7/29/10

Changes to the Colorado Medical Practice Act

 

During the 2010 legislative session, HB-1260 was passed, continuing the Colorado Medical Board and making changes to the Medical Practice Act.  Below is the link to the Medical Board’s website where detailed information concerning those changes is available.

 

Link to specific information regarding the legislative changes and link to sign up for future E-updates:  http://www.dora.state.co.us/medical/ChangestotheMedicalPracticeAct.pdf

 

 

All future communication regarding the implementation of changes to the Medical Practice Act will be by email. You are strongly encouraged to sign up to receive updates from the Medical Board so you can be assured you are in compliance with all requirements pertaining to your license.

 

Link to Medical Board main website: http://www.dora.state.co.us/medical/index.htm

 

 

Update on Medical Home Online Educational Course

The American College of Osteopathic Family Physicians recently announced that ACOFP members now have access to an online course that can help osteopathic family physicians transform their practices into Patient-Centered Medical Homes.


Offered by the Johns Hopkins Bloomberg School of Public Health, "Practice Leaders in Medical Homes" is an online, CME-eligible, 9-module course that provides osteopathic physicians, practice administrators, and other practice leaders with exposure to the competencies that facilitate effective practice within medical homes.

This course is available through an agreement between ACOFP and Johns Hopkins and it reflects ACOFP's strategic goal of providing members with access to quality educational resources related to the emerging Patient-Centered Medical Home concept of primary care.

Each 1-hour module includes self-assessment questions, a short reading, a narrated presentation, a case study, a video vignette, final assessment questions and additional resources. Tuition is $15 per module. Topics include:

  • Assessing Readiness to Change into a Medical Home
  • Leading Change in Medical Homes
  • Health Information Technology in Medical Homes
  • Interdisciplinary Teams in Medical Homes
  • Communicating with Patients of Medical Homes
  • Supporting Patient Self-Management within Medical Homes
  • Care Management in Medical Homes
  • Continuity of Care for Patients of Medical Homes
  • Managing the Medical Home

Each module has been reviewed and is acceptable for 1 Category 2-B credit by the American Osteopathic Association.  To obtain a Certificate of Participation for each module, successful learners must complete a quiz and achieve a grade of 70 percent or better.

Click here for details or to begin the course.  If you are not familiar with the distance learning management system, start by clicking on the "Before You Begin" blue button on the launch page.  Once you set up an account in the system, you will be prompted to enter your credit card information and the system will direct you to the starting page for the module you select. You can register for as many modules as you want. If you have questions, please send an e-mail message.

 

DGR Letterhead

FTC Red Flag Rule

Frequently Asked Questions and Guide

 

On November 9, 2007, the Federal Trade Commission (FTC) published its Red Flag rule concerning identity theft.  Under the rule, financial institutions and creditors are required to develop and implement a written identity theft program to identify, detect, and respond to possible risks of identity theft relevant to them.  The original compliance deadline was November 1, 2008.  The FTC extended the deadline to June 1, 2010 after receiving complaints, particularly from the medical community, regarding the definition of creditor.

 

According to the FTC, a creditor is "any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew or continue credit."  FTC attorneys have taken the position that physicians are creditors, if they do not require full payment upfront at the time they see patients, but bill patients after the services are rendered.  The physician associations have called on the FTC to not apply this rule to the physician community.

 

In February, the FTC responded to physicians associations in a written letter that the creditor definition does apply to the physician community.  The FTC noted that the rule's requirements are risk-based, meaning that the steps covered entities must take to address potential identity theft should be commensurate with the risks they encounter.  Therefore, if a physician's practice is at low risk for identity theft, an appropriate program may consist of checking photo identification and having procedures in place in case the physician's office is notified that the patient's identity has been misused.

 

The AOA recently signed onto a letter with the AMA and other physician associations maintaining our position that the FTC rule should not apply to the physician community.  We also called on the FTC to reopen the rule for public comment.  In the meantime, the AOA has compiled this Frequently Asked Questions and Guide to help our members with the red flag rule.

 

What is a Red Flag? 

The FTC defines the Red Flag as a pattern, practice, or specific activity that indicates the possible risk of identity theft.  Examples include:

  • 1) Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services;
  • 2) The presentation of suspicious documents;
  • 3) The presentation of suspicious personal identifying information, such as a suspicious address change;
  • 4) The unusual use of, or other suspicious activity related to, a covered account; and
  • 5) Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor.

Does the red flag policy differ from HIPAA?

HIPAA's privacy and security requirements are meant to protect a patient's personal health information. The FTC Red Flag Rule extends protection to other information such as credit card information, tax identification numbers (i.e., Social Security numbers), and insurance claim information.

 

How prevalent is Medical Identity Theft?

According to the FTC, 8.3 million American adults were victims of identity theft in 2005.  Three percent of those victims said that the thief had obtained medical treatment, services, or supplies using their personal information.

 

What are some examples of Medical Identity Theft?

The World Privacy Forum has released a report on how the FTC rule applies to health care providers.  The report gives many examples of medical identity theft, such as your patient receives a bill for another individual, or for a product or service he/she did not receive, or from a doctor he/she did not see.  (For the full report, go to www.worldprivacyforum.org) Other examples are:

  • Records showing medical treatment inconsistent with physical exam or medical history of the patient;
  • Coverage for a legitimate hospital stay is denied because insurance benefits have been depleted or a life time cap has been reached;
  • A complaint or question from a patient about information added to a credit report by a health care provider or insurer;
  • A dispute of a bill by a patient who claims to be the victim of any type of identity theft;
  • A patient who has an insurance number but never produces an insurance card or other physical documentation of insurance.

 

How to detect a suspicious document?

According to the FTC, suspicious documents include ones for identification that are inconsistent with:  the appearance of the individual presenting the identification; information provided by the individual; readily accessible information that is on file with the physician's practice such as a recent check.  Other examples that could indicate identity theft: the individual's phone number is invalid, or associated with a pager or answering service; there's no correlation between the Social Security Number range and date of birth; the address provided is fictitious, a mail drop, or a prison; and the documents presented for identification appear forged or altered. 

 

What is my practice required to do under the FTC Red Flag Rule?

As stated earlier, the rule's requirements are risk-based, meaning that the steps covered entities must take to address potential identity theft should be commensurate with the risks they encounter. For example, the risk of identity theft may be low for a small practice in which the patients are more familiar to the physician and staff. In that case, checking photo identification, i.e., driver's license and having a plan in place in case the physician's office is notified that the patient's identity has been misused may be sufficient.

 

In general, however, physicians who are creditors by the agency's definition must:

  • Develop and implement a written Identity Theft Prevention Program that is designed to identify, detect, respond, prevent and mitigate identity theft relevant to their practice and in the way patient accounts are established and maintained.
  • Periodically update the program to reflect any changes in the risks, prevention, as well as changes to business arrangements such as new billing or collection contracts.
  • Involve owners, board of directors, or senior management including a designated employee in the oversight, development, implementation and administration of the program.
  • Train staff to effectively implement the program.
  • Require staff to develop a report at least annually on program compliance, effectiveness of policies and procedures in addressing the risk of identity theft, service provider arrangements, significant incidents involving identity theft and management's response, and recommendations for changes to the program.
  • Take steps to ensure that service providers that conduct activities with patient accounts have reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft.

 

What procedures should my practice consider?

When a patient makes an appointment, the patient should be instructed to bring at the time of the appointment a photo ID and health insurance card. If the photo identification does not indicate a current home address, the patient should bring utility bills or other correspondence indicating current residence. This procedure could be waived if this is an established patient.  Staff should update patient information particularly if the patient has not been seen within the last six months. 

 

What are appropriate responses to detecting Red Flags?

If a red flag is detected, the staff should document and report the incident to his/her supervisor or designated compliance officer. If the activity is determined to be fraudulent, the physician practice should consider: 1) not open a new account; 2) cancel existing account; 3) contact the affected patient; 4) contact law enforcement; 5) contact affected physician(s).

 

What steps should I consider if my patient claims to be a victim of identity theft?

Encourage your patient to contact law enforcement and to fill out the FTC's ID Theft Affidavit (www.ftc.gov/bcp/edu/resources/forms/affidavit.pdfhttp://www.ftc.gov/bcp/conline/pubs/credit/affidavit.pdf), or call (877) IDTHEFT.   Compare the patient's documentation with personal information in the practice's records. If the patient's identity has been stolen, the practice should consider additional actions to determine whether the patient's medical records were affected and if they were, identity theft should be noted in the record. The practice also should determine if any additional files were affected and take appropriate action.

 

Are there penalties for non-compliance?

Physician practices may face a penalty of up to $2,500 per "knowing violation."

  

 

An article regarding the Red Flag rule and this FAQ will be published in the April 27 edition of the DO Washington Update.  To download a PDF version of this FAQ document click here.

 

 

12.18.08

CSOM members can receive a bonus payment for their Medicare patients

by participating in the AOA's Clinical Assessment Program (CAP).

 

The AOA has added a new module to the Clinical Assessment Program which allows osteopathic physicians to qualify for a 1.5 % bonus payment from the Centers for Medicare & Medicaid Services (CMS) for the 2008 Physician Quality Reporting Initiative (PQRI).  Osteopathic physicians can access this free AOA member benefit and submit patient data for 2008 through the end of February 2009.    

The Centers for Medicare & Medicaid Services (CMS) selected the AOA's Clinical Assessment Program (CAP) as one of the registries qualified for its 2008 Physician Quality Reporting Initiative (PQRI) incentive payment program.  A voluntary program, the PQRI offers a financial incentive to physicians who successfully report quality data related to covered services provided under the Medicare Physician Fee Schedule (PFS).  A PQRI participant who reports successfully will be eligible for a lump-sum bonus payment of 1.5% of the Medicare (PFS) allowed charges for covered services provided during the reporting period.  Patient data for 2008 can be submitted to CAP through the end of February 2009.

The opportunity to earn a bonus payment is available by taking part in the CAP's diabetes mellitus measure group, which contains five PQRI measures.  You must report on all measures in the group that are applicable to each patient. 

 

PQRI Measures for Diabetes Mellitus:

  • Hemoglobin A1c Poor Control in Type 1 or 2 Diabetes Mellitus
  • Low Density Lipoprotein Control in Type 1 or 2 Diabetes Mellitus
  • High Blood Pressure Control in Type 1 or 2 Diabetes Mellitus
  • Dilated Eye Exam in Diabetic Patient
  • Urine Screening for Micro albumin or Medical Attention for Nephropathy in Diabetic Patients

 

To get started, all you need to do is follow these instructions.  And remember, as an AOA member, the CAP is available to you at no charge.

1. Log on to https://www.do-online.org using your AOA ID and password.  Click on the Clinical Resources tab and select CAP for PQRI.  On the right hand side of the next screen, select Click here to login to CAP PQRI.  This will take you to the My CME Profile screen.  On the drop down screen, select Physician as your profession and enter.  This takes you to the Activity screen for PQRI.  Enter the activity. 

2. Register for the AOA-CAP for PQRI by providing your office information, Tax Identification Number, and National Provider Identifier (NPI). 

3. Print out, sign and fax the attestation form from the Web site.

4. Select your time frame for reporting and the number of medical records you will abstract. This determines the total CMS allowed charges for which you will receive a 1.5% bonus.

a. Reporting all of 2008 (12 months) will require 30 consecutive charts to be abstracted and entered into the CAP Web site.
b. Reporting for the last six months of 2008 will require 15 consecutive charts to be abstracted.

5. Enter required patient information into the CAP Web site, making sure to include at least two Medicare Fee for Service patients.

6. Submit your data through the CAP Web site.  All data during the reporting period(s) for 2008 must be submitted by February 28, 2009 to be eligible for the PQRI incentive payment.  CMS payments for PQRI 2008 will be made by late summer in 2009.

For more information on how to use the CAP to report PQRI data, visit https://www.do-online.org/index.cfm?PageID=gov_pqrimain or contact Sharon L. McGill, MPH, Department of Quality and Research, at smcgill@osteopathic.org or (800) 621-1773, ext. 8150.