Merrill Experts: HealthCare: August 2011

Friday, August 26, 2011

Large Data Breach Causes Data Integrity Questions

A California firm, Southern California Medical-Legal Consultants, has been the most recent facility to make headlines with a massive data breach. The breach, which released the medical records, social security information, and personal details of 300,000 patients, was caused by poor handling and a lack of knowledge. Joel Hecht, owner of the consulting firm, believed he was storing the data on a private website. In reality, it was being placed into a public server, without even the most basic of security measures.

The personal data was discovered by Aaron Titus, a researcher with Identity Finder who then alerted Hecht's firm and The Associated Press. He found it through Internet searches, a common tactic for finding private information posted on unsecured sites.

The data was "available to anyone in the world with half a brain and access to Google," Titus says.

Titus says Hecht's company failed to use two basic techniques that could have protected the data -- requiring a password and instructing search engines not to index the pages. He called the breach "likely a case of felony stupidity."

The breach, which was discovered and locked down last week, has led many to question the upcoming 2014 regulation requiring all medical data to be stored online. While it is obvious that this breach was caused more by ignorance than by hidden insecurities, the argument has been made that other under-trained facilities are likely to follow suit. The Associated Press theorizes that the underlying cause of this breach is the fact that the medical records were so far removed from their original source. While hospitals are usually well-equipped for this kind of data, the AP says, “The further away from the health care provider the records get, the flimsier the enforcement mechanisms for ensuring the data are protected.”

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.

Friday, August 19, 2011

Arguments Continue On ACA Constitutionality

Image from thefbomb.org

The Georgia Appeals Court becomes the second appellate to join the never-ending debate swirling around Obama’s Affordable Care Act. According to the court, the individual mandate – the portion of the legislation requiring all citizens to purchase health care – is unconstitutional, and “an unprecedented exercise of congressional power.” This follows a similar January ruling by US District Judge Roger Vinson, and an opposing ruling from the Ohio Appeals Court in June.

The Georgia ruling supports most of what Florida’s Judge Vinson declared in January, with a significant provision. While Vinson felt that the entire legislation was a cohesive, unchangeable unit, the Georgia court believes that the offending individual mandate can be removed from the ACA, while allowing the rest of the Act to function as law.

As pointed out in a recent news article on Medscape.com, continuing dissension will likely force the Supreme Court to re-investigate the controversy, and to pass down an official decision. Until that happens, smaller courts will likely continue the debate.

The issue of the constitutionality of the Affordable Care Act is also before a US Appellate Court in Richmond, Virginia, which is weighing appeals of two lower-court decisions in that state. A federal district judge in Lynchburg, Virginia upheld the individual mandate, whereas another in Richmond, Virginia, struck it down. A ruling from this third appellate court is expected soon.

Whatever Virginia’s decision is, we will probably not be seeing the end of this discussion any time soon.

-------------------------------------------------------------------------------------------

Friday, August 12, 2011

Mobile Tech Replaces Pagers, Worries HIPAA

The cliche image of an off-duty doctor receiving an emergency page is a thing of the past. These days, many docs receive up-to-the-minute patient updates through text messages, sent unencrypted from the hospital. Obviously, there are a few problems here waiting to happen.

According to Becker's Hospital Review,

The e-mails are entered by the hospital employee, converted into a text message and sent to the physician's cellular phone. Physicians frequently request that more patient data is included in the message, such as the patient's name and room number, so the physician can look up the chart prior to returning the call. This system is frequently not encrypted, however, because of the extra expense to the hospital.

This revelation sent red flags up for HIPAA. Imagine their horror when it was learned that some hospital employees simply send these texts from personal cell phones, rather than through monitored hospital email systems.

The problems begin with the fact that this kind of communication, while expedient, is not protected by any level of security. This puts these kinds of communications in violation of the Security Standards, which "require Covered Entities to (1) ensure the confidentially, integrity and availability of the information; (2) protect against any reasonably anticipated threats or risks to the security or integrity of the information; and (3) protect against unauthorized uses or disclosures of the information." And this is just the start of the laundry list of violations.

The very fact that these communications take place on "high risk" items like cell phones and tablet computers furthers the issue. The National Institute of Standards and Technology increases the risk level for items likely to be lost, stolen, or compromised, and cell phones are right at the top of that list.

Is this just one more case of consumer technology surpassing medical technology? Perhaps, but it is still a significant issue that requires a little more thought.

-------------------------------------------------------------------------------------------

Thursday, August 4, 2011

CMS Announces Quality of Care Initiatives

The Centers for Medicare and Medicaid Services has had a busy seven days, releasing information on four new initiatives since July 29^th. Three of these focus on accuracy and payment changes for Medicare in fiscal year 2012, and the last describes policy changes for inpatient rehabilitation facilities.

CMS ANNOUNCES MORE ACCURATE FY 2012 PAYMENTS FOR MEDICARE SKILLED NURSING FACILITIES

A spike in payment levels inspired this policy, which will align Medicare payments with costs, reducing Medicare skilled nursing facility Prospective Payment System payments by $3.87 billion. This reduction is a drop of 11.1% from FY 2011. In the press release, CMS Administrator Donald M. Berwick, M.D. says, “CMS is committed to providing high quality care to those in skilled nursing facilities and to pay those facilities properly for that care…The adjustments to the payment rates for next year reflect that policy.”

The 2011 spike was caused by a miscalculation when CMS attempted to restrict damage caused by the Resource Utilization Groups Version 4 (RUG-IV) classification system.

FINAL WAGE INDEX CHANGES FOR MEDICARE HOSPICES INCREASE FY 2012 PAYMENTS BY 2.5%

In an effort to improve the quality of care in hospices, CMS is increasing payments to hospices treating Medicare patients by 2.5%. The increase will come at the cost of required quality of care reporting for those patients. In further detail, the release explains that, “CMS calculates each hospice’s aggregate cap by multiplying the number of patients served by the hospice in a cap year by a cap amount. Medicare payments made to a hospice during the cap year that exceed the hospice’s aggregate cap must be refunded to Medicare.”

MEDICARE PAYMENT RULE PROMOTES IMPROVED INPATIENT CARE

CMS has also approved a similar rule, geared to improve inpatient care in general acute-care and long-term-care hospitals. “The final rule continues a payment approach that encourages hospitals to adopt practices that reduce errors and prevent patients from acquiring new illnesses or injuries during a hospital stay,” said CMS Administrator Donald M. Berwick, M.D. “This approach is part of a comprehensive strategy being implemented across Medicare’s payment systems that is intended to reduce overall costs by improving how care is delivered.”

This rule meshes with an ACA requirement that reduces Medicare pay-outs to hospitals with high readmission levels for certain conditions.

CMS IMPLEMENTS PAYMENT, POLICY CHANGES FOR INPATIENT REHABILITATION FACILITIES

Another CMS ruling is set to increase “IRF payment rates under the IRF Prospective Payment System (PPS) by 2.2 percent and establishes a new quality reporting system authorized by the Affordable Care Act.” The rule will take effect in FY 2012, and will provide further motivation for hospitals and other health facilities to improve inpatient care practices.

In addition, the final rule will update the case-mix group relative weights using FY 2010 IRF claims and FY 2009 IRF cost report data, freeze the facility-level adjustment factors for FY 2012 at FY 2011 levels for one additional year while the agency explores ways to improve upon the accuracy and consistency of the current methodology used to calculate the facility-level adjustment factors, and allow IRF and inpatient psychiatric facility units to expand in the middle of a cost reporting period, rather than restricting such expansions to the start of a cost reporting period.

-------------------------------------------------------------------------------------------