6 privacy landmines and how to avoid stepping on them
While the healthcare industry grapples with data breaches and privacy and security regulations, there are common pitfalls that are easy to run into without proper planning.
Erin Whaley, a partner at the law firm Troutman Sanders, outlined what those are and shared half-a-dozen tips for avoiding them.
Here is Whaley’s advice:
- As long as I have cybersecurity insurance I’ll be covered in the event of a breach. It’s not that simple. Whaley said that even healthcare organizations that stack policies to get to $50 million in coverage may not have enough – though she’s not espousing that everyone simply plunk down for more insurance. Providers, instead, need to deploy solid security practices. “Having good security is a prerequisite to good coverage.”
- Our team can handle any incident internally. We don’t need outside help. Even providers who really have the best professionals in the country should seek outside help. Here’s why: Those top-notch professionals already have a full-time job and when a breach occurs, you don’t want them distracted working to resolve that all day for weeks or months because that can create entirely new vulnerabilities. “Get outside experts to supplement your expertise and bandwidth,” Whaley urged, including crisis communicators, public relations professionals, and even standing up a separate call center to respond to the breach. That last one, in fact, could help prevent a civil suit by assuaging angry patients before they come together to sue your health system.
- Social media isn’t a big concern for us. “Do not think social media is not a problem for you,” Whaley contended. She pointed to two facets of social media: internal staff that could release PHI via networks and human resources. Even employees who think they understand the rules can be dangerous, she said. For HR, Whaley warned that even non-unionized employers are subject to rules that prevent you from taking action against prospective hires or employers based on what you learn from social media.
- Business associate agreements are just a form agreement. Our lawyers don’t need to review them. Whaley explained that more BA’s fall into this trap than healthcare providers, there are some hospitals that do as well and for a variety of reasons, most notably that they think BA agreements are similar and they don’t want things held up in legal review. “Do not fall into this pitfall. It can be tremendous. You can dig yourself a huge hole thinking this way. They’re not a form agreement anymore,” Whaley said. Rather, providers need to inspect those contracts, understand the changes, how HIPAA and other regulations figure in, and ensure they make sense from a business and legal perspective.
- As long as I’m HIPAA compliant, I don’t have to worry about other privacy laws.“That is not true,” Whaley said. “There are other privacy laws.” Those include: State privacy laws, state medical records laws, Part 2 regulations for substance abuse treatment information, the Telephone Consumer Protection Act (TCPA) applies to all auto-dialer technology and treats landlines and cell phones differently, among others.
- We do a fine job responding to requests from individuals for their records. Updating this process is not a priority. “You should go ahead and look at the process for responding to individual requests for records,” Whaley said. She explained that the Office for Civil Rights offers guidance for providers to address and recommended comparing your own policy to that, which doesn’t take long. “This is clearly an issue for OCR so I would expect to see greater enforcement.”
6 Ways To Free Up Time In Your Practice
Patient care is the top priority and a source of passion for physicians, but making sure the business side of your practice is healthy also can contribute to better outcomes and patient satisfaction. Learn six ways to streamline revenue-related processes to maximize the amount of time available for patient care from the AMA Wire®.
Once you have Practice Management software (PMS) in place that works for your practice, take advantage of these six ways to make your revenue cycle management processes more efficient:
- Verify insurance eligibility electronically before visits.
Most health plans allow patient eligibility to be verified by phone or through a Web portal, but these methods are often inefficient and may not provide all the necessary information. Electronic eligibility verification can be a big time-saver. When a patient schedules an appointment, the scheduling or registration staff collects their insurance information and submits an electronic eligibility request by entering the patient’s data into the PMS. Federal regulations require health plans to respond within 20 seconds. Patients can then be made aware of any financial responsibility that will be requested at check-in.
- Reduce prior authorization burdens through electronic transactions.
Newly available electronic pharmacy prior authorization transactions enable physicians to complete prior authorization requirements as part of the e-prescribing work flow. E-prescribing system vendors are in various stages of implementing the technology for these transactions, so find out your vendor’s timeframe and request this new technology for your practice.
- Submit claims electronically to save time and money.
Submitting these health care claim submissions electronically can save time and speed up health plan adjudication and payment. After your PMS generates an electronic claim, your practice can either submit it directly to the health plan or indirectly through a clearinghouse or billing service, which may pre-audit or “scrub” claims prior to submission to check for missing or incorrect information. The built-in checks allow any potential issues to be addressed before the claim reaches the health plan’s adjudication system, reducing payment delays and denials.
- Determine the status of a submitted claim.
Practices often don’t know if a claim has been received by the health plan until it is paid, pended or rejected. Use an electronic claim status inquiry to confirm receipt and determine status of submitted claims. Health plans are required to support real-time claim status processing. Practices can send “batch” transmissions to health plans to check the status of multiple claims at the same time. By law, health plans must respond by the next business morning. Rather than waiting two or more weeks before taking action, the electronic claim status request provides your practice with an immediate status report on the claim.
- Use electronic remittance advice (ERA) to simplify processing of payment information.
An ERA is an electronic version of a paper explanation of benefits and holds all of the same details. The standardized ERA can reduce burdens, more quickly identify claims that require reworking and save time for staff to spend on higher-value activities. When implementing ERA in your practice, engage all involved trading partners, including health plans, your PMS vendor and any billing service that your practice uses. Determine the ERA capabilities of your PMS software. Taking full advantage of the ERA transaction may require an upgrade to the software.
- Maximize collection of patient payment.
The growing prevalence of high-deductible health plans means many patients bear additional financial responsibility for their treatment. Collecting payments while the patient is still in your office is a vital first step in any effective patient collections strategy. It will increase cash flow, decrease accounts receivable, and reduce billing and back-end collection costs. To bill at the time of service, your staff will need to know the correct amount to charge. Completing an electronic eligibility check before the appointment will provide information about the patient cost. Use this information, along with the health plan’s current fee schedule, to calculate the amount the patient owes.
To view the article in its entirety with additional AMA module links, please click here.
NOTE: MediPro, Inc. can help practices with the mentioned services of Eligibility checking, Claims submission, Troubleshooting, ERA, automated patient statements and in-person or online payment collections. Simply call 1.800.759.1321 opt 2 to learn more.
2016 Recommended Adult Immunization Schedule Now Available
The Recommended Adult Immunization Schedule: United States, 2016 has been released by the Advisory Committee on Immunization Practices (ACIP), published in the Annals of Internal Medicine. For 2016’s schedule, the ACIP made the following specific changes from 2015’s recommendations:
- Interval change for 13-valent pneumococcal conjugate vaccine (PCV13) followed by 23-valent pneumococcal polysaccharide vaccine (PPSV23) from “6 to 12 months” to “at least 1 year” for immunocompetent adults aged ≥65 years. Adults aged ≥19 years with anatomical or functional asplenia, cerebrospinal fluid leak, or cochlear implant or who are immunocompromised should receive PPSV23 at least 8 weeks after PCV13.
- Serogroup B meningococcal (MenB) vaccine series should be administered to persons aged ≥10 years who are at increased risk for serogroup B meningococcal disease. Those at increased risk include persons with anatomical or functional asplenia or persistent complement component deficiencies, microbiologists who are routinely exposed to isolates of Neisseria meningitidis, and persons identified at increased risk because of a serogroup B meningococcal disease outbreak. MenB vaccine series may be administered to adolescents and young adults aged 16 through 23 years (preferred age is 16 through 18 years) to provide short-term protection against most strains of serogroup B meningococcal disease.
- Nine-valent human papillomavirus (HPV) vaccine (9vHPV) was added to the 2016 adult immunization schedule. This vaccine can be used for routine vaccination against HPV as 1 of 3 HPV vaccines (bivalent HPV vaccine [2vHPV], quadrivalent HPV vaccine [4vHPV], and 9vHPV) recommended for females and 1 of 2 HPV vaccines (4vHPV and 9vHPV) recommended for males.1
Some additional changes to the schedules were made, including:
- Revising the dosing in the “Hepatitis A” indication bar from 2 to “2 or 3 doses depending on vaccine” in order to account for the hepatitis A and hepatitis B combination vaccine
- Revising the dosing in the “Pneumococcal polysaccharide (PPSV23)” indicated bar from “1 or 2” to “1, 2, or 3 doses depending on indication”
- Revising the dosing in the “Haemophilus influenzae type b (Hib)” indication bar from “1 or 3” to “3 doses, post-HSCT [hemapoietic stem cell transplant] recipients only” and “1 dose” for all other adults for whom this vaccine is recommended
Click here for the full 2016 recommendations.
SOURCE: Physician Weekly | May 3, 2016
What Would You Do If You Lost All Of Your Data?
Zika virus: CDC issues worker protection guidelines
Public health authorities have issued new guidelines to protect workers who treat patients exposed to the Zika virus.
The Centers for Disease Control and Prevention (CDC) has warned small, localized outbreaks of the virus are likely in the U.S. in the near future.
The guidelines provide recommendations for healthcare workers, the safety of whom was a major issue in 2014 amid concerns over the spread of Ebola. Healthcare workers must use standard precautions such as full hand-hygiene compliance and use of personal protective equipment during contact with potentially hazardous materials such as blood or laboratory samples. Hand-hygiene protocols should involve alcohol-based hand rubs that are at least 60 percent alcohol or, in the case of visibly-soiled hands, soap and water.
Healthcare workers must also properly dispose of potentially-contaminated sharps, reporting any needlesticks or lacerations to supervisors, the guidelines state. In circumstances where risk of exposure may be greater, healthcare workers must employ standard precautions even if they only suspect the presence of Zika.
Although there are no known cases of Zika transmission via aerosol exposure, they must also minimize aerosolization of blood or other bodily fluids during patient care and laboratory tasks.
To learn more:
– read the CDC guidelines (.pdf)