How physicians can manage growing technology obligations in the practice.
Medical Economics has compiled a list of the top challenges (and solutions) physicians may face in 2015. From that list, here are the four issues that focus on technology.
Physicians should not expect another delay
Practices should be updating sys
tems and training their staffs for ICD-10. But even with an extra year to prepare, will doctors be ready to go live with ICD-10 in October 2015?
“I guarantee there will be one large payer or a few small payers, or both, that won’t be ready to process ICD-10 claims on October 1, 2015,” says Joshua Berman, director of business analytics and ICD-10 lead at Relay Health Financial.
The ICD-10 delay helped and hurt practitioners, depending on who you ask. According to a Medical Group Management Association survey in February 2014, 79% of practices had not yet started implementation or were only somewhat ready. A survey by Part B News says that the delay will cost practices more money in training, and that 34% of practitioners would have been ready for the October 2014 deadline.
No matter where practices are in their preparation for ICD-10, the new coding system will cost a considerable amount of money. The American Medical Association estimates that small practices could spend between $56,639 and $226,2015 to implement the coding system.
Pam Jodock, senior director of health business solutions for Healthcare Information and Management Systems Society (HIMSS), suggests that practitioners allot time for end-to-end testing with clearinghouses to ensure coding is working properly. “HIMSS recommends that practitioners follow the 80/20 rule to determine which health plans process the highest volume and highest value claims,” Jodock says, adding that HIMSS has an “ICD-10 Playbook” on its website to assist practices of all sizes. She suggests that practices take advantage of the Centers for Medicare and Medicaid Services ICD-10 testing on March 2-6, 2015, and June 1-5, 2015.
Berman says that practices will have to be ready to send both ICD-9 and ICD-10 claims during a period of transition to ensure payment. “The dual coding process that will need to take place at that point will prove to be very time consuming and resource intensive while at the same time may be difficult to do via their current health information system and/or practice management system.”
Having extra cash on hand during ICD-10 implementation will help practices in the event of increased denials and delayed payments. “Denials from miscoding or other process glitches could significantly slow down payment,” says Berman. “That being said, physicians need to have a financial plan in place in case payments are slowed down/delayed for a significant length of time.”
Jodock says now is the time to make ICD-10 training a priority. “Practitioners who take the time to prepare in the months between now and October 1, 2015 will have fewer challenges than those who choose to wait, especially if they participate in end-to-end testing. Those who delay their preparations or who choose not to test may experience a higher number than usual of claims that are rejected or pended for additional information, which could lead to a delay in payment,” says Jodock. “Even the most well-executed implementation effort could experience challenges.”
Staying compliant in a fast-moving, digital world
Though the chances your practice will be audited for Health Insurance Portability and Accountability Act (HIPAA) violations are slim, keeping patient information secure is growing more complicated. Since 2009, there have been more than 800 patient data breeches and 29 million patient records affected by HIPAA violations, according to the 2013 Redspin Breach Report.
The Office of Civil Rights began its second phase of HIPAA audits in October, and will continue until June 2015. Of the 350 healthcare organizations that will be asked to submit information on patient health data security, approximately 150 will be audited. Fines for HIPAA violations can start at $100 and can go as high as $50,000, capping at $1.5 million annually, depending on the scale of the breach. Fines aren’t the only consequence practitioners face-a HIPAA violation can break the trust that patients have with their physicians.
HIPAA violations may seem like a large-organization problem, but considering that many breaches are a result of employee theft and carelessness, smaller practices are at risk. One issue practitioners face: It becomes harder to keep track of electronic communication within the practice when patients and staff often have mobile devices and can be unaware of how easily HIPAA rules can be violated.
“While there are certainly threats from outsiders, insider threat (employees accessing information inappropriately) is also a serious threat for practices,” says Lisa A. Gallagher, BSEE, CISM, vice president of technology solutions at theHealth Information and Management Systems Society.
Practices must consider mobile technology as a threat to patient security. Create a ‘bring your own device’ policy that allows the practice to access an employee’s device if there is a potential breach. Also be aware of smartphones and other portable devices that have audio and video capabilities that employees and patients bring to the practice.
Employees who use social media at work can also be a threat to HIPAA rules. “For example, an employee may think nothing of posting about an irritating patient with sufficient detail as to identify the patient. Even well-meaning employees can make such a disclosure without realizing it. If a practice employee takes a picture with their favorite patient and posts it to their social media account, the post is a PHI (patient health information) disclosure,” says Daniel F. Shay, JD, an attorney who focuses on HIPAA at Alice G. Gosfield & Associates in Philadelphia, Pennsylvania and contributor to Medical Economics.
In addition, Shay adds that “employees may post photos of seemingly innocuous content, such as a picture of their lunch…which happens to be sitting on top of a patient chart or order sheet.”
One major issue that many physicians are not aware of is the requirement, both for HIPAA and meaningful use, to complete and keep updated a security risk analaysis, intended to identify risks to record security. Many physicians are not aware of this requirement, and it is a primary reason why practices fail meaningful use audits, says Mark Norris, a consultant who specializes in privacy, security and meaningful use attestation.
Penalties for not attesting start in 2015
Meaningful use 2 (MU2), which has been a challenge for physicians, is unlikely to get easier in 2015, according to Bethany Jones and Naomi Levinthal, health IT consultants for The Advisory Board Company.
Starting in 2015, eligible professionals (EPs) will see a 1% decrease in Medicare reimbursements for each year they don’t meet meaningful use requirements. The penalty will change by 1% point each year to a maximum of 5%. EPs have until the end of February 2015 to attest for MU2. As of November 1, 11,478, or 2% of EPs have attested to MU2.
The Centers for Medicare and Medicaid Services (CMS) has not made things any easier with its frequent rule changes, which require practices to stay up to date on the agency’s latest FAQs, Jones points out.
To start with, Levinthal notes, some electronic health record (EHR) vendors continue to struggle to obtain 2014 certification, which is required for use in MU2. Other vendors have elected not to pursue this certification at all. That means their customers will have to switch to other EHRs to show they have met the MU2 requirements.
In August, CMS finalized a “flexibility rule” that allows EPs to use 2011- or 2014-certified EHRs or a combination of them if their vendors have been slow in delivering upgrades to the 2014 edition. But next year, they will have to use 2014-certified EHRs, and EPs who are scheduled to attest to MU2 will have to do so.
The American Medical Association (AMA) has requested a stop to MU2 penalties due to interoperability challenges between EHR systems. “The whole point of the meaningful use incentive program was to allow for the secure exchange of information across settings and providers and right now that type of sharing and coordination is not happening on a wide scale for reasons outside physicians’ control,” says AMA President-elect Steven J. Stack, MD. “Physicians want to improve the quality of care and usable, interoperable electronic health records are a pathway to achieving that goal.”
Moreover, Jones points out, the reporting period next year is 12 months for all physicians who have gone through at least one year of the meaningful use program. Until now, the reporting period has been only 90 days-and it remains that for doctors who will be in their first year of the program in 2015. The full-year reporting requirement will be challenging for many doctors, Jones says.
In MU2, one of the most difficult criteria is persuading 5% of a practice’s patients to view, download or transmit their electronic health information, typically through the use of a patient portal attached to an EHR. When physicians reach out to patients themselves, they’re more likely to get them to use a portal, Jones notes. But many doctors-particularly specialists who receive mostly episodic visits-are not ready to educate patients about portals, she says.
Portals are also “brand new territory” for most practices, Levinthal adds. So for this requirement, as well as for the requirement that EPs exchange care summaries in transitions of care, mastering the technology is the biggest hurdle in many practices.
In the MU2 attestation data that CMS has released to-date, she says, 70% of attesting EPs have qualified for exclusions from the transitions of care requirements, including at least one exchange of a care summary with the user of an EHR that’s different from the attester’s system. CMS allows EPs to exclude these criteria if they have referred fewer than 100 patients to another physician or have ordered them to be transferred to another care setting, such as home care or a skilled nursing facility, during the reporting period.
Many EPs, particularly specialists, have fewer than 100 transitions of care within a 90-day period, she notes. But next year, when the reporting period increases to 365 days, a far smaller percentage of EPs arelikely to meet the exclusion criteria.
Meanwhile, direct secure messaging-the main method that physicians are using to exchange care summaries-continues to be plagued by difficulties. Jones believes this situation is improving, but cautions: “Providers have to be really creative in the way they approach transitions of care.”
Jones doesn’t expect most EPs to abandon meaningful use and accept the Medicare penalties for failing to attest. As of July, CMS had received more than 44,000 hardship applications from practitioners requesting an extension for MU2 attestation. CMS stopped accepting hardship applications in November.
“Some stuff is out of their control and they’re having trouble meeting objectives, but they’re charting their own course,” she says. “We don’t see them giving up, but they’re asking for more time.”
Technology burdens and the medical practice
Information technology costs have soared in physician practices in recent years, and they’re not expected to drop in the foreseeable future. Even if meaningful use went away tomorrow, notes David Zetter, PHR, CHBC, a practice management consultant in Mechanicsburg, Pennsylvania, there would be additional IT costs for Medicare programs such as the Physicians Quality Reporting System (PQRS) and the Value-Based Payment (VBP) Modifier Program.
The Medical Group Management Association (MGMA) also blames IT for much of the rise in group practices’ administrative costs. The 2014 MGMA Cost Survey finds that the median cost of business operations staff-including IT staff-is now about $52,000 per full-time-equivalent physician. MGMA attributes much of this expense to meaningful use and the other government programs that Zetter cites.
Nearly every practice has computers, even if it only has a practice management system, Zetter notes. The cost and complexity of both hardware and software increase substantially when the practice adds an EHR. In addition, he points out, support and maintenance of these systems are expensive. To start with, practices must either pay their EHR vendor an annual maintenance fee (typically, 18% of the software cost) or pay for each new upgrade.
Technical support presents additional challenges, especially for smaller practices. Since they can’t afford an IT department or even a staff member dedicated to IT, these practices usually hire a local computer service company to support their EHRs. Such firms can be skilled at maintaining computer networks, but they don’t necessarily understand the intricacies of
EHR software or how to perform the kind of security assessments that meaningful use requires.
“There are plenty of people who know how to do IT and networking, but they may not know about the healthcare industry,” Zetter says.
To keep costs down, many practices have selected low-cost or free EHRs. Those products work well for some physicians, depending on their circumstances, Zetter says. But some practices have found that such EHRs fall short of their expectations, he notes.
Experts are divided over whether the five-year cost of cloud-based EHRs is higher or lower than that of on-premises, client-server systems. Yet more and more practices are moving to cloud-based EHRs and billing systems, especially if they’re seeking replacements for current products. This is partly about avoiding the upfront cost of new software and computer.