By: Shawn M. Frier, CPA, CFE, CMPE Director
The focus of protected health information (PHI) privacy has increased a great deal due to the rise in data breaches. In the last two years at least one case of PHI data breach has been noticed in almost 94% of healthcare practices. The magnitude and frequency of the breaches has increased to such an alarming rate that if this trend continues, the average annual cost to healthcare industries could reach $7 billion dollars.
PHI breaches can happen easily if you’re not aware of the risks that exist, both inside and outside of the practice. Encrypting data helps protect patient data and can help you avoid costly breaches. These breaches, while costly, are usually due to simple human error. For example, an employee might walk away briefly to fetch paperwork, mistakenly leaving a laptop with patient data open. It only takes a glance or a second to download or retrieve that data. Smartphone’s are another high concentrated area for data breaches. Unfortunately, multi-tasking is a necessity and many physicians and staff use Smartphone’s to conduct business due to their easy accessibility. But smartphones are just as easily accessible to a data breach. A report published 2012 by a South Florida Institute; found that 50% of breaches in 2011 were from laptops or mobile devices. 80% of organizations surveyed stated that they allowed employees to use their own mobile device, and had not taken steps to ensure data security for personal devices.
Determine what needs to be encrypted
Assess which technology poses the highest risk of being stolen or accessed by an unauthorized user. The most popular devices usually include phones, laptops, tablets and any portable hard or flash drive. You should put both physical and technical safeguards in place to minimize the amount of confidential data stored on encrypted devices. Steps healthcare providers can take to physically safeguard devices are:
- Keeping an inventory of personal mobile devices used by healthcare professionals to access and transmit PHI,
- Storing mobile devices in locked offices or lockers,
- Installing radio frequency identification (“RFID”) tags on mobile devices to help locate a lost or stolen mobile device and,
- Using remote shutdown tools to prevent data breaches by remotely locking mobile devices.
You can use technical safeguards such as accessing data on servers using remote access connection rather than downloading the data to a device. Other safeguards include:
- Installing and regularly updating anti-malicious software (also called malware) on mobile devices,
- Installing firewalls where appropriate,
- Applying encryption to PHI,
- Installing IT backup capabilities, such as off-site data centers and/or private clouds, to provide redundancy,
- Putting into place biometric authentication tools to verify the person using the mobile device is authorized to access the PHI and,
- Ensuring mobile devices use secure, encrypted Hypertext Transfer Protocol Secure (“HTTP”) similar to those used in banking and financial transactions.
Administrative safeguards are another reasonable approach when putting a plan together to secure data on mobile devices. For example, conducting periodic risk assessments of mobile device use, including an assessment of whether personal mobile devices are being used to exchange PHI and whether proper authentication, encryption and physical protections are in place to secure the exchange of PHI. Also establish an electronic process to ensure the PHI is not destroyed or altered by an unauthorized third party. These are just a few steps that administrators can take to help prevent or reduce data breaches within their practice.
If you have questions or concerns contact us here or give us a call at 716-847-2651.
2013 NYS Bones Annual Conference
The 6th Annual NYS Bones Conference will be held Thursday and Friday, October 17-18, 2013 in Albany, New York.
This year organizers are expecting a much larger attendance with earlier promotion and a growing member base. The program is being finalized with presentations suggested by membership, including Worker's Comp and legislative updates and a open panel discussion with recognized experts in accounting, legal, HR and finance.
The conference is open to all orthopedic practice managers and key staff, both members and non-members of NYS Bones, from New York and New Jersey. The organization is working closely with NYSSOS to encourage physicians to be sure their office staff take advantage of the educational opportunities offered.
The conference designed to provide focused topics on key issues facing practices and three separate open sessions for discussion of the myriad questions we all face as practice managers. This format is based on the feedback from previous conferences which indicated that most want the opportunity to raise common problems and learn from each other’s ideas, and solutions. This is also an opportunity to develop ongoing working relationships with others. In addition there are over 30 exhibitors who provide products and services to New York orthopedic practices.
Make sure to check out the 10:30 AM – 1:00 PM, FRIDAY, OCTOBER 18, 2013 “Panel Discussion with Legal, Financial, and HR Experts” featuring Shawn M. Frier, CPA, CPE, CMPE, Director, Freed Maxick, Buffalo, NY
A unique opportunity to ask experts about those burning questions we face in our day-to-day practice lives. The session will begin with panel introductions and their perspectives in the challenges facing healthcare and orthopaedic practices. This will follow with an extended time for Q&A with the audience. Bring your questions for a broad perspective of opinion from the experts. Moderator: Megan O’Connor, President, NYS Bones, Practice Manager, Robert Moriatry, M.D., PC, Huntington, NY
Occupational Fraud Within An Organization
The Association of Certified Fraud Examiners estimates that a typical organization loses 5% to 7% of their gross revenues each year due to occupational fraud and abuse. A presentation on Monday, September 23 at The University at Buffalo's Center for Entrepreneurial Leadership will examine the different types of employee theft and fraud, the reasons employees engage in it, tips to prevent theft and fraud in the work place, red flags to help the employer identify it, and lastly what to do if you expect fraud is occurring.
UB Center for Entrepreneurial Leadership
UB Downtown Gateway
77 Goodell Street Classroom 208
Buffalo, NY 14203
Monday, September 23rd, 2013 - 5:30 to 7:30 pm
Shawn M. Frier, CPA, CFE, CMPE is a Director in Freed Maxick’s Enterprise Advisory Services Practice. Prior to joining the Firm, Shawn worked for a “Big 6″ accounting firm in New York City.
Shawn is responsible for the overall planning, supervision and completion of client engagements, audits, reviews, compilations, bookkeeping, and tax returns. He has prepared financial statements in various industry formats including consolidations and has coordinated and reviewed work performed by internal auditors, assisted numerous entities in preparing annual budgets and in tax planning and has prepared audit findings for presentation to management. In addition, Shawn is involved with supervising staff, recruiting, training, and internship programs.
Over the years, Shawn has obtained a wide range of experience with manufacturing, financial institutions, distribution, physician groups, not-for-profit, general services industries and SEC and regulatory accounting matters.
A graduate of the State University of New York at Buffalo, Shawn is a member of the Buffalo Chapter of the New York State Society of Certified Public Accountants, the American Institute of Certified Public Accountants and the Association of Certified Fraud Examiners. He is President of the New York State Medical Group Management Association, and serves as a speaker for their local and national events. In addition, he serves on the Board of Directors, is the past Treasurer for Autistic Services, Inc, and is the current Assistant Treasurer for Jewish Federation Housing. In 2011, Shawn was named a winner of Buffalo Business First’s Healthcare 50 Award, which recognizes professionals serving the medical profession and their contributions in improving the quality of healthcare in Western New York. In 2006 Shawn was recognized for his business and community leadership by Business First as a “Forty Under 40” award recipient.
Areas of Expertise
Serving manufacturing, general service, and physician groups
SEC and regulatory accounting matters
Strategic and business planning
Conflict identification and resolution
For more fraud related blog posts, check this out!
Fraud in the Workplace
With Guest Speakers:
Senior Manager Freed Maxick, CPAs. P. C.
Shawn M. Frier
Director Freed Maxick, CPAs, P. C.
• How does Fraud affect you?
• Examples of Fraud
• Types of Fraud
• Common Fraud committed by employees
• Red Flag indicators for Fraud
• How to prevent fraud
Thursday May 16, 2013
8:00 a.m. Coffee/Breakfast, 8:30 a.m. Presentation
The Buffalo Club
388 Delaware Ave, Buffalo, NY
$25 for RMA members/$30 for RMA non-members/$10 Students
There will also be a Q&A period following presentation.
For questions and reservations, please contact:
Ann Berardi at: firstname.lastname@example.org
Acquiring Physician Practices Brings Risk Along with Benefits
The number of hospitals pursuing acquisitions of physician practices is on the rise. Why? Because they hope it will help improve care, cut costs and boost profits. However, such transactions aren’t without risk and they require comprehensive due diligence. On the financial side, a hospital should perform due diligence in these areas in particular.
The sustainability of the practice’s revenues is key to its value as well as the eventual success of the transaction. But revenues can be inflated because of overdependence on either a limited number of referral sources that could dry up, or a small number of providers who might depart.
Moreover, trends in reimbursement rates may also distort revenue. If rates for one of the practice’s primary services are dropping, the services might bring in less revenue down the road.
Practice revenues and the distribution of procedure codes both should be compared to appropriate benchmarks to determine reasonableness. The facility should also determine each physician’s age and estimate how long he or she might remain with the practice.
Another area to scrutinize is the revenue cycle. Ask yourself how long it should take to convert a procedure into revenue. Also consider the patient flow process, collections and denials, and billing and documentation practices.
Understanding expenses and capital requirements
Do you anticipate any major expenses on the horizon, such as increased rent for more space, supplies or costly equipment? If so, prepare a list of all incurred but unpaid accounts payable and accrued expenses as of your balance sheet date. Next, compare operating expenses, overall and by category, with appropriate benchmarks.
It’s likely that physician compensation is the source of any substantial jumps in expenses. Make sure you review every physician’s employment agreement and compare their compensation with benchmarks. If you find any significant discrepancies, get further explanation.
You should also think about the practice’s future capital requirements. For instance, will significant investment be necessary to implement needed technology upgrades for electronic health records (EHRs)?
Consider other financial obligations
Your facility should gather copies of all outstanding debt agreements and summarize the relevant terms, including covenants, repayment terms and assets pledged as security. Also confirm that no loans are in default.
Some hospitals decline to assume a practice’s debt as part of the transaction. But there may be similar obligations lurking out there in the form of commitments or contingencies that don’t appear on the balance sheet. Your hospital should be aware of any change-in-control payments that could be triggered by a transaction, for example. And a self-insured practice might have incurred, but never reported, a medical malpractice claim that may come back to haunt the hospital.
Do your due diligence
Comprehensive due diligence requires all hospitals to consider many other areas that will affect both the practice’s value and the success of the transaction.
Make sure you engage legal and consulting advisors who are experienced with hospital purchases of physician practices. They can help you navigate all of the compliance, legal, and transition matters that must be addressed.
If you have any questions about due diligence or any other issue pertaining to hospitals, give us a call at 716.847.2651, or you may contact us here.