

The CMSO is to be a senior level management position responsible for championing institutional security.  Awareness of electronic and HIPAA policy and procedure developments, while working to ensure compliance with internal and external standards related to information security, is vital.  The CMSO is to report directly to the CEO and the CIO.

The Search Committee developed the following list of CMSO duties and responsibilities:

  • Chair the hospital’s Information Security and Privacy Committee in its policy development efforts to maintain the security and integrity of information assets in compliance with state and federal laws, and accreditation standards.
  • Provide project management and operational responsibility for the administration, coordination, and implementation of information security policies and procedures across the enterprise-wide hospital system.
  • Perform periodic information security risk assessments including disaster recovery and contingency planning, and coordinate internal audits to ensure that appropriate access to information assets is maintained.
  • Work with the financial division to coordinate a business recovery plan.
  • Serve as a central repository for information security-related issues and performance indicators.  Research security or database software for implementing the central repository, and note that a server based system could be useful for a Wide Area Network (WAN), so this information can be shared with the enterprise-wide hospital system.  Develop, implement, and administer a coordinated process for response to such issues.
  • Function when necessary as an approval authority for platform and/or application security and coordinate efforts to educate the hospital community in good information security practices.
  • Maintain a broad understanding of federal and state laws relating to information security and privacy, security policies, industry best practices, exposures, and their application to the healthcare information technology environment.
  • Make recommendations for short- and long-range security planning in response to future systems, new technology, and new organizational challenges.
  • Act as an advocate for security and privacy on internal and external committees as necessary.
  • Develop, maintain, and administer the security budget required to fulfill organizational information security expectations.
  • Demonstrate effectiveness with consensus building, policy development, and verbal and written communication skills.
  • Possess the clear ability to explain information technology concepts to audiences outside the field.
  • Become the public face for the Mighty-Soft Hospital’s legacy security system.

Minimum Qualifications:

  • MD, DO, DPM, DDS, DMD, with bachelor’s/master’s degree in computer science or related field or equivalent experience.
  • Three or more years of experience in the healthcare industry.
  • Five or more years of experience in information security.
  • Eight or more years of experience in information technology.
  • In-depth understanding of network and system security technology and practices across all major computing areas (mainframe, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.

Preferred Qualifications:

  • Experience with electronic medical devices.
  • Specific experiences in the healthcare industry.
  • Familiarity with legislation and standards for PHI and patient privacy.
  • Demonstrated successful project management expertise.
  • Professional certification, e.g., CISSP, CISA, PMP.
  • Experience with student record/higher education laws.

Key Issues:

  • What is your IT hardware infrastructure and how are security-related devices deployed?
  • What security requirements are imposed by federal and state authorities on your institution?
  • What would you consider the most important criteria for choosing a CMSO?
  • What relationship will the CMSO have with the CIO, CMIO and CEO?
  • What level of security education/training do you consider necessary for your hospital community?
  • What are the key security issues your CMSO will have to address?
  • What are the key privacy issues?
  • What are the key risk management issues?
  • What are the pros and cons of EHRs for your institution?
  • What do you see as the EHR priorities for your CMSO?
  • What are the security issues of EHRs for your institution?

Assessment

How would you select a CMSO?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Protecting Personal Health Information [PHI on Talk Radio]

Check out the Xerox Blog Talk Radio

By Staff Reporters

Join Our Mailing List 

Federal regulations require that healthcare organizations put new safeguards be put in place to protect a person’s personal health information, also known as PHI. This means new challenges for anyone who handles sensitive data [covered entities]. And, there are also severe penalties if the guidelines aren’t followed.

From ACS

Mark Tripodi, chief innovation officer for ACS’ government healthcare solutions group will explain why data can easily be put at risk and what can be done to ensure organizations meet privacy standards.

Assessment

You can access the recording here: http://bit.ly/eyv65U.

For more on Xerox: http://xrx.sm/news.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details 

“Journal of Financial Management Strategies” for Healthcare Organizations

ADVERTISEMENT

Hospitals and Healthcare Organizations

[A Textbook of Financial Management Strategies]

Buy from Amazon

 

ICD-10 is Not an Airplane

It’s Another Part of HIPAA the ADA Won’t Discuss

By D. Kellus Pruitt DDS

A couple of days following the heads up I posted concerning the imminent upgrade from the tedious ICD-9 coding system to the ICD-10 that is said to be exponentially more complicated, informatics specialist Tom Sullivan posted a signal to fellow coders nationwide: “7 tactics for making ICD-10 urgent.”

http://www.healthcareitnews.com/blog/7-tactics-making-icd-10-urgent 

If you are fed up with unfunded, non-productive and ineffective mandates like I am, I imagine an alert to coders to create urgency in your practice makes your ear lobes burn bright red as well.

Tedious Administrative Tasks 

According to Sullivan, the ICD-10 presents providers with new requirements for “care management protocols, clinical and financial databases and reports, reimbursement, registries, quality management and research.” These requirements do not promote patients’ best interests. These tedious administrative tasks only enable HIPAA-covered entities to get paid.

ADA

If you are a HIPAA-covered dentist with a voluntary but permanent 10-digit NPI number which is required for ICD-10 compliancy, are you aware if ADA leaders have yet described the ICD-10 coding system any better than they described the NPI number that Delta Dental, BCBSTX, as well as the ADA aggressively promoted years ago?

Who knows? The ICD-10 may not even apply to dentistry. Somewhere deep in the HIPAA Rule, there might be a footnote that says “except in dental practices.”

Department of Dental Informatics

This isn’t the first time I’ve heard rumors about HIPAA’s nasty surprises for dentists. Five years ago this month, “quality” control through dental informatics was enthusiastically but perhaps prematurely revealed to me by an excited spokesman for the ADA Department of Dental Informatics. It was his email that equipped me with everything I needed for this 5 year adventure.

Shortly afterwards, the topic of HIPAA became so poisonous for ADA officials to discuss that the misled leaders who unwittingly signed on to promote digital fantasies in dentistry only rarely appeared in print and never on the internet – leaving the responsibility of informing naïve and trusting ADA members about the downsides of EHRs to those who sell EHRs.

Nevertheless, following three years of official silence about HIPAA from the ADA, in the last 14 months there have been two commentaries published in the JADA which promote quality control in dentistry. The first was written by James Bader DDS and appeared in the December 2009 edition of the JADA titled “Challenges in quality assessment of dental care.”

http://jada.ada.org/cgi/content/full/140/12/1456  

Quality Control 

The second commentary concerning quality control was written by Editor Michael Glick DMD titled ““When good may not be good enough — The need for clinical performance measures in dentistry.” (I’m no longer able to access JADA online).

EBD 

HIT stakeholders Bader and Glick, who are both fervent supporters of Evidence Based Dentistry as well as paperless dental practices, carefully tiptoe around what looks to me like an oppressive, micromanaged future for dentists. They both argue what must be a desperate committee-approved talking point – that quality assessment is critically important for ADA members so that fully-licensed dentists will have digital, Evidence-Based proof that their care is better than dental therapists’ who work for much less money.

Are ADA leaders sitting around a big table in ADA Headquarters when they think up this crap?

In addition, the cloistered committee concludes that patients’ opinions of their dentists is too difficult to collect and less reliable than algorithms based on dental claims and other data provided by the ICD-10 (?).

In fact, Dr. Bader is so confident in Evidence-Based digital results, he dismisses the need for any patient involvement in quality assessment: “Patient satisfaction has been shown to be associated only weakly with other assessments of quality of care, which means that it cannot be used as a surrogate for measures of technical quality.” Try telling that to a formerly satisfied dental patient who suddenly must pick his or her next dentist from a “preferred” provider list of strangers.

Assessment 

You mean like Ingenix’s measures of technical quality, Dr. Bader? In 2008, NY Attorney General Andrew Cuomo spanked the UnitedHealth subsidiary for selling algorithmic excuses to insurers to be used to cheat out-of-network physicians.

Conclusion

If you are a small business owner who reasonably asks to be paid no more and no less than what one is owed as quickly as possible – if not immediately like all other businesses in the land of the free – I’m pretty sure Sullivan’s 7 pearls intended to make ICD-10 more urgent for doctors will light up the lobes again. And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

 

Has the HIT Bubble Already Popped?

Long Before Reaching … Dentistry

[By Darrell K. Pruitt DDS]

HCPlexus recently partnered with Thompson Reuters to conduct a nationwide survey of almost 3,000 physicians about their opinions of the quality of health care in the near future considering the Patient Protection and Affordable Care Act (PPACA), Electronic Medical Records, and their effects on physicians and their patients. (See “5-page Executive Summary”)

http://www.hcplexus.com/PDFs/Summary—2011-Thomson-Reuters-HCPlexus-National-P

Results:

“Sixty-five percent of respondents believe that the quality of health care in the country will deteriorate in the near term. Many cited political reasons, anger directed at insurance companies, and critiques of the reform act – some articulating the strong feelings they have regarding the negative effects they expect from the PPACA.”

What’s more, one in four physicians think eHRs will cause more harm than help. So what’s the accepted threshold for the Hippocratic Oath to come into play?

Do you also find excitement in healthcare reform’s surprises? Experiencing the sudden, last minute turns healthcare reform has taken lately is like riding shotgun with Mayhem behind the wheel, texting. Here’s other discouraging news from the same HCPlexus-Thompston Reuters survey: “A surprising 45% of all respondents indicated they did not know what an ACO is, exposing a much lower awareness of ACOs versus the broader implications of PPACA. It appears there has been a lack of physician education in this area.”

ACOs Defined 

Since I also had no idea what an ACO is, I searched the term and came across a timely article that was posted on NPR only days ago titled, “Accountable Care Organizations, Explained.”

http://www.npr.org/2011/01/18/132937232/accountable-care-organizations-explained

Author Jenny Gold writes: “ACOs are a new model for delivering health services that offers doctors and hospitals financial incentives to provide good quality care to Medicare beneficiaries while keeping down costs.” Does that remind anyone of insurance HMO promises just before the bad idea collided with surprisingly intelligent consumers in the early 1990s? Kelly Devers, a senior fellow at the nonprofit Urban Institute, is quoted: “Some people say ACOs are HMOs in drag,” There’s a sharp turn nobody warned us about.

HMO Differentiation 

Further blurring the difference between ACOs and HMOs, Gold adds “An ACO is a network of doctors and hospitals that shares responsibility for providing care to patients. Under the new law, ACOs would agree to manage all of the health care needs of a minimum of 5,000 Medicare beneficiaries for at least three years.” I wonder if we’ll see a resurrection of HMO gag orders preventing physicians from discussing effective but expensive treatment alternatives not offered by the ACO.

As expected, not only are hospitals and doctors competing for the opportunity to run ACOs, but so are former HMO insurance agents. Devers explains, “Insurers say they can play an important role in ACOs because they track and collect data on patients, which is critical for coordinating care and reporting on the results.” As a provider, do you trust UnitedHealth’s Ingenix data mining tendencies? A few years ago, NY State Attorney General Andrew Cuomo spanked the company for selling insurers pseudo-scientific excuses to cheat out-of-network physicians.

Just like Health Maintenance Organizations don’t maintain health, insurer-based Accountable Care Organizations will not bring accountability to care any more than the Patient Protection and Affordable Care Act provides patient protection and affordable care. And since I’m exposing blatant bi-partisan deceptions, there is no privacy or accountability in the Health Insurance Portability and Accountability Act, and the “HIPAA Administrative Simplification Statute and Rules Act” doesn’t.

HITECH Funding

Gold suggests that because HITECH rules were written intentionally vague in order to push the envelope of stakeholders’ imaginations, similar to HIPAA’s ineffective security rules I suppose, the doctors’ predictable ignorance of ACOs is understandable.

But then again, all this may not even matter in a few months. According to Howard Anderson, Executive Editor of HealthcareInfoSecurity.com, HITECH funding itself is threatened. He recently posted “GOP Bill Would Gut HITECH Funding – Unobligated HITECH Act Funds Would be Eliminated.”

http://www.govinfosecurity.com/articles.php?art_id=3306

Assessment

While Obama’s healthcare reform teeters between two houses, I encourage consumers to plead with their lawmakers to stop being suckered in by cheap, meaningless buzzwords sprinkled in the titles of bills. I’m hoping we can at least get them to read a little deeper. Be on your toes. Mayhem is “recalculating.”

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

About the CDT Health Privacy Project

Survey of Concerns about Health 2.0 and HIPAA

By Staff Reporters 

The Center for Democracy and Technology is a non-profit public interest organization working to keep the Internet open, innovative, and free.

A Civil Liberties Group

As a civil liberties group with expertise in law, technology, and policy, CDT works to enhance free expression and privacy in communications technologies by finding practical and innovative solutions to public policy challenges while protecting civil liberties.

Assessment

The CDT is dedicated to building consensus among all parties interested in the future of the Internet and other new communications media. 

http://cdt.org/about

Health 2.0 / HIPAA Survey

Submit your questions on Health 2.0 / HIPAA here:

Link: http://cdt.org/blogs/cdt/submit-questions-health-20hipaa

Deven McGraw is Director of the Health Privacy Project for the CDT.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

About Cyber Insurance for Doctors

Join Our Mailing List

What it is – How it works?

By Staff Reporters

All medical practitioners and ME-P readers and subscribers are aware that there are stiff penalties for protected health information [PHI] data breaches. And, the HIPPA policies and laws are legendary.

Security Standards

Cyber security standards are standards which enable healthcare and other organizations to practice safe security techniques to minimize the number of successful cyber security attacks and HIPPA information breaches.

Assessment

These guides provide general outlines as well as specific techniques for implementing cyber security. For certain specific standards, cyber security certification by an accredited body can be obtained. There are many advantages to obtaining certification including the ability to get cyber security insurance.

Link: ISA – Cyber-Insurance Metrics and Impact on Cyber-Security

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

Understanding Client Engagement Letters for Financial Advisors

Review the Basics to Protect Yourself from Liability

By Dr. David Edward Marcinko MBA CMP™

http://www.CertifiedMedicalPlanner.org

[Publisher-in-Chief]

According to the Professional Liability Agents Network (PLAN), a nonprofit association of insurance agencies specializing in risk management and loss prevention, there are two things that FAs should remember about engagement letters: have them and revise them. In fact, according to iMBA Inc’s Dr. Gary L. Bode CPA MSA – an accountant, financial advisor and board certified doctor – not all financial advisors and financial planners use engagement letters. “And, I think they are making a big mistake.”

www.MedicalBusinessAdvisors.com

Moreover, merely having a standard engagement letter is not enough: The changing scope of client service requires advisors and planners to review and update their engagement letters annually. Engagement letters should be updated to reflect changes in the engagement’s scope or timing. Many attorneys also recommend using a separate engagement letter each year to avoid problems of continuous representation and to establish the date of the statute of limitations before the engagement begins (thereby limiting the time period in which a client can file a claim).

The 10 Essential Elements

Even short, simple engagement letters are binding contracts. When creating or updating your engagement letters, make sure several essential provisions are included. Although additional clauses may be necessary, these basic provisions are the framework of your engagement letter.

1. Scope of Services and Limitations

Many doctors and lay professionals think of financial planning as a comprehensive analysis. If your engagement is limited, you must state that clearly in your engagement letter. Courts have held that it is reasonable for a client to expect a comprehensive analysis unless you state otherwise.

2. Client Responsibilities

The client’s role in an engagement is to provide the advisor or planner with certain data and to verify its accuracy. An engagement letter should contain a provision identifying the assistance you expect from your client in providing information and verifying its accuracy. The engagement letter should also specify any timetables applicable to this information.

3. Fees and Billing Procedures

Fee collection suits by advisors and planners against clients can result in professional liability counter-suits. You can prepare for this problem by specifying fees and billing procedures. An important part of this provision is your right to suspend work in progress until unpaid balances are brought current.

4. SEC Provisions for Investment Advisors

Planners who serve in investment advisory roles are required by the SEC to add several clauses to their engagement letters. First, if you collect any part of your fee in advance, you must explain in your engagement letter how a refund of the advance fee will be calculated if the client decides to stop the relationship before you have finished your work.

Second, you must state that you will not assign your responsibilities as a planner to a third party without the written consent of the client.

Finally, you can avoid regulatory responsibilities resulting from your possessing discretionary authority to act on behalf of your client by including in your engagement letter a disclaimer that says you will not exercise your discretionary authority without the client’s express written consent.

5. IRS Requirements

The IRS requires financial advisors and financial planners to have written consent to use a client’s tax return for purposes other than preparing a tax return. Thus, to protect yourself from liability, it’s important to add a “consent to use tax return information” clause in engagement letters.

6. Sharing of Information

Many financial advisors and planners recommend including in engagement letters a clause that allows the planner to receive information from and share information with their client’s other advisors. But, if you’re going to exchange information about a client, you’d better have the client’s affirmation; much like the HIPAA Statutes [business associates agreement].

7. Dispute Resolution

Include an arbitration clause in every engagement letter – arbitration is much faster and cheaper than taking a case through the court system. This theory is supported by PLAN, which recommends including in every engagement letter details about the type of dispute resolution to be used in the case of a disagreement.

8. Limitation of Liability

PLAN recommends that client service professionals require clients to either indemnify them from certain types of claims or establish a dollar limit on their liability. Although this provision has been used successfully in other professions, the SEC position on such clauses seems unclear. So, before adding a limitation of liability or indemnification clause, then, check with your state and federal regulatory agencies about standard procedure.

9. Good Will

Many firms conclude an engagement letter with a “good will” provision that thanks the client for his or her business and offers to discuss the letter and its provisions if the client has questions. While this provision may appear gratuitous, PLAN believes this can be critically important to a defense if a client claims to not know what he or she was signing.

10. Signature

As mentioned above, your engagement letter becomes your contract for professional service. As such, it is important to have it signed by your client http://www.plan.org

Assessment

Much like medical and surgical consent forms, or even treatment plans, client engagement letters for financial services professionals now seem the norm.

Note: Julie Schaeffer, a Chicago-based freelance writer, assisted in the original version of this essay.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

Has the ADA Ever Mentioned Quality Control?

About My Tell-All Book?

By D. Kellus Pruitt DDS

One day, I’m going to write a tell-all book about quality control dentistry …  But, for all I’ve been told, it might be fiction.

The Quality Mandate 

Here’s something I find entertaining about the “quality” reporting mandate that was quietly written into HIPAA about the time President Clinton amended the 1966 Freedom of Information Act – making doctors’ records no longer proprietary business information. The 1996 HIPAA Rule is modular, and around every corner, we’ve learned there is an exploding surprise that was slipped into a thick bill long ago. The bolus technique of passing difficult legislation is not unlike the way the 2000 page healthcare reform bill was handled. It gets crap through the system too quick to be read, understood and debated by principals in healthcare who aren’t paying attention anyway. It’s a rule-making policy that simply favors stakeholders rather than doctors and patients. Depending on the campaign contributions, silliness can catch fire like a Madoff investment.

Dental Quality Compliance 

I don’t know about physicians, but dentists have never been warned about the quality control part of compliance. Now that it’s an integral part of healthcare reform’s imaginary funding, it’s a sure bet that no ADA official is willing to discuss the egregious blunder even anonymously.

ADA Department of Informatics

Soon enough, ADA members will learn about the clandestine quality control efforts of the ADA Department of Informatics – the brainchild of former ADA Sr. Vice President Dr. John Luther, who I hear is no longer part of the organization. Although I’m a persistent, nosey outsider peeking into a secretive not-for-profit organization (?), from what I can tell, the ADA’s interest in quality control began about 6 years ago following a visit to the ADA Headquarters by Newt Gingrich – which evidently favored the ADA Department of Dental Informatics with federal funding to replace dependence on finicky members’ dues. Had ADA members who were busy treating dental patients actually known the directions the ADA took the ADA’s mission statement for easy money, Dr. Luther’s career with the organization would have been even shorter.

Anonymous ADA Leaders 

Knowing that anonymous ADA leaders’ blunders no longer stay hidden forever, don’t you find the shyness of today’s dental leaders amusing? Don’t you just know the trusting early-adopters of interoperable eDRs will be pissed off when they discover that long ago, the ADA could have warned them about ambitious stakeholders’ plans for the profession?

Assessment

Who’s going to break the sweet news to dues-paying members before CMS, insurers, and quality control consultants (today’s dental insurance consultants), are granted a back door to HIPAA-compliant dentists’ interoperable computers allowing access for real-time quality control authorities, as well as fraud, HIPAA, FTC and other inspectors working on commission? It’s a dark tale.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

%d bloggers like this: