MMS’ CLIENT ALERT May 2012
May 2012
“PROVIDE EXCELLENT PATIENT CARE, GROW, AND ACHIEVE; MMS IS HERE TO SERVE YOU AND YOUR PRACTICE!”
IN THIS ISSUE
Overview: The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, require the Department of Human and Health Services (HHS) to provide periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. To implement this mandate, the Office of Civil Rights (OCR) is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance. Audits have begun and are to be concluded by
December 2012.
Program Objectives: The audit program serves as a new part of OCR’s health information privacy and security compliance program. OCR will use the
audit program to assess HIPAA compliance efforts by a range of covered entities, Audits present a new opportunity to examine mechanisms for compliance, identify best practices and discover risks and vulnerabilities that may not have come to light through OCR’s ongoing complaint investigations and compliance reviews. OCR will broadly share best practices gleaned through the audit process and guidance targeted to observed compliance challenges via the HHS’ website and other outreach portals.
When Will Audits Begin?
The pilot audit program is a three step process. The first step entailed developing the audit protocols. Next, a limited number of audits will be conducted in an initial wave to test these protocols. The
OCR begun the initial audits in November 2011.The results of the initial audits will inform how the rest of the audits will be conducted. The last step will include conducting the full range of audits using revised protocol materials. All audits in this pilot will be completed by the end of December, 2012.
Continued on Page 2
New Anthem Blue Cross Policies! Anthem Blue Cross has revised and implemented new Medical Policies and Clinical UM Guidelines. The new and revised policies are effective for service dates on and after July 15, 2012.
Page 3
ePrescribe, Incentive Money, and NPI 2012 ePrescribe rules and regulations (page 6), $4.5 billion dollars of incentive money to physicians and practices (page 6), and NPI changes (page 3)
Page 3 and 6
HIPAA Awareness and Compliance An article dedicated to HIPAA compliance and awareness in healthcare IT environment by healthcare IT experts.
Page 4
The Department of Health and Human Services Announces Random HIPAA Audits
CLIENT ALERT | May 2012 2
Who Will Be Audited?
Every covered entity and business associate is
eligible for an audit. Selections in the initial
round will be designed to provide a broad
assessment of a complex and diverse health
care industry. OCR is responsible for selection
of the entities that will be audited. OCR will
audit as wide of a range of all types and
sizes of covered entities as possible; covered
individual and organizational providers of
health services,
health plans of all
sizes and functions,
and health care
clearinghouses may
all be considered for
an audit. We expect
covered entities to
provide the auditors
their full cooperation
and support and
remind them of their
cooperation
obligations under the
HIPAA Enforcement
Rule.
Business Associates
will be included in future audits.
How Will the Audit Program Work?
The privacy and security performance audit
process will include generally familiar audit
mechanisms. Entities selected for an audit will
be informed by OCR of their selection and
asked to provide documentation of their
privacy and security compliance efforts. In this
pilot phase, every audit will include a site visit
and result in an audit report. During site visits,
auditors will interview key personnel and
observe processes and operations to help
determine compliance. Following the site visit,
auditors will develop and share with the entity
a draft report; audit reports generally
describe how the audit was conducted, what
the findings were and what actions the
covered entity is taking in response to those
findings. Prior to finalizing the report, the
covered entity will have the opportunity to
discuss concerns and describe corrective
actions implemented to address concerns
identified. The final report submitted to OCR
will incorporate the steps the entity has taken
to resolve any compliance issues identified by
the audit, as well as describe any best
practices of the entity.
What is the General Timeline for an Audit?
When a covered entity is selected for an
audit, OCR will notify the covered entity in
writing. The OCR notification letter will
introduce the audit contractor, explain the
audit process and expectations in more detail,
and describe initial document and information
requests. It will also specify how and when to
return the requested information to the
auditor. OCR expects covered entities and
business associates who are the subject of the
audit to provide requested information within
10 business days of the request for
information.
OCR expects to notify selected covered
entities between 30 and 90 days prior to the
anticipated onsite visit. Onsite visits may take
between 3 and 10 business days depending
upon the complexity of the organization and
the auditor’s need to access materials and
staff. After fieldwork is completed, the auditor
will provide the covered entity with a draft
final report; a covered entity will have 10
business days to review and provide written
comments back to the auditor. The auditor will
complete a final audit report within 30
business days after the covered entity’s
response and submit it to OCR.
What Happens After an Audit?
Audits are primarily a compliance
improvement activity. OCR will review the final
reports, including the findings and actions
taken by the audited entity to address
findings. The aggregated results of the audits
will enable OCR to better understand
compliance efforts with particular aspects of
the HIPAA Rules. Generally, OCR will use the
audit reports to determine what types of
technical assistance should be developed, and
what types of corrective action are most
effective. Should an audit report indicate a
serious compliance issue, OCR may initiate a
compliance review to address the problem.
OCR will not post a listing of audited entities
or the findings of an individual audit which
clearly identifies the audited entity.
How will Consumers Be Affected?
The audit program represents one more
avenue by which OCR ensures compliance with
HIPAA protections of health information to the
benefit of consumers. For example, the audit
program may uncover reasons many health
information breaches are occurring and help
OCR create tools for covered
entities to better protect
individually identifiable health
information. Concerns about
compliance identified and
corrected by an audit will serve to
improve the privacy and security of
health records. The technical
assistance and best practices that
OCR generates will also assist
covered entities and business
associates in improving their efforts
to keep health records safe and
secure. OCR continues to accept
complaints from individuals and
covered entities continue to have
the obligation to accept complaints
from persons about their HIPAA
Rule activities.
WEBINAR AND SEMINAR: MORE INFO!
Tuesday, June 12, 2012 @ 12:00 PM PST and @ 5:00 PM PST. Join MMS and GHS for an in-depth webinar
on HIPAA compliance. MMS will be hosting an onsite seminar on Wednesday, June 13 @ 12:00 PM PST
and @ 5:00 PM PST
Contact: [email protected] or 805.547.1255 ext.
148 to RSVP your practice!
TO VIEW THE NOTIFICATION LETTER
Please go to:
http://www.hhs.gov/ocr/privacy/hipaa/enforcement
Please view:
HIPAA Privacy and Security Audit Program
Please click on:
Initial Notification Letter
CLIENT ALERT | May 2012 3
“Wow, that’s a lot of paper! I thought the doctor was moving towards an Electronic
Health Record? I wonder where my patient
paper chart is in that mess!”
New Medical Policies effective July 15, 2012
Gene.00023 Gene Expression Profiling for Uveal Melanoma: This policy addresses gene expression profiling as a technique to assist in the risk stratification and clinical management of uveal (ocular) melanoma.
Med.00109 Corneal Collagen Cross-Linking: This policy addresses corneal collagen cross-linking, a minimally invasive photochemical treatment of progressive keratoconus and other corneal thinning processes, such as ectasia after laser in-situ keratomileusis (LASIK)
Surf.00130 Annulus Closure after Discectomy: This policy addresses annulus closure devices for annular repair following a discectomy.
Revised Medical Policies and Adopted Clinical UM Guidelines effective July 15, 2012
Admin.00007 Immunizations: This policy addresses the use of childhood and adult immunizations as recommended by the American Academy of Family Physicians, the American Academy of Pediatrics, and the Advisory Committee on Immunization Practices for the Centers of Disease Control and Prevention.
Drug.00028 Intravitreal and Periocular Injection Treatment for Retinal Vascular Conditions: This policy addresses the following medication used to treat retinal conditions of the eye: Pegaptanib, Bevacizumab, Ranibizumab, and Afibercept.
MED.00013 Parenteral Antibiotics for the Treatment of Lyme Disease: This policy addresses the use of parental antibiotics (i.e.; intravenous and intramuscular) for the treatment of Lyme disease.
SURG.00096 Surgical and Ablative Treatments for Chronic Headaches: This policy addresses surgical and ablative treatments for chronic headaches (e.g. migraine and tension type headaches) and occipital neuralgia.
Newly Adopted Clinical UM Guidelines effective July 15, 2012
CG-Med Ancillary Services for Pregnancy Complications: This document addresses services for pregnancy complications such as treatment of antepartum thromboembolytic disease and treatment of hyperemesis gravidarum.
CG-SURG 30 Tonsillectomy for Children: This guideline addresses tonsillectomy in children ages 1-18 years.
The complete list of our Medical Policies and Clinical UM Guidelines may be accessed on Anthem Blue Cross Website at www.anthem.com/ca select “Provider” and then select “Medical Policies and Clinical UM Guidelines” listed under “Learn More.” Recent changes to Medical Policies can be found under “Recent Updates.” If you have any questions please feel free to
contact Medical Management Strategies with your questions.
Never lose another patient chart!
Global Healthcare Solutions
Your Electronic Health Record Expert! \
First in California to help a provider
receive Meaningful Use Incentive Money, dozens since! Call today,
805.704.0576, and let GHS help you select the perfect EHR for your practice!
Providers and suppliers will soon have to include their National Provider Identifier when submitting all claims for payment from Medicare and Medicaid or when applying for enrollment in either program. The rule will become effective 60 days after its April 27, 2012 publication date in the Federal Register. It finalizes an interim final rule issued May 5, 2010. The NPI is a 10-digit identification number—required for use in HIPAA-applicable transactions—that is used for verification and to curb Medicare and Medicaid fraud and abuse. "To maintain program integrity and ensure quality, we must make certain that only qualified providers and suppliers participate in the programs and that they bill accurately for their services," the CMS said.
The CMS noted several differences between the interim final rule and the finalized version. First, the agency says it will deny—rather than reject, as was initially stated—claims that don't include the NPI. Additionally, residents practicing in certain states where they are licensed to practice and order treatments will be allowed to enroll in Medicare. In states where residents are not allowed to be licensed, the teaching physician will have to provide an NPI. "We made this change to assist teaching hospitals, as well as the providers and suppliers who render the items and services in complying with this rule," the CMS said.
CMS issues final rule on provider enrollment
CLIENT ALERT | May 2012 4
QUICK GLANCE
Step 1: Analysis of your practice In today’s modern healthcare world, patient information is everywhere. From paper charts to electronic health record software to remote databases, what is your situation?
Step 2: Take all the necessary steps to ensure HIPAA compliance Do you know when the last time your IT network was evaluted? Does your practice have a current HIPAA 2012 Handbook? Have all your employees signed HIPAA documentation?
FAST FACTS
$1.5 Million Fine for HIPAA violation if due to willful neglect and is not corrected
2,500 Reported HIPAA Violations in 2011
Signed into law in 1996 by President Bill Clinton, The Health Insurance Portability and Accountability Act (HIPAA) changed healthcare forever in the United States of America. Many entities changed in 2009 with the signing of the HI-Tech Act. Part of the American Recovery and Reinvestment Act of 2009, the HITECH Act became law on Feb. 17, 2009. It modified the U.S. Department of Health and Human Services (HSS) Secretary's authority to impose civil money penalties for HIPAA violations that occur after Feb. 18, 2009 and much more.
Significance
Before the HITECH Act, the HHS could not impose more than $100 fine per violation or $25,000 for all violations of the same provision. A covered health plan, health care provider or other entity could even block the imposition of a civil money penalty by demonstrating it had no knowledge it violated HIPAA rules.
Features
The HITECH Act strengthened the HIPAA civil money penalty scheme. It created a tier of increasing penalties with a maximum $1.5 million for all violations of the same provision. Lack of knowledge no longer excuses a violation unless the violator corrects the problem within 30 days of discovering it.
What information does HIPAA protect?
Information protected by HIPAA includes anything oral or recorded in any form or medium. All information, whether in the past, present, or future, is safeguarded. Physical and psychological health conditions, provisions of care, and payment information are all protected. Examples of protected health information:
Patient's name, address, birthdate, age, phone and fax numbers, and email addresses
Medical records, diagnoses, lab work and test results, medical images, and prescriptions
Billing records, claim data, referral authorizations, and explanations of benefits
Electronic records, paper records, and oral communications
What are the rules about disclosing personal information?
Under HIPAA, personal healthcare information can be released to law enforcement without patient permission under certain circumstances. These include:
Court orders and subpoenas
Identifying suspects, witnesses, or missing persons
Reporting about victims of crime, neglect, or abuse
For any other uses, an authorization form must be signed by the patient prior to the release of information. There is special protection for:
Psychotherapy notes and drug and alcohol abuse treatment records
Research records and communicable disease information
HIV/AIDS status and genetic testing
Evaluation and treatment of mental health disorders
Continued on Page 7
HIPAA Awareness and Compliance By Bob Sayers and Chris Wolman
The Health Insurance Portability and Accountability Act protect the privacy of medical patients. Typically, a HIPAA violation involves a doctor or medical researcher divulging the medical history of a patient. As HIPAA is a federal law, violations carry the same punishments across the country. Punishments include heavy fines and jail time.
WEBINAR AND SEMINAR: MORE INFO!
Tuesday, June 12, 2012 @ 12:00 PM PST and @ 5:00 PM PST. Join MMS and GHS for an in-depth webinar
on HIPAA compliance. MMS will be hosting an onsite seminar on Wednesday, June 13 @ 12:00 PM PST
and @ 5:00 PM PST
Contact: [email protected] or 805.547.1255
ext. 148 to RSVP your practice!
MMS’ CLIENT ALERT May 2012
Need Help with ePrescribe?
Don’t be afraid to call Chris Wolman @ 805.547.1255 ext. 148
Electronic Health Record experts in numerous EHR software! Let our experience guide your practice to success, avoid the ePrescribe penalties, and
receive incentive money!
$4.5 Billion in Incentive Money to Physicians, Practices, and Hospitals
Nearly $4.5 billion in federal incentives to implement electronic health-record systems has been paid out thus far, with program enrollments and payments still increasing in the first quarter of 2012, according to an analysis of the CMS' latest data. There are now more than a quarter of a million (225,765) actively enrolled participants in the Medicare and Medicaid EHR incentive programs created under the American Recovery and Reinvestment Act of 2009, according to the CMS. Hospitals can receive payments under both the Medicare and the Medicaid programs, and most do, but physicians and other professionals can participate only in one program or the other. There have been 2,667 payments made to hospitals under the Medicare or Medicaid technology programs, or both, totaling nearly $3.1 billion. Meanwhile, 222,282 eligible professionals have enrolled, and 73,945 have been paid. Medicare payments to 44,014 eligible professionals have totaled $792 million, while various state Medicaid programs have paid 29,931 eligible professionals $628 million. Active registrations by hospitals increased by 406, or 13%, in the first quarter of this year to 3,483 participating hospitals, according to the CMS. Registrations for eligible professionals rose by 49,310, or nearly 29%, during the quarter to 222,282. Medicaid program enrollments of eligible professionals jumped nearly 51% as more of the late-starting, state-run Medicaid programs came online. Medicaid EHR incentive programs are up and running in 43 states; 42 states are making payments. In comparison, EP enrollments in the federally administered Medicare incentive program rose modestly, by not quite 20%.The average Medicare payment to hospitals receiving Medicare and Medicaid payments has been $1.78 million. The average Medicaid payment for these hospitals has been slightly more than $789,000. The average payment for the 190 Medicare-only hospitals has been slightly more than $1.5 million, and the 78 Medicaid-only hospitals have received an average payment of $2.35 million.
e-Prescribe: Don’t Lose Money!
The 2012 Medicare ePrescribing incentive program provides for an incentive payment to eligible physicians who successfully ePrescribe medications in 2012 equal to 1 percent of their total Medicare Part B payments for the year. To avoid penalties in 2013, an eligible physician needs to report the ePrescribing G-code, G8553, at least 10 times for Medicare office visits or services for the January 1, 2012 through June 30, 2012 reporting period on your Medicare Part B claim forms. For eligible physicians and group practices using the claims-based reporting mechanism, all claims for services furnished between January 1, 2012, and June 30, 2012 needed to be received and processed by CMS no later than one month after the reporting period.
For physicians who cannot e-Prescribe, to avoid the 2013
ePrescribing penalty physicians have an opportunity to attest online
that they are eligible for one of the following penalty exemptions:
• Physician is unable to electronically prescribe due to local, state,
or federal law or regulation (e.g., state law prohibits ePrescribing of
controlled substances)
• Physician prescribes fewer than 100 prescriptions between
January 1, 2012 and June 30, 2012
• Physician is located in a rural area without high-speed Internet
access
• Physician practice is located in an area without sufficient
available pharmacies for ePrescribing
Physicians will have to apply for an exemption from the 2013 ePrescribing penalty via the CMS website by June 30, 2012.
CLIENT ALERT | May 2012 6
FACTS AND A CARTOON
Fact: Americans have better survival rates than Europeans for common cancers. Breast cancer mortality is 52 percent higher in Germany than in the United States, and 88 percent higher in the United Kingdom. Prostate cancer mortality is 604 percent higher in the U.K. and 457 percent higher in Norway. The mortality rate for colorectal cancer among British men and women is about 40 percent higher.
Cartoon:
CHANGES TO ASTHMA SMART PROGRAM FOR 2012!
Now BREATHE SMART for Asthma and COPD CenCal Health is expanding and improving the Asthma SMART Program for 2012. The program will be new and improved with the following structural and clinical changes: • Asthma SMART will be named BREATHE SMART and include COPD patients • Criteria will be expanded to promote earlier intervention for newly diagnosed asthma and COPD patients • The list of preferred asthma medications will be expanded to include:
- Anti-asthmatic combinations - Antibody inhibitors - Inhaled steroid combinations - Inhaled corticosteroids - Leukotriene modifiers - Mast cell stabilizers - Methylxanthines
• Number of fills of preferred medication will be increasing from 5 to 8 per year to improve patient compliance • Focus will be on decreasing exacerbations and acute hospitalizations for Asthma and COPD patients • CenCal Health clinical staff will be available to offer providers assistance on patient management and clinical guidelines Asthma Action Plans are available on CenCal Health’s website or contact Suzanne Michaud, Senior Health Promotion Educator, at 805.562.1662. If you have questions about this report or would like to discuss ways to improve your performance, please contact our Health Services Quality Improvement Manager, Paula Curran, RN at 805.562.1637.
For a Quick Read and Updates to the ever changing healthcare system, Medical Management Strategies Recommends the following Healthcare Websites:
www.modernhealthcare.com
www.modernphysician.com
www.cms.gov
www.medicare.gov
CLIENT ALERT | May 2012 7
Documentation and Planning
Planning and preparing for HIPAA is an everyday, every minute, and every second priority for each and every practice. If your practice is on an Electronic Health Record (EHR) you should look at the security of the network and hardware. There are various methods of performing a risk analysis of an EHR and the network to guarantee compliance with the HIPAA Security Rule; moreover, they include:
•Collection of data;
•Identify and document potential threats and vulnerabilities to network and hardware;
•Assess current security measures;
•Determine the likelihood of threat occurrence to IT and hardware;
•Finalize documentation; and
•Periodically review and conduct all updates to risk assessment.
Civil Penalties for HIPAA Violations
The American Recovery and Reinvestment Act of 2009 (ARRA) established civil penalties for HIPAA violations. HHS can set the civil penalties based on the nature and extent of the violation and the harm resulting from the violation. There is no private right of action for violations of HIPAA.
Lack of Knowledge
If the person who violates HIPAA is not aware of the violation, the fine can range from $100 per violation to $1.5 million. The amount depends on the repetition and extent of the violation.
Unwillful
If the violation is due to reasonable cause and not due to willful neglect, the fine ranges from $1,000 per violation to a maximum of $1.5 million. The violator may claim an affirmative defense of lack of intent to violate HIPAA regulations.
Willful
If the violation is willful and is corrected within 30 days the fine ranges from $10,000 per violation to $1.5 million annually. If the violation is not corrected, the fines range from $50,000 per violation to an annual maximum of $1.5 million.
Mitigation
HHS has the authority to reduce the amount of the penalty if they find mitigating circumstances. Such circumstances would be the
correction of violations or other affirmative acts that prevent future HIPAA violations. HHS may also provide technical assistance to violators in imposing systems to prevent future occurrences.
Horror Stories
In 2009, the HHS charged CVS Pharmacies with inappropriate disposal of protected information. CVS was improperly disposing of medical prescriptions by dumping them in a dumpster rather than destroying the records. CVS agreed to pay $2.25 million in fines, sanction workers who violated the privacy policy, establish an internal monitoring and reporting program and to conduct employee training.
Just recently, an Arizona private practice was fined $100,000 for not having their IT secure and patient information was exposed.
Questions to Ask Your Office Manager to ensure HIPAA compliance in a modern healthcare environment
• Are there administrative safeguards?
• Are there physical safeguards?
• Are there technical safeguards?
• Are there organization safeguards?
• Are there policies and procedures and documentation requirements?
• Are there current business associate contracts and other arrangements?
• Is there a contingency plan in place?
• Is there an access control plan in place?
• Are there any regulations to information access management?
• Are there procedures and regulations to all device and media controls for the practice?
• What is the current integrity of the IT Network, Hardware, and Software?
• Has the transmission security of the network been jeopardized?
• What are the current security management processes?
• Who is assigned the security responsibilities? Who verifies those responsibilities?
• What security incident procedures are in place?
• When was the last time a Healthcare IT professional evaluated the network?
• If there was an evaluation of the network, did the IT professional provide a detailed report? Was it documented in your HIPAA handbook?
• Have all access control points of the network been identified?
• What are the workforce security measures in place?
• Has the practice’s staff received security awareness and a HIPAA training workshop?
• Who controls staff access to patient health information?
• What are your current workstation usage and security policies? Has the workstation been jeopardized from viruses or spam?
• Does each workstation have staff, person, or entity identification and authentication?
For the complete list of guidance please refer to your current HIPAA 2012 Handbook; moreover, if you do not have one please feel free to contact Medical Management Strategies @ 805.547.1255 ext. 148.
HIPAA Awareness and Compliance Cont…
WEBINAR AND SEMINAR: MORE INFO!
Tuesday, June 12, 2012 @ 12:00 PM PST and @ 5:00 PM PST. Join MMS and GHS for an in-depth webinar
on HIPAA compliance. MMS will be hosting an onsite seminar on Wednesday, June 13 @ 12:00 PM PST
and @ 5:00 PM PST
Contact: [email protected] or 805.547.1255
ext. 148 to RSVP your practice!
CLIENT ALERT | May 2012 8
About Medical Management Strategies
Medical Management Strategies is committed to ensuring the financial success of our clients by providing first-rate medical billing, practice management consulting and technology solutions. We firmly believe that the success of our clients is our future.
Company History
Medical Management Strategies was founded in 1996 by a small group of independent physicians and experienced healthcare executives. Since then, MMS has grown to become one of the more prominent healthcare practice management companies providing services in billing, EHR, practice management consulting, IT management and technology.
Our unique approach to providing these services has helped us grow. MMS prides itself in ensuring that healthcare providers retain a large measure of autonomy and control over their practice management and operations. Our focus has always been to work closely with our providers to establish a framework by which we can address common interests and benefits from the efficiencies with being associated with a larger organization.
Through MMS, healthcare providers are able to access structure and depth as well as state-of-the-art technology to complement their practices’ management staff.
Revenue Cycle Management
Are your billing processes up to the highest collection rates possible? Are you able to collect your money as quickly and efficiently as you should? Do you know how much of your money is left on the table and never collected? If you are not absolutely positive about your current billing and collection processes Medical Management Strategies is here to assist. We are able to perform a thorough Accounts Receivable Audit and help you determine if your income is at the highest level of return attainable by comparing it to the MGMA benchmarks for your specialty and practice size. We can then see where you currently stand and offer suggestions on the best options to get you to the next level. With more than 15 years of experience in the healthcare industry on our side, your success is truly our success, and we are here to help you! Coding Services
Are you losing money due to not coding properly? Are you at risk for an audit based on current coding practices and documentation? If you are not sure, Medical Management Strategies is here for you! Let our certified coders perform an in-depth audit of your charts to determine if you are maximizing your reimbursement for services provided and are in compliance before it becomes too late! With more than 15 years of hands on experience, Medical Management Strategies understands the need to optimize your revenue by utilizing the proper coding techniques.
Contracting & Credentialing Services Are you losing money due to not being properly contracted with a health plan? Do you know if your practice is being paid at the highest reimbursement possible? Anyone who has attempted to contract and credential the physicians in their practice knows that the process can be, well… a bit of a headache. The applications, documents, signatures, attestations, deadlines, not to mention the never-ending cycle of changes and updates to adhere to new regulations in the law can affect your bottom line if not done properly and timely. The remedy? Let Medical Management Strategies be your solution. We have the experience, have developed the contacts, and can assist you by evaluating your current contracts to determine the best approach to increase your revenue.
Medical Management Strategies 3000 Broad Street Suite B217 San Luis Obispo, CA 93401 www.mmsofslo.com
Phone: 805.547.1255 ext. 148 Fax: 805.547.1295