Combating Systemic Medicare and Medicaid Fraud

While researching the new 4MedPlus CMS Fraud, Waste and Abuse compliance course, I spent a good deal of time reading through case studies on this informative and disturbing FBI website: https://www.fbi.gov/investigate/white-collar-crime/health-care-fraud/health-care-fraud-news. When I started this project, I didn’t even realize this web page existed and now I am a weekly visitor. I am sincerely fascinated at the brazen attempts by so many, to steal from medical providers and patients. In the first half of December alone, there were eight major cases listed, resulting in fines, suspensions and incarceration. It was one of these recent stories that really shocked me. The perpetrators were sentenced to prison (rightfully so) for their participation in a $30 million scheme to defraud...

read more

MIPS 2020 Final Rule: What you need to know in Easy-to-Read Bullets!

The Centers for Medicare & Medicaid Services (CMS) published the Calendar Year (CY) 2020 FINAL Rule for the Medicare Physician Fee Schedule (MPFS). The MPFS dictates Medicare rates and policies under Part B, while the Quality Payment Program (QPP) implements two key value-based payment programs: the Merit-Based Incentive Payment System (MIPS) and Alternative Payment Models (APMs). The proposal is very long at over 1700 pages! Since the team at Chirpybird Health IT Consulting are the experts of the MIPS Quality Payment Program we are bringing you the MIPS highlights to you section-by-section segments and give you the most pertinent bullets! Overview: The threshold to avoid a penalty is changing. The performance threshold is rising from 30 points to 45! Eligibility requirements remain...

read more

Before the Ransomware Damage is Done

How a single ransomware attack destroyed a thriving medical business and how to avoid it happening to you or your clients. I was sitting at a local breakfast spot near my home in Michigan one recent morning with a friend. I was discussing my work (online training for compliance and security in healthcare), when a neighbor leaned in to say she overheard me and wanted to share a story she thought I might be interested in. Apparently, a medical practice that did quite well in the Battle Creek area, experienced a data breach which locked down all of their patient records and accompanying files. Shortly thereafter they received a “ransom” message requiring them to pay $6500 for the key to unlock those files. Ransomware attacks are becoming more and more common in healthcare. The payload is a...

read more

STOP SUPERBUGS AND HAIs WITH STRATEGIC INFECTION PREVENTION

Create a Culture of Healthcare Site Compliance in 5 Simple Steps The recent Center for Disease Control (CDC) report on Antibiotic Resistance Threats in the United States (2019 AR Threats Report) includes the latest national death and infection estimates that underscore the growing risk of antibiotic resistance in the US. According to the report, more than 2.8 million antibiotic-resistant infections (superbugs) occur in the United States each year, and more than 35,000 people die as a result. In addition, more than 200,000 cases of Clostridioides difficile (C-diff) were tracked in 2017 with over 12,000 deaths. Director Tom Frieden, M.D., M.P.H. has stated that the CDC soon plans to support Antibiotic Resistance Prevention Programs in all 50 states. Clinical practitioners are tasked with...

read more

The Many Forms of HIPAA Enforcement

How is HIPAA enforced? That may be a simple enough question, but it also contains more nuance than may initially be expected. Determining how HIPAA is enforced can depend upon how the term enforcement is viewed and interpreted. The first step is to define enforcement. The dictionary definition of enforcement includes the following statements: (i) to give force to, (ii) to urge with energy, (iii) constrain, compel, (iv) to effect or gain by force, or (v) to carry out effectively. Looking at the definition comprehensively, enforcement is a means of compelling compliance with a concept or requiring another to follow a particular thing (in this case law and regulations). Enforcement by its nature is arguably imposing a non-voluntary action or requirement onto a person through some outside...

read more

Does Your Breach Response Plan Include Notification?

Remain Calm, Remain Honest – and Remain in Business Avoiding the inevitable does not make it go away. Healthcare patients choose a provider based on the quality of care. In addition to that, the public will generally assume that their private information is safeguarded and not something that they need to verify or investigate before choosing that specific provider. By alerting them to something they assumed to be a non-issue, it is understandable to be concerned about the loss of business. However, credit reporting agency Experian has recently found that this churn can be kept to a minimum with the proper response plan. In July 2019, Experian surveyed 1,000 adults in the United States and found that 90% of those surveyed would be somewhat forgiving if they were informed promptly as a...

read more

A Phishing Epidemic: Constant Stream of Reports

Since at least the beginning of the summer, it seems as though no day can go by without another phishing incident being reported by a healthcare entity. The reports are almost always the same too. After some period of time (usually not the same day), unauthorized activity will be found in the email account of one or more employee. A forensic analysis will be conducted that cannot conclusively determine what, if any, patient information or other data were accessed. Out of an abundance of caution though, a breach notification is provided to enable potentially impacted individuals to monitor accounts in the event of suspicious activity, with the entity sometimes covering the cost of such monitoring. Despite the somewhat tongue in cheek tone being given to the nature of the responses, being...

read more

Unnecessary Stress: HIPAA and Litigation Requests

While many areas of HIPAA compliance result in confusion and misinterpretation, responding to document requests from parties in litigation is one that has been presenting itself frequently. The classic scenario is Party A and Party B are in a lawsuit with each other. Party A’s claim is based upon suffering some sort of injury that resulted in receiving medical treatment. During the course of the lawsuit, Party B sends a request for documents to Party A’s physicians. No surprises have arisen yet and the ability to obtain documents is a classic part of litigation. However, the “fun” will often start when the physician receives the request. Many physicians receiving a request will look at it and refuse to provide documents until Party B provides a clear authorization from Party A allowing...

read more

CMS Releases 2020 Proposed Rule for the Quality Payment Program

CMS released its proposed policies for the 2020 performance year of the Quality Payment Program via the Medicare Physician Fee Schedule (PFS) Notice of Proposed Rulemaking (NPRM).   Key proposals for 2020 performance year of the Quality Payment Program include: Increasing the performance threshold from 30 points to 45 points Revising category weights for Quality (decreases from 45% to 40%) and Cost (increases from 15% to 20%) Increasing the data completeness threshold for the quality data that clinicians submit Increasing the threshold for clinicians who complete or participate in the Improvement Activity for group reporting Updating requirements for Qualified Clinical Data Registry (QCDR) measures and the services that third-party intermediaries must provide (beginning with the...

read more

Communication Tension or Breakdown

A scenario growing in frequency for physician practices and other healthcare organizations is the desire for patients to communicate with clinicians using the same tools as in everyday life. That desire translates to a preference for text messaging, WhatsApp, Facebook Messenger, iMessage, or any other number of third-party applications that enable quick and efficient communication. The convenience and ease of communication are also factors that give rise to a number of privacy and security concerns. A first question can be whether such tools are permissible in healthcare. If permissible, how can they be controlled? Where should agreements be created? Who is responsible for managing accounts? A multitude of other questions will cascade from there. However, a frequent refrain challenging...

read more