Risk from Kaspersky Lab’s Anti-Virus Software

Common anti-virus, Kaspersky that came pre-install on computers from popular retailer Best Buy was recently found to be a vulnerable to security risks.
(see article)

This just demonstrates, that no matter your best intentions or how proactive you are at security protected health information (PHI) you need to have an updated and dynamic process for addressing HIPAA security issues.
Here are some things we think you need to address with your staff, to protect you work stations and network:

  • E-Mail phishing scams. Never download or open anything on work computers from your e-mail.
  • Never check personal e-mail from work computers.
  • Make sure your wireless password is not the factory default and change it once per year.
  • Make sure employees are not sharing passwords. Each individual employee needs their own log-in.
  • If you are using a data back up service. Make sure you understand how you can restore that data if and when you need it.

There are many other factors in establishing a comprehensive process of maintaining protected health information (PHI). These are some of the easiest to fix and most common dangers to health care providers today.


Registry Services

The daunting changes that are coming to medical payment structures in 2017 are big but not insurmountable. The pay for performance models are growing up and will be affecting many group practices in 2017. The bar was raised in the 11th hour and many individual practices do not have the minimum medicare patient population to qualify for the Quality Payment Program in 2017. Although the new programs do not affect some, that is no reason not to be aware of the requirements and educated on how to measure quality.

New Service Developed for 2017

Our QPP consulting service now has a definitive timeline and set features. We’ve modified our Meaningful Use consulting service and created a year long program for our clients to target and reach their quality goals. This new service includes:

  1. Subscription to online forum defining and discussing quality measures, improvement activities, and advancing of clinical information.
  2. Quarterly Meeting to review QPP process and tune up clinc workflow to meet targeted goals.
  3. Review of annual HIPAA Risk Audit for compliance
  4. Reporting on all available measures through Mighty Oak Technology Registry
  5. Access to live & recorded webinars about implementing processes, coding, and other details regarding the successful implementation of QPP.

As a registry, Mighty Oak Technology can submit data on behalf of our clients for the QPP program. By creating the certified software, instructional web resources, quarterly check ups and registry services Mighty Oak Technology can offer the most complete QPP service possible.

You don’t have to be a Chart Talk user to use this service, but you do need to be a Chart Talk user if you want Mighty Oak Technology to act as your registry. The educational and check up components are available for any clinic, group, or organization.


MIPS Certification

After completing a two week course to become a MIPS certified project manager recently, I began reflecting on the evolution of these CMS incentive programs over the last six years. One thing about this new program, compared with meaningful use, PQRS, or the value based modifier is that MIPS brings a lot of what we (software designers and developers) have had to do for software certification in 2011 & 2014 to the clinicians attention. I have clients calling me up asking about exporting QRDA files, choosing quality measures, and submitting data to registries.

It’s going to be a steep learning curve but for the Chart Talk users that have been dilligent about participating in our webinar training series, this switch to quality and the vocabulary associated with it shouldn’t be anything new.

One interesting topic covered in the certification course was developing a strategy for participating in MIPS. Determining the maximum incentive and penalty over the next four years gives you a starting point. Investing your clinics time and resources is expensive and you need to make sure that the return is worth the investment.

Meaningful use required your software to be certified for certain quality measures but did not require any results from you. Now, those same quality measures need to be reported on and you will be graded on a curve. In this first year there is no bar or level to shoot for; You want your quality numbers to peg you at the in the high quality, low cost group of providers.