Letter from the President

As August begins and we enter the so-called “dog days” of summer, events often trigger memories or expectations of things to come. Even 40+ years since experiencing a true summer vacation, meaning the entire summer WAS a vacation, I can’t shake the feeling of summer’s end and impending structure looming; “back to school” season. In writing those words I ponder why I have always had that emotional response as summer’s end draws near. I experience the same type of reaction on Sunday evenings. That “the weekend is over” doomed feeling. I’m not really sure why.  I was a 'weirdo' who loved school. Growing up in the country and being separated from my friends every summer, I actually embraced the social interaction of seeing my friends every day, football games, bonfires, dances, parades—all of the activities of fall. All these years later, I still experience the sense of doom and gloom as fall approaches, but why?  I am a “glass half full”, wide-eyed optimist who always looks for the silver lining in every situation. It’s probably the cheerleader in me.  I am the person reminding someone who just suffered a setback, “everything happens for a reason”, “you’ll learn from this experience and come back stronger”, blah, blah, blah.  Don’t get me wrong, I still have that optimism, but I also realize how annoying that can be. Sometimes we just need to feel uncomfortable, sad or gloomy. That is ok, as long as we use that as motivation to get back on our horse to ride again.

I’m a huge sports fan. Anyone who knows me understands the passion I have for my favorite teams and sports. I love watching the sport/game/match/competition. I cheer, quite loudly, or so I’m told; I feel that it is my responsibility to show my support by cheering.   I’ve enjoyed watching the Olympic Games over the past two weeks; always cheering for Team USA, of course. But what I’ve perceived during this 32nd Olympiad appears to be a definite shift in focus of the athletes.  Yes, they remained focused on bringing home a medal, obviously.  But perhaps due to the delayed start, accompanied by the additional challenges to safely compete, caused many to express their focus on the process or journey rather than the final result.  I believe we can all learn a lesson from this.

As we close out our second “COVID summer” and enter another “COVID fall” can we all agree to focus on our success in navigating a once in a lifetime experience and coming out on the other side. Embrace the changes in process, celebrate the ingenuity, and welcome opportunities presented although unexpected. It’s easy to focus on all of the problems ingrained in our daily lives now and for the foreseeable future; running short-staffed, being unable to refill staff vacancies, serving increasingly unhappy and difficult patients and their families who appear almost emboldened to challenge us on our safety requirements, increasing costs, decreasing reimbursement, increasing administrative burden….see, I told you it was easy to focus on the negative. I challenge each of us to focus on the positive experience in this journey through the remainder of the pandemic and into the post-pandemic future. This is one end that won’t bring that looming “last day of vacation” feeling for me, but rather an eager anticipation of reunion, celebration and camaraderie.

All of that being said, we are still weighing our options for educational events this fall. Per your responses to our survey, you are ready for an in person event!  So are we, but that may not be practical, yet.  We continue to monitor the environment and will consider all options before making a final decision. Rest assured we will be your resource for all issues related to practicing in Pennsylvania and colleague(s) are only a phone call, message or email away. Virtual connections remain active, safe and practical, until we can meet in person again. Every day is one day closer to that reality. #PAMGMA cares.  

Traci Evans, FACMPE
Pennsylvania MGMA, President

Raising the Human Firewall: Social Engineering & The Modern Medical Practice

By: Nate Kline, Senior Account Executive, Infradapt- Outsourced IT for Business

Did you know that there has been a 55% increase in cyber breaches throughout healthcare organizations in 2020? In fact, the industry is projected to spend an astounding $125 Billion on cyber security measures between 2020-2025, yet 2020 closed the year with 29 Million patients’ personal health information (PHI) breached.

All of this funding spent to prevent Cyber Threat Actors from succeeding, yet somehow, these criminals are still very much in business. What is their secret to success?

Social engineering, or manipulation of the end user, is responsible for over 98% of successful cyber-attacks. From convincing emails to spoofed websites, the internet is teeming with threats to your office that cannot be prevented by purchasing the latest security widget. In the end, you and your employees are the greatest defense – the Human Firewall that will defend your practice.

The Social Engineering Framework

The last intention of your practice staff is to compromise the network or confidential patient information. Cyber criminals are very aware of this, and fully understand that, to effectually manipulate the end user, they must use a carefully tailored message that leverage psychological mechanisms and influence to achieve their missions. Referred to as the Social Engineering Framework these tactics can be described by two primary qualities:

Information Gathering: Before attempting to penetrate a network, the most successful cyber criminals first gather the information necessary to generate a convincing message, and deliver it to the right targets. Publicly available information is gathered from the practice website, social media, etc. to help outline a potential flow of communication, and any weaknesses they can exploit.

By identifying current industry trends to exploit (i.e. COVID-19), organizations that would make good targets, and even specific staff members most likely to fall for their trickery, these criminals are able to more effectually leverage psychological mechanisms to coerce practice staff to opening the door to your network – letting them right past the latest and greatest security measures you invest so much time and money into.

Psychological Mechanisms: Well organized information alone is not enough to provide these intruders with a way in. They must also take advantage of various psychological mechanisms to establish what the IT world refers to as “Instant Rapport”.

Instant Rapport is the use of identity spoofing of some kind to:

• Establish authority
• Impose urgency
• Require a specific result

In the cyber world, the most common form of instant rapport translated to identity spoofing emails, often times coming from someone with a position of authority within the practice, that can require an action of a subordinate, and ultimately leverage their influence.

By presenting believable information in a way that will affect a target’s decision making process, malicious cyber criminals impersonate high level administrators to falsely establish the pretext that the call to action as entirely legitimate. This results in the misguided emotions of concession, obligation, and reciprocity being evoked by the end user as they fall victim.

Essentially, this framework is what threat actors rely on to profile their victim organizations, develop a message, and target the largest security vulnerability of most networks: the end-users.

Social Engineering via E-Mail: How to Spot Common Social Engineering Tactics

It is without a doubt that email has become one of the most vital form of communication in the modern healthcare environment. It should come as no surprise that threat actors commonly attempt to exploit this communication channel – a direct road to conducting a convincing dialogue with your team members.

The good news is that there are some common ways to analyze the different components of an email to see through the scams:

From: & To:

• The contact is not someone that you ordinarily communicate with as part of your daily duties
• The contact is from outside the organization and not related to your job responsibilities
• The contact is someone you know, but the request or message is very unusual and out of character from their typical tone
• The domain (i.e. @example.com) is suspicious

Subject & Date:

• The subject line makes sense with content
• Sent at an unusual time

Content & Attachments:

• You are being asked to open an attachment to avoid a negative consequence or gain something of value
• Includes an odd or illogical request – often times to click a link or share sensitive information
• Has an attachment you were not expecting
• Misspelled or long hyperlinks

As a guiding principle, end users should trust the communications they receive, but verify the authenticity before clicking on a link or fulfilling any requests.

Cultivating a Culture for Tackling Cyber Risk

E-mail being the #1 tool of cyber criminals reveals the elephant in the room: cyber security is no longer the sole responsibility of your group’s technology department or IT providers; rather, it is a team sport fostered by a culture of awareness throughout the organization.

Gone are the days of group administrators being able to “fund and forget” the cyber security strategy of their practice. It is time to consider cyber risk as a dynamic challenge, as cyber threats are ever-changing and constantly evolving. One of the most effective ways to combat these malicious criminals is through the continued involvement and education of everyone within your organization.

As any group manager understands, getting everyone on the same page about a new process, procedure or goal can be difficult. Fortifying the “Human Firewall” as an administrator is easier said than done. It entails a process of standardizing the methodology that your practice uses to judiciously mitigate risks in alignment with overarching technical capacity and business goals.

For this reason, the best way to go about this is to develop a Cyber Risk Task Force compromised of primary stakeholders to establish the attitude and approach that will be taken towards managing potential susceptibilities to cyber-crime by:

• Establishing and enforcing a risk mitigation culture throughout the organization
• Proper network segmentation and data access policy implementation
• Keeping staff routinely trained on the latest cyber threats, especially ones that they may encounter
• Simulating cyber threats to test your staff’s ability to identify social engineering tactics in action

Above all, it is important for medical administrations to consistently maintain open channels of communication as they keep a pulse on the organization’s overall security posture. By taking this holistic approach, your team will be positioned to identify complex cyber threats relevant to your specific organization– ensuring there the Human Firewall maintains its integrity in the face of unprecedented threats.

Top of Page

About the Author

Nate Kline

Mr. Kline brings over 14 years of industry experience to the table. His background includes all the Company's core sales functions, including lead cultivation, presales support and engineering, relationship and account management, technology and business reviews, solution design, and solution presentations. Mr. Kline is experienced with serving HIPAA sanctioned environments, and has overseen turnkey private cloud transitions and environment remediation for over 100+ organizations to date. 

How to Succeed in Value-based Care with Service-Enabled Technology

By: Burke Burnett, Sr. Director of Product Strategy, Vatica Health
[SPONSORED]

More and more primary care providers (PCPs) are entering value-based care arrangements, whether by choice or mandate. In fact, CMS hopes to have 100% of Medicare Advantage payments linked to alternative payment models by 2025.

With this new approach to care, it’s important for PCPs to understand the impact that risk adjustment and quality of care has on value-based care performance and assess whether their organization has the building blocks in place to ensure success. Unfortunately, PCPs are frequently impeded by insufficient time, data, and staffing resources, which prevents them from reaching their clinical and financial goals under these emerging payment systems. However, PCPs who address these gaps by evaluating their practices’ strengths, opportunities, and partnership needs are well-positioned to thrive in value-based care.

Risk Adjustment and Quality of Care

As we move to value-based care, providers will be compensated based on efficiently delivering better results—not more procedures. Value-based care is designed to incentivize providers to improve outcomes in a cost-efficient manner. In other words, payment and quality of care are inextricably linked.

Two critical components to any value-based care arrangement are risk adjustment and quality reporting. This is because success in value-based care depends on accurately assessing the clinical needs of your population, and reporting these needs so that your payments will be sufficient to deliver appropriate care.

The challenge is that risk adjustment and quality reporting is labor intensive and is predicated on a complex set of rules, which frequently becomes a stumbling block for practices. Because of the complex payment methodology associated with risk adjustment, appropriate coding specificity is needed to accurately report chronic conditions. Without this specificity, plans and PCPs may end up with artificially low patient risk scores, resulting in insufficient funds to deliver adequate levels of care. Similarly, PCPs must adhere to the reporting standards for quality gap closures, and deviation can result in sub-standard outcomes.

For practices that lack specialized coding and quality technology, as well as properly trained staff, keeping up with these activities is a significant challenge.

What to Look for in Service-Enabled Technology

More often than not, PCPs attempt to solve these challenges with the aid of technology. However, as many PCPs know, the implementation of new software can create more problems than it was intended to solve. With office staff burnout at an all-time high, it is important to make sure that any new tools being utilized are supporting, not hindering, the team’s success.
What should PCPs be looking for when selecting the right partner? Let us look at some common quality reporting and risk adjustment challenges and how your technology should address them.

Provider Documentation Support
Challenge: Due to lack of coding expertise and ineffective technology, provider documentation is often not specific enough to support the ICD-10 coding necessary to accurately risk adjust a patient. Many common chronic conditions, such as major depressive disorder, specified arrhythmias, staged chronic kidney disease, and others, can only be risk adjusted when specified in physician documentation.

Solution: This level of detail can be achieved with a combination of clinical decision support, computer-assisted diagnostic coding technology, and supplemental clinical staff. Because technology alone cannot eliminate these challenges, augmenting existing staff with clinical resources to supplement these technology solutions, commonly known as service-enabled technology, is emerging as a gold standard.

Coding Expertise
Challenge: Risk adjustment payment methodology is highly complex. While PCPs may have medical coders on staff, they often lack the specialized skills needed to code to appropriate specificity. To bridge this gap, health plans deploy vendors to perform either home assessments or retrospective chart reviews, which can cause patient and provider abrasion.

Solution: PCPs can avoid these pitfalls with EMR-integrated technology that is powered by algorithms that do the heavy lifting by surfacing the most specific and relevant codes. Because an accurate and complete data set for each patient is critical, providers should consider supplemental clinical staff to support provider documentation with the EMR to synthesize it with health plan data.

Seamless Quality Reporting
Challenge: Quality of care programs can be challenging for providers in value-based care arrangements. Providers often lack the data and tools to support the reporting and activities associated with these measures.

Solution: Providers should consider solutions that specialize in quality reporting to foster greater communication and collaboration with health plans. New service-enabled technology solutions change the way health plans and providers are working together to improve financial and clinical results.

In a nutshell, technology alone is insufficient. Providers need both powerful EMR-integrated technology wrapped with clinical and administrative support to drive superior value-based care performance. PCPs do not need another application to log into—they need a team of experts behind the screen helping the technology work for them.

Top of Page

About the Author

Burke Burnett

Burke Burnett is Sr. Director of Product Strategy at Vatica Health. He’s spent the last 10 years designing technology-enabled services for providers, payers, and patients. Burke is a certified coder and risk adjustment practitioner who lives in Dallas, TX with his 3 children. He can be reached via email at bburnett@vaticahealth.com.

Real Estate: The Second-Highest Expense in Your Practice

By: Shay Vogg, Broker, CARR

When it comes to managing expenses in your practice, there are dozens of categories to evaluate: equipment, technology, loan costs and interest rates, sundries, marketing, and on and on they go.

Many practice owners are quick to shop-out what they believe are the most obvious expenses, but few understand the impact of one of the largest expenses and how it can be dramatically reduced to increase profitability. The highest expense for most practices is payroll, followed by real estate. Real estate encompasses your monthly rent or mortgage payments, along with the property’s operating expenses, maintenance fees, utilities, and janitorialcosts.

If you consider these top two expenses, payroll and real estate, only one of them is really negotiable. With payroll, you can either pay people their value or they usually find another job that will. You may decide that you can cut staff, but if you need people you need to pay them what they deserve or they will eventually leave.

Real estate however, is 100% negotiable. You have the choice of leasing or owning, as well as being in an office building, retail center, a stand-alone building, or large medical complex with many other providers. You can choose the size of your space, the design, and the landlord you want to work with—or to be your own landlord. And if you do own, you get to decide whether to buy an existing building, an office condo, or to develop your own building from the ground-up.
When negotiating the economic terms of a lease, you get to have a say in the length of lease, the desired concessions including build out period, tenant improvement allowance, free rent, lease rates, annual rate increases and many other provisions.

With this many choices to evaluate and understanding that each one affects the final economic outcome, why is it that so many practices fail to capitalize on their real estate opportunities? The short answer is that most practice owners and administrators simply don’t have the knowledge and expertise in commercial real estate to understandhow to make the most of these opportunities. They view real estate as a necessary evil instead of an incredible opportunity to improve profitability, reduce expenses and improve the quality of their patients’ experience. When the correct approach is taken, you may actually look forward to it instead of dreading your real estate negotiation.

Let’s take a look at three key ideas that will help you make the most of your next real estate transaction.

1. Timing

Every type of transaction has an ideal timeframe to start the process. When starting too early or too late, you communicate to the landlord or seller that you don’t really know what you’re doing. When that message is communicated, it hurts your ability to receive the best possible terms. Forexample, don’t wait for your landlord to approach you on a lease renewal negotiation. Start by consulting with a professional
 
so you can understand the ideal timeframe to start your transaction, come up with a specific game plan for what you want to achieve, and then you be the one to approach yourlandlord with renewal terms.

2. Representation

Landlords and sellers prey on unrepresented tenants who don’t really know the market or what their options are. If the tenant was a Fortune 500 company, the landlord would approach them with a high level of respect, expecting that they either have a real estate broker hired to represent them or have a team of professionals internally that are well equipped to handle the transaction.

In contrast, when a landlord or seller starts speaking with a tenant who isn’t represented, and who they don’t believe knows the market as well as they do, that tenant is not going to get the same level of respect through the process. This is because the landlord senses an opportunity to take advantage of a small tenant who is not an expert, doesn’t have a full complement of real estate knowledge and skills, and who doesn’t have adequate representation.

When you understand that commissions are paid in commercial real estate just like they are in residential real estate—they are set aside in advance for two parties, not just one—then you understand there aren’t any savings by not having a broker. And if there aren’t any savings by not having a broker, then showing up without one only further detracts from your credibility.

3. Leverage and Posture

It is nearly impossible to emerge victorious from a negotiation without leverage and posture which are created by having multiple options in the market. If you limit yourself to one property, you are at the mercy of that owner. Since most landlords and sellers negotiate professionally, it is easy for themto know when you don’t have other viable options.

Simply telling a landlord that you have a proposal from another landlord won’t give you a strong enough posture. Most landlords look at unrepresented tenants and assume they do not know the market, do not understand all their options, and are not really serious about making the landlord compete for their business. Leverage and posture are created when you have the ri ght timing, professional representation, an understanding of all your available options, and a detailed game plan of what you want to accomplish in order to capitalize on the market.

These three key ideas are the first of many factors that allow healthcare tenants and buyers to reduce their second highest expense which dramatically impacts profitability and cash flow.

Top of Page

Shay Vogg

Shay Vogg is a Broker with CARR, exclusively helping healthcare tenants and buyers in the Pennsylvania area achieve the most favorable terms on their commercial real estate purchase and lease transactions.

Are Providers Ready for the Post-Covid Audit Challenges Ahead?

By: Justin Sanders, Manager of Payor Engagement, Sharecare
[SPONSORED]

As healthcare begins to recover from the impacts of COVID-19, there are new challenges ahead as the providers’ reprieve on managed care audits during the pandemic comes to an end. Industry observers expect a veritable alphabet soup of audit types — HEDIS (Healthcare Effectiveness Data and Information Set), RADV (Risk Adjustment Data Validation), MRA (Medicare Advantage Risk Adjustment), HIX (Health Information Exchange), CRA (Commercial Risk Adjustment), etc. — to increase, including audits focused on all the telehealth that occurred during the pandemic. 

In short, for providers that had to scramble to implement new policies, practices, and technology during the pandemic, auditors aren’t going to let you catch your breath as, unfortunately for many, was evident during the 2021 HEDIS season.

 

New Telehealth Audits Underway

In February of 2021, the U.S. Department of Health and Human Services (HHS) Office of the Inspector General (OIG) announced that it is conducting seven different audits, evaluations, and inspections of telehealth services.

These audits will focus on telehealth usage by home health agencies and in Medicare and Medicaid populations. Given that most providers expanded their telehealth capabilities during the pandemic, many providers can expect their Medicare or Medicaid billing relating to telehealth to be subject to OIG scrutiny. 

How to start climbing the audit mountain?

Proactive planning is essential. Typically, this planning starts with creating a task force, which usually consists of your audit teams, your business office, and your HIM department. In smaller practices, these roles may all be the same staff member or one of the providers. This can create challenges when the focus on patient care is diverted, and the provider stops practicing at the top of their license. 

Your plan should allow you to check all the boxes that take you through a stepwise approach to compliance that includes effective communication with the auditor, Health Plan and other intermediary organizations, closing any information siloes in your organization, documenting and checking for compliance with all audit requirements and ensuring all information is sent in a timely fashion to avoid the risk of monetary penalties.

There are strict procedures and timelines to follow, and the auditor may issue follow-up requests, demanding more time and attention.

Year-Round Audits

 It’s an unfortunate fact of healthcare practice today: audits are a continuing threat year-round. While some audit types, such as HEDIS, are seasonal, other types are ongoing throughout the years. Likewise, some audits are routine, some are random, and others occur in response to suspected problems. Having a plan to proactively support and respond to audits is an important first step,

With audits an ever-present possibility, it makes sense to outsource a permanent solution. Just like you wouldn’t have your internists and nurse practitioners clearing snow with shovels and plows (you’d contract out for snow removal), it doesn’t make sense to divert providers’ time and energy to audit compliance. Often the best option is an audit outsource partner, like Sharecare Provider solutions which allow providers to focus on what they do best: caring for their patients.

 

Top of Page

 

About the Author

Justin Sanders

Justin Sanders is the Manager of Payor Engagement at Sharecare. He assists with national business development and works with payors and healthcare organizations. Justin develops and fosters strategic partnerships to support the needs of Sharecare’s clients, particularly as it relates to medical chart audits and retrieval. He graduated from the University of North Florida with a Bachelor of Science in Healthcare Administration and enjoys free diving in his spare time.