COPM Operations Part 2.

Mon, 25 Aug 2014 14:14:56 GMT

Good Morning!!!

This week we will continue on with Operation. We will cover Practice Improvement, Quality and Risk Management, Compliance and a few other items this week.

Let’s get started.

Be familiar with methods of Identifying, analyzing, and implementing processes for Practice Improvement.

Using methods such as Flow Charts, Basic Rules, and Six Sigma can help you improve and streamline processes within your practice.

A lot of people get confused about Six Sigma. Lets talk about that for a moment. Six Sigma stands for Six Standard Deviations (Sigma is the Greek letter used to represent

standard deviation in statistics) from mean. Six Sigma methodology provides the techniquesand tools to improve the capability and reduce the defects in any process. Six Sigma methodology improves any existing business process by constantly reviewing and re-tuning the process. To achieve this, Six Sigma uses a methodology known as DMAIC (Define opportunities, Measure performance, Analyze opportunity, Improve performance, Control performance). Six Sigma incorporates the basic principles and techniques used in business, statistics, and engineering. These three form the core elements of Six Sigma. Six Sigma improves the process performance, decreases variation and maintains consistent quality of the process output. This leads to defect reduction and improvement in profits, product quality and customer satisfaction.

Practice Improvement processes must be monitored and recorded in order to properly measure the success of your processes.

Be familiar with Dashboard and Scorecards and their role in measuring practice improvement processes.

Let’s try a sample question:

What Practice Improvement report provides an at-a-glance overview of key performance indicators relevant to a particular objective or process?

A. Dashboard

B. Flowchart

C. Six Sigma

D. Flow Mapping

The answer is A, Dashboard. A Dashboard provides an at-a-glance overview of your KPI. Much like viewing the dashboard of your car to get information on your driving information.

Tue, 26 Aug 2014 14:11:37 GMT

Good Morning!

How is everyone doing? Please ask any question or post any comments or concerns! Everyone benefits when you speak up!

Today we will talk about Quality.

Quality has become a very important factor in ENT practices everywhere. Quality must be measured and reported on. Physicians are being paid based on their quality measures. The use of quality measures is changing the landscape of healthcare payment methods. It is very important that you understand quality measures, their reports, indications, and outcomes. Quality measure are a very important tool that will help you in several areas of your practice.

Clinical Quality Measures (CQM’s) such as Meaningful Use, PQRS, and PQRI are all programs you should be familiar with.

Meaningful Use
Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, eligible health care professionals and hospitals can qualify for Medicare and Medicaid incentive payments when they adopt certified EHR technology and use it to achieve specified objectives. Some of these objectives are called "meaningful use" objectives, which simply mean the measureable benchmarks providers must meet to qualify for the incentive payments. These meaningful use requirements vary between the Medicare and the Medicaid incentive
programs. To qualify for incentive payments, meaningful use requirements must be met in the following ways:
Medicare EHR Incentive Program - Eligible professionals and hospitals must successfully demonstrate meaningful use of certified electronic health record technology every year they participate in the program.
Medicaid EHR Incentive Program - Eligible professionals and hospitals may qualify for
incentive payments for the adoption, implementation, upgrade or the demonstration of
meaningful use in their first year of participation. They must successfully demonstrate
meaningful use for the remaining years they participate in the program.

PQRS/PQRI

Physicians Quality Reporting System/Physicians Quality Reporting Initiative is a reporting program that uses a combination of incentive payments and payment adjustments to promote reporting of quality information by eligible professionals (EPs).
The program provides an incentive payment to practices with EPs (identified on claims by their individual National Provider Identifier [NPI] and Tax Identification Number [TIN]). EPs satisfactorily report data on quality measures for covered Physician Fee Schedule (PFS) services furnished to Medicare Part B Fee-for-Service (FFS) beneficiaries (including Railroad Retirement Board and Medicare Secondary Payer).
Beginning in 2015, the program also applies a payment adjustment to EPs who do not satisfactorily report data on quality measures for covered professional services. This website serves as the primary and authoritative source for all publicly available information and CMS-supported educational and implementation support materials for PQRS.
Let’s try a sample question:

The three stages of Meaningful Use are: Data Capture & Sharing, Advanced Clinical Processes, and ___________?

A. Quality Reporting
B. Attestation
C. Improved Outcomes
D. Benchmarking

The answer is C, Improved Outcomes.
Three Stages of Meaningful Use - Meaningful use has three stages with goals for each
stage. During Stage 1 (2011 and 2012), providers must meet certain objectives/measures
and 80% of patients must have records in the certified EHR technology. The reporting period
for the first year is 90 days and one year subsequently.
• Stage 1: Data Capture & Sharing - Electronic capture of health information in a
structured format, Stage 1 begins in 2011.
• Stage 2: Advanced Clinical Processes - Quality improvement at the point of care
and electronic exchange of information, Stage 2 scheduled to begin in 2013*
• Stage 3: Improved Outcomes - Improvements in quality, safety, and efficiency
clinical decision support & patient self-management tools, Stage 3 is scheduled to
begin in 2015*
*Stages 2 and 3 will be defined in future CMS rule making.

Wed, 27 Aug 2014 13:56:20 GMT

Happy Wednesday!

Today we will talk about Risk Management.

Risk Management is identification, assessment and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor and control the probability and/or impact of unfortunate events.

Types of Risk Management:
Malpractice
Fraud & Abuse
Patient & Staff Safety
HITECH
HIPAA
IT Risk
Malpractice:

Good risk management techniques improve the quality of patient care and reduce the probability of a medical malpractice claim or adverse outcome. The primary goal of a successful risk management is to reduce untoward events to patients. Risk management programs are designed to reduce the risk to patients and resulting liability to the health care provider. Standard of care is the foundation for risk.

Medical risk management is a process which involves: 1)identifying risk, (2) minimizing the risk of loss and (3)reducing the impact of losses if they occur. This requires a policy on Risk Management. Medical risk management focuses on risk reduction through improvement of patient care.

You must have an up to date comprehensive written risk management policy. And make everyone aware to come to your point person in your medical practice when something occurs.

Liability for medical malpractice is a source of financial risk in patient care. Another risk is the psychological trauma of a malpractice suit. The physician’s actions are considered negligent, when (1) the physician has a duty to treat the patient, (2) the physician’s interaction with the patient falls outside the accepted standard of care, or (3) the patient is harmed as a result of this interaction.

Fraud & Abuse

Health care fraud, waste & abuse present a serious risk to the medical practice.
According to CMS, health care fraud schemes commonly include billing for services that were not provided or were not medically necessary, purposely billing for a higher level of service than what was provided, misreporting costs or other data to increase payments, paying kickbacks, and/or stealing providers’ or beneficiaries’ identities. Many times, these fraudulent practices are unintentional. Your practice must have a written compliance policy addressing Fraud & Abuse. An effective fraud and abuse compliance program can be used for much more than purely defensive purposes. An active compliance program can have multiple affirmative benefits, including (1) facilitating prompt claims submission and payment; (2) identifying under-coding and up-coding; (3) reducing claim denials; and (4) improving staff education, which, in turn, should improve practice efficiency.

Patient & Staff Safety

Patient and staff safety risk should be minimized by following strict OSHA guidelines in your practice. This applies to not only the patients and clinical personnel but also business office personnel and areas. Per OSHA guidelines, you must have a written policy on patient and staff safety ,and OSHA guidelines; provide annual training, Personal Protective Equipment ( PPE), treatment and work area safety inspections, and documentation of the findings and/or corrections made. These inspections should also be performed annually. Remember that OSHA is not limited to clinical areas, but your office areas & machines as well.

HITECH and HIPAA:
The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology.
Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

It has become a “best practice” for companies, educational institutions, and government agencies to notify their customers and employees whether or not the breach they’ve experienced requires that they provide notice to their customers and/or employees. For example, have been several high-profile breaches in which customers’ names and email addresses were compromised. While the data elements exposed in these breaches would not likely lead to financial identity theft if obtained by criminals, the affected companies nonetheless notified their customers anyway.   Health and human services also gives a list of breaches.

The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information”. A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being. The Rule strikes a
balance that permits important uses of information, while protecting the privacy of people who seek care and healing.
Every health care provider, regardless of size, who electronically transmits health information in connection with certain transactions, is a covered entity.
These transactions include claims, benefit eligibility inquiries, referral authorization requests or other transactions for which HHS has established standards under the HIPAA Transactions Rule.
Do you have a HIPAA specialist in your office? Do you do spot checks? Do you have confidential bins that are removed and shredded or do you shred?

Finally, let’s talk about IT risk. This is also related to HITECH. When we look at electronic security and confidentiality, we must take a number of items into account, including hardware, software and policies. With security being such an important issue, it is vital to explore all areas of security and become familiar with the many tools and devices available. The practice administrator must understand issues related to hardware and software as they impact security and confidentiality.

Let’s try a practice Question:

Which of the following is a practice to help you avoid a Fraud & Abuse violation?

A. Perform regular in house chart audits.
B. Perform employee performance reviews
C. Perform work area safety inspections
D. Perform system log-in password audits

The answer is A. Perform regular in house chart audits. Ways to avoid a Fraud & Abuse violation include:
Written Compliance Plan
Follow CMS & OIG requirements
Staff Education
Regular In-house Chart Audits

How did you do?

We have covered a lot. Make sure you are familiar with Risk Management. It plays a large role in your everyday operations. We will cover the Risk Analysis and Disaster Recovery plan tomorrow.

Thu, 28 Aug 2014 14:30:38 GMT

Hello everyone!

How are you doing? Please ask questions as we go along! Would you like us to cover something we may have missed? Need more sample questions? Let us know what would help you!

Let’s finish out Risk Management. Today we will talk about the Risk Analysis and the Disaster Recovery plan.

Risk Analysis:

A Risk Analysis is the process of identifying, prioritizing, and estimating risks to organizational operations, organizational assets, and individuals, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls that are planned or in place. When you perform a risk analysis, think about every device, every program, every user and every function you perform, and the potential risks with each. If you have attested Meaningful Use, then you have performed a comprehensive Security Risk Assessment. Make sure you update this yearly.

Components of a Risk Analysis include:
Asset Inventory
Threat Identification
Impact of Threats
Vulnerability Identification
Preventative Measures
Disaster Recovery

The first step in the risk assessment is to identify the assets that support critical business operations. These assets may include physical and logical assets such as physical facilities, employee computers, network communications devices, operating systems, and applications.
Threats are individuals, groups, or external events such as environmental factors that can negatively impact assets. Threats can take many forms, including people (such as insiders or Internet users), technology (such as worms or Trojans), and events (such as floods or fires). Identify the types of threats that can impact your assets. Impacts of threats include Affects to confidentiality, Integrity, and availability, Direct costs from physical destruction/loss, Direct costs from theft or extortion, Costs to resolve incidents, Loss of consumer confidence, Failure to meet regulatory requirements, Failure to meet contractual agreements, or worst case scenarios such as catastrophic failures of information systems.
The threat scenarios can only happen if a threat impacts an asset that has a real vulnerability, so you must identify potential vulnerable areas of your practice’s network. Vulnerable areas can include a weak passwords, lack of or outdated firewalls, weak or lack of encryption, lack of policies, or lack of training.
Comprehensive information security programs require that every asset have protective measures in the areas of prevention, detection, and response:
Preventative measures reduce the likelihood of exploitation.
The ability to detect and respond to incidents allows an organization to minimize loss in the event of a compromise.
Finally, effective detection and response provide a deterrent to exploitation attempts.

Disaster Recovery

Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of the technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity. The disaster recovery plan should address the practical recovery from any threat to your network and should include your risk analysis. There is no one right type of disaster recovery plan, nor there is a one-size-fit-all disaster recovery plan. However, there are three basic strategies that encompass a disaster recovery plan: (1) preventive measures, (2) detective measures, and (3) corrective measures.

Do you have a Disaster Recovery Plan? Make sure you also have a delegation list for the Disaster Recovery process, so in the event of a breach or failure, each employee know what they are supposed to do to execute the disaster recovery plan.

Any comments or Questions?

Fri, 29 Aug 2014 14:09:00 GMT

Happy Friday!!!!

Today we will finish out Operations Part 2 with Compliance.
Compliance is among the hundreds of tasks you manage within your practice. You deal with compliance in every area of your practice. A compliance plan is a documented set of standards, procedures, and policies that addresses the administrative and clinical protocols of a practice to meet government standards and regulations The existence of an effective compliance plan provides evidence that any mistakes were inadvertent, and this evidence would be considered in determining whether a medical practice or other health care entity has made reasonable efforts to avoid and detect misbehavior.
Compliance plans must always be in writing, reviewed yearly, and updated no less than every 2 years.
The OIG’s recommended compliance program guidance for individual and small group physician practices contains seven components that provide a solid basis upon which a physician practice can create a voluntary compliance program.
Elements of a Compliance Plan include:
Conducting internal monitoring and auditing
Implementing compliance and practice standards
Designating a compliance officer or contact
Conducting appropriate training and education
Responding appropriately to detected offenses and developing corrective action
Developing open lines of communication and
Enforcing disciplinary standards through well-publicized guidelines.

Let’s try a sample question:

Appropriate discipline policies associated with a compliance program should be:

A. Defined by role
B. Enforced consistently
C. Available to patients
D. Reported to the government

The answer is B, Enforced Consistently

We will finish out Operations next week!

Have a great weekend and Happy Labor Day!