HEALTHCARE INSIDERSummer 2016

PRIVACY PROTECTIONS: MAKING MOBILE DEVICES MORE SECURE

CUT COSTS TO STREAMLINE YOUR PRACTICE

EFFECTIVE PATIENT SCHEDULING DEPENDS ON FINDING THE RIGHT FIT

1200 MARKET ST | CHATTANOOGA, TN 37402 | 423.756.7771 | HHMCPAS.COM

HENDERSON HUTCHERSON & MCCULLOUGH, PLLC

CAN YOUR PRACTICE MEET HITECH GOALS?

1

very workflow might be harming efficiency and costing money. Efficiency isn’t necessarily the only goal — higher-quality patient care or providing more time with patients should also be important. An EHR system can provide many benefits, but each practice needs to take the time to evaluate whether specific functionality could help it achieve its goals, or whether it would be better off keeping the status quo.

Get in sync. Most EHR systems now have full, or nearly full,

functionality — meaning they also have billing and practice management features. But this doesn’t necessarily mean all modules of an EHR system are as good as what a practice may already be using. It’s important to evaluate whether the physicians, or others in the practice, need to relearn every aspect of its workflow to use a subsystem. If the practice uses excellent billing software and the EHR’s billing subsystem isn’t

CAN YOUR PRACTICE MEET HITECH GOALS?

The Health Information Technolo-gy for Economic and Clinical

Health (HITECH) Act of 2009 prompts physicians and other health care shareholders to adopt health information technology (HIT) to help improve efficiency and cut costs. Under the act, physicians even have received incentive payments for implementing Electronic Health Record (EHR) systems at various levels of “meaningful use.” As a result, most practices have implemented some version of EHR. But whether this implementation has indeed led to more efficiency, safer patients and reduced costs is up for debate.

4 WAYS TO MAKE IT WORK

Here are four ways to optimize your EHR system:

Explore the possibilities. Many software programs, such

as Microsoft Word, have multiple functions that most people never

discover. Similarly, EHR systems contain functionality that no one uses. Why? If a physician and staff are happy with their workflow — or at least, accustomed to their system — chances are that implementing an EHR system will have minimal impact. This may be fine, because the system should follow the practice’s workflow. But when implementing an EHR system, it’s important to take the opportunity to evaluate the practice’s workflow and decide whether there’s a better way of doing things. If so, the EHR system may help improve the practice’s operations. Vendors can help by demonstrating particular functions — but they don’t have all the answers.

Evaluate workflow. “We’ve always done it that way”

might be your practice’s motto — but doing things the same way for a long period doesn’t always lead to success. Obviously, the EHR system should support workflow, rather than the other way around. But flaws in that

Healthcare Insider

1.

2.

3.

Smart ways to optimize your EHR system

2

MEDICINE ON THE MOVESidebar

UNDER THE HITECH ACT,

PHYSICIANS EVEN HAVE

RECEIVED INCENTIVE PAY-

MENTS FOR IMPLEMENTING

ELECTRONIC HEALTH RECORD

SYSTEMS AT VARIOUS LEVELS

OF “MEANINGFUL USE.”

as good, can the EHR system sync with the system the practice already uses — and may want to continue to use?

Automate. Most EHR systems contain some form of automation,

macros and templates. When there’s a template, you might use it to enable physicians to spend more time with patients. Macros — especially ones already in the system — can be major timesavers after your staff becomes proficient in their use. Clicking on one item instead of five is a great way to optimize your EHR system, but not all systems work the same. It’s best for your staff to know how to optimize the system and stay current with changes and updates. Many physicians find that using voice recognition software is efficient and saves time. Practices often have several different types of consent forms that patients need to sign. Typically, the

4.

The practice of medicine has always been mobile — physicians rarely sit in one room and have patients come to them. Even in a small practice, physi-cians usually move from a private office to an exam room and then perhaps to the front desk to inquire about admin-istrative matters. The digital world supports this with laptops, smart-phones, tablets — and now, watches.

Many Electronic Health Record systems are designed to be accessed via mobile devices, though this functionality is not yet an industry standard. The biggest concern here is security and privacy — many high-profile data breaches involve a stolen or lost laptop. Mobile devices other than laptops typically don’t store medical data, but

it’s important that unauthorized individuals not be able to use the device to gain access to patient information. Therefore, it’s vital to require a secure passcode to unlock the device before use and that the device — or just the app — can be remotely deleted in the event that it’s lost or stolen.

paper forms are scanned into the EHR system, shredded or sometimes even stored. Buying several digital signature pads and creating fillable PDF versions of the consent forms can be a good strategy. Staff then upload signed forms directly into the EHR system, saving on paper, ink, wear-and-tear and time.

TIME WELL SPENT

The HITECH Act was designed to improve health care by helping physicians become more efficient and cost effective. It’s an admirable goal, but technology often has a difficult learning curve that can undermine this objective. Taking the time to learn an EHR system’s intricacies and its potential effects on the practice’s workflow, however, can be a significant step toward hitting the HITECH Act’s goals and improving patient care in general.

PRIVACY PROTECTIONS: MAKING MOBILE DEVICES MORE SECURE

In our technologically sophisticated society, private information is more

vulnerable than ever before. At the same time, physicians increasingly use some type of mobile device to access health care data. This raises a number of security and privacy concerns.

FOLLOWING THE RULES

Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), known as the Adminis-trative Simplification (AS) provisions, created national standards for electronic health care transactions. Title II covers a lot of ground, but two aspects are particularly relevant to mobile security:

The Privacy Rule. This concerns the use and disclosure of Protected

Health Information (PHI) held by “covered entities.” According to the rule, covered entities include insurers, medical service providers, and various health care clearinghouses and em-ployer-sponsored health plans, as well as their business associates.

The Security Rule. Unlike the Privacy Rule, which applies to all

PHI (both paper and electronic), the Security Rule applies specifically to electronic PHI. It describes three types of security safeguards: adminis-trative, physical and technical.

UNDERSTANDING HIPAA AND

MOBILE DEVICES

Mobile devices usually transmit and receive PHI via public Wi-Fi and email applications or through unse-cure mobile networks, which place PHI at risk of interception. In addition, most mobile devices now can take and store photographs — but photos may violate patient privacy, thus raising compliance concerns. Phones in particular, and tablets often, don’t store data — instead, they use some sort of cloud storage.

The primary concern is how a doctor accesses patient information. If a physician uses a smartphone, tablet or laptop to access an Electronic Health Record (EHR), he or she generally is in compliance with HIPAA security and network security. But if the physician saves EHR data or photos to a computer, tablet or phone, and those devices are stolen or lost, he or she might be liable for the HIPAA breach. Liability can be costly — though, if the PHI isn’t identifiable, it’s probably nothing to worry about.

Data pulled via browsers is general-ly encrypted, especially through an EHR portal. But physician-to-patient emails outside the portal can be a problem, because the Internet service provider might not be secure — thus,

the email communication might fail to meet HIPAA standards. TAKING BASIC SECURITY PRECAUTIONS

The three standards of the HIPAA Security Rules are: confidentiality, integrity and access. Access typically refers to passwords. Physicians need to fully evaluate which staff members require access and provide training in security protocols.

Part of physical and technological security involves encrypting patient data. It also involves setting up monitor protection to prevent people who shouldn’t have PHI access from reading information off a computer screen — for example, over the shoulder of someone with access.

For most practices, it’s a good idea to document each device’s purpose and limit access to it. The next step is to determine how each device should be programmed to make it compliant. Doing so may require hiring a HIPAA compliance expert in addition to an IT expert.

Physician offices also need to develop policies regarding staff use of cell phones — especially now that almost all smartphones have cameras. The policies should answer such questions as: How and where can employees use their phones? One suggestion: Instruct

Healthcare Insider

3

1.

2.

staff members to keep their cell phones in the break room and out of patient treatment rooms.

For instance, a staffer might take a photograph of something in the office with a recognizable patient in the background and post it on social media. That could be a HIPAA breach, with financial and legal consequences for the practice. DISCOVERING MORE RECOMMENDATIONS

For more information and further recommendations regarding protecting and securing PHI, visit https://www.healthit.gov, which offers many useful suggestions. It also provides physi-cian best practices for mobile devices and EHR.

4

5

CUT COSTS TO STREAMLINE YOUR PRACTICE

Healthcare Insider

Maintaining profitability, staying up to date with the latest

technology and providing quality patient services can be a difficult balancing act for medical practices. In addition to reckoning with health care costs, practices need to keep an eye on staffing, leasing and other costs. The goal, always, is to cut unnecessary expenses when possible. Here are some ideas for doing so.

ANALYZE STAFF COSTS

Staffing costs are typically the largest expense in most practices. It’s important to know the tasks that each employee is performing and ask questions such as:

1. Is every task necessary? 2. Is the task assigned to the right employee? 3. Are the tasks being performed appropriately? 4. Are there redundancies? 5. Can some tasks be combined? 6. Would it make sense to hire part-time employees for some work?

Compare the ratios of various types of staff per full-time physician to bench-marks from other practices.

CONSIDER SALARIES

Determine the salary norms for different practice staff categories in your market area. Stop awarding annual salary increases annually or haphazardly. As a general rule, give no more than the prevailing average in the area. Begin with a predetermined annual budget for staff raises, and do your best to allocate it on the basis of performance. Ask your CPA to assess the fiscal and human relations integrity of the compensation structure. That structure should include salary ranges for each position, with minimums and maxi-mums arrayed around the local average. Slow down salary increases as employees approach the maximum and provide incentive bonuses as an alternative to regular substantial pay increases.

REVIEW RETIREMENT BENEFITS

Is your employer-provided retirement plan still effective? A profit-sharing retirement plan, for example, may allow greater flexibility than the mandatory annual payment of a defined benefit plan. If you do opt for a profit-sharing plan, pay attention to the plan’s vesting schedule. A good retirement-plan third-party administrator can run “what if” scenarios to get the desired results.

LOOK AT PTO AND OVERTIME

After checking state laws, establish written policies for paid time off, such as sick leave and vacation time, as well as for overtime. The industry standard for sick leave is five days a year. As an alternative to paying employees for unused sick leave, carry any unused days to future years or convert part of it to vacation time. The industry standard for vacation time is two weeks (depending on service time). It’s important for hardworking employees to take regular time off to rest and so staff members can share tasks and job knowledge. But set a limit on the number of days that staff members may carry forward each year. When it comes to overtime, the office manager should determine when extra hours are necessary. Does overtime require prior approval? It should. Don’t make overtime payments to exempt employees (state and federal law determine exempt vs. nonexempt).

EXAMINE YOUR LEASE

Most leases provide that a tenant pay a share of building operating expenses over the landlord’s base amount — commonly known as the “operating stop” provision. Ensure that the landlord’s calculations include

6

EFFECTIVE PATIENT SCHEDULING DEPENDS ON FINDING THE RIGHT FIT

Generally, physicians adhere to three scheduling approaches: 1)

traditional, 2) wave (sometimes called steady stream) and 3) modified wave. Of course, there’s also a fourth option: chaotic. Hardly a viable approach, the chaotic method wastes physician and staff time while irritating patients forced to spend hours in the waiting room.

3 COMMON APPROACHES

Here’s a more detailed description of the three different approaches physicians commonly use:

Traditional. The traditional, or “standardized,” approach involves

splitting the doctor’s schedule into consistent periods — for example, four 15-minute periods per hour, then scheduling one patient into each block. Sometimes also called “cramming,” the primary drawback of this method is that it doesn’t take into consideration

the possibility of emergency patients, no-shows or late arrivals. It also doesn’t account for the fact that some procedures can be performed in five minutes, while others might require 30 minutes.

Wave. This approach has a number of variables, but the

overall concept is to schedule several patients — for example, six — at the top of each hour. While staff members collect information and vitals from several patients, the physician sees the others. A variation is to spread the six patients over the hour, with two on the hour, two more 20 minutes later and the remaining two about 40 minutes into the hour.

Modified wave. This approach is similar to the wave. The primary

difference is that the last 15 minutes of the hour are intentionally left open. Doing so allows time for dealing with

patients who require more attention or any other issues that may arise — building in a break in order to catch up.

OTHER CONSIDERATIONS

Practices also sometimes schedule specific days or blocks for certain types of patient visits — for example, some physicians may schedule new-patient visits or annual physicals for a specific day or time of day. Having staff triage the patient’s issues when he or she calls is also beneficial. The staff member who answers the phone should be able to ascertain whether lab tests, X-rays or other types of procedures are needed and, as such, determine whether a longer or shorter time slot might work better. Scheduling often depends on physician style, the number of physicians and ancillary help, and their training and roles. How much

1.

3.

only legitimate operating costs. Beyond that, ask yourself: Is the practice paying for more space than it currently needs or uses? Can we rent out any unused space? Can we renego-tiate the lease? Some practices decide buying space is the most cost-effective approach for the long term. By paying off a mortgage instead of paying rent,

they’ll eventually own a building. But buying has some downsides as well. Buyers likely won’t have as much choice in location — and what to do if the space needs to change. Owners also have to deal with such issues as heating, air conditioning and building upkeep in-house.

STAY VIGILANT

Unnecessary costs can creep up on any practice, dragging it down and keeping it from being as profitable as it should be. Don’t let small costs become bigger problems — look over your bottom line regularly with an eye to cost cutting and revenue building.

2.

7

CALL THE HHM HEALTHCARE ACCOUNTING TEAM FOR MORE INFORMATION

GEORGE WILMOTH, CPA/PFS, CGMA , MST423.702.7274

GWILMOTH@HHMCPAS.COM

JENNIFER FRYAR 423.702.7221

JFRYAR@HHMCPAS.COM

BLAKE BENNETT, CPA423.702.7691

BBENNETT@HHMCPAS.COM

TAMMY JACOBS, CPA423.702.8145

TJACOBS@HHMCPAS.COM

WILL CLEGG, MBA423.702.8391

WCLEGG@HHMCPAS.COM

MARIANNE LORREN, CPA423.702.7240

MLORREN@HHMCPAS.COM

1200 MARKET STREET | CHATTANOOGA, TN 37402 | 423.756.7771 | WWW.HHMCPAS.COM

ancillary help does the practice have? Can some ancillary staff take vitals and triage the patients while the physician sees patients? Can they do this in all cases or only in certain types of cases? One thing to keep in mind: Physicians (and staff) need to be honest with themselves regarding what works most efficiently in their office. Some doctors are frustrated or bored if they do the same procedure

over and over all day long. Others prefer specific lunch and break periods, while some are happy to just grab some food when the schedule permits. In addition, because medical practices are also businesses, many physicians want to set aside a day, or a block of hours, to attend to business-re-lated issues. Examples may include billing problems, correspondence, staffing matters and continuing medical education.

EFFECTIVE AND EFFICIENT

Understanding the nature of the practice and the physician’s work style can be a significant factor in creating an effective and efficient scheduling system. If your schedule doesn’t work for you or your office, try to make adjustments to find the right fit.