Blog

Are you suspicious of all the social media hype? You should be. There’s a ton of it out there — most of it shouted at physicians by marketers and social media consultants. A healthy skepticism will guard your marketing budget, but sticking your head in the sand is a colossal mistake.

I got my first patient from Facebook three years ago. She was living in Panama, had ties to my area, and found the Facebook page I set up for my practice. She saw me for a second opinion in the office and had a good experience.

Would she have found me otherwise? Probably. But she was on Facebook, and my presence there made things easier for her.

Social media is simply a modern form of word of mouth advertising. Patients have been talking to their friends about their doctors since the beginning. Online social media is just a technology-driven extension of that phenomenon.

The most important question to ask before using social media in your practice is: “What benefits will I get from this that I can track?” Carefully consider the answers you get: more patients, more revenue, better exposure, more media coverage, etc., are all potential and real answers.

Many of my subscribers ask me, “What’s the easiest way to get started?” Sign up for accounts with all the major social media outlets: Facebook, Twitter, YouTube, LinkedIn, etc.

Start by searching. Listen to what others are saying, what videos they are making. Look for physicians and other healthcare providers online who are doing what you want to do. Follow doctors on Twitter. Find YouTube channels with videos relevant to your practice. Find similar colleagues on LinkedIn. Start bookmarking, following, and “liking.”

There’s no pressure. Just begin to be aware of how physicians are connecting, sharing, and improving their practices using social media. To stay current, you need to be where patients are online. You want to be easy to find and easy to connect with. Both current and potential patients are on social media — baby boomers are looking at pictures of their grandchildren on Facebook and teenagers are essentially being raised on Twitter. It’s becoming easier for physicians to be right there with them, at low cost, low energy, and low risk.

Don’t believe the dire warnings that you’ve missed the social media boat. Very few doctors have a professional presence on social media. That means if you beat your competitors to it, you’ll be miles ahead of them before they realize it.

Even if you just put some social media sharing buttons on your existing website, you are connecting your practice to the “social Web.” For instance, my most popular page on my practice website has been shared or “liked” on Facebook by 27 readers as of this writing.

The bottom line? Don’t dismiss social media, but start exploring for yourself how other physicians are using social media judiciously to connect with and educate patients.

C. Noel Henley, MD is an Arkansas-based orthopedic surgeon and founder of ReachPatients.com, providing marketing and practice promotion guidance for physicians. Do you think social media is a boon or burden for private practices? Tell us at editor@physicianspractice.com. Unless you say otherwise, we’ll assume that we’re free to publish your comments in upcoming issues of Physicians Practice, in print and online. Have a “Bigger Picture” opinion of your own? Send it along via e-mail and we’ll consider it for a future issue.

This article originally appeared in the April 2013 issue of Physicians Practice

How to make more money by serving your patient’s needs without working 18-hour days
Originally posted by: Marisa Torrieri, McKesson Practice Solutions

Until 2011, Washington Radiology Services, a multi-location practice in the nation’s capital and suburbs, offered the same basic two-dimensional mammograms as most of its peers.

So when the practice decided to invest millions in more than a dozen 3-D mammography units (plus related software upgrades and workstations), it bet on the premise that patients would be willing to spend extra money out of pocket for a service not yet covered by commercial payers.

“We invested in [them] because we believe it’s the best technology available for patients,” says administrator Patrick Waring, noting that patients pay a $50 fee to undergo testing with the 3-D machine, a process also known as breast tomosynthesis. Waring declined to specify exactly how much the group spent on the technology.

Fewer than 18 months later, the investment has started to pay off in both tangible and intangible ways. To date, 35,000 patients have opted for 3-D scans, opening up a new revenue source for the practice and increasing the frequency of related breast-care services such as biopsies.

Best of all, the machines, which work by rotating around the breast in an arc to create images at up to 70 different angles, help physicians detect cancer sooner.

“This allows the radiologist to see past architectural distortions,” says Waring. “It gives them better information for detecting cancers and reducing false positives.”

Breast tomosynthesis is cutting-edge diagnostic medicine. But for Washington Radiology, it also represents a way to grow its business: by offering its patient base an in-demand service, and asking them to pay for it. What the practice has found is that patients are not only willing to pay for services they value — they’re happy to.

Your practice can follow this path, too. Driving new revenue through ancillary service lines can be a bulwark against the declining revenue and increasing overhead common to modern practice, and the services can be big patient pleasers.

But be warned: Not every ancillary service is right for every practice. The key is to pick services your patients want and need, that provide them a legitimate benefit, and that you can perform without major disruption to your regular operations.

Traditional revenue streams

Before you rack your brain for an ingenious instant-millionaire idea, consider some of the less-glamorous, traditional ways to make a little extra money.

Former anesthesiologist William Dirkes is president and chief research officer of Cincinnati-based Sentral Clinical Research Services, LLC, which helps office-based physicians conduct pharmaceutical drug trials. Dirkes estimates that only about 5 percent of practicing physicians conduct drug trials in their practices, due to worries about the process, the potential startup costs, or the ethics. The upfront work includes researching the drug trial and getting patients signed up, among other tasks, and some physicians are uncomfortable with allowing their patients to be part of an experiment.

“It’s not just something you can slap onto your practice,” says Dirkes, adding that initial training on ethical issues and research on the drug and disease can take about five hours. Physicians will also have to spend 15 minutes or so a week to keep up with what’s going on. “It’s not a lot, but it’s not like just writing an order for a test.”

But if you can invest the time, you’ll reap the benefits. —Your patients can benefit, too. If physicians are looking to improve outcomes for a particular population — say, diabetes patients — offering a cutting-edge medication might make a huge difference.

“I had a couple of physicians last year who increased their income 10 to 20 percent,” says Dirkes.

Bone density testing is another common, and seemingly easy, revenue opportunity. But be careful: Experts say this service works as an add-on only if it can be done for a high volume of patients.

“Bone density testing used to have a fairly high reimbursement, and therefore the investment in the bone densitometer used to have a fairly high [return on investment], but the bone densitometer tool is very, very pricy,” says Nina Grant, vice president and agency managing director for Practice Builders, and managing partner for Ancillarypractice.com.
Because insurance typically covers bone density testing only once every few years for patients in a certain age range, the patient base would have to warrant it. To get the maximum financial benefit, a practice would probably want to consider marketing bone-health testing as part of a larger, exercise- and nutrition-based program, says Grant. In such a program, practices can ask patients to pay out of pocket for more frequent testing, can offer the testing to a wider range of patients, and can offer additional ancillary services within the context of an overall wellness program.

Moreover, practices starting such a program might want to refer the bone densitometry out until they see a large enough volume to justify the capital expense.

Before upgrading all 15 machines to include the 3-D software, Waring says his practice installed software on two machines for a four-month trial period at one location. “What if only 20 percent of our patients decided they wanted this technology? We would have only needed one 3-D machine at each office.”

Thinking creatively

Miami-based primary-care physician Oliver Di Pietro has spent more than 20 years offering a wide variety of ancillary services — including abdominal ultrasounds, pelvic ultrasounds, bone density tests, and nuclear stress tests.

But, according to Di Pietro, the additional revenue from these ancillary offerings paled in comparison to his latest venture: a ketogenic enteral-nutrition weight loss program called the “KE Diet.”

“The most lucrative endeavor that I did has been my fight to reverse obesity in my practice,” says Di Pietro. In 2011, he began offering the 10-day program, in which patients receive calorie-controlled nutrients through feeding-tube infusions. “I’ve seen a dramatic improvement in diabetic control, reversal of metabolic syndrome, improvement of cholesterol level, and a healthier appearance and lifestyle of the patients.”

The practice charges patients $1,500 for the program, and so far 200 patients have completed it. The costs include equipment, nutritional formulas, lab work, three office visits per week for monitoring, and training on how to use the tubes. As an added bonus, he is earning additional revenue by licensing the weight-loss program to other physicians.

Finding your natural fit

Making money is great, but most physicians need to do something they’re happy with and that fits their personality, says North Charleston, S.C.-based, solo doc Craig Koniver, a self-described “organic medicine physician” who now makes at least one-third of his income from products and services that are complementary to basic patient visits.

A few years ago, Koniver stopped taking traditional insurance and made the switch to a direct-pay, membership-based practice focused on natural health and medicine. In addition to practicing medicine, Koniver offers a number of ancillary services, from nutritional IV therapies to consultations with docs who want to incorporate natural-health ideas into their practices. He also sells his own branded nutritional health supplements online.

“I’m a big believer in nutritional supplements and how they have a huge benefit to health,” says Koniver. “It has provided a tremendous revenue stream that’s consistent year after year, and it helps the patients.”

Experts advise doctors to offer new services that add value to their existing practices and that their patients actually want. It turns patients off when practices just seem to be trying to make a buck, says Grant.

“Clinicians need to follow dollars that are already in the market, and … choose niches that are clinically relevant, rather than investing in, say, a hair removal laser because an eloquent equipment rep convinces them to do so,” she says. Grant recalled seeing a poster for a gynecologist offering eyelash enhancement. “I was confused and put off, wondering ‘Why would my gynecologist help me with my eyelashes?’”

Five ideas

Still not sure which service to add? Grant says the following are among some of the most profitable service additions for physician practices that don’t require a lot of investment.

1. Hormone testing/balancing. Today, there are a number of supplemental hormones that can ease patients into menopause or andropause, ease depression, or improve other health conditions. As such, testing for hormone deficiencies is a growing area of medicine, says Grant. But as with any test, make sure offering these has a purpose. “The doctor really has to know what they’re going to do with the information,” says Grant. “You don’t want a doctor adding tests just for the sake of adding tests. That’s not ethical.”

2. Cosmetic enhancements. While most physicians know about Botox, there are other cosmetic enhancements (such as body contouring) that a growing number of consumers are interested in. These services might make sense for some primary-care physicians, so long as the appropriate safety protocols are followed, and physicians have the market demographics (middle- to upper-income patients) to support it.

3. Pharmaceutical dispensing. If the patient base warrants it, and your state’s medical board doesn’t prohibit it, offering pharmaceutical dispensing might make sense for your practice. In-office dispensaries are more convenient for patients and may improve patient-compliance rates. Practice administrators should be warned that some physicians might see adding a dispensary as a conflict of interest. “Some physicians may be concerned that their prescription behavior may be influenced by the potential income,” says Grant.

4. Weight-loss/nutrition programs. Want to make your practice more whole-health focused? Consider adding a nutrition counselor to help design weight-loss programs (including meal planning, monitoring, and counseling) with patients. Offering medical food (such as snack bars that help ease hunger and lower cholesterol) is another potential revenue source. This is a good opportunity for physicians to use clinically proven, science-based methodologies to help patients lose weight and get healthier. “Too much of the money in the weight-loss sector is going to non-MDs,” says Grant.

5. Clinical laboratory. Adding a clinical lab allows your practice to offer the convenience of on-site lab testing to patients, and brings in additional revenues for offering the service. “This allows the practice to, instead of sending patients off with a lab slip, do testing on site,” says Grant, adding that practices that have three or more physicians, and a greater volume of patients, will benefit most. “They can often bring this niche into their practice for very little money.”

Legal considerations

Before you start offering any new service, it’s important to check for possible legal conflicts at the local and national levels.

The most important law to consider is the physician self-referral law, commonly known as Stark Law, which governs certain referrals for services from one entity to another, if both entities are owned by the same physician (or an immediate family member) and the practices accept Medicare or Medicaid. There are 12 designated health services specified in the law, including clinical lab services, parenteral and enteral nutrients, radiology and imaging services, and some exceptions as well, such as those for in-office ancillary services.

So, for example, “if a radiologist wants to add services such as CAT scans and they own a separate entity, they could run into violation of Stark Law if they referred patients from their practice to get an MRI or advanced CT services,” says Trisha Lotzer, a partner with Phoenix-based Lotzer Law Group and CEO of Physis, Inc.

The good news is that there are a number of exceptions that a practice could meet to be compliant with the law. An attorney would want to check to make sure their ancillary service arrangement meets the criteria for an exception, says Jana Kolarik Anderson, a Washington, D.C.-based attorney with Nelson Mullins Riley & Scarborough.

Penalties for violating Stark are stiff, starting with claim denials for all claims submitted pursuant to an arrangement that does not meet an exception. There might also be penalties of up to $15,000 for each service, plus double the reimbursement claimed. You can even be excluded  from Medicare and Medicaid.

If Stark weren’t enough to worry about, physicians must also take into account the federal Anti-Kickback Statute, a criminal statute that prohibits physicians from offering something of value to referrers or to patients in order to get a referral for a service covered by Medicare or Medicaid. “The Anti-Kickback Statute comes into play when physicians are contracting with an outside ancillary services provider like a [durable medical equipment] or orthotics company or outside lab,” says Anderson. Practices that want to offer services inside their practice by an outside vendor should seek legal counsel, she says.

“Structuring arrangements so you are compliant with Medicare enrollment standards as well as the Stark Law, state mini-Stark laws, and state and federal anti-kickback laws should be the focus when you bring any ancillary service into your practice,” says Anderson. “It does not cost a lot of money to [check with an attorney] to ensure what you are planning is appropriate. You want to ensure compliance on the front end, so you are not paying penalties on the back end.

Launch tips

Are you ready to launch your new service? Follow these suggestions for getting off the ground and keeping up with your venture:

• Find a mentor. Look for someone who has a track record of success. “When I see physicians, I encourage them to go to networking conferences,” says Mike Woo-Ming, a family physician who now spends most of his time helping other doctors build and market their practices, including adding ancillaries. “If you are starting an age-management clinic, talk to doctors starting successful age-management clinics. If you can, try to work for those clinics. Do some volunteer work.”

• Look at market demographics. Your actual patient demographics — age, income range, education level, and inclinations — should all be factors in your choice of ancillaries, says Grant. This way you avoid buying technology for a service patients can’t afford or don’t need.

• Hammer out financial parameters. Unless you’re a solo physician, you need to be clear about who gets what, revenue-wise. “You have to make sure you have discussed that with your CEO of your medical practice,” says Woo-Ming. “Are you representing yourself or are you representing your practice?”

• Integrate the new niche. After making an investment in new technology that will be the catalyst for a new revenue-generating service, it’s time to start marketing the new service and using the new equipment. “A lot of practices will get a hair-removal laser and it will sit in the corner gathering spider webs,” says Grant. “You need to educate patients about new services.”

In Summary

Find the right ancillary medical services to offer and your practice will boost its bottom line. A few points to consider:

• Make sure your patient population justifies any high-tech purchases.

• Make sure you choose a service that is clinically relevant.

• Before you start offering any new service, it’s important to check for possible legal conflicts.

•Take your patient demographics into account in your choice of ancillaries.

• If you invest in new technology, make sure you market your new service to patients.

Original article from MedCity News:

While pharmaceutical and medical device companies have the heaviest weight to carry when it comes to collecting data under the Physician Payment Sunshine Act (PDF) beginning August 1, there are a few steps physicians can also take to prepare for the implementation of the rule.

The nearly 300-page document issued by the Department of Health and Human Services in February requires medical product manufacturers to report data annually on payments and gifts given to physicians. To (hopefully) prevent conflicts of interest, that data will become public in a searchable database on the web beginning in the fall of next year.

To address some common questions posed by physicians and share best practices, health IT company RxVantage hosted a webinar Wednesday with Randy Vogenberg, managing principal at consulting firm Bentelligence. RxVantage creates software solutions to connect reps with providers. Here are some of the tips marketing director Vanessa Towning and Vogenberg had to share:

• Educate all of a practice’s licensed providers on the new federal rules, and check on state Sunshine regulations
• Draft a rep visitation policy to ensure that they are in the office when there are the fewest number of patients, and designate a separate waiting area if possible. That way, patients won’t feel like reps are encroaching on their appointment time
• Consider having a daily huddle with staff, which serves as a good time to reiterate procedures and ensure the staff knows how to handle visits from sales reps
• Set a limit for the number of times a rep or company can visit the office within a month or quarter, to ensure you’re getting a rounded perspective and limiting bias
• Make the most out of rep visits by asking questions and learning about their companies’ patient assistance programs, trials and competitors
• Keep an easily accessible electronic record of all rep interactions. Providers will have a 60-day window to identify and respond to discrepancies in reported data before it goes public

Read more: http://medcitynews.com/2013/04/a-physicians-checklist-for-preparing-for-the-sunshine-act/#ixzz2Qw2018I7

CMS recently posted a new resource to help eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) prepare for Stage 2 of the Electronic Health Record (EHR) Incentive Programs.

Available on the Educational Resources page of the EHR Incentive Programs website, the interactive Stage 2 Toolkit includes materials on Stage 2 and the 2014 clinical quality measure (CQM) requirements.

The toolkit is divided into three main sections:

• Basics
• Resources for EPs
• Resources for eligible hospitals and CAHs

Providers who use the toolkit will find the following information:

• An overview of Stage 2
• Stage 2 FAQs
• How the Stage 2 provisions affect Stage 1 requirements
• Comparison tables of Stage 1 and Stage 2 criteria
• Details about payment adjustment and hardship exemptions
• 2014 CQMs, including descriptions, technical release notes, and the recommended core sets for EPs and eligible hospitals

Reminder: The earliest that the criteria for Stage 2 will be effective is the first day of fiscal year 2014 (October 1, 2013) for eligible hospitals and CAHs, or calendar year 2014 (January 1, 2014) for EPs. All providers must achieve meaningful use under the Stage 1 criteria before moving to Stage 2.

Want more information about the EHR Incentive Programs?
Make sure to visit the Medicare and Medicaid EHR Incentive Programs website for the latest news and updates on the EHR Incentive Programs.

Physicians Practice
Originally written by: Philippa Kennealy, MD and Philip Garrett Panitz, Esq.

Just mention the word “audit” to any physician audience, and you can almost see the collective shiver run down their spines. Their feelings of dread match those when encountering the word “sue!” Unfortunately, the Internal Revenue Service is stepping up their audit enforcement against doctors, based on their perception that doctors make easy targets due to poor record-keeping practices.

Most physicians in medical practice have received some training in reducing their malpractice risk, but little or nothing is taught about how to minimize the risk or impact of a tax audit on your psyche and your practice.

Tax Planning Can Reduce Audit Risks

Recently, many physicians have received letters from the IRS informing them that they are being audited. This notification is frequently accompanied by a laundry list of document requests that goes on for three pages. After overcoming the initial stage of panic, most physicians go to their CPA, who assists them in putting together the documentation requested.

Some potential audit issues can be avoided with more dialogue between the CPA and the physician during the initial return preparation stage. Many CPAs unfortunately take information from their doctor clients and put it on a tax return without enough “questioning.” CPAs frequently complain that physicians do not make the time to meet and thoroughly discuss the material provided, or that the physician has dumped all their records on the CPA just before tax filing is due. “Being too busy” is sometimes just a disguised excuse for procrastination.

Red Flags for Tax Audits

One of the areas that the IRS is focusing on is deductions related to business travel for physicians. It is the belief of the IRS that doctors routinely over-deduct for education-related travel; staying at hotels that are beyond the level and price point of the hotel where a seminar is provided is just one example.

Another hot button item is the notorious lack of doctors’ record keeping, resulting in office expense estimating “guesstimating” as the IRS would call it). A good business manager who works hand-in-hand with physicians can assist in this initial organization phase and nip that problem in the bud.

If an audit is not going well, the CPA will typically recommend bringing in a tax attorney to interface with the IRS. Tax attorneys litigate cases with the IRS in the United States Tax Court, and typically can obtain settlements with the IRS that may save the physician a tremendous amount of money. However, the authors are of the opinion that the entire audit can be avoided or handled very smoothly without any repercussions if the physician had taken some preliminary steps.

Nor is it only the IRS that can come knocking. One of the authors’ clients, a busy family physician with both a private practice and a large nursing home practice, was confronted several years ago with the prospect of a Medicare audit evaluating potential over-coding. This soul-destroying experience involved hundreds of hours of copying and submitting medical records, hiring both an attorney and a coding expert to help defend her case, and a lingering terror of coding too high, such that her resultant under-coding was costing her practice thousands of dollars. She was a good doctor, she was a good person, yet she was a disorganized, stretched-too-thin and ill-prepared business owner. Sound familiar?

IRS Examining Improper Medicare Payments

In 2010, President Obama set three goals for reducing improper Medicare payments, to be achieved by this year:

1. Reduce overall payment errors by $50 billion

2. Cut the Medicare fee-for-service error rate in half

3. Recover $2 billion in improper payments

To begin achieving these goals, CMS focused particularly on number three: improper payments. It’s important to recognize that while all falsified claims are improper payments, not all improper payments are falsified claims. In fact, most are due to ignorance — errors in documentation and not intentional fraud.

Philippa Kennealy, MD MPH CPCC PCC, is president of The Entrepreneurial MD. She is a board-certified family physician who left her own private practice in 1996 to embark on an administrative career as first medical director and then CEO of UCLA-Santa Monica Medical Center. She now works as a business coach with physicians who are striving to be entrepreneurial or businesslike. She is a member of the American College of Physician Executives, the American Academy of Family Physicians, and the California Academy of Family Physicians. E-mail her here.

Philip Garrett Panitz, JD, LL.M (Taxation) is a certified tax specialist and has a doctorate of law and a Masters degree in taxation. He has successfully litigated hundreds of tax cases and represented physicians in cases with the IRS. He argued and won the case of Williams v. United States before the United States Supreme Court. E-mail him here.

HITECH Answers February 21, 2013 -

Last month, HHS issued the long-awaited omnibus final rule that implements, among other things, a number of provisions of the HITECH Act, modifying the HIPAA Privacy and Security Rules. One of the most far reaching changes for healthcare providers is a requirement that all existing Notices of Privacy Practices (NPPs) must be revised on or before the compliance date of September 23, 2013. Pursuant to the HIPAA Privacy Rule, 45 CFR §164.520, most covered entities are required to have and distribute an NPP, which must describe the uses and disclosures of PHI such covered entity is permitted to make, such covered entity’s legal obligations and privacy practices, and the patients’ rights regarding PHI.

The final rule required several important modifications to NPPs of healthcare providers, including to the following:

• Marketing, sale, and psychotherapy notes disclosures. NPPs must now contain a statement indicating that the following uses and disclosures of PHI require a written authorization: for marketing purposes; disclosures that constitute a sale of PHI; and, for those providers who record or maintain psychotherapy notes, most uses and disclosures of psychotherapy notes. However, covered entities that don’t record or maintain psychotherapy notes are not required to include a statement in their NPPs about the authorization requirement.
• Non-enumerated uses. NPPs must state that any uses and disclosures of PHI not described in the NPP will be made solely upon written authorization from the individual and a statement that the individual may revoke an authorization as provided in the regulations.
• Fundraising communications. NPPs must include a statement informing the individual of the provider’s intention to contact such individual for fundraising purposes, and of his or her right to opt out of receiving such fundraising communications. HHS did not require a specific opt-out mechanism to be used in such situations.
• Out-of-pocket payments restrictions. In line with other changes mandated by the HITECH Act, HHS now requires health care providers (but not other covered entities) to inform individuals that they have a right to restrict certain disclosures of PHI to a health plan if the individual has paid out-of-pocket in full for the health care item or service.
• Breach notices. HHS now requires NPPs to include a right of affected individuals to be notified following a breach of their unsecured PHI. HHS noted that a simple statement of such breach notification rights would be sufficient, but covered entities may include more information if necessary. It is worth noting, however, that healthcare providers need not include lengthy definitions of “breach” or describe their risk assessment mechanisms in such notices.

Most healthcare providers will need to make their revised NPPs available upon request by the patient and at the delivery site, and must post the notice in a clear and prominent location as soon as it has been revised, but no later than the final rule compliance date of September 23, 2013. HHS emphasized that there is no “one size fits all” approach to NPPs because the individual provisions of such notices will vary based on the type of covered entity issuing the NPP. Therefore, providers should consult with their counsel regarding the required modifications pursuant to the final rule.

Save millions if laptops have data encryption

(originally written by Mike Semel, HIPAA certified) - Every time there is a HIPAA data breach penalty for a lost laptop or hard drive, Office for Civil Rights (OCR) Director Leon Rodriguez says that the penalty would have been avoided if the data was encrypted. The HITECH Act of 2009 modified the HIPAA data breach rule by stating that if a device is lost or stolen, the loss is not reportable as a HIPAA data breach if the data is encrypted in compliance with data encryption guidance from the National Institute of Standards and Technology (NIST.)

In 2012 a hospital was fined $1.5 million for a doctor’s stolen laptop and a state health department paid $ 1.7 million for a lost backup drive. Had the drives been protected with encryption, which can cost less than $ 150, the losses would not have even been reportable. In addition to the exemption from large fines, with data encryption you will not face the added costs and embarrassment of notifying patients and the media of the data loss.

After a recent settlement with a hospice that paid $ 50,000 for a stolen laptop that contained just 441 patient records, OCR Director Leon Rodriguez said,  “This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information. Data encryption is an easy method for making lost information unusable, unreadable and undecipherable.”

What is data encryption?

Data encryption is a technology that converts readable data into gibberish that must be decoded to become readable again. Using technical tools that can encrypt a file, folder, or an entire drive, encrypted data is much better protected than if it is left in readable format, even if protected by a password. Encryption can be utilized to protect data ‘in motion’ (for example, moving across the Internet through a remote connection) or ‘at rest’ (stored on a laptop or hard drive.) Just requiring a password to access a drive or open a file is not the same as encryption.

When you make a remote connection to a network using a Virtual Private Network (VPN), an encrypted tunnel that protects your connection from unauthorized access is created through the public Internet. Even if someone is able to monitor the traffic going through your VPN, all they will see is undecipherable nonsense.

Data ‘at rest’ can be protected by encrypting individual files, folders, or the entire hard disk.  Software is available to encrypt data on any type of hard drive or thumb drive. Some hard drives offer automatic full-disk data encryption that requires little effort to install and manage. For example, by combining encryption software with a laptop configured with a compatible solid-state drive, you can have a self-encrypting computer with super-fast performance.  While you would surely be upset if this laptop was lost or stolen, the loss would not be a reportable HIPAA data breach and you would not face a huge fine.

Why is data encryption not required by HIPAA?

Data encryption has been suggested as a requirement for health care organizations, but the medical industry has objected saying that encryption would be an unfair financial burden. The HITECH Act changed the HIPAA data breach rules by making encryption a “get-out-of-jail-free card.” If you use encryption then lost data is not reportable.

After the Massachusetts hospital settled for a $ 1.5 million penalty, Rodriguez said, “In an age when health information is stored and transported on portable devices such as laptops, tablets, and mobile phones, special attention must be paid to safeguarding the information held on these devices. This enforcement action emphasizes that compliance with the HIPAA Privacy and Security Rules must be prioritized by management and implemented throughout an organization, from top to bottom.”

Thor Ryan, Chief Security Officer for the Alaska Department of Health and Social Services, which paid the $ 1.7 million penalty for a lost hard drive, said, “We were more than halfway through our encryption project when an unencrypted hard drive was stolen. With the benefit of hindsight we could have saved millions of dollars.”

Encryption is such a logical solution that it makes sense to use it on every portable device your organization owns. The costs are much less than millions of dollars in potential fines, and my guess is that in a few years the rules will change requiring the encryption of all patient data. You may as well start now.

The Centers for Medicare and Medicaid Services reminds eligible professionals that Feb. 28 is the last day to submit Medicare Part B claims from calendar year 2012.

That’s obviously important for reimbursement purposes, but also because getting all the claims paid before the Feb. 28 deadline for electronic health records meaningful use attestation can help physicians reach the $24,000 threshold in Part B allowed charges in 2012.

To attest by Feb. 28, an eligible professional was required to complete the meaningful use reporting period by Dec. 31, 2012.

Knowing your customer is the first rule of business.

The rising tide of consumerism in the healthcare industry means that more attention is being paid to define the consumer or the end customer. Based on a 2012 survey of U.S. healthcare consumers, Deloitte Center for Health Solutions has created six broad buckets that capture the essence of various health consumers out there.

The segments are:

• Casual and cautious: are not engaged in their own health, have no immediate need to consume healthcare services and are cost conscious. They make up 34 percent of the U.S. healthcare consumer
• Content and compliant: comprise 22 percent of the U.S. healthcare population and they are happy with their physicians, hospital and insurance plans. They tend to comply with and follow care plans
• Online and onboard: this 17 percent of the healthcare population are keen to learn about health online. They are happy with their healthcare but looking for alternatives and for new technologies
• Sick and savvy: because of theirconditions, they consume significant healthcare products and services. They also communicate and partner with their physicians to make treatment decisions. They comprise 14 percent of the U.S. healthcare population
• Out and about: these independent 9 percent of the U.S. healthcare consumers believe in looking for alternative healthcare options and prefer to customize the services they wish to consume
• Shop and save: are 4 percent of the U.S. healthcare consumer group and actively look to save money. They are also willing to switch product and services for better value.

By their definition, these different consumer segments have different priorities and attitudes when it comes to health and wellness, and how they view the products/services they consume.

For instance, 21 percent of the casual and cautious segment took a flu shot last season compared with 58 percent of the sick and savvy. To see more of the infographic, click here.

Read more: http://medcitynews.com/2013/02/there-are-six-types-of-healthcare-consumers-which-ones-would-you-like-to-target/#ixzz2K80vEGpL

A survey of board executives finds that inappropriate communication with patients is among online behavior by physicians that could lead to an investigation.

By Damon Adams, amednews staff. Jan. 28, 2013.

When doctors go to social media websites, they may want to think twice about posting patients’ photos without permission.

Using the images could be considered unprofessional conduct by a state medical board, according to a new study.

Other online physician behavior viewed as troublesome by boards: citing misleading information about clinical outcomes; misrepresenting credentials; and inappropriately contacting patients.

The survey of 48 state medical board executives, published in the Jan. 15 Annals of Internal Medicine, found that these social media activities likely would prompt a board investigation of a doctor. The study concluded that physicians should never engage in such behaviors.

“When you post something publicly online, it’s something that could be online in perpetuity,” said study co-author Humayun Chaudhry, DO, president and CEO of the Federation of State Medical Boards, which represents 70 boards that oversee MDs and DOs.

What triggers an investigation?
One of the survey’s 10 hypothetical vignettes of social media posed to medical board executives shows a photo of three doctors, drinks in hand, at a hospital holiday party. Forty percent of executives said a complaint to the board about the posting would trigger an investigation — a “low consensus” among survey respondents.

But 73% took issue with a vignette of a doctor who posted photos of himself intoxicated.

Getting a “moderate consensus” among respondents of posts that would prompt an investigation were a scenario of a physician’s blog that used potential patient identifiers and a vignette about discriminatory language on a doctor’s Facebook page. The least troublesome of the 10 vignettes was a doctor’s blog describing a clinical encounter with no patient identifiers (only 16% of executives said it would lead to an investigation).

“People can really do a lot to stay out of trouble by applying common sense and avoiding the trap that you can do something online you wouldn’t do in real life,” said study lead author Ryan Greysen, MD, MHS. He is an assistant professor in the Division of Hospital Medicine at the University of California, San Francisco, School of Medicine.

Previous research has shown that doctors and medical students can get in trouble online. An article co-written by Dr. Greysen in the March 21, 2012, issue of The Journal of the American Medical Association found that 71% of state medical boards had investigated doctors for violating professionalism online. A study, also co-written by Dr. Greysen, in the Sept. 23, 2009, issue of JAMA said 60% of medical schools had incidents of students posting unprofessional content online.

Guidance for doctors
In 2012, the federation issued guidelines to help doctors maintain professionalism when using social media. That guidance discourages physicians from interacting with patients on social networking sites such as Facebook and says doctors should adhere to the same principles of professionalism online and offline.

Delegates to the American Medical Association Interim Meeting in November 2010 adopted policy on social media use that advises medical students and physicians to be professional online. They should keep appropriate boundaries when communicating with patients online and respect patient confidentiality, the policy says.

The Annals study notes that improper behavior online can do more than spark a board investigation; it can lead to loss of employment or lawsuits by patients over privacy violations. The study said greater awareness of potential pitfalls is needed among doctors to avoid unprofessional behavior online.

To avoid problems, Dr. Greysen said, physicians should apply the same ethical and professional conduct online that they do in their daily actions offline.

“This may be a wake-up call to some doctors, not only to the value of Internet communication, but also to the dangers,” Dr. Chaudhry said.