1 3
S T R A T E G I E S
T O
S A F E G U A R D
Y O U R
C Y B E R
D A T A
REPORTING ON THE ECONOMICS OF HEALTHCARE DELIVERY
A PUBLICATION OF PNN www.PhysiciansNewsNetwork.com
APRIL 2015 L I A
M A G
A
O
O
I
Z
F
I
F
N
E
E
N
F
I
F
Z
I
C
C
L I A
M A G
A
Financing for your practice — and so much more
With more than 20 years of healthcare financing experience, Wells Fargo Practice Finance understands the business of running a practice and is here to help you achieve your goals. Get up to 100% financing for a variety of business purposes: • Practice start-up and acquisition • Equipment purchases or upgrades • Office expansion, remodel, and relocation • Practice debt refinancing • Working capital
Enjoy limited-time offers designed to celebrate businesses like yours Apply by June 30, 2015, and receive $250 off the documentation fee
To talk to us about our other small business appreciation offers, call 1-800-359-3557, go online to wellsfargo.com/appointments to set up a convenient time to meet with a banker near you, or contact your local banker today:
Apply for a Wells Fargo Practice Finance loan between 04/16/2015 and 06/30/2015 and, upon approval, get $250 off the documentation fee. The loan must commence funding by 07/31/2015. All financing is subject to credit approval. Business refinance program is for practice-related debt only. Existing Wells Fargo Practice Finance debt and revolving credit are not eligible for consolidation. © 2015 Wells Fargo Bank, N.A. All rights reserved. Wells Fargo Practice Finance is a division of Wells Fargo Bank, N.A. SBS60-0244 (1243048_14516)
A PR I L 2015 | TA B LE OF CONT ENT S
Volume 146 Issue 4
8
14 6 Remote Patient Monitoring: Real-Time Patient Data, Real Liability Risks 8 Purge the Financial Paperwork: What to Keep or Trash for Taxes
COVER STORY
10
14 13 Strategies to Safeguard Your Cyber Data
CYBERSECURITY In the wake of recent events,
cybersecurity is on the mind of every
physician, administrator and patient. In
this timely issue of Physician Magazine, we provide you with the latest news and legislative information, as well as tips to
FROM YOUR ASSOCIATION 4 President’s Letter | Pedram Salimpour, MD 16 CEO’s Letter | Rocky Delgadillo
help protect your practice and patient information from cyber attacks.
Physician Magazine (ISSN 1533-9254) is published monthly by LACMA Services Inc. (a subsidiary of the Los Angeles County Medical Association) at 707 Wilshire Boulevard, Suite 3800, Los Angeles, CA 90017. Periodicals Postage Paid at Los Angeles, California, and at additional mailing offices. Volume 143, No. 04 Copyright ©2012 by LACMA Services Inc. All rights reserved. Reproduction in whole or in part without written permission is prohibited. POSTMASTER: Send address changes to Physician Magazine, 707 Wilshire Boulevard, Suite 3800, Los Angeles, CA 9001 7. Advertising rates and information sent upon request.
A P R I L 2015 | W W W. P H Y S I C I A N S N E W S N E T W O R K .C O M 1
EDITOR
Sheri Carr 559.250.5942 | sheri@physiciansnewsnetwork.com ADVERTISING SALES
DISPLAY AD SALES / DIRECTOR OF SALES CLASSIFIED AD SALES
EDITORIAL ADVISORY BOARD
Christina Correia 213.226.0325 | christinac@lacmanet.org Dari Pebdani 858.231.1231 | dpebdani@gmail.com David H. Aizuss, MD Troy Elander, MD Thomas Horowitz, DO Robert J. Rogers, MD HEADQUARTERS
The Los Angeles County Medi-
physicians from every medical
Physicians News Network Los Angeles County Medical Association 707 Wilshire Boulevard, Suite 3800 Los Angeles, CA 90017 Tel 213.683.9900 | Fax 213.226.0350 www.physiciansnewsnetwork.com
specialty and practice setting
LACMA OFFICERS
cal Association is a professional association representing
as well as medical students, interns and residents. For more
PRESIDENT
PRESIDENT-ELECT
TREASURER SECRETARY
IMMEDIATE PAST PRESIDENT
Pedram Salimpour, MD Peter Richman, MD Vito Imbasciani, MD William Averill, MD Marshall Morgan, MD
than 100 years, LACMA has been at the forefront of current medicine, ensuring that its members are represented in the areas of public policy, govern-
LACMA BOARD OF DIRECTORS CMA TRUSTEE
ALTERNATE RESIDENT/FELLOW COUNCILOR
COUNCILOR – SSGPF
COUNCILOR – DISTRICT 9 CMA TRUSTEE
CMA TRUSTEECOUNCILOR – DISTRICT 5
COUNCILOR – DISTRICT 2 COUNCILOR-AT-LARGE
ment relations and community
ETHNIC PHYSICIANS COMMITTEE REP
relations. Through its advocacy
COUNCILOR – DISTRICT 17
COUNCILOR – DISTRICT 1
COUNCILOR – DISTRICT 14
efforts in both Los Angeles
COUNCILOR – USC
COUNCILOR – DISTRICT 7
County and with the statewide
COUNCILOR – DISTRICT 6
California Medical Association,
COUNCILOR – ALLIED PHYSICIANS
your physician leaders and staff
COUNCILOR – DISTRICT 3
strive toward a common goal– that you might spend more time treating your patients and less time worrying about the challenges of managing a practice.
COUNCILOR-AT-LARGE COUNCILOR-AT-LARGE
COUNCILOR – DISTRICT 10
MEDICAL STUDENT COUNCILOR/UCLA
COUNCILOR – SCPMG
RESIDENT/FELLOW COUNCILOR
YOUNG PHYSICIAN COUNCILOR
COUNCILOR-AT-LARGE
COUNCILOR – SSGPF
ALT. MEDICAL STUDENT COUNCILOR/UCLA COUNCILOR-AT-LARGE
CHAIR OF LACMA DELEGATION
David Aizuss, MD Erik Berg, MD Robert Bitonte, MD Stephanie Booth, MD Jack Chou, MD Troy Elander, MD Hilary Fausett, MD Samuel Fink, MD Hector Flores, MD C. Freeman, MD Sidney Gold, MD William Hale, MD Stephanie Hall, MD David Hopp, MD Kambiz Kosari, MD Young-Jik Lee, MD Paul Liu, MD Maria Lymberis, MD Carlos Martinez, MD Nassim Moradi, MD TJ Nguyen Ashish Parekh, MD Heidi Reich, MD Sion Roy, MD Michael Sanchez, MD Heather Silverman, MD Andrew Sumarsono Nhat Tran, MD Fred Ziel, MD
LACMA’s Board of Directors consists of a group of 30 dedicated physicians who are working hard to uphold your rights and the rights of your patients. They always welcome hearing your comments and concerns. You can contact them by emailing or calling Lisa Le, Director of Governance, at lisa@lacmanet.org or 213-226-0304.
SUBSCRIPTIONS Members of the Los Angeles County Medical Association: Physician Magazine is a benefit of your membership. Additional copies and back issues: $3 each. Nonmember subscriptions: $39 per year. Single copies: $5. To order or renew a subscription, make your check payable to Physician Magazine, 707 Wilshire Boulevard, Suite 3800, Los Angeles, CA 90017. To inform us of a delivery problem, call 213-683-9900. Acceptance of advertising in Physician Magazine in no way constitutes approval or endorsement by LACMA Services Inc. The Los Angeles County Medical Association reserves the right to reject any advertising. Opinions expressed by authors are their own and not necessarily those of Physician Magazine, LACMA Services Inc. or the Los Angeles County Medical Association. Physician Magazine reserves the right to edit all contributions for clarity and length, as well as to reject any material submitted. PM is not responsible for unsolicited manuscripts.
Time to go shopping... ...for a better deal on workers’ compensation.
There has never been a better time to shop the sponsored workers’ compensation plans offered through the Los Angeles County Medical Association/CMA. That’s because workers’ compensation insurance rates in California continue to move upward. The Insurance Commissioner recommended an increase of 6.7% in pure premium rates for 2015 compared to the average premiums charged as of July 20141. Your plan may experience a higher or lower rate increase than recommended by the Department of Insurance. Don’t just sit back and accept higher rates! Call Mercer to see if you can get a better deal through the Los Angeles County Medical Association/CMA. Working with Mercer as the program administrator, the Association sponsors best-inclass insurance plans at competitive premiums. By becoming involved with the sponsored plans you will receive valuable protection for your practice and employees while supporting the good work of your Association! Take control of your workers’ compensation costs. Call 800-842-3761 now for your free, no-obligation quote. Or visit www.CountyCMAMemberInsurance.com for more information and to download an application or premium indication form.
Sponsored by:
Scan for more info! Mercer Health & Benefits Insurance Services LLC • CA Ins. Lic. #0G39709 Copyright 2015 Mercer LLC. All rights reserved. • 777 South Figueroa Street, Los Angeles, CA 90017 CMACounty.Insurance.service@mercer.com • www.CountyCMAMemberInsurance.com 800-842-3761 • 71355/71376 (4/15)
1Source: Workers Compensation Insurance Rating Bureau of California, http://www.wcirb.com/sites/default/files/documents/insurance-commissioners-decision-01012015_1.pdf
P RES IDEN T ’S LET T ER | P EDRAM S ALIM P OU R, M D
ACCO R D I N G TO T H E C D C (Centers for Disease Control and Prevention). deaths from prescription opioids each year outnumber those due to heroin, cocaine and benzodiazepine sedatives, combined. The problem has become complicated. But it is still comprehensible. While there is a great deal of opacity between doctors and the reliable (verifiable) information they have on their patients’ opioid usage, technologies such as the CURES database and EDIE (Emergency Department Information Exchange) are working to disintermediate those in the middle, making human reporting, and error, less of an impediment to patient management. This is no small task. Los Angeles is the 17th largest economy in the world and home to about 12 million people. That means that the problem is, well, scalable. Buoyed by the abuse of easily accessible prescription drugs, this epidemic is insidiously and quietly tearing at the fabric of our community. Unfortunately, as Los Angeles goes, so goes the rest of the country. As members of this community first, but also as representatives of the Los Angeles medical community, we are increasingly concerned about the problem of prescription drug abuse. As doctors, our mission is to provide unimpeded healthcare to individuals, but one of the biggest hindrances to providing that care safely today is self-abuse. Every day more than 60 people in the United States die from prescription drug overdose. An unbelievable 70% of these opioids are obtained from a friend or relative. Overall, 84% of the opioids that cause unintentional deaths are obtained through a prescription, and then somehow abused or misused. Our clinical community ought to create solutions, ways to work to prevent these avoidable deaths. What makes these numbers even more tragic is that prescription drug abuse affects mostly our youngest and most vulnerable, those between the ages of 12 and 17. For these young children, prescription drugs are easy to find, and even easier to ingest or snort by crushing, cutting or grinding. And since the opioids provide an almost instantaneous high, the potential for abuse of these formulations is intensified. Still, the problem of prescription drug abuse isn’t just about the health of individuals. Hospital staff and resources are by necessity allocated to dealing with overdoses that can be prevented. Due to lost productivity, health resources and justice system expenditures, prescription drug abuse costs the U.S. in excess of $56 billion annually. Imagine those resources dedicated to education or medical research. What are the viable solutions? Education and diversion programs are wonderful long- and short-term programs. But the problem also rests in the chemistry of the compounds. To help, researchers are developing abuse deterrent formulations (ADFs), medications that provide the same pain relief as conventional opioids, but contain chemical or physical properties that make crushing, cutting or grinding pointless – when manipulated, ADF blocks the instantaneous euphoric effect of the drug, making it far less enticing to abuse. These ADFs will reduce the abuse of prescription drugs, and ultimately, along with more education and other interventions, improve the health of our community. The California Medical Association (CMA) understands this, which is why in December 2014 it approved a resolution supporting the U.S. Food and Drug Administration’s ongoing efforts to evaluate and label ADF technology. The CMA also opposes the imposition of administrative roadblocks that decrease access to and coverage of prescription drugs with abuse deterrent properties. Los Angeles is our home, and its residents are our neighbors. The abuse of prescription pills not only harms the health of our community, but puts at risk the lives of our loved ones as well – and it can be stopped. This is why our legislators ought to do whatever is necessary to create a path for abuse deterrent formulations to reach their constituents. We live in the greatest city in the world. We are on the cutting edge of a lot of things. We believe that our community deserves a chance at deterring abuse, and in leading the nation at reducing the unnecessary deaths that inevitably follow. We support the goal of the CDC: Reduce abuse and overdose of opioids and other controlled prescription drugs while ensuring patients with pain are treated using safe and effective means. Our clinical armamentarium for addressing this problem now includes education and diversion, but also better technology and chemistry. 4 P H Y S I C I A N M A G A Z I N E | A P R I L 2015
A Successful Medical Practice It’s what California’s finest physicians strive for... and what CAP can help you achieve. Since 1977, the Cooperative of American Physicians (CAP) has provided superior medical professional liability coverage and valuable risk and practice management programs to California’s finest physicians through its Mutual Protection Trust (MPT).
As a physician-directed organization, we understand the realities of running a medical practice these days, and are committed to supporting you with a range of programs and services that no other professional liability company offers. These include a 24-hour early intervention program, HR support, EHR consultation, a HIPAA hotline, and a robust group purchasing program, to name a few.
Are You ICD-10 Ready? Get Your “ICD-10 Action Guide” FREE! On October 15, 2015, all medical practices must comply with new, expanded ICD-10 codes. CAP’s ICD-10 Action Guide for Medical Practices has the answers you need to successfully make the transition.
Request your free electronic or hard copy today!
800-356-5672 CAPphysicians.com/icd10now
PURGE THE FINANCIAL PAPERWORK:
What to Keep or Trash for Taxes
Fear of being audited leads many people to become paperwork pack rats. Tax season is a good time to face those fears and free yourself of paranoia—along with that bulging filing cabinet. Here’s what you need to know so you can purge without fear. Electronic records are better than paper. The IRS accepts electronic records, so there’s typically no reason to hang on to a statement or other piece of paper just because it was issued by your bank or other financial institution. Scans of the originals are acceptable, and consider going paperless by getting your statements electronically. Make sure you back up your data and consider keeping a copy off site, either in physical form (such as on a CD or USB drive) or encrypted in the cloud. Few documents are irreplaceable. If your big6 P H Y S I C I A N M A G A Z I N E | A P R I L 2015
gest worry is that you’ll shred something you’ll need later, take heart. Most documents can be re-created. Banks and brokerages keep electronic versions of your statements for at least six years and sometimes more, though they may charge you to get new copies. Your biggest risk of being audited is in the first three years after you file a tax return, although that limit can be extended to six years if you under-report your income by 25% or more. (You may hear tax experts say to keep paperwork for seven years. What they mean is seven years from the relevant
tax year. So if you file your 2014 return on April 15, 2015, you’ll want to keep those records until April 15, 2021—seven years from 2014.) Some documents should be kept longer. Paperwork that relates to a potentially taxable investment or asset, such as real estate or your stock portfolio, should be kept for as long as you own the asset plus six years after you file the relevant tax return. But again, you needn’t hang on to paper—scans are fine. Many tax pros recommend hanging on to your actual tax returns for life, although you’re welcome to shred the supporting documentation after the audit risk has elapsed. Keep the summaries, ditch the rest. If you’re still getting paper trade confirmations, you can discard them once you compare them to your brokerage statement. If your brokerage issues year-end statements, you can discard the monthly ones. You can discard pay stubs once you get your W-2 and compare it to the summary on your year-end pay stub. ATM receipts and deposit slips can be shredded if they match what’s shown on your statements. Once you reconcile credit or debit card receipts with your statements, keep only the ones that are needed for tax purposes or that document a major purchase. Worried you may need receipts in case of problems with smaller purchases? Set up a file each quarter for miscellaneous receipts, and discard them after six months or so have passed. Purge your retirement accounts files. Your IRAs, 401(k)s and other retirement accounts don’t qualify for capital gains tax treatment, so there’s no need to
keep track of what investments you bought when. The only thing you need to retain is documentation of any nondeductible contributions, which you should have been reporting on your annual tax returns using Form 8606. You should keep those forms indefinitely, along with the Form 5498s your IRA custodian sends you that summarize your account activity for the year. If you transfer your accounts—you roll your 401(k) into another employer’s plan or change IRA custodians— keep that paperwork as well. One other exception: if you contributed to a 403(b) account before 1987, keep your old account statements indefinitely to prove you made the contributions. This money doesn’t have to be withdrawn until age 75, while other retirement money generally has to come out earlier. Clear out the rest. If you don’t need a document for tax purposes, you often can discard it when it’s replaced by a new one (in case of insurance policies, for example) or you no longer own the relevant item (such as receipts, warranties or owners manuals). Again, when in doubt, scan the item so you have an electronic record if it turns out you need one. We’re still not a paperless society, and it can be a hassle to get certain documents—such as birth, marriage, death and title certificates, licenses, deeds, Social Security cards, military service records and divorce decrees—re-created if we need them. Keep these secured in a home safe or safe deposit box Submitted by City National Bank, http://newsroom.cnb.com
merage.uci.edu/go/HCEMBA
Lead the change in health care. Be a part of the solution.
The Health Care Executive MBA program offers an academically challenging curriculum with a schedule that allows you to simultaneously advance your career in health care. A few unique aspects of the program are: ‡ $Q H[FOXVLYH QHWZRUN RI KHDOWK FDUH SURIHVVLRQDOV ZKR ZDQW WR PDNH DQ impact on the future delivery of health care ‡ &RKRUW PHHWV MXVW RQH H[WHQGHG ZHHNHQG SHU PRQWK IRU PRQWKV ‡ :HHN ORQJ H[SHULHQWLDO UHVLGHQWLDO RQ )HGHUDO 3ROLF\ LQ +HDOWK &DUH LQ :DVKLQJWRQ ' & ‡ /HDUQ IURP WKH VDPH ZRUOG UHQRZQHG IDFXOW\ ZKR WHDFK LQ RXU WRS UDQNHG Executive MBA program ‡ 8S WR &0( XQLWV PD\ EH HDUQHG
Join us for an information session, webinar, or schedule a personal consultation to learn more about our program. merage.uci.edu/go/HCEMBA
Dr. Michael Miyamoto +&(0%$ Âś
949.824.0561
HCEMBA@merage.uci.edu
A P R I L 2015 | W W W. P H Y S I C I A N S N E W S N E T W O R K .C O M 7
HEALTHCARE VIRTUALLY ANYWHERE
8 P H Y S I C I A N M A G A Z I N E | A P R I L 2015
REMOTE PATIENT MONITORING:
Real-Time Patient Data, Real Liability Risks
Three million patients worldwide are currently connected to a remote monitoring device that sends personal medical data to their healthcare provider.1 Each year alone, 600,000 cardiac patients are implanted with pacemakers, one of the most common monitoring devices.2 Remote medical devices help doctors catch potential problems earlier, when they’re easier to treat, and can reduce the number of hospitalizations, improving patient health and containing healthcare costs. Despite the many advantages, remote patient monitoring has liability risks. Because remote monitoring devices transmit patient data over the Internet or through phone lines, there is a risk of a data breach if the information is not properly encrypted. Medical devices may be vulnerable to viruses and malware. The U.S. Food and Drug Administration (FDA) noted that providers must take steps to safeguard patient information within their network, such as ensuring antivirus software and firewalls are up-to-date, monitoring the network for unauthorized use, and reporting any medical device cybersecurity problems to the device manufacturer. If a remote device fails or malfunctions, physicians may be named in the lawsuit against the manufacturer, under the claim that the physician failed to use the device properly. Physicians should stay up-to-date on the latest information for the device, including manufacturer’s warnings, the device’s safety record and the device’s approved uses. Providers should also be aware of any FDA alerts or recalls. Providers should also be aware of the need for additional staff members to handle the incoming data. In the case of a potential problem, these staff members should respond either directly to the patient or alert the appropriate professional for intervention. Each practice should have written guidelines for: • At what times the device will be monitored. • Which members of the care team will monitor the data at each point in time. • Under what circumstances the appropriate clinician will be alerted to a potential problem. Successful remote patient monitoring is dependent on each patient’s motivation to actively manage his or her health, as well as the patient’s ability to understand and use the technology. To help ensure patients effectively use remote devices: • Complete and document a thorough informed consent process. • Educate the patient on: o How to use the device. Explain the treatment plan, such as at what times the device will be monitored and how alerts will be handled by the healthcare team. o What device failure or malfunction looks like, and what the patient should do if that happens. o How to properly maintain the device. References: 1. Report: 19 million will use remote patient monitoring by 2018. MEDCITY News. http://medcitynews.com/2014/06/biggest-market-remote-patientmonitoring/. Accessed December 1, 2014; 2. Remote monitoring proven to help prolong life in patients with pacemakers. Heart Rhythm Society. http://www.hrsonline.org/News/Press-Releases/2014/05/Remote-Monitoring-Pacemakers#_edn1. Accessed December 1, 2014. Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors. com/patientsafety.
A P R I L 2015 | W W W. P H Y S I C I A N S N E W S N E T W O R K .C O M 9
BY MARION WEBB
IN THE WAKE OF RECENT EVENTS, IN PARTICULAR TH
DATA BREACH AT HEALTH INSURER ANTHEM, CYBERSE
MIND OF EVERY PHYSICIAN, ADMINISTRATOR AND PATIE
ISSUE OF PHYSICIAN MAGAZINE, WE WILL PROVIDE YOU
NEWS AND LEGISLATIVE INFORMATION, AS WELL AS TIPS T
YOUR PRACTICE AND PATIENT INFORMATION FROM CYB 1 0 P H Y S I C I A N M A G A Z I N E | A P R I L 2015
HE MONUMENTAL
ECURITY IS ON THE
ENT. IN THIS TIMELY
U WITH THE LATEST
TO HELP PROTECT
BER ATTACKS.
RECENT BREACHES AND SENATE ACTION Insurers aren’t required to encrypt consumers’ data under the main health privacy law—the Health Insurance Portability and Accountability Act, or HIPAA—or under the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, although the latter offers incentives, according to Medical Economics reports. The data breaches at Anthem, the nation’s second-largest health insurer, made public in February, and the just revealed Premera Blue Cross breach has spurred a bipartisan congressional effort to re-examine HIPAA, possibly adding a costly and cumbersome requirement to encrypt health records. The Anthem breach is the largest HIPAA violation to date and affected some 80 million people whose names, dates of birth, member ID and Social Security numbers, addresses, phone numbers, email addresses and employment information were stolen. The Premera Blue Cross breach is the second largest cyber attack in industry history, exposing the personal, financial and medical information of more than 11 million customers. Anthem says it encrypts data it exports, but the data was stolen at the company level and was unencrypted. But even if had been encrypted, Medical Economics reported, the system administrator credentials that were stolen could have been used to access encrypted client data. Since the Anthem incident, the Senate Health, Education, Labor & Pensions Committee announced that it is planning to examine the security of all health information technology and the healthcare industry’s preparedness against cyber attacks. OBAMA’S CYBERSECURITY PROPOSAL In light of massive cyber attacks across several industries in 2014, which included JP Morgan Chase, Sony Pictures Entertainment, Target and The Home Depot, cybersecurity is now also a priority of the Obama administration. The administration’s recently released cybersecurity proposal outlines the obligations it believes companies have to notify customers of breaches. It includes a 30-day notification requirement, the creation of a national notification standard, improving information sharing between private sector and the government and bolstering law enforcement’s ability to combat cybercrime. Some healthcare experts believe, however, that the cybersecurity wish list offers few specifics for the healthcare industry, which is expected to see more phishing and malware attacks this year, iHealthBeat forecasted. Angela Rose, director of health information management practice excellence at the American Health Information Management Association, told iHealthBeat it’s too early to predict the proposal’s effect on healthcare organizations. She noted, however, that the administration’s data sharing plan, which encourages sharing information between private entities and the Department of Homeland Security, requires private companies to remove “unnecessary personal information” from shared data. This, she said, raises the question whether such information will map the HIPAA definition of protected health information or include other elements such as credit card information. Another part of the legislative package that needs sorting out is the
A P R I L 2015 | W W W. P H Y S I C I A N S N E W S N E T W O R K .C O M 11
On Jan. 29, Anthem Inc. learned of massive cyber attacks on the company’s IT system and the data stored within the system. Since Anthem is one of the largest healthcare insurance companies in the United States, the cyber attack had special implications for physicians and the millions of their patients whose personal healthcare information was stored on Anthem servers. However, Anthem reported that there was no evidence that medical information was breached. In a statement on its website, Anthem noted that “there [is no] evidence at this time that medical information such as claims, test results, or diagnostic codes was targeted or obtained.” Equally important to physicians, according to Anthem spokesperson Darrel Ng, “There was no breach of provider data, no data about physicians” accessed during the cyber attack. Ng confirmed that, in some cases, Anthem may have physician Social Security numbers on file as a physician may use the Social Security number as a tax ID number. “That depends on what the provider gives Anthem,” Ng noted. None of that physician data was breached, according to Ng. Ng noted that physicians would benefit by the additional security measure now in place at Anthem following the attack. “For example,” Ng said, “administrators at Anthem now need three levels of authentication to access the system. This will better protect physician data Anthem has in its system.” Asked about any lessons learned from the attacks, Ng said the company prefers to wait until the full investigation into the matter is complete before providing any lessons learned commentary. Anthem is continuing to alert individuals impacted by the data breach via surface mail at the rate of several million people per day, according to Ng. Further, Anthem has arranged for immediate identity repair and assistance and longer term credit monitoring for all those individuals impacted by the attack. As for ongoing operations, Ng said the company is continuing to pay claims without interruption. However, he noted that “Anthem has tightened security and will continue to examine the system to make sure patient information is protected.”
1 2 P H Y S I C I A N M A G A Z I N E | A P R I L 2015
healthcare breach notification standard, which currently is governed by differing state laws and also differs from HIPAA’s requirement for covered entities, iHealthBeat reported. The White House proposal states that businesses must notify individuals affected by a data breach within 30 days; HIPAA requires businesses to notify individuals within 60 days of the discovery of a breach. The proposal wouldn’t immediately impact healthcare organizations covered under HIPAA, the experts said. Lynn Sessions, a partner with the law firm BakerHostetler who specializes in healthcare data security and breach response, noted that a few states have breach notification laws on the books that are more restrictive than HIPAA and its 60-day standard. Some offer an exemption for HIPAA-covered entities, while others include healthcare data within the scope of their notification laws, he said. The Florida Information Protection Act, effective since 2014, includes medical history, treatment and diagnosis information, health insurance policy numbers and subscriber identification numbers as “protected information” subject to its breach notification requirement, which is within 30 days. Sessions is a proponent of a single breach notification law, pre-empting other directives. Another unresolved issue the experts noted is the treatment of business associates, such as vendors, who often have little healthcare experience. The financial services industry has had a data sharing mechanism in place for more than a decade. The Financial Services Information Sharing and Analysis Center provides a global cybersecurity resource. Healthcare is moving in that direction as well with the creation of the National Health Information Sharing and Analysis Center in 2014, iHealthBeat reported. THREATS ON THE RISE; CONSUMER CONFIDENCE LOW One issue that all experts can agree on is that the threat of data breaches is higher than ever before. According to a recent study by the Ponemon Institute, as reported by Clinical Innovation & Technology, 20% more medical identity thefts occurred in fiscal year 2014 compared to the year prior. In the annual study of 49,000 adults, which aims to determine the effects and pervasiveness of identity theft in the U.S., 79% said they felt it was important for providers to ensure the privacy of their medical data, and 68% said that they did not have confidence in their providers’ security measures. Researchers also noted that 35% of consumers were “not familiar” with HIPAA and privacy standards related to security data. To reduce medical identity theft, the study authors recommended that “healthcare providers and insurance providers help consumers gain more control over their medical records,” according to published reports. Some people believe that organizations should do more to protect patients’ data, which would help raise consumer confidence and also help thwart off cyber attacks. Indeed, the Ponemon Institute also found that, on average, provider organizations spend about 3% of an organization’s IT budget on security issues, which is low compared to other regulated industries such as banking.
MOBILE HEALTH PRIVACY TOP CONCERN FOR ADOPTION A global survey of 144 healthcare leaders working in public and private healthcare sectors, including life sciences, found that the adoption of potentially life-saving mobile health devices is also hampered by consumers’ privacy concerns, HealthIT Security recently reported. The majority of health executives, 64%, said that new mobile technologies that provide greater patient access to medical information would “dramatically improve health outcomes,” with 63% reporting that they could help patients make better health decisions on their own. But barriers prevail. Half of the respondents in the public sector raised concerns about patients misinterpreting their own data and then making poor decisions and recognized that privacy is a major concern for consumers. “In addition, companies worry that regulators will struggle to keep up with the fast pace of technological innovation, leading to long delays before new devices are approved,” the report’s authors noted, according to hitconsultant.net. Yet, of the respondents that use mobile features, the majority, or 58%, said they use email, text messages and social media to communicate with medical providers, 44% to access and manage their personal health records and 44% to locate, buy and manage healthcare services and products. The respondents expect patients’ ability to access and manage health records via mobile devices to remain the same. Half of the respondents were confident that five years from now, mHealth infrastructure will remove reimbursement and revenue barriers and be able to increase patient contact. CONCLUSION Healthcare security experts predict that in the new electronics world, breaches will be found on many fronts, and medical identity theft will become big business. The New York Times in a recent article cited one security expert who noted that in one black market auction, a patient medical record sold for $251, which compared to credit cards selling for only 33 cents. Last year, 18 healthcare providers reported data breaches due to hacking, the article said. Among the companies and organizations that had data breaches were Centura Health and a student health center at the University of California, Irvine. The Anthem breach has become the subject of intense regulatory scrutiny. And the National Association of Insurance Commissioners, a group of state insurance regulators, planned a multistate examination of the insurer, according to reports. But security experts said that doctor practices and organizations need to become more proactive in protecting their systems from cyber attacks. A 2014 report by Forrester Research estimated that only 59% of healthcare organizations have implemented any type of data encryption. Implementing defense strategies, monitoring Internet-connected devices, training employees on the importance of security and notifying patients of how their data will be used are all critical steps to safeguarding your practice and instilling consumer confidence.
A P R I L 2015 | W W W. P H Y S I C I A N S N E W S N E T W O R K .C O M 1 3
13 STRATEGIES TO SAFEGUARD YOUR CYBER DATA TO HELP YOU PROTECT YOUR ORGANIZATION
FROM
EVOLVING
THREATS, HERE ARE 13 EXPERTRECOMMENDED
STRATEGIES
TO
SAFEGUARD YOUR INFORMATION:
1. Having strong internal and external firewalls, access control measures, antivirus solutions and phishing filters are important IT measures to prevent attacks, but policies and procedures and employee education are just as important and often cheaper. 2. Start by assessing your risk for a cyber attack. Have solid processes in place to identify your risk with new systems, devices, services and partners and determine how to best use their power as purchases and weed out those that don’t meet your best security practices. 3. Everyone needs to play a role in information security systems, said Kamal Govindaswamy from the RisknCompliance Consulting Group. But he believes that health IT managers and leaders are key to making security programs effective. He said accurate inventory of data and how to protect it is a problem for many healthcare organizations. He proposes that businesses assign ownership and accountability of the health IT leadership and insist on independence for the chief information security officer or equivalent. Smaller organizations may have one owner who is accountable and responsible for the IT assets, regardless of whether they are leased or owned or subscribed, and that person needs to be proactive at all times. Every physical and virtual asset (network device, server, storage, app, database) must have an assigned owner at a manager/director/VIP level. 4. Organizations should conduct “mock scenarios” with a clear roadmap for where it should divert resources to eliminate tech vulnerabilities. 5. Employees are vulnerable too and as such should be given adequate training to recognize when hackers have breached their network or are casing it to find a way in. They should also be educated on how to take precautions when traveling with a work computer that has sensitive data.
1 4 P H Y S I C I A N M A G A Z I N E | A P R I L 2015
6. If an employee is terminated, human resources should follow up with IT staff to make sure that the individual’s network access has been terminated. 7. Also, companies that have access to patient data should spell out how the contractor will protect the information and respond in the event of an attack. 8. Make incident response management a priority. Organizations should make use of smart and purpose-built software automation for assessing incidents and managing responses to better mitigate risks to their patients, reputation and bottom line, according to Government Health IT. 9. Control your workflow and minimize workforce access. This includes safeguarding it from impermissible uses and disclosures. 10. Smaller companies need to be particularly cautious because they often don’t have the resources to devote to security and compliance, Government Health IT reported. They should turn to third-party vendor management to strengthen oversight and review processes. 11. Both the healthcare industry and its technology service providers need to dramatically improve how they take advantage of existing technologies as well as how they design, construct and deliver new tools. This is also key when it comes to healthrelated mobile apps, which are being introduced at a phenomenal pace, but often without enough consideration for privacy. 12. The government says that healthcare industries need to get better at determining key metrics to continuously measure and improve security. 13. Voicemail systems, customer service call recording systems and closed-circuit television systems could all potentially be storing protected health information data that may not be as carefully protected as traditional IT systems.
MEDICAL PROFESSIONAL LIABILITY INSURANCE FOR PHYSICIANS BY PHYSICIANS
Our
beats in
Our heart beats in California ‌ and has for almost 4 decades. Since 1975 NORCAL Mutual has served healthcare professionals throughout the Golden State. Strength, stability and innovative products are just a few reasons why physicians continue to look to us for their medical professional liability insurance. We provide you: Industry-leading claims and risk solutions support 24/7 Full access to our interactive risk management library Flexible coverage options tailored to your needs California is important to us. So is your peace of mind. See how homegrown strength can help protect your practice.
Visit heart.norcalmutual.com or call your agent/broker today. 844.4NORCAL (844.466.7225)
Š 2015 NORCAL Mutual Insurance Company
AS S OC IAT ION H AP P ENINGS | LAC M A NEWS
CEO’s LETTER
WITH LO S ANGELES County’s outdoor temperatures rising, the local physician calendar of
events is also heating up. April marks a particularly exciting month for key events, and there is something of interest for every LACMA member. The calendar kicks off on the evening of April 3 with the 31st Annual Latino Medical Student Association (LMSA) Western Regional Conference at the USC Health Sciences Campus. The LMSA conference is the culmination of a student movement that began in the 1960s to bring healthcare to underserved communities. Today, medical students from across the nation continue to work hard to ensure that medical education remains accessible especially for those interested in serving those communities. The conference kicks off with a networking event from 5 to 8 p.m. on April 3 and then proceeds from 8 a.m. to 5 p.m. on April 4 with breakfast, a welcoming and opening keynote address by Althea Alexander, assistant dean, Minority Student Affairs, Keck School of Medicine, and breakout sessions covering topics such as the Affordable Care Act, healthcare for the LGBT community, surgical case studies and translational research, according to their website (lmsa.site-ym.com). Then, on April 14, California physicians will have the great opportunity to meet with their local legislators in person and discuss some of the most pressing healthcare issues of today. The California Medical Association is inviting members to attend the 41st Annual Legislative Advocacy Day (formerly known as Legislative Leadership Conference) at the Sheraton Grand Hotel in Sacramento. More than 400 physicians, medical students and CMA Alliance members are expected to travel to Sacramento to lobby their legislative leaders and champions for medicine and their patients. You don’t want to miss this key event. If you’re a female physician, you want to mark April 25 for a special daytime session titled “Women and Money.” Hosted by LACMA’s Women Physicians Action Committee, this event will give you all the tools you need to make wise decisions concerning all your accounting needs, financial planning and contract negotiations. The event will take place from 11 a.m. to 2 p.m. Check LACMA’s event calendar online for location, and register today by contacting lisa@lacmanet.org. Another LACMA event not to be missed takes place on April 29. The Ambulatory Care Centers Committee Vendor Fair & Panel Discussion from 7 to 9 p.m. at the Beverly Wilshire Hotel features a panel of expert speakers that will touch on these key issues: accreditation of surgery centers, reimbursement of claims and physician intimidation. Contact LACMA to learn more and to register today. Spring forward by attending one or more of these key events to learn about the critical issues of the day and to make your voices heard. We are proud to continue to serve our members by presenting pertinent events hosted by experts in their respective fields. We want to ensure that all physicians’ issues are being heard and addressed and that their voices are being carried into the wider community to provide the outstanding service our patients deserve and expect. We urge you to encourage other physicians to join LACMA today so we can stand united behind our growing organization.
Rocky Delgadillo Chief Executive Officer
1 6 P H Y S I C I A N M A G A Z I N E | A P R I L 2015
NEW
Member Member Benefits Benefits
Exclusive Services Services& &Savings SavingsPrograms Programs Exclusive FREE with withyour yourLACMA/CMA LACMA/CMAMembership Membership FREE CME Resource Resource Center Center||www.lacmanet.org/CME www.lacmanet.org/CME
CME Tracking Tracking & & Credentialing Credentialing CMA/IMQ CME
LACMACME-Accredited CME-AccreditedLive LiveEvents Events LACMA
Courses Online CME Courses
CMEPresenter PresenterTraining Training CME
Legal Resource Resource Center Center || www.lacmanet.org/LegalResources www.lacmanet.org/LegalResources
LA County Bar Bar Association Association Lawyer Lawyer Referral Referral&&Consultation ConsultationProgram Program
Analyses & & Health Health Plan Plan Resources Resources Contract Analyses
Development Center Center ||www.lacmanet.org/ProfessionalDevelopment www.lacmanet.org/ProfessionalDevelopment Professional Development LACMA’s LACMA’sJob JobBoard Board&&Career CareerCenter Center
Leadership & & Management Management Development Development
Leadership Placement MediaTraining Training Placement on on Boards Boards && Commissions Commissions Media
Jury Duty www.lacmanet.org/JuryDuty Duty Concierge Concierge || www.lacmanet.org/JuryDuty
SMS Updates Updates
Simplified Online-Processing Online-Processing of of Requests Requests
Change Changeyour yourcourt courtlocation locationand/or and/or reporting reportingdate datewith withease ease
Exclusive Savings www.lacmanet.org/Partners Savings Programs Programs||www.lacmanet.org/Partners
25% Guaranteed Guaranteed Savings Savings on on your your Medical MedicalWaste Waste 10% Guaranteed Guaranteed Savings Savings on on your your Medical MedicalSupplies Supplies
To To learn learn more more about about your your new new LACMA LACMA &&CMA CMAbenefits, benefits,visit visitwww.lacmanet.org/Membership www.lacmanet.org/Membership
JOB B OARD | C LAS S IF IEDS
TO PLACE A CLASSIFIED AD VISIT WWW.PHYSICIANSNEWSNETWORK.COM OR CONTACT DARI PEBDANI AT DPEBDANI@GMAIL.COM OR 858-231-1231.
OPENINGS—PHYSICIANS
IM/FP OPPORTUNITY GLENDALE, CA
Prestigious 4-person Internal Medicine Group in Glendale is seeking a BE/BC Internal Medicine or Family Practice physician to associate and build a practice. Potential to convert to concierge model. Upload CV to kkg2209@sbcglobal.net
BOARD CERTIFIED F/P /PEDS
Seeking a board certified family practice and pediatrician for Santa Monica office and or LA office. Must have work experience. Will pay good salary. Please contact Great Care Medical Group at 310-968-4272.
FULL TIME PEDIATRICS EL MONTE, CA
Board eligible or certified. Competitive salary and benefits. Send c.v. to sandykoh@pacbell.net
CLINICAL LABORATORY MANAGER
Seeking Clinical Laboratory Manager. Please fax resume to Purnell A. Kirkland MD, Inc., Inglewood, CA at (310)672-0363 Attn: Flora Yuen
TRACY ZWEIG ASSOCIATES, INC. • Physicians • Nurse Practitioners • Physician Assistants LOCUM TENENS PERMANENT PLACEMENT 800-919-9141 • 805-641-9141 FAX: 805-641-9143 email: tzweig@tracyzweig.com www.tracyzweig.com
OPPORTUNITY WANTED
RADIOLOGIST
Board certified. Have own malpractice insurance. Available for part-time position or film reading. Call 310-477-4257.
1 8 P H Y S I C I A N M A G A Z I N E | A P R I L 2015
OPPORTUNITY OFFERED
FAMILY MEDICAL AND INTERNAL MEDICINE IN VISTA AND RIVERSIDE
Located in Vista, California, Vista Community Clinic is a private, nonprofit outpatient community clinic located in North San Diego County serving people who experience social, cultural or economic barriers to health care in a comprehensive, high quality setting. POSITION: Full-time, Part-time and Per Diem Family Medicine Physicians and Internal Medicine Physicians. RESPONSIBILITIES: Provides outpatient care to clinic patients and ensures quality assurance. Malpractice coverage is provided by Clinic. REQUIREMENTS: California license, DEA license, CPR certification and board certified in family medicine. Bilingual English/ Spanish preferred. CONTACT US: Visit our website at www.vistacommunityclinic.org Forward resume to hr@vistacommunityclinic.org or fax resume to 760 414 3702. EEO/AA/M/F/Vet/ Disabled
OFFICE SPACE - LEASE/SHARE
OFFICE SPACE BEVERLY HILLS
Beverly Hills Dermatologist seeks plastic surgeon or other subspecialist to share or sublet beautiful Beverly Hills office. Surgery Center on site. Email accounting@laserhq.com
Place Your Classified Ad
Today!
PhysiciansNewsNetwork.com
CONSULTING & SERVICES
Shorr Healthcare Consulting
Consultants to Healthcare Providers
Practice Appraisal & Sales Partnership Buy-In / Buy Out Supporting Southern California Physicians Since 1983 Call for a Courtesy Consultation
818-693-7055
avishorr@gmail.com
ONLINE. IN PRINT. ONE PRICE. Place Your Classified Ad Today!
PhysiciansNewsNetwork.com
LOCUM TENENS AVAILABLE
TRACY ZWEIG ASSOCIATES, INC. • Physicians • Nurse Practitioners • Physician Assistants LOCUM TENENS PERMANENT PLACEMENT 800-919-9141 • 805-641-9141 FAX: 805-641-9143 email: tzweig@tracyzweig.com www.tracyzweig.com
PM Marketplace Surgeons Needed for Expanding Nationwide Surgical Practice • Full or part-time positions • Competitive Pay • Add revenue to your current practice
• Flexible schedule, complete autonomy • No Call
PLEASE CONTACT US FOR MORE INFORMATION: Phone: 1-877-878-3289 Fax: 1-877-817-3227 or email CV to: Jobs@AdvantageWoundCare.org
www.AdvantageWoundCare.org
ADVERTISER INDEX Cooperative of American Physicians.....................................................................................5 The Doctors Company...................................................................................................... C4 Fenton Law Group...............................................................................................................9 Kura.....................................................................................................................................8 Mercer.................................................................................................................................3 Nelson Hardiman..............................................................................................................13 NORCAL ...........................................................................................................................15 Office Ally........................................................................................................................ C3 UC Irvine.............................................................................................................................7 Wells Fargo....................................................................................................................... C2
A P R I L 2015 | W W W. P H Y S I C I A N S N E W S N E T W O R K .C O M 1 9
C LAS S IF IEDS | JOB B OARD
TO PLACE A CLASSIFIED AD VISIT WWW.PHYSICIANSNEWSNETWORK.COM OR CONTACT DARI PEBDANI AT DPEBDANI@GMAIL.COM OR 858-231-1231.
Did you know that your LACMA/CMA Membership pays for itself? Maximize your benefits & take advantage of these MEMBER - EXCLUSIVE Savings Programs today:
25% guaranteed savings
Prima Medical Waste LACMA has negotiated exclusive pricing for its members that saves them 25% on their existing medical waste bill guaranteed for three years. Additional benefits include complementary waste analysis, OSHA trainings, and more!
www.lacmanet.org/MedicalWaste
Over $10 million recouped
CMA’s Center for Economic Services Are you getting your fair share? The CES team successfully intervenes with payors on behalf of members. This is service alone is worth the price of your membership! Find out how you can recoup thousands in unpaid claims today!
www.lacmanet.org/Reimbursementassistance
10% guaranteed savings
Medline Industries Through an exclusive partnership with Medline, LACMA saves members a guaranteed minimum of 10% on their medical supplies and equipment. On average, members are saving 15-27%. Find out how one member saved $31,000 for his practice!
www.lacmanet.org/Medline
Unlimited access to
Job Postings
LACMA’s Job Board & Career Center LACMA makes it easy to search for a career opportunity suited to your interests. Looking to expand your office or hospital staff? recruit physicians and qualified staff with a click of a button.
Careers.lacmanet.org
Your LACMA/CMA Membership at work Learn more at www.lacmanet.org/Membership