The protection and security of electronic medical records is a topic of growing concern. While the public may be focusing on the issue of breaches due to recent data hacks, the Office of Inspector General is turning its attention to EHR fraud. The OIG is calling for the Centers for Medicare & Medicaid Services to address the issue of EHR fraud vulnerabilities. In a March 2015 report, the OIG claimed that the agency has not adequately implemented fraud safeguards. "HHS must do more to ensure that all hospitals' EHRs contain safeguards and that hospitals use them to protect against electronically enabled healthcare fraud," OIG officials wrote in the report.

Part 1: Interoperability & EHR Function Measures On March 20 2015, The Centers for Medicare & Medicaid Services (CMS) released Stage 3 of their Electronic Health Record Incentive Program. At the same time, the Office of the National Coordinator for Health Information Technology (ONC) released the 2015 Editions of the Health Information Technology Certification Criteria, Base Electronic Health Record Definition, and ONC Health IT Certification Program. This news has resulted in some rather extreme reactions among some in the healthcare industry—for example, absolute panic and unbridled rage. This seems rather odd. Come on… it’s not like we weren’t aware that this was coming. As a matter of fact, I’m pretty sure that I gave everyone a heads up about this back in January. Based on how certain people are behaving, though, you’d think the CMS & ONC just surprised all of us with this stuff like it’s some kind of weird fire drill. Then again, trying to make sense out of so much complicated (and, let’s face it, very boring) text is probably enough to make anyone a little irritable.

Just about any business, especially in healthcare, is likely already covered by some kind of general liability insurance. Such policies are standard, providing coverage for events such as bodily injury and/or property damage that result from the insured’s operation, product, and/or building/site. However, these types of policies were created long before the days of cybercrime. They were never meant to cover liability or loss from things like cyberattacks and data breaches. Therefore, these policies rarely if ever cover losses due to cybercrime. In fact, just about all general liability policies now come with very specific language about the fact that they do NOT cover such losses or costs due to cyber-incidents. This means many businesses have no choice but to turn to cyber insurance… and so they should.

Some readers might remember the Anthem data breach, in which around 78.4 million people had their records compromised, that I briefly mentioned at the start of our cybersecurity blog series. At the time, the cause of that breach had not yet been made public. By a funny (or, perhaps not so funny) coincidence, it turned out to be the result of spear-phishing (which that article covered) and was further compounded by factors such as Anthem’s lack of data encryption and their poor password security practices. One would think that the catastrophic and very public data breach at Anthem would have served as a strong warning to other such organizations, and that they would have taken steps to prevent the same from happening to them.

Even with the most effective medical billing software, all medical practices experience some level of claim denials (when insurance companies refuse to honor requests for health care coverage). According to the American Academy of Family Physicians, the average denial rate for providers is between 5 and 10 percent. However, the general goal is to keep that number below 5 percent, as a lower denial rate means a more abundant cash flow.

Advancements in technology have made mobility possible in the clinic, and it goes well beyond the use of smartphones for sending patient appointment reminders. With tablet computers, physicians and specialists can access patient records anyplace and any time and walk from room to room while continuously charting. Along with enhancing convenience, it promotes patient engagement and can improve workflow.

Even with vast improvements in patient engagement and scheduling methods, no-showscontinue to be a major concern for practices. When a patient fails to arrive for his or her appointment, it has a negative impact on clinical workflow in a variety of ways, especially when it comes to financial losses. What do no-shows cost providers? A North Carolina-based study looked into the costs of no-shows for health care providers. The researchers created a situational model that applied the average non-attendance rate of 18 percent to a schedule of 24 patients in one day. With perfect attendance, the net gain would have been $4,433.32, but a no-show rate of 18 percent would mean a loss of $725.42, reducing the net gain to $3707.90.