Your Practice or Your Money
Reports continue of medical practices having their data hijacked electronically and having to decide whether to pay extortion money to the hackers to hopefully regain control of their data. The latest public report is of an Ohio urology group who reportedly paid $75,000 to hackers in ransom to regain control of its computer system and its data.
This type of act continues to be reported and I believe there are more unreported hijacked/ransom situations then there are reported ones. Few practices want to admit they were so unprepared for this problem they were forced to pay ransom.
How to avoid ransom payouts and be ready:
- Backups-have them at least daily and store physical copies of daily backups off site.
- Get a computer security check up by qualified professionals who can provide you with appropriate protective software.
- Follow computer/data hygiene. Turn computers off, change passwords often, limit access to computers, separate your patient data to different servers from your main server. Consider having separate servers for patient data, for office appointment and for payor and payee records. These can be integrated but certain servers should only operate during office hours. There is no reason for your patient data to be available 24/7 unless your office operates 24/7.
- Audit, audit, audit. At least twice a year, have computer security experts audit who does and who doesn’t have access to your data, when and why.
Know the Price
Healthcare is one of the very few purchases we make where we do not know the price before we have the product or service and where we do not know what the uninsured portion of the price will be. In other words, we have no idea what we are getting into.
The Department of Health and Human Services is designated as the agency by an Executive Order signed Monday, June 24, 2019 that will set rules for upfront disclosure by hospitals of actual prices for common tests and procedures. Expect this process to take up to two years before a final rule is issued and hope common sense prevails so we will know the actual cost of obtaining healthcare services at one hospital or another, at a doctor’s office, urgent care or other facility.
EHR Cost Guestimate for VA
The Department of Veterans Affairs (VA) recently signed a contract with Cerner to move VA’s healthcare data to Cerner’s MHS Genesis System. The deal is valued at an estimated $10 Billion.
VA estimates its Legacy EHR System, Vista, will need to run for approximately 10 more years with cost estimates up to nearly $5 Billion (yes with a b) to keep the old EHR system running during the conversion to the Cerner system.
Please note all of these numbers seem to be huge, at best, guesses.
Allscripts Settles with DOJ
Allscripts has apparently made a tentative deal with the US Department of Justice to pay over $145 Million to settle complaints about one of its unit’s compliance with the anti-kickback statute and HIPAA. This fine is more than the reported total acquisition price for Practice Fusion in 2018. It is likely there is also an ongoing compliance plan requirement. Users of Allscripts and eClinicalWorks should be very cautious since both companies have apparently settled with the DOJ over alleged wrongdoing.
Charity Care Disappearing?
A recent news story indicated that, at least in California, charity care was declining rapidly. The decline apparently was true for for-profit hospitals, non-profit hospitals, for state owned hospitals and locally owned hospitals.
In the study, California hospitals spent less than half on free and discounted care for low-income patients in 2017 compared to 2013. Some claim the Affordable Care Act reduced the need for such charity care. Others indicate a trend for non-profit hospitals adopting for-profit approaches to charity care.
This newsletter is edited by Paul Wallace of Jones • Wallace, LLC, a member of the American Bar Association Healthcare Law Section and the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years. Mr. Wallace assists physicians, practices and hospitals in contract items, federal legal compliance, practice entity creation, estate and wealth planning and similar issues. Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or firstname.lastname@example.org.