Industry Watch – October 2016

8. Reporting under these programs won’t be cheap. CMS estimates MIPS Quality Reporting will cost about $723 per clinician per year, and take about 11 hours per reporting category each year.

9. Remember Meaningful Use? It’s not going away (yet). QPP does not change hospital or Medicaid MU. Medicaid MU participants who also bill Medicare will need to participate in both Medicaid MU (through 2021) and MIPS.

10. Your data will be public. MACRA requires that each physician’s MIPS composite score be posted to the Physician Compare website, along with the physician’s score in each of the four performance categories.

Still have questions? Learn more at athenainsight.com.

Security

VPN use low for public Wi-Fi

Sometimes people like things they know are bad for them. Case in point is the free Wi-Fi hotspot, that data-saving complimentary wireless connection available from coffee shops and restaurants, hotels, airports, hospitals, and even your local doctor’s office. Stats from the Identity Theft Resource Center on using free public Wi-Fi show that the overwhelming majority (78.5 percent) of people who connect to publicly available Internet networks believe that using public Wi-Fi can lead to identity theft, but only one-quarter (26.7 percent) use a virtual private network (VPN), the most reliable tool for personal online protection.

What makes a VPN so special? A professional VPN service encrypts all the traffic flow between the Internet and a device and helps hide an IP address. If you are a beginner, it’s best to choose a VPN that is user friendly. For example, NordVPN has recently launched new Mac, Android, and iOS apps geared toward the everyday Internet user. How does it work?

Most professional VPNs run on a paid-subscription model (NordVPN’s plans can run as little as $6 a month). Log in (the first time only) and press the ON button. The app will then choose the fastest server to connect to, in a country of your choice. That’s all it takes to hide your IP address and to start safe browsing. Beware of free VPN service providers that typically rely on third-party advertisers to cover their costs. They are often offering free proxy services, marketed as VPNs, when in fact proxies are not encrypted; they just change your IP address, but do not hide/encrypt it. Learn more at NordVPN.com.

Finance

WEDI issues electronic payments guidance

The Workgroup for Electronic Data Interchange (WEDI) recently released a wide-ranging set of industry best practices entitled, “Electronic Payments: Guiding Principles.” Developed by a multi-stakeholder ePayments Taskforce that included representatives from the health plan, provider, clearinghouse, banking, and government sectors, the guidance addresses concerns raised by respondents to WEDI’s electronic remittance advice (ERA) and electronic funds transfer (EFT) survey in early spring 2016.

That survey found that about 25 percent of provider organizations reported paying fees to use the automated clearinghouse (ACH) EFT transaction. In addition, a full 40 percent were required to accept payment from a health plan in the form of a “virtual” credit card – a 16-digit credit card number sent to the provider for processing through their card terminal, with the provider responsible for all associated transaction fees.

By establishing a consensus-driven set of principles that each impacted stakeholder can review and adopt through this document, WEDI anticipates driving increased use of ACH EFT, while at the same time establishing guidelines for the use of alternative payment options such as virtual credit cards.

Some key principles of the guidance include:

• A health plan, clearinghouse, or payment-related vendor should complete the ACH EFT enrollment process to facilitate ACH EFT payments within 30 days of receipt of provider enrollment information.
• Health plans, clearinghouses, and payment-related vendors should not delay ongoing payments when a provider elects to begin receiving any form of electronic payment.
• The provider should not be subject to any hidden fees. Before a provider may be paid via electronic payment, the health plan, clearinghouse, or payment-related vendor must: (a)
  notify providers regarding their fees associated with this payment method; (b) advise providers to check with any of their contracted vendors (i.e., their credit card merchant processer) regarding any additional administrative fees; and (c) notify providers about the availability of an ACH EFT payment option.
• Before a provider may be paid via an epayment method other than ACH EFT, the health plan, clearinghouse, or payment-related vendor should receive explicit agreement (“opt-in”) from the provider.
• When a health plan or any of their clearinghouses or payment-related vendors offers an ACH EFT payment option, it should offer an ACH EFT option with no origination fees.
• There should be transparency from health plans, clearinghouses, and payment-related vendors regarding any required transition from paper-based payments to electronic payments, and providers should be given a minimum 90-day notice before the effective date of the electronic payment mandate and must opt-in to any nonstandard electronic payment method scheduled to replace a paper-based payment.
• Per the National Automated Clearinghouse Association (NACHA) Operating Rules, health plans, clearinghouses, or payment-related vendors must receive explicit authorization from the provider prior to use of the ACH EFT debit transaction for recoupment purposes.

For more information on WEDI’s industry efforts surrounding electronic funds transfer, please visit the WEDI EFT Workgroup page at www.wedi.org/workgroups/transactions-code-sets/eft.

Security

Out-of-date Flash makes devices susceptible

New research by cloud-based access provider Duo Security on nearly 250,000 mobile devices, PCs, and Macs in the healthcare sector indicates that half of those devices were running out-of-date versions of Flash, making them susceptible to vulnerabilities and malware, like the CryptoWall, Cerber, or Locky ransomware strains.

What do you do? Monitor and update. If you’re too busy or it’s overwhelming to keep track, services like Duo can help healthcare organizations protect themselves from the risk of ransomware in a single step. Duo provides IT administrators with visibility into all out-of-date devices used to access patient information in on-premises or cloud applications, such as Epic, Citrix, Outlook Web Access, and Office 365. Administrators can then use this information to prevent out-of-date devices from gaining access to those applications, significantly reducing the attack vector. Try it for free at duo.com.

DT Research releases all-in-one medical computers, complete with hot-swap batteries

DT Research has launched the DT590 series of All-in-One Medical-Cart Computers – small systems designed with mobility in mind. The unique design of the DT Research Medical-Cart Computer offers an alternative to bulky wheel-based carts by providing a cordless, lightweight, anti-microbial design that operates continuously with batteries that can be easily changed.

The DT590 series features a built-in 19”, 22”, or 24” display, and is powered by an Intel 5th Generation Core i7, i3, or Celeron processor. It boasts a three-bay hot-swappable battery to decrease costs and maintenance associated with larger, more complicated systems.

Designed to sustain at least one working shift without adding charged batteries, these computers use inexpensive lithium-ion batteries for up to 16 hours of runtime.

With a VESA standard mount, the DT590 series is compatible with various popular medical carts, desktop stands, and wall mounts. The computers are immediately available through authorized resellers and partners.

For more information, visit www.dtresearch.com/Healthcare/products/Medical-Cart-Computer.html