Medicare Reimbursement Declined – 5 Essentials for Success In The New Healthcare World

One of the many challenges physicians are facing this year is transitioning from volume-based payment to value-based payment. Medicare Access and CHIP Re-authorization Act also known as MACRA replaces the current Medicare reimbursement schedule, fee-for-service, with a new value-based care framework that’s focused on quality, value and accountability. This transformation is the most important industry-wide effort that it will impact millions of healthcare providers across the nation.

MACRA offers two reimbursements path models, Advance Alternative payment Models (APMs) or the Merit-based Incentive Payment System (MIPS). The MIPS model is an incentivize model which consolidated three existing Medicare quality program into one. Many independent medical practice will opt for MIPS due to its incentivized benefits and potential to increase net revenue through payment adjustments, that in some cases, reward value in primary care rather than volume.

With such dramatic change, independent medical practices are asking: What can we do to thrive under this new value-based care equation?

In this article, I present some tips to aid the solo and small healthcare practices on how to better utilize information technology tools under value-based care framework. In addition, we look at how to improve financial results, while reducing overall costs.

5 Tips for Small Independent Practices to Succeed

1. Robust investment in analytics to predict re-admissions.

Understanding the patterns in your data allows you to act on trends before they become cost-draining issues.

For example, by analyzing data information about patients being treated. Small practices can more readily flag patients that are likely candidates for readmission. Then tailor patient engagements and interactions specific to these patients. From there, make the quality improvements that can lead to better clinical outcomes. The cost of investing in a population health management solution can help to generate higher savings overtime.

Remember, the only way to report on those outcomes – and get paid for the service you provide – is through quality data. Look to IT solution such as a population health management system to help provide the quality data your require.

2. Empower Patients to Take Control of Their Own Health

Independent Health practices should focus on the specific attributes of their communities to move toward a quality driven model. Strategies that personalize delivery and empower patient’s to take better control of their own health are the most likely to succeed.

For example, a physician who serves a predominate Hispanic population may want to consider developing diabetes prevention programs. These programs could focus on aiding in limiting the spread of the disease.

Development of such programs can help small independent practices better define information technology tools. For example, data-driven tools. These tools provide insight on cost and quality metrics, and provides the data needed to make care decisions that are consistent with effective clinical practice.This may improve service delivery and greater value-based outcomes.

3. Deliver continuous access to mission-critical systems and data

No matter what size your organization is, no organization can afford downtime. In healthcare, system failures cost more than money. They can cost lives. When the flow of data is disrupted, the effect is viral and impacts patient health and safety, internal processes, and revenue.

High availability is no longer a nice-to-have, it’s a must have. Across all industries, High Availability (HA) is measured in nines. “One nine” refers to 90% systems uptime, “five nines”, a standard reference point, refers to 99.999% uptime. Downtime that occurs during peak patient care hours will have a larger impact to your organization than downtime occurring in off-peak hours.

Ransomware Attacks Show That Healthcare Must Take Cybersecurity Seriously

While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA, a new threat has emerged and is poised to become much bigger: ransomware attacks on hospitals and healthcare providers that are not seeking to breach patient information but instead render it inaccessible until the organization pays a hefty ransom.

In just the past few weeks, the following major ransomware attacks on healthcare facilities have occurred:

In February 2016, hackers used a piece of ransomware called Locky to attack Hollywood Presbyterian Medical Center in Los Angeles, rendering the organization’s computers inoperable. After a week, the hospital gave in to the hackers’ demands and paid a $17,000.00 Bitcoin ransom for the key to unlock their computers.

In early March 2016, Methodist Hospital in Henderson, Kentucky, was also attacked using Locky ransomware. Instead of paying the ransom, the organization restored the data from backups. However, the hospital was forced to declare a “state of emergency” that lasted for approximately three days.

In late March, MedStar Health, which operates 10 hospitals and over 250 outpatient clinics in the Maryland/DC area, fell victim to a ransomware attack. The organization immediately shut down its network to prevent the attack from spreading and began to gradually restore data from backups. Although MedStar’s hospitals and clinics remained open, employees were unable to access email or electronic health records, and patients were unable to make appointments online; everything had to go back to paper.

Likely, this is only the beginning. A recent study by the Health Information Trust Alliance found that 52% of U.S. hospitals’ systems were infected by malicious software.

What is ransomware?

Ransomware is malware that renders a system inoperable (in essence, holding it hostage) until a ransom fee (usually demanded in Bitcoin) is paid to the hacker, who then provides a key to unlock the system. As opposed to many other forms of cyber attacks, which usually seek to access the data on a system (such as credit card information and Social Security numbers), ransomware simply locks the data down.

Hackers usually employ social engineering techniques – such as phishing emails and free software downloads – to get ransomware onto a system. Only one workstation needs to be infected for ransomware to work; once the ransomware has infected a single workstation, it traverses the targeted organization’s network, encrypting files on both mapped and unmapped network drives. Given enough time, it may even reach an organization’s backup files – making it impossible to restore the system using backups, as Methodist Hospital and MedStar did.

Once the files are encrypted, the ransomware displays a pop-up or a webpage explaining that the files have been locked and giving instructions on how to pay to unlock them (some MedStar employees reported having seen such a pop-up before the system was shut down). The ransom is nearly always demanded in the form of Bitcoin (abbreviated as BTC), an untraceable “cryptocurrency.” Once the ransom is paid, the hacker promises, a decryption key will be provided to unlock the files.

Unfortunately, because ransomware perpetrators are criminals – and thus, untrustworthy to begin with – paying the ransom is not guaranteed to work. An organization may pay hundreds, even thousands of dollars and receive no response, or receive a key that does not work, or that does not fully work. For these reasons, as well as to deter future attacks, the FBI recommends that ransomware victims not cave in and pay. However, some organizations may panic and be unable to exercise such restraint.

Because of this, ransomware attacks can be much more lucrative for hackers than actually stealing data. Once a set of data is stolen, the hacker must procure a buyer and negotiate a price, but in a ransomware attack, the hacker already has a “buyer”: the owner of the information, who is not in a position to negotiate on price.

Why is the healthcare industry being targeted in ransomware attacks?