Medical Practice Issues to Watch in 2019

Originally published in the January 9, 2019 issue of MGMA’s Washington Connection
Reprinted with permission from MGMA

Medical Practice Issues to Watch in 2019

2019 promises to be another busy year in healthcare. The 2018 midterm elections shifted the balance of power in Washington as Democrats now hold the gavel in the U.S. House of Representatives, creating a divided Congress with the Republican-held Senate. MGMA has identified the following legislative and regulatory issues critical for medical practices in the coming year. We will keep members apprised of key developments in these areas and their impact on medical practices and will continue to advocate for policies that enable practices to thrive in their mission to furnish high-quality, cost-effective patient care.

1. HHS doubles down on risk

Despite an anemic pipeline of new voluntary Medicare alternative payment models (APMs) trickling out of the Department of Health and Human Services (HHS), Secretary Alex Azar is planning a new approach to accelerate participation in risk-based APMs. Forgoing incremental implementation, the Secretary is expected to unveil new mandatory models in 2019 and to emphasize performance-based risk as a necessary component of any new APM.

MGMA strongly supports voluntary participation in APMs when it makes financial sense for individual practices and disagrees with the Secretary that the way to expedite the move to value-based care is to mandate participation. We will continue to advocate for new opportunities for practices to participate in voluntary APMs and for development of more physician-led models.

2. Regulatory relief from government burdens

It is expected that Congress and the Administration will continue to work toward reducing the regulatory burden on medical practices participating in government healthcare programs. The Centers for Medicare & Medicaid Services’ (CMS’) “Patients Over Paperwork” initiative is one such example. However, this has translated into only modest relief for practices thus far, as 88% of MGMA members polled reported an increase in overall regulatory burden last year. MGMA will continue to make regulatory relief a top advocacy priority in 2019. Keep up with our efforts at mgma.com/regrelief.

3. Kicking back the Stark Law

As part of the effort to accelerate payment innovation, HHS leaders pledge to revisit antiquated fraud and abuse rules such as the Stark Law and Anti-Kickback Statute. In 2019, watch for proposed rules that expand exceptions and safe harbors to protect value-based arrangements and benefit providers willing to take on performance-based risk.
While a push to simplify Medicare compliance rules is welcomed, it is likely that congressional intervention will be necessary to achieve meaningful reform. It remains to be seen if Congress will also prioritize this issue in 2019.

4. Surprise! Here is a medical bill you didn’t expect

Medical practices can expect to see a push to curb surprise medical bills, including efforts to empower patients and consumers through improved access to healthcare cost information. The sticker shock of surprise hospital bills continues to make headlines and draw bipartisan attention in Congress, making this issue ripe for legislative action in 2019.

5. A spoonful of new regulations to help drug prices go down

With a new Congress and support from the Administration, reducing Medicare drug prices is on the action list for 2019. For physician-administered drugs, one proposal seeks to curb the price of drugs in Part B by tying prices to a new International Price Index, create new private-sector vendors to supply practices with drugs, and set drug administration cost as a flat fee. CMS is also looking to give Part D drug plans greater flexibility to negotiate drug prices in protected classes.

6. The stakes are higher in MIPS

Implementation of the Merit-based Incentive Payment System (MIPS) continues to ramp up. In 2019, MIPS performance will determine whether clinicians receive a positive or negative payment adjustment of up to 7% on 2021 Medicare reimbursement. Medicare is accelerating cost accountability for MIPS clinicians by increasing the cost component to 15% of the overall MIPS score and introducing episode-based measures. The performance threshold required to avoid a payment penalty also doubles from 15 to 30 points in 2019. With more on the line this year, it is critical that MGMA members prepare their practices for success. Visit mgma.com/macra for helpful resources.

7. Data interoperability a priority for feds

The Office of the National Coordinator for Health Information Technology (ONC) is expected to release regulations to meet requirements of the 21st Century Cures Act and facilitate improved data sharing between healthcare entities. ONC will define and seek to discourage “information blocking,” develop a framework to facilitate data movement between heath information exchange entities, and release specifications for the use of apps to foster data exchange between different providers and between providers and patients. The goal of using apps, a component of MIPS and Stage 3 Meaningful Use, is to permit practices to efficiently and securely move administrative and clinical data via their EHR.

8. Cybersecurity continues to be a top practice concern

Medical practices can be a prime target for phishing and other cybersecurity attacks because they possess valuable information assets (patient clinical and financial data) and often have inadequate cybersecurity protections. HHS’ HIPAA enforcement arm is expected to ramp up audits and fines in 2019. Medical practices should protect both their data and business continuity by completing a comprehensive risk assessment, identifying vulnerable areas of the organization, and taking the steps necessary to mitigate risk. Check out MGMA security resources to prepare your practice this year.

9. Site-of-service payment differentials remain a target

Policymakers will continue the trend toward site-neutral payments with the goal of equalizing Medicare payments for the same services across clinical sites. Medicare expanded this policy through 2018 rulemaking by phasing-in payment reductions for clinic visits at hospital outpatient departments (HOPDs), including HOPDs excepted from previous site-neutral payment rules. In addition to saving money for patients and the government, site-neutral payments are viewed as a policy lever for increasing market competition, eliminating the incentive for hospitals to purchase freestanding clinics and leveling the playing field.

10. “Repeal and replace” is out, “Medicare for all” is in

This shift in power within Congress will recast the role the federal government plays in healthcare in 2019. With “Medicare for all” a key platform for many progressives during the 2018 primaries, the politicized debate over a single-payer health system shows no signs of slowing down and will likely gain steam ahead of 2020 elections.
Passage of any major health reform bill is highly unlikely anytime soon. However, as presidential contenders begin campaigning for the 2020 primaries, universal healthcare will almost certainly become a point of debate.

Can I Text My Patients? FAQs – Emails and Texts

By Carrie Lowe, JD

2018 Alliance sponsor feature article courtesy of MagMutual

Can I text or email my patients?

Yes, healthcare providers can communicate with patients via text messages, but only if:

  1. The communication is encrypted or sent via a secure messaging system, or
  2. The patient is warned beforehand regarding the risk associated with unencrypted communication and the patient still prefers to communicate via unsecured text or email.

If a provider sends an email or text message that is encrypted or sent over a secure messaging system, such as a secure patient portal, the message may include protected health information (PHI). The Department of Health & Human Services (HHS), in its Guide to Privacy and Security of Electronic Health Information, points out that if a provider uses an EHR system that is certified under ONC’s 2014 Certification Rule, the EHR should have the capability to allow patients to communicate through a secure patient portal. However, patients may want information sent via text to their phone or personal email account, which is not secure or encrypted, rather than going to a portal.

Patients have a right to receive communications (including PHI) from the provider by alternative means, such as email or text.[i] However, it is incumbent upon the healthcare provider to inform the patient, in writing, of the risk of unintentional disclosure to a third party of PHI if sent in an unsecure manner. If the patient, after being informed of the risks, chooses to communicate via unsecured means, the patient has that right. This can be done by discussing these risks with the patient and having the patient sign a consent form acknowledging that he or she understands the risk.

In the Final Omnibus Rule, the HHS Office for Civil Rights (OCR) states that covered entities are not required to educate individuals about encryption and information security, but must notify the patient that there is a risk that the information in the email could be read by a third party. “If individuals are notified of the risks and still prefer unencrypted email, the individual has the right to receive protected health information in that way, and covered entities are not responsible for unauthorized access of protected health information while in transmission to the individual based on the individual’s request.” [ii]

What if a patient sends an unsolicited text to me?

When a patient initiates communication with a provider by email or a text message, the provider can assume that email or text is an acceptable form of communication to the patient. A patient may send health information to a healthcare provider using an unsecure email or text. Once this health information is received by the provider, however, it becomes PHI. At that point the PHI must be safeguarded and any texts back to the patient must be sent via a secure messaging system, encrypted, or the patient must have been previously warned in writing of the risk, with supporting documentation that shows that the patient accepted the risk.

Can I send texts regarding patient care to other healthcare providers?

Yes, you can send PHI to other healthcare providers, but only if the information is sent via a secure messaging system or is encrypted.

Can I text orders to members of the healthcare team?

No, CMS and the Joint Commission explicitly prohibit healthcare providers from texting orders. In addition to the privacy and security concerns discussed above, there is concern that the information may be lost or compromised if it has to be manually entered into the medical record from a text message. Other healthcare providers will not have access to the order if it is not in the medical record, which could affect patient care. The medical record must contain all information upon which treatment decisions are based, and patients have the right to access this information pursuant to HIPAA. The recent CMS Memorandum can be found here.
[i] 45 C.F.R. 164.522(b)

[ii] 78 Fed. Reg. 5634

House Passes Bipartisan Bill to Repeal IPAB

Washington, DC – November 2, 2017

The House of Representatives today passed H.R. 849, the Protecting Seniors Access to Medicare Act, by a vote of 307-111.

H.R. 849, authored by Rep. Phil Roe (R-TN) and Rep. Raul Ruiz (D-CA), would repeal the Independent Payment Advisory Board (IPAB), which was created under the Affordable Care Act with the objective of identifying savings by restricting access to health care for Medicare beneficiaries. If IPAB is triggered, even if the board has not been filled, the Secretary of Health and Human Services (HHS) has the authority to carry out cuts to vital services.

At a July #SubHealth hearing, Ms. Mary Grealy, President, Healthcare Leadership Council, testified in support of H.R. 849, saying, “Nearly 800 organizations representing patients, health care providers, seniors, employers, veterans, Americans with disabilities, and others are asking Congress to do away with the Independent Payment Advisory Board before harm is done to Medicare beneficiaries.”

“Repealing the threat of this powerful, unelected board has been a bipartisan effort for years,” said Health Subcommittee Chairman Michael C. Burgess, M.D. (R-TX). “Today, the House acted yet again to repeal this board and its unconstitutional relinquishment of Congressional authority. I urge the Senate to follow suit so we can return oversight of the future of the Medicare program where it belongs. We must prevent potential cuts from being implemented by this unelected board once and for all.”

Note from MGMA

Please visit the MGMA Advocacy Center to ask their Senators to vote YES to this IPAB repeal legislation.

Act Now on Independent Payment Advisory Board Repeal Legislation

Act Now on Independent Payment Advisory Board (IPAB) Repeal Legislation that was Enacted under the Affordable Care Act

Tomorrow, the House Energy and Commerce Committee and Ways and Means Committee, two committees with jurisdiction over Medicare Part B, are holding hearings on H.R. 849, the Protecting Seniors’ Access to Medicare Act of 2017, which would repeal the Independent Payment Advisory Board (IPAB) created under the Affordable Care Act. Under current law, the IPAB will be triggered when the growth rate in Medicare exceeds target growth rates (as reported by CMS’ Office of the Actuary), and will be responsible for recommending to Congress spending reductions in the Medicare program in order to reduce growth below the target growth rate. Although there have been no members appointed to the IPAB, if the IPAB is triggered, the Secretary of HHS is required to stand in place of the board and submit a proposal for reducing Medicare spending. Any proposal, whether from IPAB or HHS, is subject to a “fast track” legislative implementation process with virtually no oversight, leaving little-to-no room for recourse once IPAB-mandated payment cuts are implemented.

It is paramount that members of Congress act now, before future actuary reports trigger the IPAB and activate payment reductions to Medicare providers. Given the timeliness of the House Committee meetings this week, MGMA has created a template message supporting IPAB repeal that can be found by visiting the MGMA Advocacy Center, where you can contact lawmakers and urge them to support this important legislation.

New Administration signals significant policy shifts

Originally published in the January 25, 2017 issue of MGMA’s Washington Connection
Reprinted with permission from MGMA

On his first day in office, President Trump signed an executive order reaffirming his goal to “seek the prompt repeal” of the Affordable Care Act (ACA). The order compels federal agencies to take all actions consistent with law to minimize the economic and regulatory burdens of the ACA. The majority of relevant regulations that can be changed through rule-making, including minimum essential benefits requirements and the authority to institute waivers for insurance mandates, are governed by the Department of Health and Human Services (HHS). Accordingly, the magnitude of the order’s practical impact will be largely contingent on the future actions of Rep. Tom Price, MD (R-GA) and Seema Verma, MPH, the nominees for Secretary of HHS and Administrator of the Centers for Medicare & Medicaid Services (CMS), respectively. Both nominations will be considered for confirmation in the coming weeks.

Earlier this month, the House and Senate took the first step towards ACA repeal and replacement by passing a budget resolution instructing relevant congressional committees to develop legislation that would repeal critical budgetary elements of the ACA through an expedited process known as reconciliation. Details on the expected timeline and key elements of the replacement legislation remain unclear.

Maintaining HIPAA Compliance with Online Data Storage

2016 Alliance sponsor feature article from Manual W. Lloyd Consulting

Keeping patient records secure and private is the concern of every hospital and health care provider, but they are often overwhelmed with years and years of patient information and the lack of adequate storage space. Destroying these health records in order to make room for more storage is often not an option. Patients want access to all of their health care records, and physicians need them in order to better diagnose patients. Online data storage is a way to satisfy all of these issues.

Using online data storage for these records allows easier access for patients, and offers easier sharing of patient information from hospital to physician, as well as from physician to physician. Storing health records online isn’t, however, without security concerns. Patients, hospitals, and physicians want assurance that these confidential records will remain safe, private, and secure, and will only be accessed by those authorized to do so.

What is HIPAA?

HIPAA or the Health Insurance Portability and Accountability Act of 1996 was created in order to protect health information and give patients certain rights regarding their private health information. It also allows for disclosure of health information necessary for patient care. This act specifies safeguards necessary for administrative, and physical and technical handling of patient health information.

According to the U.S. Department of Health and Human Services (HHS.gov) HIPAA has many requirements and restrictions. It requires safeguards for:

  1. Access Control
  2. Audit Controls
  3. Person or Entity Authentication

Access control is defined in the HIPAA Privacy Rule as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” It should allow authorized users to only access the minimum amount of information necessary to complete job functions. The Access Control specification also requires the implementation of an exclusive user identification or user ID, and immediate access in case of an emergency.

What Type of Security is Necessary?

When dealing with patient records in an office, maintaining privacy and security usually involves storing patient files in locked cabinets where the files can be physically secured and visibly monitored at all times. When you are storing patient information online, certain precautions must be met in order to maintain the same security and privacy guaranteed each patient.

While HIPAA permits patient records to be transmitted over the Internet, businesses will want a service that offers file encryption, authentication and password protection in order to secure the information. Although HIPAA does not require online data storage services to have encryption, it does require that patient information be adequately protected and accessible only to authorized persons. Encryption is the best way to protect that information and ensure authorized access to those records. It is also important to offer backup services in case of a virus attack, flood, or fire. Finally, the service must offer a method of tracking any security breach, as well as the ability to lock out former employees after they have left or been terminated.

When storing patient information, it is important to stay HIPAA compliant, as the fines for not doing so are expensive. While online data storage for health care businesses guarantee less worry, work, and expense for health care providers, the service is only as good as the security offered. Remaining HIPAA compliant is vital in order to continue a good business relationship with the health care industry.