Archive | May 2014

Statement by Paul J. Carniol, MD – 222nd President of the Medical Society of New Jersey:

May 22, 2014

“May is Melanoma/Skin Cancer Detection and Prevention Month and the statistics are sobering. According to the Centers for Disease Control and Prevention (CDC), skin cancer is the most common form of cancer in the United States and about 1 in 5 Americans will develop skin cancer in their lifetime. An estimated 2,530 New Jersey residents were diagnosed with melanoma in 2009 alone.

In addition, a recent survey by the American Academy of Dermatology determined that young adults are not aware of the dangers of tanning beds and how to properly protect their skin from sun damage. Melanoma is the most common form of cancer for young adults 25-29 years old and the second most common form of cancer for teens and young adults 15-29 years old.

As Memorial Day weekend approaches and the start of the summer season begins, remember to seek shade whenever possible, cover up, wear a hat and sunglasses and always use sunscreen. Remind your friends and family members – young adults in particular – about the consequences of all types of tanning, including the risk of skin cancer. Stay safe and have a happy and health summer!”

Data Breach Results in $4.8 Million in HIPAA Settlements

Two health care organizations have agreed to settle charges that they potentially violated the HIPAA Privacy and Security Rules by not securing thousands of patients’ electronic protected health information (ePHI) held on their network. The combined monetary settlement totals $4.8 million and is the largest HIPAA settlement to date. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigated New York and Presbyterian Hospital (NYP) and Columbia University (CU) after they submitted a joint breach report on September 27, 2010, regarding the disclosure of the ePHI of nearly 7,000 individuals. NYP and CU are separate covered entities, but operate a shared data network and a shared network firewall that is administered by employees of both entities. Read more.


OCR’s investigation also found that neither NYP nor CU made efforts prior to the breach to assure that the server was secure and that it contained appropriate software protections and determined that neither entity had conducted an accurate risk analysis. Neither entity had developed an adequate risk management plan that addressed the potential threats and hazards to the security of ePHI. NYP failed to implement appropriate policies and procedures for authorizing access to its databases and failed to comply with its own policies on information access management. NYP has paid OCR a monetary settlement of $3.3 million and CU has paid $1.5 million, with both entities agreeing to a substantive corrective action plan.

Avoid the 2016 PQRS Penalty

Eligible professionals and group practices that fail to successfully report data on quality measures during 2014 will be subject to a two percent reduction on Medicare Fee Schedule amounts for services furnished by the eligible professional or group practice between January 1, 2016 and December 31, 2016.

To avoid the 2016 penalty, eligible professionals must meet one of the following criteria during the 2014 reporting period:

Individual Eligible Professional:
• Meets the criteria for satisfactory reporting adopted for the 2014 PQRS incentive, which are identified in the 2014 Medicare PFS Final Rule and in PQRS educational materials available on the PQRS website. Meeting the criteria will also ensure a PQRS incentive payment equal to 0.5 percent of estimated Medicare Part B allowed charges for covered professional services in 2014.


• Participates in PQRS via qualified clinical data registry, qualified registry, or claims reporting and reports at least three measures covering one National Quality Strategy domain for at least 50 percent of the eligible professional’s Medicare Part B FFS patients.

Group Practice:
• Meets the Group Practice Reporting Option (GPRO) requirements for satisfactory reporting (which are similar to the criteria for satisfactory reporting for the 2014 PQRS incentive), as identified in the 2014 Medicare PFS Final Rule and in PQRS educational materials available on the PQRS website.


• Participates in PQRS via qualified registry reporting and reports at least three measures covering one NQS domain for at least 50 percent of the group practice’s Medicare Part B FFS patients. Read more.

Important EHR Incentive Program Deadlines

This is the last year (2014) that Eligible Professionals (EPs) can start participating in the Medicare EHR Incentive Program to receive incentive payments. EPs who begin participation in the Medicare EHR Incentive Program after 2014, will not be able to earn an incentive payment for that year or any subsequent year of participation. If you choose to participate in the program for the first time in 2014, you should begin your 90-day reporting period no later than July 1, 2014 and submit attestation by October 1, 2014 to avoid the payment adjustment in 2015.

Providers who first begin participation in 2014 must:
• Demonstrate Stage 1 of meaningful use
• Meet 2014 EHR certification criteria
• Select any 90-day reporting period to demonstrate meaningful use, but must start no later than July 1, to avoid the adjustment

To Earn Your Maximum Medicare Incentive:
• Demonstrate 90 days of Stage 1 of meaningful use in 2014 to earn up to $11,760
• Demonstrate a full year of Stage 1 of meaningful use in 2015 to earn up to $7,840
• Demonstrate a full year of Stage 2 of meaningful use in 2016 to earn up to $3,920

Medicare eligible professionals who are not meaningful users will be subject to a penalty beginning on January 1, 2015. The penalty will be applied to the Medicare physician fee schedule (PFS) amount for covered professional services furnished by the eligible professional during the year. The penalty is 1 percent per year and is cumulative for every year that an eligible professional is not a meaningful user. Read the Payment Adjustment and Hardship Exemption Tipsheet for more information. Read more in AMA Wire™.

CMS Registration Begins June 1 for Physicians and Teaching Hospitals

As part of Open Payments, physicians and teaching hospitals should register with CMS starting June 1 to review information about payments or other transfers of value given to them by the industry prior to public posting of the data. Physicians and teaching hospitals that choose to participate will need to initially register in CMS’ Enterprise Portal to access and review the information submitted about them by the industry. As a part of this overall process, registered users will be able to dispute information with industry that they believe to be inaccurate or incomplete.

Registration for physicians and teaching hospitals will be conducted in two phases for this first Open Payments reporting year:
• Phase 1 (begins June 1) includes user registration in CMS’ Enterprise Portal.
• Phase 2 (begins in July) includes physician and teaching hospital registration in the Open Payments system, and allows them to review and dispute data submitted by applicable manufacturers and applicable group purchasing organizations (GPOs) prior to public posting of the data. Note: Any data that is disputed, if not corrected by industry, will still be made public but will be marked as disputed.

In the coming weeks, CMS will provide additional guidance about how to complete the CMS registration process, and when Phase 2 registration and the review and dispute process will begin for physicians and teaching hospitals. Learn more about Open Payments requirements by reviewing the Program Overview for Physicians.

Microsoft Internet Explorer Security Issue

Last week we reported that Microsoft’s Internet Explorer (versions 6-11) were vulnerable to a new security issue. Members were urged to avoid using Internet Explorer (IE) and to download another free browser such as FireFox or Chrome. Members were also reminded to not click on any links or open any documents from unknown sources.

Microsoft has fixed the security issue. For those receiving automatic updates from Microsoft, the security update will load automatically. Those who manually update are urged to do so immediately. It should be noted that Microsoft chose to also issue an update for Windows XP, though they decided to no longer support it. Microsoft continues to urge users to update their operating systems, as updates to Windows XP will not continue.