Industry Watch – October 2016

Sept. 27, 2016


10 things to know about MACRA

CMS has released its proposed final rule for MACRA (Medicare Access & CHIP Reauthorization Act of 2015). Though not finalized, MACRA creates a new framework for rewarding providers for better, lower cost, patient-centered care. athenaInsight does an excellent job of summarizing what you need to know.

1. Prepare now. Though it could change in the final ruling (due by the end of 2016), the MACRA timeline is aggressive. The first performance year starts Jan. 1, 2017, and impacts payments in 2019.

2. MACRA affects most providers across the country. Under MACRA, clinicians will choose one of two payment options: MIPS or APMs. MIPS (Merit-based Incentive Payment System) combines the Meaningful Use (MU), Physician Quality Reporting System (PQRS), and Value-based Payment Modifier Program (VM) programs. Clinicians get a composite score based on performance across four areas, which serves as a modifier for Medicare Part B reimbursements. APMs (Alternative Payment Models) include healthcare organizations with two-sided risk-based payment models such as Next Generation ACOs and Comprehensive Primary Care Plus (CPC+).

3. Everyone reports under MIPS in 2017. While MACRA offers two tracks (MIPS and APMs), all providers will report under MIPS in 2017 unless they are new to Medicare or bill very low Medicare volume. CMS will then determine which clinicians qualify for APM status.

4. Reporting is a full calendar year. The performance period for the new Quality Payment Program (QPP) tracks is a full calendar year, not 90 days. Performance during 2017 will be reflected in 2019 payment adjustments.

5. MIPS payment adjustments are complex. There are four categories that determine a clinician’s MIPS score: quality, cost, care coordination, and EHR use. Each category has a different weight, and relative weighting changes over time.

6. Under MIPS, most clinicians will see a payment adjustment. With other CMS programs, average performers saw no adjustment. By contrast, under MIPS most clinicians will. Those with a MIPS score above or below the national threshold will see a corresponding upward or downward payment adjustment. According to CMS, the majority of independent practices are expected to see a pay cut.

7. We won’t see a lot of APMs at first. Only a small number of groups will initially meet APM requirements, but CMS believes that over the long term, the Advanced APM will become the preferred choice for providers.

8. Reporting under these programs won’t be cheap. CMS estimates MIPS Quality Reporting will cost about $723 per clinician per year, and take about 11 hours per reporting category each year.

9. Remember Meaningful Use? It’s not going away (yet). QPP does not change hospital or Medicaid MU. Medicaid MU participants who also bill Medicare will need to participate in both Medicaid MU (through 2021) and MIPS.

10. Your data will be public. MACRA requires that each physician’s MIPS composite score be posted to the Physician Compare website, along with the physician’s score in each of the four performance categories.

Still have questions? Learn more at


VPN use low for public Wi-Fi

Sometimes people like things they know are bad for them. Case in point is the free Wi-Fi hotspot, that data-saving complimentary wireless connection available from coffee shops and restaurants, hotels, airports, hospitals, and even your local doctor’s office. Stats from the Identity Theft Resource Center on using free public Wi-Fi show that the overwhelming majority (78.5 percent) of people who connect to publicly available Internet networks believe that using public Wi-Fi can lead to identity theft, but only one-quarter (26.7 percent) use a virtual private network (VPN), the most reliable tool for personal online protection.

What makes a VPN so special? A professional VPN service encrypts all the traffic flow between the Internet and a device and helps hide an IP address. If you are a beginner, it’s best to choose a VPN that is user friendly. For example, NordVPN has recently launched new Mac, Android, and iOS apps geared toward the everyday Internet user. How does it work?

Most professional VPNs run on a paid-subscription model (NordVPN’s plans can run as little as $6 a month). Log in (the first time only) and press the ON button. The app will then choose the fastest server to connect to, in a country of your choice. That’s all it takes to hide your IP address and to start safe browsing. Beware of free VPN service providers that typically rely on third-party advertisers to cover their costs. They are often offering free proxy services, marketed as VPNs, when in fact proxies are not encrypted; they just change your IP address, but do not hide/encrypt it. Learn more at


WEDI issues electronic payments guidance

The Workgroup for Electronic Data Interchange (WEDI) recently released a wide-ranging set of industry best practices entitled, “Electronic Payments: Guiding Principles.” Developed by a multi-stakeholder ePayments Taskforce that included representatives from the health plan, provider, clearinghouse, banking, and government sectors, the guidance addresses concerns raised by respondents to WEDI’s electronic remittance advice (ERA) and electronic funds transfer (EFT) survey in early spring 2016.

That survey found that about 25 percent of provider organizations reported paying fees to use the automated clearinghouse (ACH) EFT transaction. In addition, a full 40 percent were required to accept payment from a health plan in the form of a “virtual” credit card – a 16-digit credit card number sent to the provider for processing through their card terminal, with the provider responsible for all associated transaction fees.

By establishing a consensus-driven set of principles that each impacted stakeholder can review and adopt through this document, WEDI anticipates driving increased use of ACH EFT, while at the same time establishing guidelines for the use of alternative payment options such as virtual credit cards.

Some key principles of the guidance include:

  • A health plan, clearinghouse, or payment-related vendor should complete the ACH EFT enrollment process to facilitate ACH EFT payments within 30 days of receipt of provider enrollment information.
  • Health plans, clearinghouses, and payment-related vendors should not delay ongoing payments when a provider elects to begin receiving any form of electronic payment.
  • The provider should not be subject to any hidden fees. Before a provider may be paid via electronic payment, the health plan, clearinghouse, or payment-related vendor must: (a)
    notify providers regarding their fees associated with this payment method; (b) advise providers to check with any of their contracted vendors (i.e., their credit card merchant processer) regarding any additional administrative fees; and (c) notify providers about the availability of an ACH EFT payment option.
  • Before a provider may be paid via an epayment method other than ACH EFT, the health plan, clearinghouse, or payment-related vendor should receive explicit agreement (“opt-in”) from the provider.
  • When a health plan or any of their clearinghouses or payment-related vendors offers an ACH EFT payment option, it should offer an ACH EFT option with no origination fees.
  • There should be transparency from health plans, clearinghouses, and payment-related vendors regarding any required transition from paper-based payments to electronic payments, and providers should be given a minimum 90-day notice before the effective date of the electronic payment mandate and must opt-in to any nonstandard electronic payment method scheduled to replace a paper-based payment.
  • Per the National Automated Clearinghouse Association (NACHA) Operating Rules, health plans, clearinghouses, or payment-related vendors must receive explicit authorization from the provider prior to use of the ACH EFT debit transaction for recoupment purposes.

For more information on WEDI’s industry efforts surrounding electronic funds transfer, please visit the WEDI EFT Workgroup page at


Out-of-date Flash makes devices susceptible

New research by cloud-based access provider Duo Security on nearly 250,000 mobile devices, PCs, and Macs in the healthcare sector indicates that half of those devices were running out-of-date versions of Flash, making them susceptible to vulnerabilities and malware, like the CryptoWall, Cerber, or Locky ransomware strains.

What do you do? Monitor and update. If you’re too busy or it’s overwhelming to keep track, services like Duo can help healthcare organizations protect themselves from the risk of ransomware in a single step. Duo provides IT administrators with visibility into all out-of-date devices used to access patient information in on-premises or cloud applications, such as Epic, Citrix, Outlook Web Access, and Office 365. Administrators can then use this information to prevent out-of-date devices from gaining access to those applications, significantly reducing the attack vector. Try it for free at

DT Research releases all-in-one medical computers, complete with hot-swap batteries

DT Research has launched the DT590 series of All-in-One Medical-Cart Computers – small systems designed with mobility in mind. The unique design of the DT Research Medical-Cart Computer offers an alternative to bulky wheel-based carts by providing a cordless, lightweight, anti-microbial design that operates continuously with batteries that can be easily changed.

The DT590 series features a built-in 19”, 22”, or 24” display, and is powered by an Intel 5th Generation Core i7, i3, or Celeron processor. It boasts a three-bay hot-swappable battery to decrease costs and maintenance associated with larger, more complicated systems.

Designed to sustain at least one working shift without adding charged batteries, these computers use inexpensive lithium-ion batteries for up to 16 hours of runtime.

Each unit features up to six USB ports, four legacy COM ports, and two HDMI-out ports that support high-definition 4K resolution. An optimized operating system running Microsoft Windows 7, 8.1, or 10 means healthcare providers that have existing medical solutions do not need to have their applications and equipment re-engineered to run on the DT590 systems.

With a VESA standard mount, the DT590 series is compatible with various popular medical carts, desktop stands, and wall mounts. The computers are immediately available through authorized resellers and partners.

For more information, visit

Sponsored Recommendations

New Research: The State of Healthcare Cloud Security and Compliance Posture

Compliance & Security Debt Awareness Could Have Prevented Change Healthcare & Ascension Healthcare Breaches

Patient Engagement and ML/AI – Modern Interoperability as an enabler for value based care

Discover how modern interoperability empowers patient engagement and leverages ML/AI for better outcomes in value-based care. Join us on June 18th to learn how seamless data integration...

New Research: The State of Healthcare Cloud Security and Compliance Posture

Compliance & Security Debt Awareness Could Have Prevented Change Healthcare & Ascension Healthcare Breaches

Telehealth: Moving Forward Into the Future

Register now to explore two insightful sessions that delve into the transformative potential of telehealth and virtual care management solutions.