Page 1

Winter 2010

Avoiding a Medical Data breach By Bruce Nelson,

Vice President at SearchAmerica®

More than 30 health care networks of all sizes recently have been victimized by identity thieves and data breaches, and more are

expected in 2010. These events are extremely costly to the organization. In the short term, the reparations and notices to patients

and the fines imposed by government entities are quite costly. However, the greater risk is the long-term negative impact on the hos-

pital’s credibility and reputation in the community. Unfortunately, experts predict this trend to continue well into 2010 and

beyond, and hospitals want to mitigate their risk as well as protect their patients’ medical information and their network from this

potential financial and public relations disaster.

Health care is well-suited for breaches Most data breaches can be attributed to employee theft or mismanaged data practices, often initiated by disgruntled or departing staff. This is bad news for hospitals. Health care organizations experience a high

churn rate of employees annually — 6.5 percent — almost double the general turnover average of 3.6 percent, according to the

Ponemon Institute. With more employees entering and exiting the hos-pitals’ payroll, the risk of breaches increases.

Additionally, health care is expensive, and identity thieves see it as a

business opportunity. With more individuals out of work or underinsured, the market for health information is more lucrative,

which draws even more attention from identity thieves. Continued on page 5

Contents President’s Message…………...…...2 Letter from the Editor………………3 New Members………………...……6 Upcoming Events…………………..7

Page 2

President’s Message By Greg Shaw, FHFMA, CPA, MBA

Show-Me of Missouri members, We are now in a new decade of the 21st century and the future of health-care is as uncertain now as it was at the start of this century. There are so many issues buffeting our industry from the economy, to reform being proposed by Congress, to market forces that it makes for a very difficult operating environment. If you weren’t able to attend HFMA’s virtual conference last week, I would highly recommend going back and listening to some of the presen-tations. There are a number of sessions that provide a lot of valuable in-formation. Dick Clarke especially did an excellent job talking about healthcare reform coming out of Congress and market trends heading our way in the next several years. My impression after listening was that we have seen nothing yet in the way of healthcare change. Between the possible legislative changes that are working their way through Congress and the market force changes that will for sure come to pass, our industry is in for some ma-jor restructuring and reorganizing in this next decade. Market reforms such as pay for performance, bundled payment approaches, care delivery re-alignment and consumerism are coming our way. Is everybody ready for those changes? One way to prepare for the future is to take advantage of everything offered and available through your HFMA membership. More than ever it’s going to be important to access valuable information through education and networking available as an HFMA member. Now is the time to implement best prac-tices, stay in contact with colleagues at other places of business, and participate in the many and varied educational opportunities offered by HFMA. As always you can contact a chapter Director or Officer if you have any questions about HFMA or our chapter. Our contact information is available on the chapter website. http://www.hfmashowme.org/ Sincerely, Greg Shaw

Gold Sponsors Silver Sponsors Bronze Sponsors

BKD, LLP Berlin-Wheeler, Inc Accounts Management Services

CACi Human Arc Account Resolution Corporation

LarsonAllen, LLP MSCB, Inc Commerce Bank

MMC Management Consultants MedTranDirect Consumer Collection Management

Perot Systems Greensfelder, Hemker & Gale P.C.

H & R Accounts, Inc

Lilley and Associates, Inc

Professional Credit Management

2010 Show-Me of Missouri Chapter Sponsors

Page 3

Letter from the Editor Starting with the calendar year 2010, the Show-Me of Missouri chapter has asked our chapter sponsors to renew their support of our chapter. Our sponsors have generously answered the call to support our chapter’s activities. The Sponsorship Committee was able to add new sponsors for calendar year 2010. We greatly appreciate our sponsor’s financials support and the hard work of the Sponsorship Committee. As you will see on page 7, there are a number of education opportunities the Show-Me of Missouri has lined up for you, our members. There have been many webinars added in order to cut down on travel costs. There is also a Membership Promotion that is going on in order to retain members. Please take a moment to read the detail of that program. As always, please feel free to email me at dthomas@lakeregional.com any ideas for items you would like to see in the newsletter. Regards, Deana Thomas

Missouri Medical Collections provides state of the art outsourcing programs to help you with Accounts Receivable Management. We have a fully electronic medical collection service with predictive dialer. Our recovery rate is in excess of the national average and we offer credit and collections seminars, credit bureau reporting and physician billing services. We are also members of the Missouri Collec-tors Association, American Collectors Association, AAHAM and HFMA. Contact (800) 749-9797 or Dennis@momedinc.com for more information.

Vendor Spotlight

Page 4

Page 5

The Show-Me of Missouri chapter offers a job bank in which employers can advertise their

open positions on www.hfmashowme.org and via email sent directly to our membership.

To place a Job Bank Listing or for more information contact:

Deana Thomas Kyle Lee Lake Regional Health System Financial Resource Group, LLC

54 Hospital Drive 6048 Black Oak Osage Beach MO 65065 Springfield MO 65804 dthomas@lakeregional.com kylewlee@mchsi.com

Trying To Decide Where

To Post Your Next Opening?

The government responds with the HITECH Act

Proactive protection of health information is now mandated under the Health Information Technology for Economic and Clinical Health (HITECH) Act — which requires health care institutions to develop notification and prebreach programs — as well as state laws in California and Missouri. This 2009 legislation expands current federal privacy and security protections of health information. According to the Energy and Commerce, Ways and Means, and Science and Technol-ogy committees, the HITECH Act strength-ens the enforcement of federal privacy and security laws by increasing penalties and providing greater resources for enforcement and oversight. Among other mandates, the HITECH Act outlines how hospitals notify their patients and community of a breach through the fol-

lowing notice types: Actual notice: Affected individuals, guardians or

next of kin must receive written notice at their last known mail or email address.

Substitute notice: If contact information is not

available, the health care network must provide substitute notice, usually in the form of a con-spicuous posting on the network’s Website or other location and/or a media notice, as soon as reasonably possible.

Media notice: For breaches affecting 500 or more

residents of a single state or jurisdiction, the hospital is required to provide notice to promi-nent media outlets in that area.

Secretary notice: Hospitals must notify the U.S. Department of Health & Human Services in all Continued on page 8

Page 6

Welcome New Show Me of Missouri Chapter

Members!

Are You Certifiable? Become a Certified Healthcare Financial Professional (CHFP)

Enhance your career potential by becoming a Certified Healthcare Financial Professional (CHFP). HFMA's certification program provides you an opportunity to earn this designation when you meet the following re-quirements: • Be an HFMA member for a total of two years and be an current active member • Have two years of professional experience in the healthcare finance industry • Successfully complete the HFMA Core certification exam and one of the specialty exams - Accounting and Finance, Patient Financial Services, Financial Management of Physician Practices, or Managed Care • Obtain a reference from an elected HFMA chapter office and your CEO or supervisor

All active members are eligible to take the certification exams. Once you meet the requirements for becoming a CHFP, submit a CHFP application to HFMA National within 24 months of successfully completing the first exam, with a one-time fee. You will then receive a certificate through your chapter that you can proudly dis-play and will be entitled to used the CHFP designation after your name. For more information about the HFMA certification program or resources available locally, please contact Janice Janssen at Janssenj@health.missouri.edu or 573-882-8010.

Bradley K Thorton Lei W Francisco Ted W Weatherford Business Biller Graduate Student Controller St. Mary’s Health Center Columbia MO Rusk Rehabilitation Center Andrea Wiggins John Calvin CPA Paul Weaver Student Senior Director, Patient Accounts Columbia MO BKD LLP St. Mary’s Health Center Kari Casady Debra A Seyfried CPC CPME Business Office Director Senior Administrator Putnam County Memorial Hospital KU Orthopedic Surgery

Page 7

UPCOMING EVENTS In order to add value to your membership, we are trying to offer as many educational opportunities as possible. Here is a schedule of upcoming education sessions. We are adding more all the time, please visit our website for additional information – www.hfmashowme.org February 9, 2010 RAC Updates with Panel Discussion Webinar - Region 8 Webinar Registration link - http://www.hfma.org/events/chapter/IowaChap020910.htm February 2, 2010 Cost Reduction Strategies for Health Care Organizations Webinar Presented by RSM McGladrey Registration link: http://events.rsmmcgladrey.com/forms/HCCostReductionStrategiesUpdates2210?elq=e64124853c2541fb9a00f9a75c167f8d February 11, 2010 ICE Technologies – A Practical Approach to Meaningful Use

Achievement March 9, 2010 Region 8 Webinar – Physician Supervision Requirements April 13, 2010 Region 8 Webinar – Healthcare E-Visits Webinar April 2010 “Payor Panel” co-sponsored with AAHAM - hosted at Lake Regional Hospital, Lake Ozark, MO May 19-21, 2010 Joint Spring Conference with Greater St. Louis Chapter,

Membership Promotion The HFMA Show Me of Missouri Chapter will pay 50% of dues for February 2010 through May 2011 for 15 new members. Dues cost for this time period is $271 so the Chapter expense per new member will be $135.50.

• New member will pay for their dues (or their company) and submit request for reimbursement to Deana Thomas, Treasurer. • Only new members that work for provider organizations are eligible. • Officers and directors are not eligible.

Officers, directors, and members of the Membership Committee will solicit for new members until February 26, 2010. Send all new member names that you get signed up to Stephanie Fennewald. The first 15 new members will qualify. I will send out emails periodically to inform everyone how many new members have qualified or you can contact me to find out. Submitted by: Stephanie Fennewald, Membership Chair Show Me of Missouri Chapter

Page 8

HFMA Show Me of Missouri Chapter

President

Greg L. Shaw, FHFMA, CPA, MBA

President-Elect Jennifer L. Ogden, FHFMA

Vice President

Kory Stout

Secretary Janet C. Taylor, CHFP, CPA

Treasurer

Deana Thomas, MHA

Board of Directors Mary Bonge

Rita Dew

Susan Duncan

Lorrie Haden

Shelly Hunter, FHFMA, MBA

Kyle Lee

Matt Levsen, FHFMA, CPA

instances of breach. The format and timing of the notice vary based on the number of affected individuals. Given these guidelines and penalties, a hospital’s best choice is to proactively curb medical data breaches before they occur. Best practices for hospitals Deterring and detecting data breach threats don’t happen by chance. Leading health care companies are taking advantage of new processes and proven solutions used in other industries, namely financial and credit card markets, to prevent breaches from occurring. The following are a few best practices that hospi-tals should consider implementing in 2010: Appoint a responsible party. Hospitals should make data breach

avoidance part of an individual’s or a team’s job description. Naming an accountable resource will initiate process improve-ments, direct noncompliance inquiries to a centralized area, determine who would perform any investigations, and lead all legal and notification efforts in the event of a breach.

Expand compliance training. A variety of individuals need access

to patient health information to perform their job. They may be staff, contractors, third parties or temporary workers. Hos-pitals need a process to ensure that all these individuals par-ticipate in annual compliance training. No exceptions.

Build a compliance culture. The entire hospital community should

value the privacy of patients’ data as part of the organization’s mission. This includes offering trusted avenues to report non-compliance activities. All individuals — staff, contractors and partners — should be diligent in their compliance and alert the responsible party to processes and/or individuals who may be operating outside of privacy policies.

Monitor information. Automated monitoring of employee and pa-tient information will alert hospitals of possible data breaches, often before they impact hundreds of individuals. Used by thousands of corporations across the United States, third-party products and services are available to monitor credit reporting agencies and proactively alert organizations of fraudulent events. Equipped with this unbiased information, hospitals can take appropriate action.

Medical data breaches are problematic for hospitals. Progressive health care professionals are looking at new means to protect themselves, and they are finding their answers from colleagues in other industries. o provide maximized results, hospitals need to advance their culture, training and systems to encourage compli-ance in every activity and have planned responses to potential