The doctor will see you on screen, after math class

Texas is making access to health care much more convenient for the parents of children enrolled in the state’s Medicaid program. Through new legislation effective September 1, 2015, providers will be able to bill the program for telemedicine appointments after “seeing” the patients over video chats during school hours, with the help of the school nurse. If a diagnosis is made, parents will be able to pick up a prescription later that day.

Legislation

State Representative Jodie Laubenberg (R-89) authored the legislation in an effort to increase access to health care while limiting work and school disruptions for parents and students. Laubenberg pointed to programs like the one organized by Children’s Health(SM), which provides 27 grade schools in the Dallas-Fort Worth area with electronic access to a doctor and two nurse practitioners. A local school nurse (who may or may not have a nursing degree) examines the child, and then schedules an appointment with Children’s if a problem is observed. Due to the success of the program, Children’s will deploy to an additional 30 schools. This program was limited to five years of funding through a Medicaid 1115 waiver, so the new law is vital to continuing to provide this type of access. The Texas program follows similar laws in Georgia and New Mexico.

Although some point out that the vast majority of things seen in a pediatric clinic, like sports injuries, strep throat, and mental illnesses, can be handled via telemedicine, others have raised concerns about these programs. Even those who find health intervention in school “effective” are concerned about equity and access for children who get sick in school but are not enrolled in Medicaid. Others pointed out that these busy doctors may not have a full picture of the child’s health, and children cannot be expected to understand risks and report allergies and medical histories appropriately.

Telemedicine

The Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) incorporates telemedicine in several sections, paving the way for the increased use of this method of providing care. For example, section 3021 of the ACA created the Center for Medicare and Medicaid Innovation (CMMI) in an effort to test new payment models, including ways of using telehealth services to treat behavioral health issues (see Are we there yet? Telehealth, telemedicine, and the ACA, Health Reform WK-EDGE, April 22, 2015). As states embrace new ways of delivering care and explore payment strategies, the ACA can serve as a guide for reform.

A device for devices: Developing a national medical device surveillance system

A nationwide medical device surveillance system would be most effective if developed from existing health information systems, data registries, and health records, according to the recommendations of the Medical Device Registries Task Force (MDRTF), in a August 24, 2015 report. The MDRTF was tasked with identifying objectives, operations and architecture for such a national medical device surveillance system. The MDRTF report, which contains the task force’s recommendations for that national system, acknowledged that the task force did not recommend a de novo system, but instead, one that takes advantage of extant data systems to develop a nationwide network. The MDRTF report explained the importance using alongside existing systems and infrastructure to reach a public domain with an important data store of medical device information.

Goals

An article published in the Journal of the American Medical Association (JAMA), addressed the MDRTF’s recommendations and outlined the specific goals of the hypothetical network:

  • provide continuously updated benefit/risk and safety data on priority medical devices;
  • provide customized analyses supporting both regulatory and other key stakeholder decisions;
  • integrate broad electronic patient access infrastructure with implementation of standardized data elements and dictionaries, moving currently heterogeneous data into more structured domains reflecting the multidimensional aspects of device use, procedures, patients, and outcomes in clinical practice;
  • actively engage stakeholders to transform the medical device landscape from one of fragmentation, redundancy, and distrust to one of goodwill, inclusiveness, efficiency, continuity, and partnering;
  • pursue stepwise system development, sharing of lessons learned, and solutions use/reuse across device areas;
  • pursue sustainability through a progressive demonstration of value across stakeholders;
  • leverage international efforts; and
  • promote a portfolio of pilot programs capable of creating momentum toward this vision.

CRNs

According to the JAMA article, current systems, including electronic health records (EHRs) and data sources, are inadequate from a medical device registry standpoint because they “do not contain all the elements necessary for device evaluations, including device and procedural details, patient descriptors, or long-term outcomes.” The MDRTF recommended that the ideal network would get around such limitations through interoperability—linking several registries in order to achieve a more comprehensive data collection than one single source would allow. The MDRTF called this hypothetical interoperable network a “coordinated registries network” (CRN). A series of CRNs would then serve as “the foundational architectural construct for the national system.” The five priority principles for CRN functionality that the MDRTF recommended include: “(1) the ability to uniquely identify medical devices; (2) implementation of standardized clinical vocabularies and dictionaries; (3) reusable interoperability solutions linking diverse, strategically complementary data sources; (4) partnered, inclusive governance; and (5) value-based, incentivized sustainability.”

Benefits and Challenges

If a functional CRN or system of CRNs were developed, the benefits for patient safety and device development could be significant. Such a system could provide faster and more comprehensive post market information about device risks and benefits over the total product life cycle of medical devices. CRNs could facilitate better access to device information including information about the device itself, operator and user experience, procedure, and patient profiles. A national network could be used to profile medical devices based upon specific characteristics, in order to identify devices with higher risks. Some important device characteristics that could lead to such profiling include:

  • serious public health consequences of device failure;
  • new technology with safety and effectiveness concerns that are not well understood;
  • devices with significant design variations; and
  • devices with costs that are higher than current therapy costs.

However, the MDRTF acknowledged that an interoperable data system like a CRN also presents challenges in the form of privacy and ethical dilemmas. The MDRTF recommended that CRNs address privacy and ethics problems by engaging patients in a way that allows for patient control of personal health data.

Impact of CRNs

The report explained that CRNs “are well-positioned to inform premarket study designs and post market performance, and hence positively impact the total product lifecycle for related devices.” The proposed network would benefit from the wealth of information held in a variety of different data stores to allow for a more comprehensive and more helpful surveillance system. The JAMA article acknowledges that although the coordination effort necessary to make CRNs possible would be complex—due to the intricacy of data sharing and standardization—the article also suggests that “doing so could allow more effective, low-cost, real-time, rich safety and research opportunities.”

Providers still have time to prepare for ICD-10, say experts

There is still time to prepare for International Classification of Diseases, Tenth Revision (ICD-10) before the October 1, 2015 implementation date, presenters emphasized during the MLN Connects National Provider Call, “Countdown to ICD-10.” In advance of the implementation, just over a month away, presenters discussed coding and documentation requirements, billing and reporting guidelines, and testing results.

ICD-10

CMS adopted ICD-10-CM (Clinical Modification) for diagnosis coding and ICD-10-PCS (Procedure Coding) for hospital inpatient procedure coding to replace ICD-9. CMS initially set an implementation date of October 1, 2013 (see Final rule, 74 FR 3328, January 16, 2009) but later extended it to October 1, 2014. Pursuant to section 212 of the Protection Access to Medicare Act (P.L. 113-93), CMS established October 1, 2015, as the final implementation date for ICD-10 (see Final rule, 79 FR 45128, August 4, 2014).

ICD-10 preparation

The ICD-10 Quick Start Guide outlines five steps for providers to prepare for ICD-10: (1) make a plan by assigning target dates for completing each step; (2) train staff on the fundamentals of ICD-10 and identify the top ICD-9 codes that the provider uses; (3) update processes, including updates of hard copy and electronic forms; (4) talk to vendors and health plans to confirm their readiness for ICD-10; and (5) test systems and processes to verify ICD-10 readiness.

Stacey Shagena, a technical advisor for CMS, described CMS’s four-pronged approach to testing for ICD-10 and noted that the national acceptance rate for acknowledgment testing ranged from 76 percent in November 2014 to a high of 91.8 percent in March 2015. No system errors were found in the July 2015 end-to-end testing, and according to CMS, “testing demonstrated that CMS systems are ready to accept ICD-10 claims.”

Coding

Sue Bowman, senior director, Coding Policy and Compliance, for the American Health Information Management Association, noted that the determination of which code set to use depends on the date of service, not the billing date. Claims for dates of service on or after October 1, 2015, must be coded in ICD-10, while claims for dates of service before October 1, 2015, must be coded in ICD-9. The date of service for inpatient facility reporting is the date of discharge. The claim submission date is irrelevant in the determination of which code set to use. MLN Matters SE1408 describes how to handle claims that span October 1.

The increased specificity of ICD-10 codes requires more detailed clinical documentation, according to Nelly Leon-Chisen, Director, Coding and Classification, for the American Hospital Association. She advised providers to assess their current documentation practices and resolve documentation gaps.

Transition flexibility

CMS is, however, offering some flexibility to physicians and other practitioners paid under the physician fee schedule who are transitioning to ICD-10. For 12 months after the ICD-10 implementation, if a valid ICD-10 code from the right family (i.e., the ICD-10 three-character category) is submitted, Medicare will process the code and will not audit based on specificity. In addition, for quality reporting completed for program year 2015, physicians and other eligible professionals (EPs) will not be subject to the Physician Quality Reporting System, value-based modifier, or meaningful use penalties during primary source verification or auditing related to additional specificity of the ICD-10 code as long as the physician/EP used a code from the correct family of codes. An EP will also not be subject to a penalty if CMS has difficulty calculating quality scores due to the transition.

Assistance

Acting CMS Administrator Andy Slavitt announced that CMS is setting up and staffing an ICD-10 resource center, which will be operational in September, and named Dr. William Rogers as the ICD-10 ombudsman. The ombudsman, whose email address is icd10_ombudsman@cms.hhs.gov, will be a “one-stop shop” for providers, said Slavitt.

The fiscal year 2016 ICD-10 code set is available from the Centers for Disease Control and Protection.

Organizations lack proper defense from cyber-attacks, survey finds

Is your organization leaving itself open to a cyber-attack? With as many as 81 percent of health care executives reporting that their organizations were compromised by cyber-attacks over the past two years, the answer seems clear. Attacks appear to be on the rise, according to findings in the 2015 KPMG Healthcare Cybersecurity Survey, which indicates that many health care organizations have yet to take the necessary steps to prepare for cyber-attacks, as only half of health care providers reported that they felt adequately prepared to prevent future attacks.

Cybersecurity survey

Various executives from health care providers and health care plans were polled by KPMG in the survey, which found that while the number of attacks is rising, the level of preparedness appears to be lagging. Thirteen percent of health care organizations reported facing daily external attack attempts and 12 percent reported two or more weekly attacks. KPMG also noted a particularly “concerning” finding that 16 percent of health care organizations reported not being able to detect in real-time whether their systems were being compromised. Additionally, only 53 percent of health care providers reported being ready for cyber-attacks, while 66 percent of health care plan executives reported being prepared.

Greg Bell, leader of KPMG’s Cyber Practice stated, “Health care organizations that can effectively track the number of attempts have less cause for worry than those who may not detect all of the threats against their systems.” He added, “The experienced hackers that penetrate a vulnerable health care organization like to remain undetected as long as they can before extracting a great deal of content, similar to a blood-sucking insect.”

Attack methods

The most frequently reported type of attack in the past 12 to 24 months came in the form of malware, which is software that is designed to provide access to private computer systems. Additionally, 26 percent of respondents reported suffering attacks, by which computers were hijacked to send spam or to attack other systems.

Vulnerable areas

The survey found that the areas of greatest vulnerabilities in data security included threats posed by external attackers, data sharing with third parties, employee breaches, wireless computing, and firewall infrequency.