Indictment of Anthem Breach Hackers

Do you remember hearing about the Anthem breach in 2015? Hackers infiltrated Anthem’s network and breached the personal health information of 78.8 million patients. This was one of the worst data breaches in US history if not the worst. There is some good news being reported. The Department of Justice has indicted two China-based hackers for the Anthem hack and breach.

How did the hackers do it?

The hackers allegedly used methods to hack including spear-phishing emails sent to employees embedded with links. After the employee clicked on the link, the malicious malware was installed to infect and compromise the system. Once inside the system, the hackers installed what is called a “backdoor” which in this case was undetected by the organization infected. This “backdoor” allows the hackers to come and go as they please. Although the hack was discovered in 2015, it began in 2014 with the hackers coming through the back door and conducting reconnaissance to identify information of interest.

What is the Lesson Learned?

Be on the lookout for “phishy” emails. Here are a few tips to assist in identifying Phishing emails.

  1. Does the email invoke a sense of urgency, fear, or curiosity?
  2. Does it ask you to click a link, open an attachment or provide your user Id/password or other sensitive information?
  3. Do you know the person that sent the message and were you expecting it? Hackers can “spoof” messages meaning they make it look like it is coming from a known sender when it is not. If you know the sender but were not expecting it, contact the sender by a means other than email to confirm.

What to do when you suspect a phishing email?

For Reliant employees who use Reliant’s email, a “Phish Alert Button” was recently implemented within the email system. This button is easily accessible within the user’s email and allows the suspicious email to be reported at the click of a button. After clicking this button, it alerts the Reliant support team and allows security measures to be quickly added to prevent others from clicking on similar malicious e-mails.

Customers who don’t have a similar “Phish Alert Button” in place, should report suspicious emails to their support team through established reporting processes.

March 2019 Healthcare Data Breaches

The Health and Human Services Office of Civil Rights (OCR) is responsible for enforcing civil right laws. Covered Entities such as Skilled Nursing Facilities and Business Associates must comply with HIPAA regulations which includes reporting breaches of Protected Health Information (PHI). Breaches affecting 500 or more individuals are posted by OCR on a public website. Breaches affecting less than 500 individuals are also required to be reported but are not posted for public viewing.

To give you an idea of the information available on the public site using March 2019 data, there were 32 breaches reported with 500 or more individuals involving 951,252 individuals. Of these 32 breaches, there were 22 Healthcare Providers, 4 Health Plans, and 6 Business Associates involved.

The types of breaches consisted of

  • 20 – Hacking/IT Incidents
  • 8 – Unauthorized Access/Disclosure
  • 4 – Thefts

Breaches involving email and network servers accounted for 893,502 of the impacted individuals (see chart below). This is why security awareness training, good password management practices, and virus protection are so important.

For a list of the names of companies impacted and other information, visit the OCR portal at https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

SNF Provider Threshold Report (PTR) Now Available

The new Skilled Nursing Facility (SNF) Provider Threshold Report (PTR) is now available. This PTR is a user-requested, on demand report which enables users to obtain the status of their data submission completeness related to the compliance threshold required for the SNF Quality Reporting Program (QRP). For more information, click here.

SNF QRP Provider In-Person Training

The Centers for Medicare & Medicaid Services (CMS) will be hosting a 2-day Skilled Nursing Facility (SNF) Quality Reporting Program (QRP) in-person ‘Train the Trainer’ event for providers on May 7 and 8, 2019. This event will be open to all SNF providers, associations, and organizations. Access more information here.

The Customer Connect Webinar Series: A Collaborative Approach to Quality Outcomes

Every month on the third Thursday, Reliant’s Clinical Services offers a webinar to our partners on relevant topics within our industry.

March’s training Restoring Your Restorative Nursing Program provided participants with information regarding the importance of restorative nursing programs, reviewed the criteria for these programs, and identified strategies for successful implementation.

Join us in April for:
A Deep Dive into the PT and OT Components of the
Patient Driven Payment Model (PDPM)

Virginia’s Journey Home

Regan Mclaughlin, OT and Caitlyn Boldt, SLP of Reliant Rehabilitation share Virginia Rannebarger’s journey from stroke to home. Partnering with our facilities for the success of our patients is our passion! Congratulations Virginia, it was a pleasure to be a part of your journey. We know you are enjoying being home and “crafting” again.

Reminder Regarding Phase 2 and 3 Requirements For Participation

Last November, CMS issued a Temporary moratorium on imposing certain enforcement remedies for specific Phase 2 requirements. It was advised that this 18 month moratorium on the imposition of certain enforcement remedies be used to educate facilities about specific new Phase 2 standards.

• The following F-Tags included in this moratorium are:

• F655 (Baseline Care Plan); §483.21(a)(1)-(a)(3)

• F740 (Behavioral Health Services); §483.40

• F741 (Sufficient/Competent Direct Care/Access Staff-Behavioral Health); §483.40(a)(1)- (a)(2)

• F758 (Psychotropic Medications) related to PRN Limitations §483.45(e)(3)-(e)(5)

• F838 (Facility Assessment); §483.70(e)

• F881 (Antibiotic Stewardship Program); §483.80(a)(3)

• F865 (QAPI Program and Plan) related to the development of the QAPI Plan; §483.75(a)(2) and,

• F926 (Smoking Policies). §483.90(i)(5) While this moratorium is still active, providers should have these requirements in place now. In the same memorandum, CMS revealed changes to Nursing Home Compare (NHC) relative to survey and health inspection.

• Freeze on Health Inspection Star Ratings: Following implementation of the new LTC survey process on November 28, 2017, CMS held constant the current health inspection star ratings on NHC for any surveys occurring between November 28, 2017 and November 27, 2018.

• Availability of Survey Findings: The Survey findings of facilities surveyed under the new LTC survey process would be published on NHC, but not incorporated into calculations for the Five-Star Quality Rating System for 12 months. Link to full memorandum.

Chart review of the 3 phases of implementation:

Phase 1: Implemented November 28, 2016 *indicates this section is partially implemented in Phase 2 and/or 3

• Resident Rights and Facility Responsibilities*

• Freedom from Abuse Neglect and Exploitation*

• Admission, Transfer and Discharge*

• Resident Assessment

• Comprehensive, Person-Centered Care Planning*

• Quality of Life • Quality of Care*

• Physician Services • Nursing Services*

• Pharmacy Services*

• Laboratory, radiology and other diagnostic services

• Dental Services*

• Food and Nutrition*

• Specialized Rehabilitation

• Administration (Facility Assessment- Phase 2)*

• Quality Assurance and Performance Improvement* – QAPI Plan

• Infection Control- Program*

• Physical Environment*

Phase 2: Implemented November 28, 2017

• Behavioral Health Services*

• Quality Assurance and Performance Improvement*- QAPI Plan

• Infection Control- Facility Assessment and Antibiotic Stewardship**

• Physical Environment- smoking policies*

Phase 3: Implementation November 28, 2019

• Quality Assurance and Performance Improvement*- Implementation of QAPI

• Comprehensive Person-Centered Care Plan: Trauma informed care

• Infection Control- Infection Control Preventionist*

• Compliance and Ethics Program*

• Physical Environment- Call lights at resident bedside*

• Training Requirements*

PDPM Part 2: Idioms for ICD-10 Success

ICD-10 coding has never been so daunting! Thanks to search engine crosswalks and funny memes, the 2015 transition to ICD-10 did not leave any permanent scars, and most of us can now recall treatment codes with ease. However, ICD-10’s role in PDPM hasshuffled the deck. Suddenly, we are questioning our own knowledge and wondering if we have the skill set to be successful. 
As we prepare for the transition to PDPM, it’s important to remember, we’re all in the same boatICD-10 coding on the MDS directly maps our patients into case mix categories for payment. There is no buffer between coding and reimbursement. CODING IS reimbursement for physical therapy, occupational therapy, speech language pathology, nursing and non-therapy ancillary. CMS says the primary patient diagnosis allows us to identify the patient’s unique conditions and goals which should be the primary driver for care planning and delivery of services.
Many facilities already have the ingredients for a recipe of success: a collaborative effort between nursing and therapy is key in identifying each active condition on admission and changes in condition throughout the episode of care.  Let’s consider these additional idioms:
Don’t put all your eggs in one basket.

  • Having a designated ICD-10 coder is an awesome resource; however, never discount the input from the other skilled professionals interacting with the patient. Coders provide accuracy, but clinicians, physicians, and dietitians provide the details to hone that accuracy.

The devil is in the details.

  • If you’ve ever wondered whether each element on the MDS mattered, PDPM has given you the answer. “Additional Active Diagnoses”, I8000’s title, does not scream “I’m important!”, but its first line: I8000A will map case mix for physical, occupational, and speech therapy components. Beyond this, Section I, active diagnoses, impacts all five clinical case mix categories, some of which are check boxes, others have clinical category and co-morbidity mapping tools.

The ball is in your court.

  • Begin to put systems in place to identify active conditions of the resident. Reliant therapists perform a full system evaluation, so engage their input for areas which may have been missed. During daily stand up or triple check, include clinical condition conversations to quickly identify changes which may need to be reflected in coding.

Strong partnerships for understanding and implementing processes for ICD-10 is critical. As stated, coding impacts PT, OT, SLP, Nursing, and Non-therapy ancillary case mix groups. Accurate coding ensures resource availability for successful outcomes and patient satisfaction. Just remember, Rome wasn’t built in a day, so let’s start conversations now.