• Member Statistics

    • 763,098 Colleagues-to-Date [Sponsored by a generous R&D grant from iMBA, Inc.]
  • David E. Marcinko [Editor-in-Chief]

    As a former Dean and appointed Distinguished University Professor and Endowed Department Chair, Dr. David Edward Marcinko MBA was a NYSE broker and investment banker for a decade who was respected for his unique perspectives, balanced contrarian thinking and measured judgment to influence key decision makers in strategic education, health economics, finance, investing and public policy management.

    Dr. Marcinko is originally from Loyola University MD, Temple University in Philadelphia and the Milton S. Hershey Medical Center in PA; as well as Oglethorpe University and Emory University in Georgia, the Atlanta Hospital & Medical Center; Kellogg-Keller Graduate School of Business and Management in Chicago, and the Aachen City University Hospital, Koln-Germany. He became one of the most innovative global thought leaders in medical business entrepreneurship today by leveraging and adding value with strategies to grow revenues and EBITDA while reducing non-essential expenditures and improving dated operational in-efficiencies.

    Professor David Marcinko was a board certified surgical fellow, hospital medical staff President, public and population health advocate, and Chief Executive & Education Officer with more than 425 published papers; 5,150 op-ed pieces and over 135+ domestic / international presentations to his credit; including the top ten [10] biggest drug, DME and pharmaceutical companies and financial services firms in the nation. He is also a best-selling Amazon author with 30 published academic text books in four languages [National Institute of Health, Library of Congress and Library of Medicine].

    Dr. David E. Marcinko is past Editor-in-Chief of the prestigious “Journal of Health Care Finance”, and a former Certified Financial Planner® who was named “Health Economist of the Year” in 2010. He is a Federal and State court approved expert witness featured in hundreds of peer reviewed medical, business, economics trade journals and publications [AMA, ADA, APMA, AAOS, Physicians Practice, Investment Advisor, Physician’s Money Digest and MD News] etc.

    Later, Dr. Marcinko was a vital recruited BOD member of several innovative companies like Physicians Nexus, First Global Financial Advisors and the Physician Services Group Inc; as well as mentor and coach for Deloitte-Touche and other start-up firms in Silicon Valley, CA.

    As a state licensed life, P&C and health insurance agent; and dual SEC registered investment advisor and representative, Marcinko was Founding Dean of the fiduciary and niche focused CERTIFIED MEDICAL PLANNER® chartered professional designation education program; as well as Chief Editor of the three print format HEALTH DICTIONARY SERIES® and online Wiki Project.

    Dr. David E. Marcinko’s professional memberships included: ASHE, AHIMA, ACHE, ACME, ACPE, MGMA, FMMA, FPA and HIMSS. He was a MSFT Beta tester, Google Scholar, “H” Index favorite and one of LinkedIn’s “Top Cited Voices”.

    Marcinko is “ex-officio” and R&D Scholar-on-Sabbatical for iMBA, Inc. who was recently appointed to the MedBlob® [military encrypted medical data warehouse and health information exchange] Advisory Board.

    entrepreneur

    Frontal_lobe_animation

  • ME-P Information & Content Channels

  • ME-P Archives Silo [2006 – 2019]

  • Ann Miller RN MHA [Managing Editor]

    ME-P SYNDICATIONS:
    WSJ.com,
    CNN.com,
    Forbes.com,
    WashingtonPost.com,
    BusinessWeek.com,
    USNews.com, Reuters.com,
    TimeWarnerCable.com,
    e-How.com,
    News Alloy.com,
    and Congress.org

    Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM)

    Product Details

    Product Details

    Product Details

  • CERTIFIED MEDICAL PLANNER® program

    New "Self-Directed" Study Option SinceJanuary 1st, 2018
  • Most Recent ME-Ps

  • PodiatryPrep.org


    BOARD CERTIFICATION EXAM STUDY GUIDES
    Lower Extremity Trauma
    [Click on Image to Enlarge]

  • ME-P Free Advertising Consultation

    The “Medical Executive-Post” is about connecting doctors, health care executives and modern consulting advisors. It’s about free-enterprise, business, practice, policy, personal financial planning and wealth building capitalism. We have an attitude that’s independent, outspoken, intelligent and so Next-Gen; often edgy, usually controversial. And, our consultants “got fly”, just like U. Read it! Write it! Post it! “Medical Executive-Post”. Call or email us for your FREE advertising and sales consultation TODAY [770.448.0769]

    Product Details

    Product Details

  • Medical & Surgical e-Consent Forms

    ePodiatryConsentForms.com
  • iMBA R&D Services

    Commission a Subject Matter Expert Report [$250-$999]January 1st, 2019
    Medical Clinic Valuations * Endowment Fund Management * Health Capital Formation * Investment Policy Statement Analysis * Provider Contracting & Negotiations * Marketplace Competition * Revenue Cycle Enhancements; and more! HEALTHCARE FINANCIAL INDUSTRIAL COMPLEX
  • iMBA Inc., OFFICES

    Suite #5901 Wilbanks Drive, Norcross, Georgia, 30092 USA [1.770.448.0769]. Our location is real and we are now virtually enabled to assist new long distance clients and out-of-town colleagues.

  • ME-P Publishing

  • SEEKING INDUSTRY INFO PARTNERS?

    If you want the opportunity to work with leading health care industry insiders, innovators and watchers, the “ME-P” may be right for you? We are unbiased and operate at the nexus of theoretical and applied R&D. Collaborate with us and you’ll put your brand in front of a smart & tightly focused demographic; one at the forefront of our emerging healthcare free marketplace of informed and professional “movers and shakers.” Our Ad Rate Card is available upon request [770-448-0769].

  • Reader Comments, Quips, Opinions, News & Updates

  • Start-Up Advice for Businesses, DRs and Entrepreneurs

    ImageProxy “Providing Management, Financial and Business Solutions for Modernity”
  • Up-Trending ME-Ps

  • Capitalism and Free Enterprise Advocacy

    Whether you’re a mature CXO, physician or start-up entrepreneur in need of management, financial, HR or business planning information on free markets and competition, the "Medical Executive-Post” is the online place to meet for Capitalism 2.0 collaboration. Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds. ******************************************************************** THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
  • OIG Fraud Warnings

    Beware of health insurance marketplace scams OIG's Most Wanted Fugitives at oig.hhs.gov

PHI RansomWare Just Went Up!

Join Our Mailing List

1-darrellpruitt

[By Darrell K. Pruitt DDS]

Expect malware entrepreneurs to charge what the market will bear, again and again.

“OCR Releases Guidance on Ransomware: ‘Your Money or Your PHI’”. By Dianne J. Bourque for The National Law Review,” July 12, 2016

http://www.natlawreview.com/article/ocr-releases-guidance-ransomware-your-money-or-your-phi

Bourque: “A key component of the guidance provides a ransomware attack that encrypts a Covered Entity’s ePHI is presumed to be a breach. As ransomware can infect a Covered Entity’s entire system, this presumption may lead to enormous breach notification obligations.”

Bourque adds: “OCR indicates that when ePHI is encrypted as a result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals took possession of the information) and is thus a ‘disclosure’ not permitted under the HIPAA Privacy Rule has occurred.”

When patients are notified of data breaches – for any reason – many will quietly change providers. According to The Ponemon Institute, loss of future income is the most costly result of lawfully reporting data breaches…. and ransomware attacks are at “epidemic” levels. I have heard dentists are paying the ransom quickly.

The disincentives to do the right thing were overwhelming providers even before the OCR’s recent ruling. Such is the ugly nature of extortion.

Assessment

Cha-ching! 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Protect Privacy – DO NOT Use EMRs!

Join Our Mailing List 

OCR pays its own way

1-darrellpruittSubmitted By‏ Darrell Pruitt DDS

“OCR unleashes second wave of HIPAA audits, but will it diminish patients’ privacy and security expectations?

Healthcare entities should expect the Office for Civil Rights to levy fines that help fund the program.  And until OCR delivers a draft audit protocol breaches will continue at patients’ expense.”

By Tom Sullivan for HealthcareIT News

[March 23, 2016]

http://www.healthcareitnews.com/news/ocr-unleashes-second-wave-hipaa-audits-will-it-diminish-patients-privacy-and-security

Sullivan: “Here come the HIPAA audits. And even though OCR has yet to clearly outline what healthcare providers should expect exactly, one thing to anticipate is plenty of financial penalties.”

And David Harlow, a health lawyer, consultant and founder of The Harlow Group, tells HealthcareIT News,

“Who loses out as a result? Patients. The breaches continue, free credit monitoring services are offered, and we all move forward with a diminished expectation of privacy and security.”

***

image002

***

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

***

There’s a New HIPAA Sheriff in Town

Join Our Mailing List 

On OCR Director Jocelyn Samuels

1-darrellpruitt

[By D. Kellus Pruitt DDS]

When the explosions of breaches of patients’ medical identities occur – as predicted by the FBI and others – will the new OCR Director Jocelyn Samuels continue to be as sympathetic and forgiving as Leon Rodriguez has been?

Or; will she take on the role of bad cop?

 

The Replacement

Samuels, who is tying up loose ends in her current position with the civil rights division at the Department of Justice, has replaced Rodriguez as the new head of the HHS’ Office for Civil Rights – which prosecutes HIPAA violations. Many are wondering about her level of enthusiasm for enforcement, especially since data breaches are only getting worse, not better.

Privacy and security attorney Adam Greene, who once served as a member of the OCR staff, tells GovInfo that the challenge for Samuels is “to strike the balance where HIPAA is seen as having ‘teeth’ but covered entities and business associates can still count on OCR as being reasonable when there are areas of ambiguity or privacy or security issues occur despite good efforts at compliance.”

(See: “Impact of New HIPAA Enforcement Leader – Are New Strategies, Directions on the Horizon?” by Marianne Kolbasuk McGee for GovInfoSecurity.com, July 11, 2014).

http://www.govinfosecurity.com/impact-new-hipaa-enforcement-leader-a-7049/op-1

Healthcare Harm

Principals in healthcare – providers and patients – continue to be harmed by EHRs designed to satisfy third-parties’ questionable Meaningful Use requirements rather than principals’ needs. For example, on April 8, the FBI warned that EHRs are becoming increasingly vulnerable to hackers. (See: “Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain”).

http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-intrusions.pdf

Under Rodriguez, OCR has arguably spared the rod (mostly), choosing instead to discuss and correct HIPAA violations in an informal, private, non-punitive manner. I think both Rodriguez and Secretary Sebelius backed off of more aggressive enforcement because they recognized that without cooperation from doctors and patients, EHRs are certain to fail – mandate or no mandate. Nevertheless, it has proven to be far too easy for stakeholders who cannot be held accountable to patients, to marginalize their needs.

Jocelyn Samuels

[New OCR Director Jocelyn Samuels]

Example

Rodriguez did his best to appease all sides. For example, it was under his watch that the name of the HHS website listing breaches of 500 or more patients’ identities was changed from “Wall of Shame” to the more benign “HHS Breach Reporting Tool.”

For hapless providers whose data breaches were unavoidable, the name change eliminates some of the shame associated with being nationally recognized as a careless doctor who cannot keep thieves from stealing patients’ identities.

Assessment 

As long as there is nothing holding down the cost and liability of HIPAA compliance, there will always be room for more regulation, and the cost of healthcare will never be cheaper.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

New-Age Physician Risks Courtesy of Health Information Technology

Join Our Mailing List

Issues You May Not Have Considered

By David K. Luke MIM, Certified Medical Planner™

www.CertifiedMedicalPlanner.org

The entire nation continues to experience a medical malpractice liability crisis.

Facing physicians is the concern of frequency and severity of claims that either continues to rise or remains steady. And, much has been written about the impact of the liability crisis on physicians, the medical community, patients and access to care.

But, with health 2.0 connectivity, there are even more risks for doctors, and most all medical professionals, to consider.

So, here are a few fresh liability risks to your medical practice, to you, and to your patients courtesy of the health information age:

  1. Data breech risk. While not a new risk, the higher prevalence is new. The risks of a being fined by OCR due to the privacy rules of HIPAA because a practice had a data-breech with their EHR is becoming more common and very expensive
  2. Risks of telemedicine. As physicians become more technologically enabled in their practice of medicine, some are turning to real-time videoconferencing and other technologies. Some specialties such as psychiatry have been early adopters, but have to make sure they are still employing the same standards of care required by an in office visit (Cash 26). Also, the telephone can facilitate medical care but also result in adverse outcomes leading to telephone-related malpractice suits (Mondor, et al 517).
  3. Risks of new age medicine practices and their regulation. Case in point: Dry needling, which is like acupuncture, is a growing practice in places like Australia but is unregulated. Physicians should understand all regulatory and other risks when implementing new unregulated practices pushed by our new age society (Janz). Home births are on the rise in North America (even in Canada with government provided hospital delivery) but physicians end up dealing with the disasters and associated risks when they occur (Bochove 68).
  4. Reputation Risk. Reputation is a doctor’s most valuable asset. With the new age of internet and instant information, physicians must take great care in managing their reputation on such media sources as they are under increasing public and press scrutiny (Boyd 221).
  5. Communication risks to immigrants with limited non-native language proficiency. With today’s higher immigrant population in the United States, more medical practices are treating patients with limited English language proficiency. Clinicians now run the risk of not properly communicating medical risk information to these populations. A recent study shows that materials that include visual aids are being used by medical practices to effectively communicate with the patient (Garcia-Retamero, Rocio, and Mandeep, K. Dhami 47).
  6. The rise of the informed distrusting patient and related risks. With the ubiquity of medical information on the internet, the risks incurred by a medical practice in properly dealing with the newly informed patients with medical degrees from the University of Google Medical School are on the rise. Physicians must refine their “bed side manner” and improve their communication skills in order to deal with a more questioning patient population. Clinicians should actively discuss what patients have read on the internet when patients refer to their internet diagnoses (Lam-Po-Tang, John, and Diana McKay 130).

Works Cited

  • Bochove, Danielle. “Don’t Try This At Home.” Maclean’s 124.33/34 (2011): 68. MasterFILE Premier. Web. 27 Apr. 2012.
  • Boyd, M. “Managing Risk To Reputation.” Clinical Risk 15.6 (2009): 221-223. CINAHL Plus with Full Text. Web. 27 Apr. 2012.
  • Cash, Charles, D. “Telepsychiatry And Risk Management.” Innovations In Clinical Neuroscience 8.9 (2011): 26-30. CINAHL Plus with Full Text. Web. 27 Apr. 2012.
  • Garcia-Retamero, Rocio, and Mandeep, K. Dhami. “Pictures Speak Louder Than Numbers: On Communicating Medical Risks To Immigrants With Limited Non-Native Language Proficiency.” Health Expectations 14.(2011): 46-57. CINAHL Plus with Full Text. Web. 27 Apr. 2012.
  • Janz, StephenAdams “Acupuncture by Another Name: Dry Needling in Australia.” Australian Journal Of Acupuncture & Chinese Medicine 6, no. 2: 3-11. Alt HealthWatch, EBSCOhost. Web. 27 Apr. 2012
    • Lam-Po-Tang, John, and Diana McKay. “Dr Google, MD: A Survey Of Mental Health-Related Internet Use In A Private Practice Sample.” Australasian Psychiatry 18.2 (2010): 130-133. Academic Search Complete. Web. 27 Apr. 2012.
    • Maureen Mondor, et al. “Patient Safety And Telephone Medicine.” JGIM: Journal Of General Internal Medicine 23.5 (2008): 517-522. Academic Search Complete. Web. 27 Apr. 2012

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

EHRs – Still Not Ready For Prime Time

Join Our Mailing List 

At Least … Not Yet!

By David K. Luke MIM, Certified Medical Planner™ candidate

www.NetWorthAdvice.com

www.CertifiedMedicalPlanner.org

Since Feb 17, 2009 when President Obama signed into legislation the Health Information Technology for Economic and Clinical Health Act (HITECH) as a part of the 2009 stimulus package, the incentives were promised for the adoption in health care practices of Electronic Health Records (EHRs).

The Carrot and the Stick

The incentives payments for “meaningful use” range from $63,750 over 6 years by Medicaid to maximum payments of $44,000 over 5 years for Medicare. The penalty for not adopting by Medicare will be 1% of Medicare payments in 2015, increasing to 3% over 3 years. Stimulus money is granted based on meaningful use of an EHR system.

The Reality

Stories are rolling in by early adopters now that give cause for a prudent physician to rethink implementation anytime soon of an EHR for his/her practice. Here is a sampling:

  • EHRs can be hacked and doctors will be held accountable. A total of 385 breaches of protected health information affecting over 19 million records have been reported since August 2009 (Redspin Breach Report 2011). Redspin also reports that industry estimates have put the value of a stolen health record on the black market at about $50 per record. For me, this is the biggest red flag for implementing an EHR now. Vendors are offering solutions in the form of data “masking”, but this could increase the cost of the systems.
  • EHRs have stringent audit requirements under the HITECH Act. Health care organizations are expected to monitor for breaches of PHI. Audit logs must be kept. Audit strategy, process, and implementation tools must be used to meet stage 1 meaningful use criteria. Sanctions to employees for not following protocol. Healthcare facilities leave themselves vulnerable to individual and class action lawsuits when they do not have a strong enforcement and audit program in place for their EHR.
  • EHRs are expensive to implement, both in terms of money and in terms of time. Dollar costs range from free (Practicefusion) to $50,000+ for such EHR vendors as Allscripts or eClinicalWorks + ongoing maintenance costs. But don’t’ forget the time investment. Even small EHR systems can take 2 years to implement. I have just witnessed a client’s large pediatric practice literally crippled with the initial time investment required for staff and physicians to learn the system. Half staffing the front desk and other areas so employees can go to training has caused a drain on both patient and employee morale.
  • Legal concerns are still unanswered regarding EHRs. Currently the debate is still on about who owns the electronic data. The EHR vendor will tell you that you do. HIPPA gives the patient the right to see their record or chart, and the right to have a physical copy of their record based on a reasonably cost for copying and postage. Typically doctors share medical records with other health care providers as a professional courtesy. Empowered patients think they own their records. According to a reference regarding an HIMSS white paper, a patient owns the data in a Continuity of Care Document and has the ability to input and access that information.
  • Obtaining meaningful use stimulus payments is not a given. I met with a physician owner client a few months ago in Arizona that has implemented an EHR for their pediatric practice and was hoping to receive the stimulus payment for stage one by completing the 20 criteria needed. After plowing through the 31-page “Arizona Medicaid EHR Incentive Program” guide provided by The Arizona Health Care Cost Containment System Administration or AHCCCS, which is the Arizona arm of Medicaid he turned in his application, which was denied. His initial reaction was that the program did not have the funding in Arizona, but that seems not to be the case as a number of large payments have been made now in the state. Banner Healthcare, which operates the largest hospital system in the state with thirteen inpatient facilities, reported a total of $12.4 million in Medicaid booty for implementation of its NextGen Healthcare EMR systems in 2011. It appears that there is a learning curve involved here and the smaller practices will catch up while the hospitals currently seem to have better systems in place to capture the stimulus money. An entire MU industry has emerged to help physicians such as my client perfect their stimulus applications.

Risk vs. Reward

In the investment world I am always comparing risk vs. return when managing my client’s portfolios. At times in the marketplace, for various reasons, it just does not make economic sense to make certain investments as the possible risks far outweigh the potential return. An easy example now is the investment in “safe” longer-term treasury bonds. With a near 40-year low in interest rates, the 30-year treasury today yields 3.18 %. Yet if interest rates rise 1% in the marketplace, that 30-year treasury can drop 12%. A 2% rise can result in a fall of 22% in value. It would take 7 years accumulating 3.18% to offset the loss in value caused by a 2% rise in rates. I do not think rates are going up 2% tomorrow, but I just do not like the risk/reward spectrum here. Likewise, the biggest concern currently I have with EHRs is data breeches, as mentioned above, and the stiff penalties involved currently. Paper systems look a whole lot cheaper and safer when considering the ease at which a data breech can occur with electronic data. Fines, criminal sentencing, and disciplinary action by licensing boards are risks not worth taking considering current history on data breeches. Losing your license or your business or personal freedom because of an employee’s careless actions is not worth it. Lest you think I exaggerate, consider the following examples from the past few years enforced by the Office for Civil Rights (OCR), the enforcement side of the US Department of Health and Human Services that enforces HIPAA, and by employers and licensing boards:

Incident: A terminated researcher at UCLA School of Medicine retaliated by accessing UCLA patient records (many celebrities) 323 total times over the next four weeks.

Penalty: 4 years in prison for the terminated researcher for violating HIPAA Privacy Rules

Incident: Thirteen staff members at UCLA hospital accessed Britney Spears’ medical records without authorization.

Penalty: UCLA fired the 13 individuals, suspended another six.

Incident: A doctor and two hospital employees accessed the medical records of a slain Arkansas TV reporter. Details were leaked to the press of her attack.

Penalty: All pled guilty to misdemeanors for violating HIPAA privacy rules and were sentenced to one-year probation. The three all were curious about the case and “peeked” at the patient’s record as employees of the hospital, even though she was not their patient. The doctor’s privileges were suspended by the hospital for two weeks; he was fined $5,000 and ordered to perform 50 hours of community service by speaking to medical workers about the importance of patient privacy. The two other employees were terminated.

Incident: Cignet denied 41 patients, on separate occasions, access to their medical records when requested.

Penalty: Initial violation was $1.3 million. OCR concluded that Cignet committed willful neglect to comply with the Privacy Rule and fined an additional $3 million.

Incident: 57 unencrypted computer hard discs containing PHI of more than one million people was stolen from a storage locker leased by Blue Cross Blue Shield of Tennessee (BCBST).

Penalty: OCR fined BCBST $1.5 million in settlement. The fact that BCBST secured the information in a leased data closet that was secured by biometric and keycard scan in a building with additional security was not enough. BCBST also spent $17 million in investigation, notification and protection efforts and had increased future compliance costs.

Incident: Health Net discovered that nine portable hard drives that contained PHI and personal financial information of approximately 1.5 million people were missing. The hard drives in question went missing from an IBM-operated datacenter in Rancho Cordova, California.

Penalty: The complaint alleged violations of HIPAA. Connecticut Insurance Commissioner wins a $375,000 fine for failing to protect member information and not reporting in a timely manner just months after the Connecticut AG won a $250,000 settlement for the breach. Vermont’s AG jumps in and gets a settlement of $55,000 to the State because 525 Vermonters were on the lost drive.

Incident: WellPoint / Anthem Blue Cross became aware that its customers’ health applications and information website, which contained up to 470,000 applicant’s information, was potentially publicly accessible when an applicant alerted the company that altered URLS after an upgraded authentication code could allow access to other people’s information.

Penalty: WellPoint / Anthem agreed to the terms of a class action lawsuit filed in California that will provide $1.5 million in general settlement, with an additional donation of $250,000 to two non-profit organizations aimed at protecting consumer’s rights, $150,000 donated to Consumer Action and $100,000 donated to the Public Law Center in Orange County. WellPoint / Anthem also agree to pay $100,000 to the state of Indiana for the data breach that exposed 32,000 state residents. A 2009 Indiana law requires companies to notify the state of certain data breaches within a certain period that was not met.

An Investment?

I bring up these examples to make a point. The EHR vendor will talk about your EHR being an “investment”. You cannot have an ROI if you lose money. Notice that most cases were due to careless, innocent lapses of judgment. Also in many cases actual damages either did not occur or were hard to prove. The new HITECH act extends HIPAA to allow the states’ attorney general to also bring actions, which adds more salt to the wound. Some of these cases do not appear to be done yet either as far as the lawyers are concerned. Also, notice that even when the health care provider regarding storing the data exercised extreme care (BCBST with biometric, keyscan leased lockers and Health Net employing IBM’s “secure” datacenter), the health provider was sued and fined. Smaller medical practices I believe are even more susceptible to EHR data breaches, where bad password management practices and website maintenance problems are more common and often protocols and training are not firmly in place.

Assessment

The widespread use and integrated implementation of EHRs are going to happen, no doubt. Your practice will eventually have one. 2015 is still a few years off before the first 1% Medicare penalties hit. Tell the EHR vendor to call back in 2014 once the kinks are worked out. Waiting two more years may not prevent a costly incident due to the vengeful fired employee or due to a careless slip in protocol. Those landmines will always be there.

But, two more years will allow the EHR stakeholders more time to improve their product, namely the security and encryption of the data in case of a breach, and two more years will allow the OCR and the state AG’s to fill up on the low hanging fruit and make their point.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details Product Details

Product Details

Enter the HIPAA Fear Mongers

Join Our Mailing List

Fear of HIPAA Sells

[By Darrelkl K. Pruitt DDS]

“The HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.”

– Gene Kraemer [Customer Relationship Director at The Coding Institute]

http://www.audioeducator.com/hipaa-audits-and-enforcement-042412.html?utm_medium=email&utm_source=E99NAGAJ&utm_campaign=E99NAGAJ

The most successful of opportunistic HIPAA consultants are the scariest

As a dentist for almost 30 years, I’ve noticed that along with even rumors of mandate enforcement, ambitious compliance consultants’ fear-inspiring ads start interrupting happier thoughts. It happened with OSHA’s push into dentistry 20 years ago and we clearly see the aggressive sales pitches with HIPAA as well.

The scariest part of Gene Kraemer’s description of HIPAA’s tedious requirements and bankruptcy-level liabilities is that he is simply telling the truth. So if you are a HIPAA covered dentist, be scared.

On the other hand, if you don’t store or send your patients’ digital PHI – choosing instead to use the US Mail – you are increasingly fortunate in the dentistry market. For one thing, our patients are fed up with identity thefts, and paper dental records are the gold standard in security. In addition, nothing is holding down your competitors’ costs for HIPAA compliance and it is increasing much faster than the cost of postage.

De-identify now or lose computerization, Doc. If your patients’ PHI is not present it simply cannot be hacked by an identity thief. Guaranteed more secure than Cloud. Arguably more secure than even paper dental records.

Or … You can hire The Coding Institute.

You can bet Gene Kraemer isn’t someone who would hold down the cost of compliance.

 

From: Gene_Kraemer@mail.vresp.com

Subject: HIPAA Audits & Enforcement: New Penalties & Push for Compliance – Final Notice!

Good Morning,

The US Department of Health and Human Services (HHS) is currently implementing audits to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA) for performing periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed by the end of 2012.  While in the past, audits had been performed only at entities that had had a complaint filed against them, the new rule calls for audits whether or not there is a complaint.  This means, the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.

Join us for this live audio conference on Tuesday, April 24, 2012 at 1 pm ET | 12 pm CT | 11 am MT | 10 am PT. This conference is being presented by Jim Sheldon-Dean, the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to health care firms and businesses throughout the Northeast and nationally. He serves on the HIMSS Information Systems Security Workgroup, the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates sub-workgroup.  Sheldon-Dean is a participating member of the advisory board of Vermont Information Technology Leaders (VITL), and has participated in VITL’s Vermont Health Information Technology Plan working group, VITL’s Physician EMR adoption project, and the Security Workgroup of the New Hampshire/Vermont Strategic HIPAA Implementation Plan (NHVSHIP).

Highlights of the session :

• Fines and penalties for violations of the HIPAA regulations have been significantly increased and now include mandatory fines for willful negligence that begin at $10,000 minimum.

• HIPAA Audits have been few and far between in the past, but that’s now changing – the HHS will be auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported.

• What HHS OCR is likely to ask you if you are selected for an audit, and what you’ll have to have prepared already when they do.

• The rules are that you need to comply with will be explained. Learn about the policies you can adopt that can help you come into compliance and be prepared for an audit.

• How the HIPAA rules have changed and how you may need to change. How you work to keep up with them.

• How having a good compliance process can help you stay compliant and respond to audits more easily.

• The documentation needed to survive an audit and avoid fines will be described.

• A discussion on what you’ll need to think about to deal with current and future threats to the security of patient information.

If interested, please click the following link to register and get your early bird discount : –

http://www.audioeducator.com/hipaa-audits-and-enforcement-042412.html?utm_medium=email&utm_source=E99NAGAJ&utm_campaign=E99NAGAJ

Please apply discount code “GENE20” at checkout to get your $20 discount on early registration.

Looking forward to having you onboard here.

Thanks,

Gene Kraemer

Customer Relationship Director

The Coding Institute LLC

2222 Sedwick Drive,

Durham, NC 27713

************************************************************************************8*************************

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details

Product Details

Medical [Dental] Anti-Defamation Contracts and Doctor Accountability

Join Our Mailing List

Was the ADA Complicit?

By D. Kellus Pruitt DDS

If you were to walk into my dental office with a toothache, and I told you that before I relieve your pain, you have to agree not to say bad things about me on the internet, how badly would the tooth have to be hurting to keep you from walking out the door?

The article, “Toothache lawsuit may stifle medical gag orders against online rants”, by JoNel Aleccia, was posted yesterday on MSN.com.

http://vitals.msnbc.msn.com/_news/2011/11/30/9124107-toothache-lawsuit-may-stifle-medical-gag-orders-against-online-rants

The Patient

“[Robert Lee, 42] who had a bad toothache has filed a class-action lawsuit against his New York dentist after she required him to sign a contract promising not to trash-talk her online — and then fined him thousands of dollars trying to enforce it.”

Aleccia adds: “[Dr. Stacy Makhnevich] was among hundreds of medical professionals nationwide in recent years who refused to care for patients unless they signed anti-defamation contracts. In the contracts, the doctors and dentists promised not to evade federal patient privacy protections in exchange for patients’ agreeing not to post public comments about them.”

The Dentist

Other than its obvious ineffectiveness for this particular Manhattan dentist, whose practice is on the 69 th. floor of the Chrysler Building, Lexington Avenue at East 42St., (212) 697-4400, what’s wrong with this business plan?

First of all, aside from the insult, if a dentist required you to sign a contract forfeiting your right to express your opinion about the quality of care even before being seen, how confident would it make you feel about the doctor’s abilities?

The HIPAA Question

Then there’s HIPAA. It’s sad that healthcare providers on the 69th.  floor of the Chrysler Building would take advantage of vulnerable Americans who don’t understand that their right to privacy isn’t something that can be withheld – even as part of a twisted “copyright” deal intended to enable a dentist to dodge accountability. It seems to me like the Office of Civil Rights as well as the Attorney General should be alerted. How is threatening a patient’s privacy in return for direly-needed treatment different than extortion?

The Gotcha!

Mr. Lee had forgotten the contract until months later when he allegedly discovered that Dr. Makhnevich had overcharged him by about $4,000, improperly filed the insurance and then refused to provide him with the documents he needed to file the claim himself. That’s when he started posting rants on sites like Yelp and DoctorBase, such as, “Avoid at all cost! Scamming their customers!” and “Honestly, how do you live with yourself? Just try being a decent human being.”

“Within days, Makhnevich demanded that the sites remove the comments and threatened to sue Lee. She also said he was infringing on her copyright provisions and started sending invoices for fines of $100 a day. By October, the total topped $4,600, he said.”

The Service

Since the dentist purchased the right to use Medical Justice Inc. anti-defamation contracts to prevent complaints from dis-satisfied customers from being discussed on the internet, I say she is due a refund. What’s more, if she’s given any trouble about it, she should get on the internet and complain – if she didn’t forfeit that right as part of the agreement.

The ADA

So where did Dr. Stacy Makhnevich learn about Medical Justice Inc.’s ineffective, unethical and probably illegal anti-defamation contract service? Of all places, it may well have been in ADA Headquarters, 211 E. Chicago Ave., Chicago, (312) 440-2500

Dr. Jeffrey Segal [MD, JD], the neurosurgeon and founder of Medical Justice Services Inc. which sold providers like Dr. Makhnevich the right to use his company’s contracts, was a featured speaker at the American Dental Association’s [ADA] annual Benefits Conference last year.

The ADA leadership’s decision to invite Dr. Segal to advertise his product at a benefits conference (?) reveals the old timers’ underlying paranoia that makes them prefer silence from members as well as their own dental patients.

Assessment

Since the ADA effectively put its stamp of approval on Medical Justice’s anti-defamation contracts, don’t you think the ADA News should at least post a warning about the liability to members who attended Dr. Segal’s presentation in ADA Headquarters? Let’s watch dentistry’s leaders ignore the abysmal results of yet another half-baked blunder caused by people too proud to listen.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details  Product Details

Product Details

%d bloggers like this: