Archive for September, 2016

Physicians: Be Cautious When Responding to a Subpoena or Request for Medical Records

Posted by on

medicalfile_banner

Editor’s Note: This article was originally published in the 2016 Summer Issue of Alabama Medicine magazine

Doctors must educate themselves and particularly their staff on the legal obligations to protect the confidentiality of medical records and how to properly respond to subpoenas and requests for patients’ health information. It is a huge mistake for physicians to automatically assume that a subpoena or request is properly executed. Improperly releasing a patient’s medical records can result in a civil suit by the patient, an administrative fine by the federal government, or disciplinary action by the state medical board.

Civil and criminal courts in the State of Alabama have the right to summon witnesses into court and require them to testify under oath. Subpoenas are issued to non-parties to a lawsuit; therefore, the health care provider is not a party to the pending litigation. Consequently, the method for securing the attendance of witnesses and records is by the issuance of a subpoena or a subpoena duces tecum, respectively.

A subpoena is a written order compelling a person to appear and give testimony at a trial or other proceeding. The subpoena duces tecum is a subpoena compelling a person to appear, give testimony, and bring all books, documents, papers, or records described in the notice. A failure to respond could subject the health care provider to contempt of court. A patient’s medical records are generally secured by a subpoena duces tecum, which is served on the person having actual custody or possession of the records, and typically request a patient’s chart, x-rays and billing documents. In most cases, the party seeking the information is not requesting the physician or his staff to physically appear in court to produce the records.

A subpoena is generally issued by an attorney or the clerk of court, which means that you will often receive a subpoena without an accompanying court order or any documents signed by the judge. A properly issued subpoena for patient records is generally as valid as any other properly issued subpoena with one important exception. That exception relates to subpoenas requesting health care information that is afforded special protection under state or federal law, such as records relating to the testing for or treatment of HIV, AIDS, STDs; and mental health, behavioral health, or treatment records of substance abuse programs. A subpoena requesting such information without a court order or patient authorization is generally not proper.

Typically, the subpoena must be accompanied by an authorization signed by the patient authorizing release of that specific protected information or an order signed by the judge authorizing release of that information. Stated another way, if the medical record contains information that relates to the testing or treatment of HIV, AIDS, STDs or psychiatric records, such as mental health or behavioral health, then the physician will need either:a court order signed by a judge specifically ordering the records related to these specially protected areas, or an authorization signed by the patient specifically authorizing the doctor to release that portion of the record.

  1. a court order signed by a judge specifically ordering the records related to these specially protected areas, or
  2. an authorization signed by the patient specifically authorizing the doctor to release that portion of the record.

The HIPAA Privacy Rules also require additional steps before a physician can release records containing protected health information (“PHI”) pursuant to a subpoena. A physician may disclose PHI in the course of any judicial or administrative proceeding by either obtaining an order of a court or in response to a subpoena if the physician obtains satisfactory assurances from the party issuing the subpoena.

For the purposes of obtaining “satisfactory assurances” from a party seeking PHI, the physician must receive documentation demonstrating that:the party requesting the information has made a good faith attempt to provide written notice to the individual, the notice to the individual includes sufficient information about the litigation to permit the individual to raise an objection to the court, and the time for the individual to raise objections has lapsed and no objections were filed, or all objections that were filed by the individual had been resolved by the Court.

  1. the party requesting the information has made a good faith attempt to provide written notice to the individual,
  2. the notice to the individual includes sufficient information about the litigation to permit the individual to raise an objection to the court, and
  3. the time for the individual to raise objections has lapsed and no objections were filed, or all objections that were filed by the individual had been resolved by the Court.

Physicians or their offices may receive subpoenas from out-of-state courts in matters involving mass tort claims such as asbestos. A subpoena from another state’s court does not have the authority to compel production in Alabama. Thus, a physician who receives a subpoena in Alabama by another state’s court should not respond to the subpoena unless the subpoena is domesticated by (accompanied by an order from) a circuit court in Alabama.

Physician and physician practices may also receive requests for medical records prior to a lawsuit being filed. These requests may come from the patient or a law firm. HIPAA governs the release of these records and whether the request is authorized. Records should only be released to authorized individuals. If the patient is living, authorized individuals include the patient or his Personal Representative.

Pursuant to HIPAA, “Personal Representative” is defined by state law and would include someone who has a Power of Attorney for the patient. If the patient is deceased, the Personal Representative of the patient’s estate may obtain the records. In 2013, HIPAA expanded authorized individuals of deceased patients to include family or individuals involved in the patient’s care, if the request is relevant to their involvement in the patient’s care, unless releasing the records is inconsistent with prior expressed preference of the individual. Therefore, a deceased patient’s family member may request the records even if she is not appointed as the personal representative of the patient’s estate, and a physician may release the records if it determines the individual is authorized under this provision.

The problem for physicians and their staff is that they often do not know the requirements necessary to make a subpoena or request valid or lawfully enforceable. Therefore, it is prudent for the physician to educate his/her staff about subpoenas and requests for records and when not to respond or release the records. In certain circumstances, it may be wise for the physician to consider having a subpoena or request reviewed by legal counsel to determine the appropriate response.

The relatively small expense can save a tremendous amount of trouble later on.

bronzemvpContributed by Jim Hoover and Angie Cameron Smith, members of Burr & Forman, LLP’s Health Care Industry Group and represent health care providers in regulatory and litigation matters. Burr & Forman, LLP, is an official Bronze Partner with the Medical Association.

Pin It

Tags: ,

Posted in: Legal Watch

Leave a Comment (0) →

Recent Changes to the Federal Stark Law

Posted by on

advocacylaw_banner

Editor’s Note: This article was originally published in the 2016 Winter Issue of Alabama Medicine magazine

Most physicians are aware of the Federal Stark Law and the limitations it places on a physicians’ ability to enter into financial relationships with potential referral sources. Can I refer patients to the physical therapy practice I own? Can I lease space and/or equipment from the hospital? Can I share my front desk personnel with another provider? These are questions we commonly hear from physicians who are navigating the complicated web of health care compliance under the Stark Law. Recent changes to the Stark Law enacted through the 2016 Medicare Physician Fee Schedule Final Rule (“Final Rule”) may provide added flexibility to physicians contemplating some of these types of arrangements.

The issuance of the Final Rule on Nov. 16, 2015, was the first time the industry has seen such broad changes to the physician self-referral law in several years. According to the Centers for Medicare and Medicaid Services (CMS), the changes are designed to “accommodate delivery and payment system reform, to reduce burden, and to facilitate compliance.” The majority of the changes took effect Jan. 1, 2016.

The Stark Law prohibits a physician from referring Medicare or Medicaid patients for certain “designated health services” to entities with which the physician (or an immediate family member of the physician) has a financial relationship, unless an exception applies. Any relationship in which remuneration (i.e., something of value) flows between the parties is considered a financial relationship under the Stark Law.

Designated health services (“DHS”) covered by the Stark Law include the following:

  1. clinical laboratory services;
  2. physical therapy, occupational therapy, and outpatient speech language pathology services;
  3. radiology and certain other imaging services;
  4. radiation therapy services and supplies;
  5. durable medical equipment and supplies;
  6. parenteral and enteral nutrients, equipment and supplies;
  7. prosthetics, orthotics and prosthetic devices and supplies;
  8. home health services;
  9. outpatient prescription drugs; and
  10. inpatient and outpatient hospital services.

The majority of the Final Rule changes address the exceptions to the Stark Law — in other words, the instances in which CMS has stated that a financial relationship is permitted between referring parties. While a summary of all the recent changes is beyond the scope of this article, I did want to highlight some of the more significant changes.

In the Final Rule, CMS established two new Stark Law exceptions. The first exception permits hospitals, federally qualified health centers (FQHC), or rural health clinics (RHC), to provide assistance to physicians to recruit and compensate non-physician practitioners (i.e., nurse practitioners, clinical nurse specialists, physician assistants, certified nurse midwives, clinical social workers, and clinical psychologists) under certain conditions. In other words, physicians can now receive recruitment incentives to attract non-physician practitioners to their practice.

In order to take advantage of the exception, among other things, at least 75 percent of the patient care services provided by the recruited non-physician practitioner must be primary care or mental health services. Further, the payment to the physician by the hospital, FQHC, or RHC cannot exceed 50 percent of the aggregate compensation, signing bonus, and benefits paid to the non-physician practitioner and must be consistent with fair market value. This new exception may only be utilized once every three years for a particular physician (unless the non-physician practitioner leaves prior to the expiration of one year) and there is a two-year limit on the assistance provided by the hospital, FQHC, or RHC.

The second new Stark Law exception permits time-share arrangements for the use of office space, equipment, personnel, items, supplies and services. The exception applies to arrangements that grant a right of permission to use the premises, equipment, personnel, items, supplies, or services, but not to arrangements that transfer control over such items. While these types of arrangements have been in place for years and have been analyzed under other Stark Law exceptions, the new exception provides clarification and flexibility. There are some limitations, however, to the use of the new exception. For example, advance imaging equipment (e.g., MRI and CT) and clinical or pathology laboratory equipment may not be used within the shared space. Further, compensation formulas based on revenue percentage or per-unit fees are prohibited.

In the Final Rule, CMS also clarified several existing Stark Law exceptions. While a discussion of all of the clarifications is beyond the scope of this article, I wanted to highlight a few:

  • Many Stark Law exceptions contain a requirement that the arrangement be “in writing.” However, sometimes physicians fail to enter into or sign a formal written contract prior to the initiation of the arrangement. In the Final Rule, CMS clarified that the “writing” does not necessarily need to be a single written formal contract, but rather can be a collection of contemporaneous writings that relate to each other and that document the relationship (e.g., e-mails, invoices, check requests, board meeting minutes, time sheets, etc.). A document produced after a referral is made, however, cannot be used to demonstrate compliance with respect to prior referrals. Nonetheless, despite the clarification, a single written contract remains the recommended method of documentation when possible.
  • Under the previous provisions, if a signature to an arrangement was missing, the parties had 30 days to obtain the missing signature if the omission was not inadvertent and 90 if the omission was inadvertent. Under the Final Rule, parties now have 90 days to obtain a missing signature regardless of whether the omission was inadvertent.
  • For exceptions requiring a one-year arrangement, CMS clarified that the one-year term does not have to be directly expressed in the writing, provided the parties can show factual compliance with the one-year requirement through other documentation.
  • Previously, under the exception for leases and personal services agreements, a holdover period at the expiration of the agreement was limited to six months. In other words, if the agreement expired and the parties failed to enter into a new agreement, the old agreement could govern the relationship but only for a period of six months. The Final Rule allows for an indefinite holdover period on the same terms as the original agreement as long as the arrangement remains compliant with the applicable exception. However, amendments during the holdover period are prohibited. In light of this change, it is highly recommended that the parties review holdover agreements periodically to confirm that the arrangement remains compliant (e.g., that the payment remains consistent with fair market value).
  • CMS clarified that when parties split-bill for services (e.g., hospital bills technical component and physician bills professional component), this alone does not create a financial relationship triggering the Stark Law between the parties.
  • The Final Rule clarifies the definition of remuneration under the Stark Law does not include the provision of items, devices, or supplies that are used solely to collect, transport, process or store specimens or to order or communicate the results of tests or procedures.

Physicians contemplating arrangements that may fall under a Stark Law exception are encouraged to review these latest developments. Depending on the circumstances, some of the most recent changes may provide added flexibility and additional options for physicians.

bronzemvpContributed by Kelli Fleming, a partner at Burr & Forman, LLP, who works exclusively within the firm’s Health Care Practice Group. Burr & Forman, LLP, is an official Bronze Partner with the Medical Association.

Pin It

Tags: ,

Posted in: Legal Watch

Leave a Comment (0) →

The New Capitated System: How Do Physicians Respond?

Posted by on

Doctor with female patient

Editor’s Note: This article was originally published in the 2015 Winter Issue of Alabama Medicine magazine

On May 17, 2013, Gov. Robert Bentley signed into law Act 2013-261, Ala. Code Sections 22-6-150 et seq., which changes the Alabama Medicaid System from a fee-for-service to a managed care program (the “Act”). This will dramatically change the way nearly 1 million Alabama Medicaid beneficiaries receive their care, and change the way providers are paid. The Alabama Medicaid Agency will allocate a fixed, capitated per-member per-month payment to newly formed regional care organizations (“RCOs”) in return for the RCOs providing health care services to the Medicaid beneficiaries assigned to the RCO. The RCOs will provide the health care services through physicians and other health care providers who enter into provider agreements with the RCOs.

Each RCO is required to establish a network of health care providers in order to deliver care to its enrollees. The network can include physicians, hospitals, pharmacies, podiatrists, chiropractors, psychologists, dentists, therapists, social workers, rural health clinics and other health care providers. RCOs do not have to directly contract with providers, but can also contract with a managed care organization that will contract with providers. Under the law, RCOs are required to contract with any willing physician, hospital or other provider to offer services to beneficiaries in the RCO region if the provider is willing to accept the same payment and contract terms offered by the RCO to other comparable providers.

RCOs can pay providers either on a fee-for-service basis or on a capitated basis. In addition, RCOs can implement value, performance and other payment methodologies. If a RCO decides to not credential a provider in its network, the RCO must give the provider written notice of the reason for its decision, and follow credentialing requirements set out in federal regulations.

There are now 11 organizations across the State of Alabama that have been granted probationary certification as Medicaid Regional Care Organizations or “RCO”s. Physicians have begun receiving notices from some of these RCOs asking them to return a letter of intent to participate in the RCO network of providers. RCOs must be able to demonstrate to the Medicaid Agency that they have an adequate provider network in place by April 1, 2015. The RCOs are now on a fast track to put together the Primary Care Networks, and will be sending provider contracts out later this year. This will be the time physicians and other providers will be negotiating with the RCOs for the best agreement they can get.

The letters of intent being sent out are non-binding on physicians, and merely acknowledge the physician is willing to negotiate with the RCO. However, the issuance of the letters of intent by the RCOs may trigger discussions among physicians that may have antitrust implications. While a physician who simply sends in a letter of intent is acting individually, and without antitrust issues, if that physician begins discussing with other physicians whether or not the physicians should send letters of intent, the physicians involved in the discussions may be deemed to be acting collectively, and antitrust issues arise.

Under antitrust laws, physicians are considered horizontal competitors who compete with each other for patients just as car dealers are horizontal competitors who compete for customers. Any distinction in the law for professions has long been abandoned. Violations of the antitrust laws carry very severe penalties including potential criminal prosecution, trebled damages and an award of the plaintiff’s attorney fees. The enormous legal fees involved in defending an antitrust investigation by the Department of Justice or the Federal Trade Commission alone can be devastating to a physician practice.

To protect physicians who negotiate with RCOs, the Act provides immunity from liability under the antitrust laws by putting these negotiations under an exemption to antitrust known as the “State Action Doctrine.” This doctrine is set forth by the U.S. Supreme Court and exempts actions of a state from application of the antitrust laws. To qualify for the exemption, the state must clearly articulate and express a state policy to exempt the anticompetitive conduct and then actively supervise the anticompetitive conduct. The most difficult prong of the two-part test to meet is the requirement of active state supervision. The Medical Association of the State of Alabama has worked with the officials and attorneys for the Medicaid Agency to give physicians the maximum protection possible from the potential violation of the antitrust laws. It will be up to individual physicians and other providers, however, to assure they understand and follow to the letter the Medicaid Regulations designed to allow the Medicaid Agency to supervise the collective negotiations. Failure to do so can remove the antitrust immunity provided by the Act and leave the physicians and other providers vulnerable to the sanctions of the antitrust laws.

If carefully followed, the Act and the Medicaid Regulations provide the necessary elements to exempt collective negotiations from antitrust liability. Before talking with other physicians about the pros and cons of contracting with a Medicaid RCO, physicians should apply through an online process to the Medicaid Agency for a Certificate to Collaborate (the “Certificate”). The electronic application is available at https://rcoportal.medicaid.alabama.gov. Once the application is approved, a Certificate will be issued which will allow for collective negotiation, bargaining, and cooperation regarding payment and health care delivery. Careful attention must be paid to the Medicaid Regulations to assure the Certificate to Collaborate continues in force. To satisfy the State Action Doctrine, it is required the active state supervision be continuous, so just getting the Certificate alone is not sufficient. The Medicaid Regulations provide for continual monitoring and supervision of the negotiation process. Physicians and other providers must have someone in their offices knowledgeable of the requirements, and carefully assuring that they are followed.

In addition, the State Action Doctrine immunity only applies to collective negotiations with regard to Medicaid. It does not immunize any collective actions regarding private insurance companies or health maintenance organizations. Care must be taken to assure that the negotiations are limited to Medicaid beneficiaries.

The Certificate is not necessary for physicians to attend informational sessions on the new system, but is necessary for physicians to discuss among themselves whether or not to participate or on what terms to participate.Now is the time for physicians to get their Certificates, as the provider contracts will be next on the agenda for the RCOs. In all likelihood, physicians in the different regions who jointly negotiate with the RCOs either solely as physicians or in collaboration with one or more hospitals will be in

Now is the time for physicians to get their Certificates, as the provider contracts will be next on the agenda for the RCOs. In all likelihood, physicians in the different regions who jointly negotiate with the RCOs either solely as physicians or in collaboration with one or more hospitals will be in position to get better contracts than those who individually negotiate. The antitrust immunities in the Act give physicians and other providers greater ability to join together in new organizations to negotiate with RCOs and provide care to their enrollees.

Independent Practice Associations (“IPAs”), Preferred Provider Organizations (“PPOs”) and Physician Hospital Organizations (“PHOs”) are examples of the types of entities that will regain popularity in the development of the new provider networks. With the antitrust immunities furnished by the Act IPAs, PPOs and PHOs, as well as other entities, will be effective means for physicians and other providers to join together collectively and negotiate with RCOs. IPAs are entities in which physicians can integrate either partially or fully their practices into a separate entity that will negotiate with the RCOs and actually provide the care to enrollees of the RCO. PPOs are entities physicians can form to negotiate with RCOs for fees to be paid to the physicians but do not provide the care to enrollees. Care is provided through the individual medical practices. PHOs separate entities formed by hospitals and members of their medical staffs to negotiate and provide both hospital and physician services to enrollees.

The Act is changing the landscape for the provision of health care services for Medicaid beneficiaries. Other articles will deal with topics to help physicians negotiate the changes, including terms to carefully consider in signing provider contracts. Needless to say, as the time grows closer, physicians and other providers will be discussing options and strategies for responding to the changes.

bronzemvpArticle contributed by John T. Mooresmith, Esq., Burr Forman, LLP. Burr Forman, LLP, is an official Bronze Partner of the Medical Association.

 

Pin It

Tags: , ,

Posted in: Legal Watch

Leave a Comment (0) →

Managing Your Practice: How to Lessen Your Risk of Workplace Violence

Posted by on

workplaceviolence_banner

Editor’s Note: This issue was originally published in the 2016 Spring Issue of Alabama Medicine magazine.

Going postal, unfortunately, is part of our pop-culture lexicon. This well-known phrase indicates the workplace isn’t as safe as we once thought.
Hospitals and health care facilities were once considered safe havens from violent incidents. Unfortunately, the health care industry is more likely to experience workplace violence than most realize.

Data from the U.S. Bureau of Labor Statistics indicates in 2010 health care and social assistance workers were the victims of 11,370 assaults, more than a 13 percent increase since the year before. This shows more than a 13 percent increase since. In 2011, Modern Healthcare reported the Bureau’s statistics showed the chance of registered nurses being assaulted at work are more than triple that of the average American worker. Nurses had a 6.1 in 10,000 chance, while the general population had a one in 10,000 chance. The article further pointed out registered nurses are at greater risk of workplace violence than taxi-cab drivers or bartenders.1

The increase in workplace health care violence may be attributed to:

  • deinstitutionalization of psychiatric patients;
  • increased substance abuse (both street drugs and controlled substances);
  • gang violence;
  • economic stress;
  • frustration due to long waits in emergency departments; and
  • increased use of emergency departments by police to hold unruly/intoxicated patients.

Defining “Workplace Violence” and Taking Action

The National Institute for Occupational Safety and Health (NIOSH), defines workplace violence as “violent acts, including physical assaults and threats of assaults, directed toward persons at work or on duty.” 2Once violence is defined, the next step is to develop a workplace violence prevention program. The American Society for Industrial Security (ASIS) Health Care Security Council’s 2011 white paper, “Managing Disruptive Behavior and Workplace Violence in Health Care,” recommends workplace violence prevention teams adopt a multidisciplinary approach. This approach includes security, first responders, clinical staff, risk management, legal, human resources, administration, and other key stakeholders. Security experts recommend IT and security staff coordinate efforts due to increased use of technology in hospital security.

Once violence is defined, the next step is to develop a workplace violence prevention program. The American Society for Industrial Security (ASIS) Health Care Security Council’s 2011 white paper, “Managing Disruptive Behavior and Workplace Violence in Health Care,” recommends workplace violence prevention teams adopt a multidisciplinary approach. This approach includes security, first responders, clinical staff, risk management, legal, human resources, administration, and other key stakeholders. Security experts recommend IT and security staff coordinate efforts due to increased use of technology in hospital security.

The white paper also cites the International Association for Health Care Safety & Security’s five components of an effective workplace violence prevention program, which include:

  1. management commitment and employee involvement,
  2. worksite analysis (including evaluating the physical environment),
  3. hazard reduction and response,
  4. training, and
  5. recordkeeping and program evaluation (measured by empirical data). The white paper includes a sample threat assessment checklist, a workplace violence prevention policy, a list of common warning signs, and an assessment outline.3

The Joint Commission requires accredited hospitals assess their risk of violence, develop written plans, and implement security measures.4
Risks may vary by facility and by department, underscoring the importance of individualized analysis.

Worksite Analysis

Multiple sources suggest researching crime statistics in your facility’s immediate area. A physical environment assessment may include monitoring of facility entrances, parking ramps, and grounds. A walk-through also may determine whether in-house emergency call numbers are posted and that panic buttons are available at registration desks and nursing stations.

Additionally, determine if staff lounges are locked and layouts of patient rooms help prevent entrapment. Some facilities ensure bulletproof vests are readily available.

Identify additional risks by conducting surveys with all shifts and in multiple situations. This allows you to determine whether employees are familiar with the facility’s violence prevention program and their reporting responsibilities.

A number of federal and state agencies provide easy access to information and tools to assist in conducting assessments. The Occupational Safety and Health Administration’s (OSHA) “Guidelines for Preventing Workplace Violence for Health Care and Social Service Workers” lists specific steps to access, monitor, and analyze violent events and to evaluate the effectiveness of your workplace violence program. The Guidelines also list engineering and administrative controls to help minimize violence. The guidelines, sample checklists and violence incident report forms are available on OSHA’s website, www.osha.gov.

Hazard Reduction and Response

The next step is developing strategies and policies for preventing and managing the potential for violence. Consider implementing and/or revising:

  • education for administration and staff on recognizing the risk of violence;
  • definitions for “violence” and certain crimes;
  • an easily accessible reporting and documentation system;
  • written policies and procedures and personnel responsibilities, including reporting of incidents (describe specific codes to call, who to notify in specific situations, and interactions with law enforcement);
  • the facility’s assistance to employees following a violent incident;
  • debriefings (within 24-72 hours of an incident); and
  • ongoing training programs with required staff attendance.

Additional security measures might include metal detectors, bag searches, cameras, appropriate lighting, video monitoring, security personnel,
stationing security in high-risk locations, and nighttime escorts to parking lots.

Training

Staff training may be one of your most effective tools in reducing violent incidents. New employees should receive violence prevention training as part of their orientation. Training should be ongoing and include supervisors and security staff. Topics may include:recognizing potentially violent situations and using de-escalation techniques;

  • recognizing potentially violent situations and using de-escalation techniques;behaviors that help diffuse anger – a calm and caring attitude, avoiding giving orders, and acknowledging the individual’s feelings; avoiding behavior that might be interpreted as aggressive (rapid movement, speaking loudly, or getting too close);
  • behaviors that help diffuse anger – a calm and caring attitude, avoiding giving orders, and acknowledging the individual’s feelings; avoiding behavior that might be interpreted as aggressive (rapid movement, speaking loudly, or getting too close);
  • taking patients to safe and quiet areas to calm emotions; and
  • move disruptive patients away from the rest of the hospital population.

Record Keeping and Program Evaluation

Lastly, it is key to document your violence prevention efforts ­whether to defend an employee’s or the hospital’s actions, or in response to an OSHA investigation. Thorough documentation also will assist in evaluating the effectiveness of your violence prevention program.

When Violence Occurs

Additional training may be necessary for employees in high-risk areas which typically includes emergency departments, ICUs, behavioral health, and operating rooms. Training may include proper use of restraints, physical techniques to subdue violent individuals, and administering medical care once the individual is subdued.

The Emergency Nurses Association’s November 2011 Emergency Department Violence Surveillance Study indicated the overall frequency of physical violence and verbal abuse for an ED nurse working 36.9 hours in a seven-day period was 54 percent of the 7,169 nurses participating in the study. Nurses were most often involved in triaging a patient, performing an invasive procedure, or restraining/subduing a patient when the violence occurred. Patients were the main perpetrators in all incidents; over 83 percent of the incidents occurred in patients’ rooms.

Further, the study indicates that physical violence rates increase as population density increases (9.1 percent rural vs. 14.1 percent large urban areas). The odds of physical violence occurring were higher for younger nurses; male nurses were more likely to experience physical violence than females. Also, the use of panic buttons/silent alarms correlated with less physical violence. And decreased odds for physical violence and verbal abuse were associated with enclosed nursing stations, locked or coded ED entries, security signs, and well-lit areas.5

Risk management experts recommend the following should a health care workplace violence incident occur:avoid confrontation – retreat to a safe place if possible;

  • avoid confrontation – retreat to a safe place if possible;
  • do not approach or attempt to disarm an individual with a weapon;
  • summon security or a behavioral response team, or call 911;
  • remain calm – refrain from agitating or threatening a violent person;
  • isolate the individual – protect patients, lock doors, direct traffic away from the area, and evacuate if possible.

Dealing with Media and Law Enforcement

ProAssurance Risk Resource Consultants suggest hospitals develop policies and procedures for communicating with the media and law enforcement. We also suggest designating a hospital spokesperson and making sure that staff receives ongoing training for these situations.

Ensure staff knows how to respond to requests for interviews, subpoenas, and/or search warrants. Be sure to provide contact information and back-up numbers so staff knows whom to contact in such situations. Staff also should be trained on how to preserve and maintain a chain of evidence, which may include illegal firearms or drugs and statements of witnesses and victims. Lastly, ensure staff understands HIPAA privacy issues in these situations.

Of Course, Document

Once the situation diffuses, staff should document what was seen, heard, and / or done. Documentation will be critical should the facility or an employee be named in a professional liability lawsuit.

Unfortunately, violence occurs all too often in health care, but it still catches health care staff off-guard because it’s so unpredictable. Implementing and adhering to a workplace violence program will assist you and your facility in preparing for these situations and help prevent injury to you, your staff, your patients, and patients’ families.

Sources

  1. U.S. Bureau of Labor Statistics: https://www.osha.gov/SLTC/healthcarefacilities/violence.html\
  2. National Institute for Occupational Safety and Health: http://nursingworld.org/workplaceviolence
  3. The Joint Commission, Division of Health Care Improvement, Advisory on Safety & Quality Issues: http://www.jointcommission.org/assets/1/23/quick_safety_issue_five_aug_2014_final.pdf
  4. Emergency Nurses Association, Institute for Emergency Nursing Research, Emergency Department Violence Surveillance Study: https://www.ena.org/practice-research/research/Documents/ENAEDVSReportNovember2011.pdf

platinummvpProAssurance-insured physicians and their practice managers may contact Risk Resource for prompt answers to liability questions by calling (205) 877-5015 or email at riskadvisor@proassurance.com. ProAssurance is an official Platinum Partner with the Medical Association.

Pin It

Posted in: Liability

Leave a Comment (0) →

ProAssurance: When Treated Fairly® is More than a Promise

Posted by on

medlaw

Editor’s Note: This article was originally published in the 2016 Winter Issue of Alabama Medicine magazine.

Choosing the right company for your professional liability insurance is one of the most important decisions you make as a physician. With multimillion dollar jury verdicts on the rise again – Alabama has seen eight in the last 36 months alone – professional liability remains a significant threat to Alabama physicians. Yet given today’s financial pressures, it’s tempting to think of only price when considering professional liability insurance; for now is when the urge to cut a corner with a cheaper insurance choice can appear to make sense. But that’s the kind of short-term thinking that gets some insurance companies and, unwittingly, their insureds in trouble. When policies are sold on price alone, those who buy them may be left with a worthless piece of paper and myriad resulting problems.

Lured by low-cost premiums some physicians and physician groups in Alabama have switched insurance companies in recent years only to discover — sometimes mere months into the new relationship — that the new company’s idea of an unbridled defense in the event of a claim or lawsuit pales in comparison to the same promise ProAssurance makes and has consistently delivered to physicians in Alabama for more than 35 years. Dismayed, discouraged and dissatisfied with their new company’s inability to deliver the same quality of claims handling and legal defense, many of these same physicians have decided to return to ProAssurance, sometimes after having been insured by their new companies less than one year.

Founded by Alabama physicians in the 1970s when other insurance companies had left the state, ProAssurance has worked to level the legal playing field over the years and has helped make Alabama a safer and more predictable place to practice medicine. ProAssurance pioneered the aggressive defense of physicians in Alabama with a steadfast resolve to defend good medicine, discourage the filing of non-meritorious claims, and force plaintiff lawyers to think twice before suing a physician for malpractice — a time-tested and proven defense philosophy that has served well the physicians of Alabama. We don’t spare expenses, and we ensure that our defense lawyers have the resources necessary to defend our insured physicians. To date, ProAssurance and its exclusive panel of highly experienced defense lawyers have secured more than 1,300 defense verdicts at trial on behalf of Alabama physicians.

No other medical professional liability insurance company has committed anywhere near the time, effort, and financial resources that ProAssurance has committed to create, support, protect and defend the more favorable environment in which Alabama physicians now practice. What assurances are there other companies would do the same? None; but ProAssurance’s track record in Alabama speaks for itself.

ProAssurance understands the economic realities and challenging health care environment you face every day. The need for financial discipline is, in many ways, more urgent now than ever before — which is why you should seek full value in your professional liability insurance policy, demanding that every dollar you pay for that insurance purchases the full promise of an unfettered defense and the peace of mind that comes from knowing your insurance company is devoted to maintaining the financial strength to be here for you many years from now. You get that with ProAssurance. We don’t compromise the defense of a case for cost-saving reasons; other companies have, and still do — sometimes with catastrophic results. Furthermore, part of our commitment to you is that we will maintain the discipline and stability to do what’s right for you in the long-term.

ProAssurance exists to protect others. Our physician-focused mission is crystallized in the company’s guiding principle Treated Fairly®. Everything we do in Alabama — from our relationship with the Medical Association, to physician involvement on our Claims & Underwriting Committee and Regional Advisory Boards, to our unparalleled track record for successfully defending physicians in lawsuits, including at trial — underscores our Treated Fairly® pledge to you. Your policy will always be priced at a reasonable premium, but we will never risk your future by endangering the financial strength and long-term viability of the very company you trust to protect it.

Contributed by Hayes V. Whiteside, M.D., Medical Director, ProAssurance

platinummvpProAssurance-insured physicians and their practice managers may contact Risk Resource for prompt answers to liability questions by calling (205) 877-5015 or email at riskadvisor@proassurance.com. ProAssurance is an official Platinum Partner with the Medical Association.

Pin It

Tags: ,

Posted in: Liability

Leave a Comment (0) →

Social Media & Electronic Communication: Asset or Liability

Posted by on

social-media-management-1

Editor’s Note: This article was originally published in the 2015 Winter issue of Alabama Medicine magazine.

You may have heard the adage, “Don’t put anything on the Internet that you wouldn’t want tacked to a bulletin board in the Town Square.” Thanks to smartphones and their applications, that adage is easier than ever to ignore – and isn’t always followed. During the past few years, there have been numerous news stories of physicians being reprimanded after inadvertently identifying patients on social media, nurses being fired for posting photos taken during surgeries, etc. So what may a physician do to minimize liability risk when using smartphones?

There are many areas of concern – social media, email/text, and smartphone applications. While these may be viable tools for communicating with patients, there are inherent risks – confidentiality, data security, and the potential for email and text to replace open communication. The following tips may help minimize your risk.

Social Media

Social media has exploded from Facebook and its ancestor MySpace to Twitter, LinkedIn, Pinterest – the list goes on – and according to Facebook’s third quarter 2014 earnings, more than 1.3 billion people use Facebook monthly.

You’ve heard ad nauseam that patients who perceive they have a good relationship with their physicians are less likely to sue, even in the event of an adverse outcome, and heard more times than you can count that communication is the cornerstone of your relationships with your patients. But, that advice is proffered for the therapeutic, professional setting.

So how do you navigate the boundary between therapeutic and personal – or social?

“As a physician, I understand the perceived value of the ways in which patients tend to rely on Facebook to communicate with family and friends. However, we physicians need to be sure of a couple of things: One, communication about a patient’s therapeutic course happens face-to-face and, at times, is supplemented with phone conversations, with the common thread of give-and-take interaction. And two, ethically, that we don’t blur the line between therapeutic care and the social relationship,” Hayes V. Whiteside, M.D., Chief Medical Officer and Senior Vice President of Risk Resource at ProAssurance, said.

Generally, the best advice is to keep your professional and personal lives separate when using Facebook and not accept friend requests from patients. Facebook friends typically have access to all other friends, to photos posted, and also to notes and messages posted on your wall. No matter how tightly you lock down your privacy settings, there’s no guarantee of privacy.

If you decide to use Facebook or other social media professionally, it’s a good idea to set up an account for your practice only and consider these suggestions:

Add a disclaimer statement along the lines of, “Our clinic cannot give medical advice to any individual over Facebook. This Facebook page is
for general informational purposes only and should not be used in place of a consult with your regular medical provider. The information presented here is not intended to be used as a diagnosis or treatment. If you need emergency medical attention, please call 911 or go to the nearest emergency room. If you need to be seen in our office by a physician, please call [telephone number] for an appointment.”

  • Frequently monitor privacy settings and the page itself.Create guidelines or policy for staff regarding who may post updates to the page and under what circumstances, including who will redirect questions on the page to appropriate physicians for follow-up when a question is not general enough to be answered on the practice’s page, or when doing so would compromise patient privacy.
  • Create guidelines or policy for staff regarding who may post updates to the page and under what circumstances, including who will redirect questions on the page to appropriate physicians for follow-up when a question is not general enough to be answered on the practice’s page, or when doing so would compromise patient privacy.Ensure patient confidentiality. Refrain from publicly posting any protected health information, whether in discussion with a patient or other physician on the practice’s Facebook page. Doing so could result in a HIPAA violation.
  • Ensure patient confidentiality. Refrain from publicly posting any protected health information, whether in discussion with a patient or other physician on the practice’s Facebook page. Doing so could result in a HIPAA violation.

The American Medical Association has issued “Opinion 9.124 – Professionalism in the Use of Social Media,” and it may be found here.

Communicating via Email and Text

While email and, to a certain extent, texts may be viable tools for communicating with patients, there are some inherent liability risks. Issues such as confidentiality, data security, and the potential for email to replace open communication are examples of those risks. If email or text is used, risk management experts recommend physicians refrain from sending time-sensitive, highly confidential, or emergency information. Information concerning prescriptions, normal lab results regarding non-sensitive medical issues, appointment reminders, and routine follow-ups may be appropriate to transmit via email.

Confidentiality and security become issues of primary concern. Who will be processing the messages? Will physicians obtain informed consent from patients regarding transmission of information via email? Who has access to the email account? To the computer where emails are stored? If email is used, risk management experts recommend physicians refrain from sending time-sensitive, highly confidential, or emergency information. Information concerning prescriptions, lab results, appointment reminders, and routine follow-up inquiries are generally appropriate to transmit via email. Physicians should also print emails to and from patients and place them in the patient’s medical record.

The AMA in its “Opinion 5.026 – The Use of Electronic Mail” recommends physicians don’t establish a relationship via email and notes the same ethical obligations apply to any other encounter apply to communication via email. Regarding texts, medical/legal experts note they are subject to the same considerations and parameters as emails when it comes to privacy and protected health information, such as incorporation into the medical record. Risk management experts recommend avoiding using text to communicate patient information, treatment advice, etc. The AMA’s opinion may be found here.

Smartphone Apps

With 8-out-of-10 physicians using smartphones for professional purposes, according to mhealthwatch.com, it’s wise to be concerned about potential risk management implications. While such medical apps are great tools, there are innate risks – the unsecured smartphone, for example. Risk management experts recommend evaluating the types of information stored on a personal device. Research apps, such as Epocrates, should not be subject to HIPAA risks if used for research purposes only. However, apps allowing mobile dictation of information that can be transferred to an electronic medical record may be, as they may contain confidential patient health information. Another consideration is security – apps that transmit information may be vulnerable to hacking. Some medical apps bill themselves as HIPAA compliant; it’s wise to examine an app’s privacy policy and take reasonable steps to verify security. It’s also wise to keep in mind no app – especially free ones – is 100 percent secure.

Regardless of whether a smartphone app transmits, stores, or simply accesses patient health information, physicians should ensure the apps are HIPAA and HITECH compliant.

Tips to keep in mind:

  • HIPAA requires data security and proper destruction and/or file retention of patient health information when appropriate.
  • Physicians should remove patient health information from devices with apps before discarding/replacing the device.
  • Wireless apps should be reviewed to ensure security at all levels.
  • A security policy addressing mobile devices and apps that can be used, along with the appropriate use and destruction of patient health information, should be in place.
  • Work closely with information technology personnel to address security issues.

platinummvpProAssurance-insured physicians and their practice managers may contact Risk Resource for prompt answers to liability questions by calling (205) 877-5015 or email at riskadvisor@proassurance.com. ProAssurance is an official Platinum Partner with the Medical Association.

Pin It

Tags: , , , ,

Posted in: Management

Leave a Comment (0) →

Warning! Do You Have Employees Age 65 or Older?

Posted by on
Warning! Do You Have Employees Age 65 or Older?

Editor’s Note: This article is a special edition to the Medical Association — May 27, 2016

In partnership with the Internal Revenue Service (IRS) and Social Security Administration (SSA), the Centers for Medicare and Medicaid Services (CMS) is using their data matching project more aggressively, to compare their records with other federal programs. CMS is looking for Medicare enrollees who are still working and have access to employer-provided coverage. Medicare Secondary Payer rules prohibit an employer from offering an incentive of any kind to an individual who is Medicare-eligible to enroll in Medicare in lieu of the employer’s group health plan. Employers are subject to severe penalties if they are determined to have encouraged those who are 65 or older to switch from employer-provided coverage to Medicare coverage.

Employers with 20 or more employees are the target of the prohibition. The 20 or more employee threshold is determined by head count and not by full-time status. For example, an employer with five part-time employees and 16 full-time employees would be considered as having 21 employees under this rule.

The penalty is $5,000 per instance, which is severe. However, the greater risk and potential penalty for employers found in violation is repaying CMS for payments on claims that Medicare paid as primary that should have been paid as secondary. For Medicare-eligible employees who have chronic illnesses that require ongoing treatment, the repayment could be significant.

While some employers received these letters in prior years, CMS is stepping up their goal of successful recoveries from below 5 percent to close to 100 percent. That is why they have partnered with the IRS and SSA in the joint data match project. If a Medicare-eligible employee shows up on both the income tax withholding list of an employer and on the Medicare list, a data match generates the letter.

Some employers who get the letter may not realize how seriously they should take the request. There is a 30-day deadline, which puts more pressure on busy owners and managers to be alert and respond correctly and in a timely manner.

Responding to the questionnaire can be complicated. If the process is not followed precisely, the employer could face fines and penalties for the wrong employee. There are three steps of which to be aware:

Step 1 Employer sets up account in the data match program.

Step 2 Complete the information about the health plan and the specific questions on the employees identified by the data match program.

Step 3 After certifying the information is correct, wait for the next request for information.

Protect your business by responding timely and accurately to the CMS letter. Evaluate whether you have risks with any employee aged 65 or older. If you have Medicare-eligible employees who voluntarily declined coverage under your business health plan to take Medicare, you need proof on file. Ask your insurance carrier to provide a form for employees to decline coverage.

Be careful advising your employees with comparisons of coverage and premiums. Remember, an employer encouraging an employee to take Medicare and to decline the group health plan is where this problem begins.

The information in this article is not intended as tax or legal advice. Please consult your tax advisor for specific information regarding your individual situation.

bronzemvpContributed by Mark Baker, CPA and Patti Perdue, CPA.CITP, Jackson Thornton. Jackson Thornton is a Certified Public Accounting and Consulting Firm and an official partner with the Medical Association.

Pin It

Tags: , , , ,

Posted in: Management

Leave a Comment (0) →

Five Secrets to Preventing Provider Cardiac Arrest Secondary to Meaningful Use 2 — There’s a Diagnosis Code for This!

Posted by on
Five Secrets to Preventing Provider Cardiac Arrest Secondary to Meaningful Use 2 — There’s a Diagnosis Code for This!

Editor’s Note: This article was originally published in the 2015 Inaugural Issue of Alabama Medicine magazine

Kill two or three measures with one click. Clinical Decision Support Rules, PQRS and Clinical Quality Measures can be managed simultaneously.

Here’s an example of what I mean: Meaningful Use 2 requires the smoking status of all patients 13 years and older to be documented. The Physician Quality Reporting System also requires Providers who select this measure for reporting to screen patients for tobacco use who are 18 years or older and to provide them with cessation counseling if they are tobacco users.

Build a clinical support decision rule to remind you to record the tobacco status of patients 13 years of age (automatic pop-up). You’ve knocked out recording the smoking status of the patient and core measure number 5. The patient then tells you that he or she smokes two packs a day and loves it. At that point, you revel in the opportunity to save a life and conquer measure number 13. Suddenly, you realize that you have just performed PQRS measure number 226, and you do your proverbial happy dance.

If you get that queasy feeling of being “unsure” when you attest to performing a Security Risk Analysis, ask a professional for advice. You can be audited for up to six years – you may be all for doing it yourself to save money, but unless you are a physician as well as a Certified Information Systems Security Professional (CISSP), you could miss something critical. Additionally, the cost for inadvertently allowing a hacker to successfully hack in to your EHR, violate patient privacy, sell your patients’ information to the highest bidder, and give you five minutes of fame in the local news is much higher than the fee for allowing a truly certified professional to prevent this from happening.

Encourage secure messaging with patients by incorporating it into your workflow. The Provider is not the sole individual allowed to manage these messages. Imagine the angry patient who has been sitting in your exam room for 45 minutes, waiting to see you. Unfortunately, you did not anticipate six walk-ins that day and are running a little behind schedule. Fortunately for you, your clinical staff is utilizing the patient engagement template created specifically for this all too common occasion. Medical Assistant Molly walks into the exam room and pulls up the patient’s record. She explains kindly that Mr. Doe can now send the physician a secure message through the patient portal. Mr. Doe does not have an email or know how to set up his portal. No problem! She can assist with that as well. The MA then helps the patient send a secure message stating “Dear Dr. Awesome, thanks for showing me how to contact you via secure message.”

Sending information to a public health registry requires teamwork between both parties involved. Unlike Meaningful Use 1, failed testing does not meet the measure in Meaningful Use 2. Ongoing submission to a registry is the rule. Take heart. Most health departments have a special section set up on their websites for meaningful users. They have the ability to accept submission of things liked diabetes diagnoses, cancer cases and immunizations, and if they don’t, you are probably excluded from the measure. Contact the local health department and find out who is managing Meaningful Use on their end. There are forms to be filled out, calls to vendors and registries to be made, but in the end, Providers will be able to submit vital information to health departments electronically. Some EHRs have a one-directional interface. In this case, make sure the Practice Administrator submits the information at least weekly, and follows-up to insure effective transmission. A bi-directional interface allows for automated transmissions with limited time devoted to monitoring processes.

Qualified professionals can assist the Provider with CPOE. Some EHRs do not recognize orders placed by another “qualified professional” if they are not linked with the Provider. If the number of patients being prescribed medications or for whom labs/radiology are ordered is increasing daily — but the meaningful use stats are not adding up — the problem might be as simple as selecting the supervising provider.
In order to keep your clicking fingers from getting worn out, I suggest creating a “favorites” page of labs, medications and imaging most commonly ordered. This will cut down on the time it takes to rummage through the endless options available in EHRs.

The information in this article is not intended as tax or legal advice. Please consult your tax advisor for specific information regarding your individual situation.

bronzemvpContributed by Patti G. Perdue, CPA.CITP, Jackson Thornton. Rebecca Hanif, CCS, CPCO, CPC, also contributed to this article. Jackson Thornton is a Certified Public Accounting and Consulting Firm and an official partner with the Medical Association.

Pin It

Tags: , , ,

Posted in: Management

Leave a Comment (0) →

Don’t Fall Victim to Cyber-Security Disasters

Posted by on
Don’t Fall Victim to Cyber-Security Disasters

Editor’s Note: This article was originally published in the 2015 Fall Issue of Alabama Medicine magazine

Every day, it seems the news is filled with more and more reports of cyber-security attacks. Unfortunately, the health care community is considered a prime target for those individuals who would seek to gain access to confidential information.

Did you know that stolen medical records can be valued at up to 10 or 20 times that of a credit card number?1 Compounding this is the ever-growing reliance within the medical community upon electronic and digital systems to capture patient data and deliver medical care. So how can health care providers protect themselves from being the victim of a cyber-security incident?

Assess and Manage Your Risk

Medical providers should have a comprehensive knowledge of where their critical information resides, and of any and all vulnerabilities related to the storage and transmission of the data. To ensure that those in the medical community recognize the threat(s) to confidential information, the United States Department of Health and Human Services mandated within the HIPAA Security Rule that all covered entities conduct a thorough risk analysis to identify all potential vulnerabilities as well as determine the probability and magnitude of a possible security event.2

While a risk assessment should be a formal exercise in which all facets of information security are reviewed and vetted for adequacy, the provider should also establish and maintain a strategy for risk management. This involves implementing proper safeguards to secure information as well as communicating and educating personnel throughout the organization on the policies and procedures which continually mitigate risk. By creating and cultivating a culture of compliance, one can significantly reduce the chance of exposing a vulnerability that could lead to unauthorized access.

Increase Detection Capabilities

Recent cyberattacks in the health care community have exposed a very dangerous trend: Many times, hackers have accessed and begun harvesting data several weeks or even months prior to being detected.3 It is no longer sufficient for medical providers to consider security safeguards, such as firewalls and anti-virus software applications as “set-it-and-forget-it” mechanisms. Solutions should be implemented to enable the monitoring and detection of breaches that could trigger proper incident response processes quickly and efficiently.

Health care organizations should consider investing in Next-Generation Firewalls. These security devices provide more than just network filtering – they typically offer advanced security features, such as deep packet inspection (where each specific data part that passes through is examined for viruses or other types of malicious software) as well as intrusion prevention systems that monitor network traffic for malicious activity and are configured to actively prevent or block such attempts once detected.In addition to these technologies, other applications, such as Security Information and Event Management Systems, allow for real-time analysis and monitoring of systems. These solutions can be configured to alert the proper personnel in the event of a suspicious activity (e.g., multiple failed system logins) and allows for the organization to establish a proactive stance against unauthorized access to critical systems.

In addition to these technologies, other applications, such as Security Information and Event Management Systems, allow for real-time analysis and monitoring of systems. These solutions can be configured to alert the proper personnel in the event of a suspicious activity (e.g., multiple failed system logins) and allows for the organization to establish a proactive stance against unauthorized access to critical systems.

Protect and Secure Mobile Devices

According to the 2014 SANS Health Care Cyber-Security Survey, 52 percent of respondents allow access to health record information via mobile devices. Another 30 percent indicated that sensitive data was being included in instant messaging applications.4 As mobile device usage continues to grow, it becomes more and more important for healthcare providers to implement a mobile device management policy to address and minimize the threat of these devices causing a security incident.Specific to the mobile device itself, all providers should ensure that both authentication (via password or PIN code) and encryption are enabled on all devices. Furthermore, public Wi-Fi networks should not be used in situations where health information will be transmitted. Secure, encrypted connections, such as SSL VPN should be established when accessing corporate resources remotely. Providers should also implement technologies that can remotely wipe or disable mobile devices that are lost or stolen.

Specific to the mobile device itself, all providers should ensure that both authentication (via password or PIN code) and encryption are enabled on all devices. Furthermore, public Wi-Fi networks should not be used in situations where health information will be transmitted. Secure, encrypted connections, such as SSL VPN should be established when accessing corporate resources remotely. Providers should also implement technologies that can remotely wipe or disable mobile devices that are lost or stolen.As much as one can try to protect and mitigate risk related to the mobile device itself, the user of the device can still pose a significant liability. In addition to addressing the physical device, organizations should also invest in continuing education and training for users, as well as maintain strict policy and procedures related to the use of the device in providing medical care.

As much as one can try to protect and mitigate risk related to the mobile device itself, the user of the device can still pose a significant liability. In addition to addressing the physical device, organizations should also invest in continuing education and training for users, as well as maintain strict policy and procedures related to the use of the device in providing medical care.

Looking Ahead

The SANS report data shows that the health care industry is slowly starting to make strides and improve when it comes to protecting critical data from attack. However, it has become clear that not only are the hackers getting smarter, but their overall activity and attempts to infiltrate and mine confidential information continue to increase significantly.5 A 2014 report in United States Cyber Security Magazine indicated that the health care industry was the target of more cybercrime incidents than any other market, and this trend is likely to continue as hackers start to realize the value of medical information.6

Health care organizations will need to continue to thoroughly examine and assess the ways in which they are protecting themselves from attack. Analysis will need to be conducted internally and externally, as associated organizations such as payers, insurers, and other entities within community health care networks will be responsible to each other for protection of medical information. By effectively assessing and managing risk and building a risk framework that addresses all areas of critical data, medical providers can take significant steps towards minimizing the likelihood of a cybersecurity attack.

Sources

  1. http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924
  2. http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf
  3. http://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/
  4. https://www.sans.org/reading-room/whitepapers/analyst/threats-drive-improved-practices-state-cybersecurity-health-care-organizations-35652
  5. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf
  6. http://www.uscybersecurity.net/Pages/online_magazine.html

The information in this article is not intended as tax or legal advice. Please consult your tax advisor for specific information regarding your individual situation.

Contbronzemvpributed by Nic Cofield, Jackson Thornton Technologies Consultant. Jackson Thornton is a Certified Public Accounting and Consulting Firm and an official partner with the Medical Association.

Pin It

Tags: , , , ,

Posted in: Management

Leave a Comment (0) →

Don’t Overlook Your Deductions this Tax Season

Posted by on
Don’t Overlook Your Deductions this Tax Season

Editor’s Note: This article was originally published in the 2016 Winter Issue of Alabama Medicine magazine.

Holidays are over. The tree has been undressed and put away until next year. Your New Year’s Resolutions are drafted, and you’re waiting for the last piece of Christmas cake to be eaten before starting them. It’s also the time of year when you start looking on the calendar to count the days until the next holiday. First is Valentine’s Day, then Easter, and then National Tax Filing Day. (I’m sure that last one is included on most calendars, right?)To help you get ready for National Tax Filing Day, here are some reminders of often overlooked tax deductions which could help reduce your taxes in 2016.

To help you get ready for National Tax Filing Day, here are some reminders of often overlooked tax deductions which could help reduce your taxes in 2016.Job hunting expenses For many Americans, the cost of finding a job could be considerable if they have been actively looking from city-to-city or state-to-state. The Department of Labor has reported employers adding jobs with net job gains in the number of jobs created. Job hunting expenses includes transportation, food and lodging for overnight stays. It might include secretarial expenses if you paid someone to type or print your résumé.

Job hunting expenses For many Americans, the cost of finding a job could be considerable if they have been actively looking from city-to-city or state-to-state. The Department of Labor has reported employers adding jobs with net job gains in the number of jobs created. Job hunting expenses includes transportation, food and lodging for overnight stays. It might include secretarial expenses if you paid someone to type or print your résumé.Charitable contributions Checks, cash or charge. If you donate cash over $250, be sure to get a receipt. If you donate goods such as good used clothing, those unused golf clubs sitting in the corner of your garage, furniture or computers (wipe all data off first), or appreciated property like stock, these are potential tax deductions.

Charitable contributions Checks, cash or charge. If you donate cash over $250, be sure to get a receipt. If you donate goods such as good used clothing, those unused golf clubs sitting in the corner of your garage, furniture or computers (wipe all data off first), or appreciated property like stock, these are potential tax deductions.Reinvested dividends If you sold stocks or mutual funds during 2015, did you participate in a dividend reinvestment program where your dividends were used to buy more shares? If so, these reinvested amounts add to your cost basis for computing the taxable gain on the sale. Your financial advisor can provide this information.

Reinvested dividends If you sold stocks or mutual funds during 2015, did you participate in a dividend reinvestment program where your dividends were used to buy more shares? If so, these reinvested amounts add to your cost basis for computing the taxable gain on the sale. Your financial advisor can provide this information.Health insurance premiums If you are self-employed (and not covered by an employer plan or your spouse’s plan), you may be eligible to deduct premiums paid for health insurance, premiums for Medicare Parts B and D, Medigap insurance and Medicare Advantage Plan. This deduction is available whether you itemize or not.

Health insurance premiums If you are self-employed (and not covered by an employer plan or your spouse’s plan), you may be eligible to deduct premiums paid for health insurance, premiums for Medicare Parts B and D, Medigap insurance and Medicare Advantage Plan. This deduction is available whether you itemize or not.Retirement plan contributions There are too many options to include the details here. Many entrepreneurs and small business owners who are employed by others but also work in their own business might qualify for an additional retirement plan contribution. You need to talk with your financial advisor and tax preparer. Some of the options include SEP, SIMPLE IRA and 401(k)s.

Retirement plan contributions There are too many options to include the details here. Many entrepreneurs and small business owners who are employed by others but also work in their own business might qualify for an additional retirement plan contribution. You need to talk with your financial advisor and tax preparer. Some of the options include SEP, SIMPLE IRA and 401(k)s.

Inherited IRA or pension If you inherited an IRA or 401(k) or another retirement plan from your spouse or a parent, you may be able to deduct the estate tax paid by the IRA owner. Also remember that withdrawals you take are taxable and could be subject to penalty if you took money out before you were 59 ½.

Expensing vs. capitalizing assets In 2014, the rules changed regarding what was required to be capitalized and depreciated. In 2015, the IRS gave us some additional relief by increasing the amount that could be expensed from $500 to $2,500. This safe harbor exception was good news for business owners to expense eligible purchases costing under $2,500 or less per item or per invoice.

Immediate write-off As 2015 was coming to a close, Congress voted to extend several expired tax provisions that will save businesses and individual taxes. Legislation known as PATH Act extended or made permanent a number of tax provisions including immediate expensing of eligible purchases of up to $500,000. To qualify for these deductions, assets must have been placed in service by no later than the end of your business’s tax year. The legislation also extends the 50 percent bonus depreciation for qualifying property acquired and placed in service during 2015 through 2017.

Credit card purchases This one could easily slip by a business owner or individual. A payment on your credit card is not deductible; neither is the interest paid on the card. However, if you have purchased business items or made tax deductible purchases charged to a credit card in December, you count the expense as having occurred in December and claim your deduction on that year’s tax return. You need to keep the vendor or store receipt. Submitting the credit card statement is not enough. If you haven’t already, consider using a separate credit card used strictly for business purposes.

Roth IRAs for your kids If you have teenaged children who work, some of their earned income could be used to make a ROTH IRA contribution. For 2015, this could be as much as $5,500 depending on the amount of their earned income. There is no tax deduction for this contribution but the savings comes later – when they withdraw the money for college or moving out of your house or for their first car.

Now that you have thoroughly planned for National Tax Filing Day, you can start packing for Spring Break!

The information in this article is not intended as tax or legal advice. Please consult your tax advisor for specific information regarding your individual situation.

bronzemvpContributed by Patti G. Perdue, CPA.CITP, Jackson Thornton CPAs and Consultants. Jackson Thornton is a Certified Public Accounting and consulting firm. Our Healthcare group specializes in accounting, practice management, strategic planning, technology and wealth management for physician practices.

Pin It

Tags: , , , , , , ,

Posted in: Management

Leave a Comment (0) →
Page 2 of 6 12345...»