The Cybersecurity Act of 2015, included in the Omnibus Appropriations and Tax Reform Package adopted into law in December, 2015 (link), specifically addresses cybersecurity in the healthcare industry.
Broadly, the Act (A) establishes the Department of Homeland Security (DHS) as the clearing-house for sharing of cybersecurity threats for the federal government, and (B) provides new rights for network operators (i) to monitor their own networks for the purpose of protecting the network from attempts at hacking, denial of service attacks and other network weaknesses, and (ii) to share cyber threat indicators, and related defensive measures, with others.
Section 405 of the Cybersecurity Act specifically addresses cybersecurity in the healthcare industry by:
1. Requiring the Department of Health and Human Services (DHHS) to develop a report outlining responsibility within DHHS for coordinating efforts regarding cybersecurity threats;
2. Creating a new healthcare industry cybersecurity task force comprised of healthcare stakeholders, cybersecurity experts and federal agencies with specific assignments, which include (i) analyzing how industries, other than the healthcare industry, have implemented strategies to address cyberliability threats, (ii) analyzing barriers that private healthcare entities face to address cyber attacks, (iii) reviewing challenges to securing networked medical devices of software that connects to an electronic health record, and (iv) developing information to be provided to healthcare providers for purposes of improving preparedness for, and response to, cybersecurity threats;
3. Requiring DHHS to establish guidelines and best practices that serve as a resource for cost-effectively reducing cyberliability risks consistent with HIPAA and other relevant laws.
Members of Parker Poe’s HIPAA and Security Team are available to answer questions regarding the Cybersecurity Act as well as to assist clients to address cybersecurity concerns.
From time to time the Parker Poe Health Care Blog asks experts in the health care field to serve as guest bloggers. Our guest blogger today is Amy Poplin Dunatov, MPH, FACMPE, ICDCM-CT.
If the October 1, 2015 ICD-10 transition buildup felt to you like Y2K all over again, then you are not alone. Although some hospitals have reported delays in payments, physician practices have not experienced delays in processing of their professional claims. In fact, the majority of physician practices are reporting no problems related to the transition, and CMS reports denial rates are at the same level as prior to the ICD-10 transition.
Now that the catastrophe seems to be averted, what do we do next? The subsequent challenge is how to use the more specific data available with ICD-10. The value of ICD-10 data lies in the diagnosis specificity of each patient encounter. If the practice is coding “unspecified” for each patient encounter, then the value of that data is diminished. The initial focus for physician practices should be to code to the highest level of specificity for every patient encounter. The practice should continue to educate providers and coders to maximize the data’s value.
The next challenge lies in how to transition the thousands of ICD-10 codes from each patient encounter into usable data for reinforcing the quality of patient care and, thereby, negotiating higher reimbursement with the payers as we become partners in caring for the population. To facilitate this data compilation, the practice should invest in a robust electronic medical record (EMR) and/or practice management system (PMS) that can offer assistance in mining data. The practice must have the ability to gather and compare their information with the information payers so expertly mine, and they should use the data to support improvements in overall health and utilization. For example, a practice may have a clinical pathway that tracks diabetic patients with a hemoglobin A1C outside of the normal range. The patient is brought back to the office for counseling and support. This intervention helps the patient get their lab results back into the normal range while avoiding a costly hospital visit. A win-win-win for the patient, the practice, and the payer.
Practices that continue to make progress down the road to higher specificity of ICD-10 codes will be more prepared for the major changes on the healthcare horizon, such as value-based care. The ability to thrive in the new payment environment depends on the ability to accurately document and code the patient encounter. So, my advice for you is to keep exploring the nuances of ICD-10 coding. Clinical and financial performance depends on it.
Amy Poplin Dunatov is an independent practice management consultant with extensive experience in medical practice management, including both private practice and hospital-owned multispecialty group settings. She has comprehensive knowledge of billing and E&M coding, physician compensation plan design, financial and operational benchmarking especially as it relates to physician compensation and productivity. Amy is an ICD-10 certified trainer and has worked with both large and small practices over the last two years to assist with ICD-10 education. She can reached at: amy.Dunatov@outlook.com and www.linkedin.com/in/amypoplindunatov