Browsing articles in "Articles"

Message from the Chairman

 //  No Comments

My biggest concern as a physician,

and one shared by most clinicians, is that a decision made or a procedure performed results in harm to a patient, leading to pain and suffering, and perhaps adversely affecting quality or length of life. Most patients understand and accept the reality that events occur in the practice

of medicine that fail to salvage vision or restore function. However, patients do not give consent to procedures expecting that they will result in loss of sight, loss of the eye, or injury. Fortunately, such events are rare. After experiencing an adverse outcome, an honest surgeon will ask himself or herself privately, “Did I do something to cause this? Was this my fault? Did I make a mistake? What if I had done things differently?”

Patients who have been harmed, their friends, and family members ask the same questions. Their assessment and answers to those questions are the basis of medical liability claims. It is left to the courts and juries to determine if the complication results from “malpractice” as defined by the courts. All too often, an acceptable complication that occurs in the normal conduct of medical practice results in a claim, particularly when there is observable physical damage, pain and suffering, or financial loss. Physicians may feel cheated if a settlement is paid out when they are certain that everything was done correctly and within acceptable standards of care. However, one can’t escape the reality that a patient lost an eye or vision, suffered a stroke, or passed away in the course of treatment. Even when an adverse outcome is the result of maloccurrence, not malpractice, juries often take the approach that someone has to pay. That “someone” is usually the professional medical liability insurance carrier, which provides protection for physicians both when there is clear evidence of wrongdoing and when there is a settlement in the absence of malpractice. This coverage provides a safety net for patients who have been harmed and protection for the physician’s assets.

When a claim comes in to OMIC, investigation and defense of the claim falls to the claims department headed by Mary Kasher, MSN, JD. Insureds are familiar with OMIC’s outstanding claims history: average indemnity 18% lower than average ophthalmology indemnity reported by other carriers; 79% of cases closed with no indemnity payment; expense per closed claim 30% below industry average; 85% win rate at trial. This remarkable record reflects Mary’s experience and direction and the dedication and skill of senior litigation analysts Ryan Bucsi, Richard Isom, Stacey Meyer, and Randy Morris. This team of claims specialists serves as the intermediary between the attorney and doctor, supervising each claim in their respective geographic jurisdiction and leading each ophthalmologist through the litigation process from beginning to end.

Mary’s biggest challenge has been finding outstanding attorneys in each of the 49 states where OMIC insures ophthalmologists and educating them about the specialty so they could knowledgeably and skillfully defend insureds.

Mary’s approach to claims defense is shared by the OMIC Board and senior leadership: If a doctor is not negligent, provide the best defense possible, and settle those cases that need to be settled early and fairly.

John W. Shore, MD Chairman of the Board

RAC Audit. Cyber/eMD Breach. Who Ya Gonna Call?

,  //  No Comments

Robert Widi, VP Sales

The Obama Administration continues to focus energy on fighting fraud & abuse within healthcare under the “Campaign to Cut Waste” established nearly three years ago. By some estimates, the government has recovered $7 in fraudulent payments for every $1 spent on the program so far.  The Department of Justice recovered over $2.8 billion in healthcare fraud in 2011 and began prosecutions for more than $1 billion in newly identified fraudulent claims.

The focus on healthcare fraud is no surprise given the government estimate of $90 billion in fraudulent payments of CMS’s funds each year. Until recently, however, most claims activity has targeted large hospital networks and facilities rather than smaller private ophthalmic practices. But this is changing.

To date, OMIC has recorded approximately 300 claims against our insureds for Medicare/Medicaid and Commercial Payor billing errors (“fraud and abuse”) allegations.

OMIC was one of the first malpractice carriers in the United States to include regulatory coverage within its malpractice policy. Called BRP (Broad Regulatory Protection) and eMD (Cyber Liability and Patient Notification Protection), policyholders are provided with a benefit sublimit that covers billing errors allegations as well as many other regulatory and electronic data liabilities.

Billing allegations covered:

  • Billing for services not performed
  • Upcoding of services
  • Inadequate documentation to support the services provided
  • Use of incorrect CPT codes
  • Unbundling or fragmentation of services
  • Providing medically unnecessary services
 
Other covered perils under BRP:
 
  • HIPAA Privacy laws
  • EMTALA
  • DEA
  • Stark Act
  • Red Flag
  • HITECH
  • Gramm-Leach-Bliley regulations
  • FTC and Fair Credit Reporting Act
  • eMD Network Security
  • Patient Notification and Credit Monitoring
  • Data Interference
  • Data Recovery
 
Coverage limit: $50,000
 
For more information on the OMIC BRP and eMD coverage benefits go here.
 
 

HIPAA-proofing Your Smart Phone or Mobile Device

,  //  No Comments

In recent months OMIC has noted a surge in regulatory and HIPAA Privacy claims, especially involving malicious acts by disgruntled employees and unhappy patients.

In one case, a physician’s smart phone was compromised and more than 30 unauthorized breaches were recorded in one four hour period, requiring the practice to notify hundreds of patients of a potential release of their medical information. They also were required to report the incident to government authorities in order to comply with HIPAA requirements.

See here for HIPAA Security Rule.

While some of the costs associated with data breaches may be covered by your insurance (See here for information on OMIC’s BRP and eMD policy benefits) the damage to your reputation would be difficult to measure not to mention the time you and your staff must devote to addressing the issue.

Interestingly, a leading security firm recently “lost” 50 phones to track the behavior of those who found the phones. Of the 50% of the phones that were actually returned, 43% attempted to gain access to a banking app, often attempting to “guess” the login code based on other data accessable on the phone and 80% tried to access folders titled “HR Salaries” “HR Cases” and “saved passwords.”

Unauthorized access to sensitive information on your device would be considered a HIPAA Privacy violation. And while a data breach or HIPAA violation could be the result of a deliberate act of a person intentionally trying to harm you or your practice, it may also simply arise from the loss or theft of your mobile device.

Steps you can take to HIPAA-proof your smart phone:

1. Activate Phone Passcode. Choose a four-digit passcode that would be difficult to easily guess. Don’t use birthdates, street address numbers or anything else that would be obvious if a person was able to identify you and guess basic “expected” codes from an internet search. Your phone will often have a setting that, when turned on, will wipe all information from the phone if the wrong code is entered more than a set number of times. (I have my iPhone set to 10 wrong codes triggers phone data wipe-out). Turn this setting on.

2. Don’t Use Email. Regular email communications are rarely encrypted and should never be used for transfer of HIPAA protected information. Email accounts are easily breached and would almost never provide defensible protections for sensitive medical data or attachments if a HIPAA Privacy claim were filed against you or your practice. If you are sending sensitive information unencrypted, stop now, and use a cloud-based encryption service or VPN only.

3. Set “Required Login” for Apps. Some applications will save your information so that after you log in once on your smartphone you will no longer have to enter the login information for subsequent visits. Although convenient, this would make it easy for anyone gaining access to your phone to also potentially gain access to HIPAA protected information. Make sure that for any app that delivers sensitive data to your device, the settings require physical login credentials each time you enter the app.

4. Download an Encryption App. There are many cloud-based applications you can use to encrypt the data that is being transferred to and from your device but you also need to protect information that is downloaded or resides on your device itself. Therefore if you will download any sensitive information to the device itself, use this type of app. Encryption apps generally run from a buck or two to over $50. There is even a call encryption app for $1,600 that meets FBI standards! (You probably don’t need that one). These apps are available for both Apple and Android phones and they are of varying quality so research online and read app reviews for more information. Simply search for “encryption” in the app store. Your HIPAA-related texts, messages, and images that are downloaded to your device will be encrypted again, requiring another password. This is important since any previous encryption during transfer from a cloud server to your device would most likely not protect the data once it is downloaded to your phone. These apps can be configured to encrypt all data or only certain selectively identified folders, images, or documents.

CLOUD 101:

First, go here to learn about encryption.

“Off-the-Shelf” Cloud Apps: Cloud technology uses the same security as your bank to encrypt and protect data. Search for one that is HIPAA compliant or certified. OMIC does not endorse third-party products, however one popular app is Citrix Sharefile. There may be other HIPAA compliant (or certified) applications that are comparable or superior to Sharefile so do a thorough search before deciding on which service to use. Information sits behind a cloud-protected server. If you wish to share information with another physician, you can send them an invitation and they would receive an email with a link to the cloud-based confidential information.

Personal VPCs and VPNs: If you have installed electronic medical records (EMR) software, your vendor may already have a cloud-enabled HIPAA compliant encryption solution for you such as a VPN (Virtual Private Network) or a VPC (Virtual Private Cloud) and you may not need to search for separate software. They most likely will have discussed this with you during implementation of your EMR system. If not, ask them to describe in detail how sensitive information is protected. VPNs are basically protected private “intranet” networks within the internet that are set up to securely access your practice’s networked computer system. See this HHS article about EMR remote access liability.

Cloud vs. VPN?

There may be reasons you do not want to ever send HIPAA-protected data electronically, however that is becoming almost impossible in today’s web-based world. Many legal and health experts agree that if data is to be transferred, encryption within VPN or VPC would be preferable to completely unprotected email or text communications.

VPN enables you to extend your own network across one that isn’t necessarily secure (i.e. the internet). You would use VPN for access to your practice’s internal network from your home or when traveling and you would use it to transfer information securely from one computer to another, maintaining confidentiality of data and identity.

Cloud computing (VPC) enables you to send data into the cloud, often using VPN encryption technology as a foundation. Clouds have enhanced capabilities that may not be available in a simple VPN environment however data security in a cloud context depends on who manages the cloud, how easily you can access data, whether the cloud is HIPAA compliant, and who else might have access to it.

ONE MORE TIP: Don’t let your judgment be clouded.  You should not assume that “clouds” protect information sent to your device. While the transfer of information may be encrypted, information does “sit” on your phone temporarily. In addition to enacting the “required login” for cloud apps, you should also immediately exit these apps when you are not actively viewing them.

As outlined above, your efforts to limit access for your sensitive data including the passcode for the phone itself, encryption apps for sensitive documents, and protection during access to cloud-based apps or VPNs are all part of a “layered” approach that will help defend your practice against allegations of insufficient HIPAA-related data protocols.

Although a serious “hacker” may be able to penetrate many or all of the individual protections you employ, the more walls you build the more likely a person with a electronic forensic background would simply choose to move on to the next “unprotected” device. Similar to a steering wheel lock or house alarm, the technology is not the primary issue here, but rather a few simple steps that may make a potential criminal feel their time would be better spent moving on to next device.

Related articles from OMIC’s Blog…

Social Networking Policy for Your Ophthalmic Practice

You’ve Been Yelped: What You Should Know about Responding to Negative Online Reviews

What You Should Do Now To Protect Your Patient’s Eye Health Information

EyeNet Magazine Feb 2012: Getting Started With Social Media

OMIC Modifies Refractive Guidelines

,  //  No Comments

Ray Fontenot, VP Underwriting

OMIC adopted the following changes, effective immediately, to underwriting requirements for refractive lens exchange (RLE), phakic implants, and PRK.

1. OMIC modified the underwriting requirements regarding patient selection criteria for treatment of myopia with refractive lens exchange. Under the previous guidelines, patients had to be presbyopic, age 40 or older, and have at least 6 diopters and not more than 15 diopters of myopia. Recent articles from Europe present evidence that the risk of retinal detachment following RLE in high myopes may not be as high as originally thought. One study shows that when a PVD is present preoperatively, the risk of postoperative retinal detachment after RLE or cataract extraction in high myopes is not significantly higher than among a normal population. Another study demonstrated that intraocular lens surgery is not a risk factor for retinal detachment in highly myopic patients; the risk profiles for postoperative and idiopathic retinal detachment were identical. Although this data is not definitive, the company determined its maximum permissible degree of myopia could be increased. OMIC is not aware of any peer-reviewed studies that support a significant reduction in the minimum degree of myopia required for refractive lens exchange, but a slight reduction was approved. The new guidelines continue to require that patients be age 40 or older and presbyopic. However, RLE is now permitted for patients with 5 to 15 diopters of myopia, or above 15 diopters up to 20 diopters if a PVD is present.

2. OMIC reduced the minimum interval between primary RLE procedures and between primary phakic implant procedures from one week to five days. This shortened interval improves scheduling flexibility and patient convenience without significantly increasing risk. Most cases of postoperative endophthalmitis occur three to five days after intraocular surgery, and the five-day interval still allows sufficient healing time so that the surgeon can evaluate the vault of the lens, determine the accuracy of the IOL calculation, or evaluate the effectiveness of LRIs before proceeding with the second eye. Because they are elective intraocular procedures with increased risks and longer recovery periods than refractive surgery procedures, OMIC does not offer coverage for bilateral same-day RLE or phakic implants.

3. OMIC modified its underwriting requirements for coverage of bilateral simultaneous PRK to eliminate the requirement that patients meet all FDA guidelines with respect to age, astigmatism, and myopia, thereby permitting off-label procedures to be performed on both of a patient’s eyes on the same day.

Refractive procedures represent a heightened need for thorough underwriting analysis and loss prevention strategies. We’ve learned through years of defending these cases in both settlement negotiations and at trial, that a risk management-oriented approach to elective procedures is often essential to successful defense of potential claims. OMIC maintains prudent refractive surgery underwriting requirements, first and foremost, to help strengthen the defense of our insureds from future malpractice claims. We also feel that careful underwriting protects our company from increased exposure to losses and helps us to continue to offer coverage for these procedures without additional charge. For more than twenty years OMIC’s related claim experience has been significantly better than the multi-specialty insurance industry.

OMIC’s requirements, based on sensible medical practice and sound risk management principles, are developed by practicing refractive surgeons on OMIC’s Board and Committees and are reviewed on a regular basis as new data becomes available.

For more information on OMIC’s current refractive surgery resources, recommendations, and requirements go here.

Recommendations for Visian ICL™ Phakic Implant Surgery

 //  No Comments

Visian ICLTM Phakic Implant Surgery:
Risk Management Recommendations

Anne M. Menke, R.N., Ph.D.
OMIC Risk Manager

PURPOSE OF RISK MANAGEMENT RECOMMENDATIONS
OMIC regularly analyzes its claims experience to determine loss prevention measures that our insured ophthalmologists can take to reduce the likelihood of professional liability lawsuits. OMIC policyholders are not required to implement these risk management recommendations.  Rather, physicians should use their professional judgment in determining the applicability of a given recommendation to their particular patients and practice situation. These loss prevention documents may refer to clinical care guidelines such as the American Academy of Ophthalmology’s Preferred Practice Patterns, peer-reviewed articles, or to federal or state laws and regulations. However, our risk management recommendations do not constitute the standard of care nor do they provide legal advice. If legal advice is desired or needed, an attorney should be consulted. Information contained here is not intended to be a modification of the terms and conditions of the OMIC professional and limited office premises liability insurance policy. Please refer to the OMIC policy for these terms and conditions.
Version 2/26/07

These risk management recommendations and sample consent form (at www.omic.com) provide information on risk reduction and coverage issues related to phakic implant surgery with the Visian ICLTM

Approved uses
•    The Visian ICLTM was approved by the FDA for:
o    the correction of myopia ranging from -3 to -15 D with ≤ 2.5 D astigmatism at the spectacle plane
o    the reduction of myopia ranging from -15 to -20 D anterior with ≤ 2.5 D astigmatism at the spectacle plane
o    in adults from 21 to 45 years of age
o    with an anterior chamber depth ≥ 3.00 mm, and a
o    stable refractive history within 0.5D for 1 year before implantation
♣    Any use outside these parameters constitutes “off-label” use of the device.  The ophthalmologist should weigh the risk/benefit ratio and inform the patient of the “off-label” status.  The “off-label” status should be added to the procedure-specific consent form.

Possible contraindications
•    Anterior chamber depth < 3.0 mm as determined by the eye doctor
•    Anterior chamber angle < Grade II as determined by gonioscopic examination
•    Patients who are pregnant or nursing
•    Endothelial cell density as specified in the labeling.

OMIC coverage information
•    OMIC’s standard policy excludes refractive surgery.  OMIC-insured ophthalmologists must apply for, and be granted, an endorsement to their OMIC policy in order to obtain coverage for phakic IOLs.  Coverage is granted for on-label use.
o    Please contact the Underwriting Department at 800.562-6642, extension 639 for questions about coverage or off-label use.
o    The application form and refractive requirements are available at http://www.omic.com/products/bus_products/ref_guide_remaining.cfm#phakic

Informed consent
•    There is a sample consent form on the OMIC website in the refractive surgery section.  Carefully review it and change it as needed to reflect your practice.
•    OMIC encourages its insureds to inform their patients of their limited experience performing new surgical techniques.  For additional information regarding this informed consent issue, please refer to OMIC’s Hotline article, “Informing Patients About Your Surgical Experience,” featured in the Spring 2004 Digest, and available at www.omic.com.

OMIC policyholders who have additional questions or concerns about practice changes are invited to call OMIC’s confidential Risk Management Hotline at (800) 562-6642, extension 641.

Pages:«1...74757677787980...90»




Six reasons OMIC is the best choice for ophthalmologists in America.

Leader in the industry.

A-rated by AM Best, OMIC is consistently ranked among the top malpractice insurance companies in America for financial stability. No other carrier has matched OMIC's consistent financial performance with regard to both combined, operating, and surplus ratios, the most relevant financial measurements for an insurance carrier.

61864684