Welcome to the introductory edition of Health Care Provider Insights. We are practice management consultants, providing legal and business management advice and assistance to physicians and dentists (health care professionals) throughout the New York area. Drawing on our understanding of the changing and enduring needs of health care professionals, we have advised large and small practices on such concerns as managed care plans, third-party payors, risk management, office administration, staffing, computer services and marketing. In each monthly edition of Health Care Provider Insights, look for insightful practice tips.

Tip #1: High-Deductible Health Plans

Many Americans have high-deductible health plans (HDHPs). As of this writing, patients likely have not met their 2017 deductibles, so until those deductibles are met, the patient, not the insurance company pays the provider for services. Therefore, it is best to start collecting payment from patients at the time the service is provided, or even before expensive services are provided. In addition, it is advisable to train staff to tell patients when they book appointments that (1) they may need to pay out of pocket for medical expenses (co-pays, deductible or co-insurance) and (2) they should bring a copy of their insurance card to their appointment.

Tip #2: Relationships with Manufacturers and GPOs

Pursuant to the Physician Payment Sunshine Act, drug, medical device or biological manufacturers and group purchasing organizations (GPOs) are required to report to CMS: (1) payments and other transfers of $10 or more to teaching hospitals and physicians and (2) ownership and investment interests held by physicians. Payments to group practices will be attributed to the provider on whose behalf the payment was made, not the entire practice.

The reported payment information received by CMS is posted on a website for consumers (https://openpaymentsdata.cms.gov/). The Department of Health and Human Services Office of Inspector General (HHS/OIG) plans to compare the Open Payments data with Medicare payments made to physicians. Therefore, it is advisable that someone in your practice (such as the compliance manager) check the website at least annually and preferably quarterly to make sure that no pharmaceutical or medical device manufacturer is listed as having made a payment to you. Even if you do not believe you have received any such payments, you should have the compliance manager check, because the database may contain mistakes, including payments attributed to the wrong physician and incorrect payment amounts. If there are payments listed, you may want to consider changing your relationship with manufacturers and GPOs to prevent patients from claiming that their care was influenced by a manufacturer or GPO.

Tip # 3: HIPAA-Related Email Phishing Scam

HHS has issued a warning regarding a HIPAA-related email phishing scam. The scam email contains mock HHS department letterhead that appears over the signature of Office for Civil Rights Director Jocelyn Samuels, and asks recipients to follow a link related to the HIPAA audit program. The scam email would be coming from OSOCRAudit@hhs-gov.us, a slightly different email address than the authentic email address, OSOCRAudit@hhs.gov. If you receive an email from OSOCRAudit@hhs-gov.us, do not open the email or any links contained in the email. Instead, delete the email and notify staff in your practice to do the same.