Traci Evans, FACMPE
By: Nate Kline, Senior Account Executive, Infradapt- Outsourced IT for Business
All of this funding spent to prevent Cyber Threat Actors from succeeding, yet somehow, these criminals are still very much in business. What is their secret to success?Social engineering, or manipulation of the end user, is responsible for over 98% of successful cyber-attacks. From convincing emails to spoofed websites, the internet is teeming with threats to your office that cannot be prevented by purchasing the latest security widget. In the end, you and your employees are the greatest defense – the Human Firewall that will defend your practice.
The Social Engineering Framework
The last intention of your practice staff is to compromise the network or confidential patient information. Cyber criminals are very aware of this, and fully understand that, to effectually manipulate the end user, they must use a carefully tailored message that leverage psychological mechanisms and influence to achieve their missions. Referred to as the Social Engineering Framework these tactics can be described by two primary qualities:
Information Gathering: Before attempting to penetrate a network, the most successful cyber criminals first gather the information necessary to generate a convincing message, and deliver it to the right targets. Publicly available information is gathered from the practice website, social media, etc. to help outline a potential flow of communication, and any weaknesses they can exploit.
Instant Rapport is the use of identity spoofing of some kind to:
In the cyber world, the most common form of instant rapport translated to identity spoofing emails, often times coming from someone with a position of authority within the practice, that can require an action of a subordinate, and ultimately leverage their influence.
By presenting believable information in a way that will affect a target’s decision making process, malicious cyber criminals impersonate high level administrators to falsely establish the pretext that the call to action as entirely legitimate. This results in the misguided emotions of concession, obligation, and reciprocity being evoked by the end user as they fall victim.
Essentially, this framework is what threat actors rely on to profile their victim organizations, develop a message, and target the largest security vulnerability of most networks: the end-users.Social Engineering via E-Mail: How to Spot Common Social Engineering Tactics
It is without a doubt that email has become one of the most vital form of communication in the modern healthcare environment. It should come as no surprise that threat actors commonly attempt to exploit this communication channel – a direct road to conducting a convincing dialogue with your team members.The good news is that there are some common ways to analyze the different components of an email to see through the scams:
From: & To:
As a guiding principle, end users should trust the communications they receive, but verify the authenticity before clicking on a link or fulfilling any requests.
Cultivating a Culture for Tackling Cyber Risk
E-mail being the #1 tool of cyber criminals reveals the elephant in the room: cyber security is no longer the sole responsibility of your group’s technology department or IT providers; rather, it is a team sport fostered by a culture of awareness throughout the organization.
Gone are the days of group administrators being able to “fund and forget” the cyber security strategy of their practice. It is time to consider cyber risk as a dynamic challenge, as cyber threats are ever-changing and constantly evolving. One of the most effective ways to combat these malicious criminals is through the continued involvement and education of everyone within your organization.
As any group manager understands, getting everyone on the same page about a new process, procedure or goal can be difficult. Fortifying the “Human Firewall” as an administrator is easier said than done. It entails a process of standardizing the methodology that your practice uses to judiciously mitigate risks in alignment with overarching technical capacity and business goals.
For this reason, the best way to go about this is to develop a Cyber Risk Task Force compromised of primary stakeholders to establish the attitude and approach that will be taken towards managing potential susceptibilities to cyber-crime by:
Above all, it is important for medical administrations to consistently maintain open channels of communication as they keep a pulse on the organization’s overall security posture. By taking this holistic approach, your team will be positioned to identify complex cyber threats relevant to your specific organization– ensuring there the Human Firewall maintains its integrity in the face of unprecedented threats.
About the Author
Mr. Kline brings over 14 years of industry experience to the table. His background includes all the Company's core sales functions, including lead cultivation, presales support and engineering, relationship and account management, technology and business reviews, solution design, and solution presentations. Mr. Kline is experienced with serving HIPAA sanctioned environments, and has overseen turnkey private cloud transitions and environment remediation for over 100+ organizations to date.
By: Burke Burnett, Sr. Director of Product Strategy, Vatica Health
With this new approach to care, it’s important for PCPs to understand the impact that risk adjustment and quality of care has on value-based care performance and assess whether their organization has the building blocks in place to ensure success. Unfortunately, PCPs are frequently impeded by insufficient time, data, and staffing resources, which prevents them from reaching their clinical and financial goals under these emerging payment systems. However, PCPs who address these gaps by evaluating their practices’ strengths, opportunities, and partnership needs are well-positioned to thrive in value-based care.
Risk Adjustment and Quality of CareAs we move to value-based care, providers will be compensated based on efficiently delivering better results—not more procedures. Value-based care is designed to incentivize providers to improve outcomes in a cost-efficient manner. In other words, payment and quality of care are inextricably linked.
Two critical components to any value-based care arrangement are risk adjustment and quality reporting. This is because success in value-based care depends on accurately assessing the clinical needs of your population, and reporting these needs so that your payments will be sufficient to deliver appropriate care.
The challenge is that risk adjustment and quality reporting is labor intensive and is predicated on a complex set of rules, which frequently becomes a stumbling block for practices. Because of the complex payment methodology associated with risk adjustment, appropriate coding specificity is needed to accurately report chronic conditions. Without this specificity, plans and PCPs may end up with artificially low patient risk scores, resulting in insufficient funds to deliver adequate levels of care. Similarly, PCPs must adhere to the reporting standards for quality gap closures, and deviation can result in sub-standard outcomes.
For practices that lack specialized coding and quality technology, as well as properly trained staff, keeping up with these activities is a significant challenge.
What to Look for in Service-Enabled TechnologyMore often than not, PCPs attempt to solve these challenges with the aid of technology. However, as many PCPs know, the implementation of new software can create more problems than it was intended to solve. With office staff burnout at an all-time high, it is important to make sure that any new tools being utilized are supporting, not hindering, the team’s success.
What should PCPs be looking for when selecting the right partner? Let us look at some common quality reporting and risk adjustment challenges and how your technology should address them.
Provider Documentation Support
Challenge: Due to lack of coding expertise and ineffective technology, provider documentation is often not specific enough to support the ICD-10 coding necessary to accurately risk adjust a patient. Many common chronic conditions, such as major depressive disorder, specified arrhythmias, staged chronic kidney disease, and others, can only be risk adjusted when specified in physician documentation.
Solution: This level of detail can be achieved with a combination of clinical decision support, computer-assisted diagnostic coding technology, and supplemental clinical staff. Because technology alone cannot eliminate these challenges, augmenting existing staff with clinical resources to supplement these technology solutions, commonly known as service-enabled technology, is emerging as a gold standard.
Challenge: Risk adjustment payment methodology is highly complex. While PCPs may have medical coders on staff, they often lack the specialized skills needed to code to appropriate specificity. To bridge this gap, health plans deploy vendors to perform either home assessments or retrospective chart reviews, which can cause patient and provider abrasion.
Solution: PCPs can avoid these pitfalls with EMR-integrated technology that is powered by algorithms that do the heavy lifting by surfacing the most specific and relevant codes. Because an accurate and complete data set for each patient is critical, providers should consider supplemental clinical staff to support provider documentation with the EMR to synthesize it with health plan data.
Seamless Quality Reporting
Challenge: Quality of care programs can be challenging for providers in value-based care arrangements. Providers often lack the data and tools to support the reporting and activities associated with these measures.
Solution: Providers should consider solutions that specialize in quality reporting to foster greater communication and collaboration with health plans. New service-enabled technology solutions change the way health plans and providers are working together to improve financial and clinical results.
In a nutshell, technology alone is insufficient. Providers need both powerful EMR-integrated technology wrapped with clinical and administrative support to drive superior value-based care performance. PCPs do not need another application to log into—they need a team of experts behind the screen helping the technology work for them.
About the Author
Burke Burnett is Sr. Director of Product Strategy at Vatica Health. He’s spent the last 10 years designing technology-enabled services for providers, payers, and patients. Burke is a certified coder and risk adjustment practitioner who lives in Dallas, TX with his 3 children. He can be reached via email at email@example.com.
By: Shay Vogg, Broker, CARR
Many practice owners are quick to shop-out what they believe are the most obvious expenses, but few understand the impact of one of the largest expenses and how it can be dramatically reduced to increase profitability. The highest expense for most practices is payroll, followed by real estate. Real estate encompasses your monthly rent or mortgage payments, along with the property’s operating expenses, maintenance fees, utilities, and janitorialcosts.
Let’s take a look at three key ideas that will help you make the most of your next real estate transaction.
Every type of transaction has an ideal timeframe to start the process. When starting too early or too late, you communicate to the landlord or seller that you don’t really know what you’re doing. When that message is communicated, it hurts your ability to receive the best possible terms. Forexample, don’t wait for your landlord to approach you on a lease renewal negotiation. Start by consulting with a professional
Landlords and sellers prey on unrepresented tenants who don’t really know the market or what their options are. If the tenant was a Fortune 500 company, the landlord would approach them with a high level of respect, expecting that they either have a real estate broker hired to represent them or have a team of professionals internally that are well equipped to handle the transaction.
In contrast, when a landlord or seller starts speaking with a tenant who isn’t represented, and who they don’t believe knows the market as well as they do, that tenant is not going to get the same level of respect through the process. This is because the landlord senses an opportunity to take advantage of a small tenant who is not an expert, doesn’t have a full complement of real estate knowledge and skills, and who doesn’t have adequate representation.
When you understand that commissions are paid in commercial real estate just like they are in residential real estate—they are set aside in advance for two parties, not just one—then you understand there aren’t any savings by not having a broker. And if there aren’t any savings by not having a broker, then showing up without one only further detracts from your credibility.
3. Leverage and Posture
It is nearly impossible to emerge victorious from a negotiation without leverage and posture which are created by having multiple options in the market. If you limit yourself to one property, you are at the mercy of that owner. Since most landlords and sellers negotiate professionally, it is easy for themto know when you don’t have other viable options.
Simply telling a landlord that you have a proposal from another landlord won’t give you a strong enough posture. Most landlords look at unrepresented tenants and assume they do not know the market, do not understand all their options, and are not really serious about making the landlord compete for their business. Leverage and posture are created when you have the ri ght timing, professional representation, an understanding of all your available options, and a detailed game plan of what you want to accomplish in order to capitalize on the market.
About the Author
Shay Vogg is a Broker with CARR, exclusively helping healthcare tenants and buyers in the Pennsylvania area achieve the most favorable terms on their commercial real estate purchase and lease transactions.
By: Justin Sanders, Manager of Payor Engagement, Sharecare
In short, for providers that had to scramble to implement new policies, practices, and technology during the pandemic, auditors aren’t going to let you catch your breath as, unfortunately for many, was evident during the 2021 HEDIS season.
New Telehealth Audits Underway
In February of 2021, the U.S. Department of Health and Human Services (HHS) Office of the Inspector General (OIG) announced that it is conducting seven different audits, evaluations, and inspections of telehealth services.
These audits will focus on telehealth usage by home health agencies and in Medicare and Medicaid populations. Given that most providers expanded their telehealth capabilities during the pandemic, many providers can expect their Medicare or Medicaid billing relating to telehealth to be subject to OIG scrutiny.
How to start climbing the audit mountain?
Proactive planning is essential. Typically, this planning starts with creating a task force, which usually consists of your audit teams, your business office, and your HIM department. In smaller practices, these roles may all be the same staff member or one of the providers. This can create challenges when the focus on patient care is diverted, and the provider stops practicing at the top of their license.
Your plan should allow you to check all the boxes that take you through a stepwise approach to compliance that includes effective communication with the auditor, Health Plan and other intermediary organizations, closing any information siloes in your organization, documenting and checking for compliance with all audit requirements and ensuring all information is sent in a timely fashion to avoid the risk of monetary penalties.
There are strict procedures and timelines to follow, and the auditor may issue follow-up requests, demanding more time and attention.
It’s an unfortunate fact of healthcare practice today: audits are a continuing threat year-round. While some audit types, such as HEDIS, are seasonal, other types are ongoing throughout the years. Likewise, some audits are routine, some are random, and others occur in response to suspected problems. Having a plan to proactively support and respond to audits is an important first step,
With audits an ever-present possibility, it makes sense to outsource a permanent solution. Just like you wouldn’t have your internists and nurse practitioners clearing snow with shovels and plows (you’d contract out for snow removal), it doesn’t make sense to divert providers’ time and energy to audit compliance. Often the best option is an audit outsource partner, like Sharecare Provider solutions which allow providers to focus on what they do best: caring for their patients.
About the Author
Justin Sanders is the Manager of Payor Engagement at Sharecare. He assists with national business development and works with payors and healthcare organizations. Justin develops and fosters strategic partnerships to support the needs of Sharecare’s clients, particularly as it relates to medical chart audits and retrieval. He graduated from the University of North Florida with a Bachelor of Science in Healthcare Administration and enjoys free diving in his spare time.