Archives

now browsing by author

 

What Are the Top 10 Phishing Email Subject Lines from Q2 2018?

Hackers are constantly throwing in new and clever phishing attacks that threaten email users’ security.  KnowBe4, one of the top security attentiveness and simulated phishing platform contributors recently issued the top 10 phishing email subject lines from this year’s second quarter. Please note, the attacks used most often contain email subject lines that relate to a user’s passwords and security warnings.

An estimated 1 out of 3 people will open a phishing email each day. This tricky way of gathering people’s personal and financial information is getting bigger, despite all the warnings from technology experts.

What is Phishing?

Phishing is a technique that hackers practice to steal personal information, like credit card info or login authorizations. The hacker replicates an existing login page from an online service such as Dropbox, Apple, Gmail or your financial institution. This made-up website holds a code that delivers all the personal data you submit directly to the hacker. To lure you to the bogus website, hackers send a believable email to you. Quite often, the email sent to you will ask you to log in to your bank account because your bank has exposed a transaction that you did not authorize.

Hackers can make these emails look and sound real and their exploits have been very successful. They often use fear. The email will make it sound like you need to take action NOW! So without really checking, the victim clicks the bad link and continues to the bogus landing page where they give the cyber thief their log-in and password information.

Why is Phishing a Concern?

It is reported that consumers, businesses, and organizations will lose an estimated $9 billion in 2018 globally. With so much personal information tied to finances now shared online, hackers use phishing in order to illegally steal your money.

The Anti-Phishing Working Group (APWG) latest quarterly release reported:

  • Over 11,000 phishing domains were created in the last quarter alone.
  • The number of phishing sites rose 46% over the previous quarter.
  • The practice of using SSL certificates on phishing sites continues to rise to lure users into believing a site is legitimate.

Is Phishing Just a Risk for Personal Users?

Because they store a lot of files in the cloud, Phishing is also a risk for all kinds of companies:  Digital design companies, financial institutions, security companies, etc. According to hackmageddon.com, there were 868 reported company security breaches or cyber-attacks in 2017.

What do Hackers need to be successful?

There are generally three things hackers do to gain access to your information:

  • Build an email account to send emails
  • Buy a domain and set up a fake website
  • Think of a tech company that is used often to mask itself as a legit website (Dropbox, Amazon, eBay, etc.)

What Can I Do to Avoid Phishing?

It has become increasingly difficult to guard yourself against phishing. As hard as Apple, Google, and other tech companies have worked to filter them out, hackers are always devising new ways to phish. However, here are some tips on spotting phishing emails:

  • Try to avoid clicking on buttons and/or links in emails.
  • Begin using password managers. A password manager aids the user in creating and retrieving complex passwords and storing the passwords in an encrypted database. Therefore, if hackers get one of your passwords, they can’t use it on any of your other accounts.
  • Don’t put total faith in the green lock icon in your address bar. This only ensures that it is a private channel but does not inform you about who you’re communicating with.
  • Allow 2FA (two-factor authentication). Two-factor verification is an extra layer of safekeeping otherwise known as “multi-factor authentication.” 2FA requires a password and username, and also something that only the user knows (mother’s maiden name) or has (passcode texted to another device, such as a cell phone).
  • Be extra cautious if the browser plugin of your password manager doesn’t show your login credentials automatically.
  • Be quick to report suspicious emails to your friends and colleagues. Organizations who make it easy for their employees to report attacks will see a significant decrease in cyber-attacks. The quicker an IT department can respond to a threat, it will minimize the threat potential damage inflicted on people.

Ironically, the trend for most of these phishing emails are warnings about security alerts.

Here are the top 10 from Q2:

  1. Password Check Required Immediately (15 percent).
  2. Security Alert (12 percent).
  3. Change of Password Required Immediately (11 percent).
  4. A Delivery Attempt was made (10 percent).
  5. Urgent press release to all employees (10 percent).
  6. De-activation of [] in Process (10 percent).
  7. Revised Vacation & Sick Time Policy (9 percent).
  8. UPS Label Delivery, 1ZBE312TNY00015011 (9 percent).
  9. Staff Review 2017 (7 percent).
  10. Company Policies-Updates to our Fraternization Policy (7 percent).

By: Julie Kastner, Phoenix Technology

August 2018

Medical Claims and Coding Analyst

JOIN THE ONPOINT MEDICAL SOLUTIONS TEAM

 

We are looking for someone who is customer-centric, has a strong work ethic and prides themselves on the highest level of professionalism.  If you have medical billing and coding experience and want to be a part of a great team of people then click to APPLY NOW!

 

 

CREDIT BALANCES – THE NEW RED FLAG FOR YOUR PRACTICE

What physician wants to give any money back to an insurance carrier?  Few consumers realize that unlike other business owners, physicians don’t get to set their own prices for services rendered.  Rather, they are on a “take it or leave it” reimbursement system.  So, frustration runs high when a provider is informed that there has been an overpayment on an already heavily discounted service.  These overpayments, result in credit balances.

There seems to be an uptick in the number of practices that are contacted by the State Department of Revenue and told that they are the target of a credit balance audit.  This article, Juggling the Credit Balance Dilemma, is a good overview of why this is happening and the penalties you face if you don’t resolve credit balances.  We hope you take a minute to read the article and then make sure your practice is in compliance.

8 Ways to Play the Prior Authorization Game

prior authorization
The prior authorization game is an art, not a science.

There is nothing more frustrating to physicians than knowing a patient needs a certain diagnostic test or medication and having them not be able to get it because their health insurance company won’t cover it. All too often, many services require prior authorization.It wouldn’t be so bad if the insurance companies made the guidelines they use to make these determinations readily apparent to those practicing medicine. However, these guidelines are created by the insurance company.  The guidelines are unavailable to treating clinicians, and often they use decades-old recommendations. We are often left to predict the insurance company’s decision.  The carrier’s main goal is cost containment rather than evidence-based medicine.

Many of us feel that it is like playing an epic game where we try to give our best care to our patients, while the insurance companies deny as many tests as possible to increase their profits. The loser of this game is not the one who was able to get the least amount of services covered or earned the least money. Rather, it is the patient: delayed diagnoses/treatment; denied tests; or forced to use less effective medications based on formularies developed by insurance companies using their own guidelines, and footing increased costs.

How can this prior-authorization game be played for better odds of winning?

– Whoever does the prior authorization needs to have the progress notes in front of them. They will be asked clinical data and it should be at their fingertips.

– Know what needs to be documented in the chart. For example, I had a patient with knee pain who I suspected a torn ligament in the knee. When talking to the rep to get prior-authorization for an MRI, I told her the patient had a positive drawer sign. She never heard of this before and because I didn’t record the results of the Lachman test in the note, she could not approve the MRI. She didn’t know what this test was (I asked) either, but it was a checkmark on her decision tree. I record them all.

– Learn what is needed to get an approval. One example is that with certain insurance companies, every time I order an MRI of the lower back, they want the patient to have had a plain X-ray first. Why? There is no evidence that X-rays are a good test to diagnose back problems. In fact, if I am looking for a herniated disc, a plain X-ray will not show it but rather an MRI is needed. I know this but sometimes the only way to get the patient to get the test is to do it anyway.

– Don’t give up. If a test is denied, appeal it. I find that this is not often successful but sometimes is. Plus, the insurance company should not be given an easy pass for refusing to cover something a patient needs.

– Get the patient involved. Patients should be contacting their insurance company as well. They will be talking to member services and sometimes they find a sympathetic ear who helps them get coverage or reveals the holy grail of coverage determination to them. They are often successful when we are not.

– Remember human resources. If a patient works at a company that has an HR department, have the patient get them involved. Insurance companies do not want to lose any covered lives so if they find a company is unhappy with the services provided, this can be a very effective weapon.

– Ask for the medical director of the insurance company. Most of them were practicing medicine at some point and understand our struggles on the frontlines. If we present our medical reasoning with them, they often are able to authorize a test. Not always.

– Talk to your provider rep at the insurance company. They often know the right person to talk to that may help you get the service covered.

While these tips may help get some prior authorizations approved, they often still do not work. The insurance companies hold a lot of power over these medical decisions. The most important thing is to keep fighting the ones we don’t medically agree with. The day we all quit the battle is the day we lose the game.  Don’t let the big insurance companies win and determine medical care. We must remain diligent in our fight for optimal clinical outcomes in all and each of our patients.

By: Linda Girgis, MD

April 4, 2018

Improper Billing and Testing Results in Fines and Jail Time for Providers

Improper billing and testing can result in fines and jail time.  The government is taking a very aggressive stance.  Providers beware!

Most providers aren’t even aware that they may be guilty of improper billing.  Many times providers appear before the courts and say they didn’t know.  Unfortunately, they soon learn that ignorance is not a defense.

Two recent cases underscore the importance of making sure the provider listed on the claim submission form is the same provider that performed the services, and the same one who documents and signs the medical note.

April was a busy month for the U.S. Department of Justice (DOJ). Two settlements highlight the notion that the U.S. government has a low tolerance for providers who defraud its programs such as Medicare, Medicaid, TRICARE, and the Federal Employee Health Benefits Program (FEHB).

Garrett Okubo (Honolulu) 

According to the DOJ, Garrett Okubo, the owner and operator of a physical therapy business in Honolulu, submitted claims for physical therapy services between January 2011 and October 2017 for payment from Medicare, Medicaid, TRICARE, and the Hawaii Medical Service Association. Okubo, in violation of 18 USC § 1347, executed a scheme by “falsely stating that Okubo himself had personally provided the physical therapy services to his patients, when in reality the services were provided by Okubo’s unlicensed staff members, including at times when Okubo was traveling on the U.S. mainland or in a foreign country.”

Although Okubo is not a physician, the issues raised in his case, which resulted in both monetary penalties and jail time, parallel those of improper billing of non-physician providers (NPPs) such as physician assistants, nurse practitioners, and clinical nurse specialists.

In general, Title 42 must be consulted regarding the scope of the reimbursement. If a nurse practitioner, for example, is billing under their own Medicare provider number, then the reimbursement by Medicare is 85 percent of the Medicare Physician Fee Schedule. It is also imperative to read the respective state law in order to ascertain the scope of practice, licensure requirements and level of supervision.

Biotheranostics, Inc. (San Diego)

According to the Acting Assistant Attorney General of the DOJ’s Civil Division, “laboratories that knowingly submit claims for non-reimbursable services will be held accountable.”

On April 19, Biotheranostics, Inc. agreed to pay $2 million to resolve allegations that it both submitted and caused to be submitted Breast Cancer Index (BCI) tests for Medicare reimbursement. These tests were not “reasonable and necessary” and, therefore, failed to meet the medical necessity standard.

The Medicare statute expressly states that laboratory tests may be reimbursed by Medicare only if they are “reasonable and necessary for the diagnosis or treatment of a patient’ illness or injury.” Relying on evidence-based medicine standards, the DOJ determined that the BCI test was being performed on breast cancer patients who neither had been in remission for five years nor had been taking tamoxifen. Therefore, substantiating that a number of claims that were submitted for Medicare payment were unauthorized and unnecessary.

The take-a-ways for physicians are as follows:

  • Make sure that NPPs are billing in the appropriate manner in conjunction with state and federal law and that the definition of “supervision” in a respective state is understood;
  • The person’s name on the claim’s submission form needs to be the one performing the service and indicated in the medical records;
  • Ensure that the diagnostic tests or treatment being order is substantiated by medical necessity; and
  • Failing to be compliant can and often does result in False Claims Act cases, which can carry both civil and criminal penalties.

 

By: Rachel V. Rose, JD, MBA. 
Rose is an attorney who represents and advises both corporate clients and individuals on healthcare, cybersecurity, securities, False Claims Act and Dodd-Frank causes of action.  She is also a Principal at Rachel V. Rose – Attorney at Law, PLLC, who also teaches bioethics at Baylor College of Medicine.
(800) 594-8043 Email