Don’t Be Caught Unaware

 Author: Seymore Bones  Published Date: February 27, 2025  Leave a Comment on Don’t Be Caught Unaware

Key HIPAA Security Rule components:

  • Appoint a security officer: Assign someone responsible for overseeing HIPAA security compliance, which
    includes managing risk assessments, audits and staff training.
  • Implement access controls: Limit access to ePHI to authorized personnel only, and use strong password
    policies, multi-factor authentication (MFA) and user role-based access
  • Conduct regular risk assessments: These are explicitly required for HIPAA compliance.
    Covered entities and business associates are required to “conduct an accurate and thorough
    assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and
    availability of electronic protected health information (ePHI).” This is often referred to as a “risk
    assessment” or “risk analysis.”
    ♦ A one-time risk assessment is not enough. Risk assessments need to be ongoing and
    periodic to ensure that new threats, vulnerabilities and changes to systems are consistently
    evaluated. This should be annually or as dictated by your organization’s risk profile.
    Document all risk assessment processes and results to meet HIPAA audit
    requirements.
  • Schedule regular security audits: While a risk assessment identifies threats and
    vulnerabilities, security audits go deeper into validating whether your safeguards and
    controls are both in place and effective.
    Administrative safeguards: Audits check for proper security policies, workforce
    training, and contingency planning.
    ♦ Physical safeguards: Audits assess physical controls around facility access and device security.
    Technical safeguards: Audits evaluate technical controls such as encryption, access controls and
    network monitoring.
    By conducting these audits on a scheduled basis (e.g., annually or quarterly, depending on the
    organization’s size and risk profile), you can detect and address any areas of non-compliance before they
    become liabilities.
  • Establish data backup systems: Regularly back up ePHI and store backups securely offsite
  • Enable audit logs: Activate and monitor audit logs for all systems handling ePHI.

How Payers are Failing Practices and Patients

 Author: Seymore Bones  Published Date: February 26, 2025  Leave a Comment on How Payers are Failing Practices and Patients

Sometimes we may feel all alone in our very strenuous dealings with Payers. 

As I read through the different parts of this Physician Practice survey, I just kept thinking “we are not the only one” 

Take a minute to open this scorecard. I think you will more than appreciate it. 

Scorecard

Do Not Be Fooled

 Author: Seymore Bones  Published Date: February 20, 2025  Leave a Comment on Do Not Be Fooled

MultiPlan

Has Changed It's Name to:

Claritev

The company, which spent much of past year navigating rising debt and antitrust lawsuits, said Tuesday the rebrand will have no affect on its existing services.

Humana’s Contract Numbers

 Author: Seymore Bones  Published Date: February 17, 2025  Leave a Comment on Humana’s Contract Numbers

Knowing the Medicare Advantage (MA) Contract number of the plans your office has opt’ed into can be a big help. 

Some may say what is a MA contract number? Or you may have heard it called an H number.

The Centers for Medicare and Medicaid Services (CMS) is responsible for identifying each Medicare Advantage C plan with a unique contract number. This number is assigned to the insurance company during the approval process. For local managed care contracts, the number begins with an ‘H’ or a ‘9″. 

Below are your H numbers for the Humana-POET contract. 

The next time you are in doubt about a Humana Card, look for one of these numbers on the front of the card.

Humana Gold Plus H0028-041 (HMO)

HumanaChoice Giveback H5216-358 (PPO)

Humana USAA Honor Giveback H5216-348-000-2025 (PP0) This is the only Humana Military card under the POET Contract.

This isn’t the best example of a Humana card, but you can see the H number in the bottom right hand corner.

Do not be confused: Tricare for life is a 2ndary Plan and does not need a contract.

Aetna Reverses NPP Payment Reduction

 Author: Seymore Bones  Published Date: February 13, 2025  Leave a Comment on Aetna Reverses NPP Payment Reduction

By: Hannah Wisterman ~ 2/12/25

 

On January 31st, InK reported Aetna was changing it’s policy on billing for Non-Physician Providers (NPP). As of February 10th Aetna has changed their stand. Please Read!

Aetna’s Feb. 10 reversal  preserves NPPs’ ability to fully bill under a supervising physician’s name and National Provider Identifier (NPI) for services “incidental to” the physician’s diagnosis and treatment of an injury or illness. Services billed incident-to must be conducted in the same office suite where the physician is present and available to intervene if needed. 

Please click over to the full article, for more information.

Having Trouble Locating BCBS 1st Qtr HCPCs?

 Author: Seymore Bones  Published Date: February 11, 2025  Leave a Comment on Having Trouble Locating BCBS 1st Qtr HCPCs?

POET has heard from Genesis our BCBS Network Management Consultant. 2024 HCPCs schedules are still in effect. The 1st quarter update will be effective March 1, 2025.

Wait wouldn't that make it the 2nd 6th?

HS Connect Issues

 Author: Seymore Bones  Published Date: February 10, 2025  Leave a Comment on HS Connect Issues

You may have been experiencing issues with HS Connect. One office reported to POET (thank you) they had been in contact with HS Connect. And was told that on January 1, 2025 HS Connect had a major update. You may already guessed, it failed (Majorly in Texas). Our source was told that HS Connect is having to enter Texas Data by hand. What you are seeing when you pull up the screen is 2024 data. 

For more information call: HS Connect Help Desk (866) 952-7596 , option 2 or email [email protected]

If you have information that will benefit others, please feel free to share. POET would love to get it out on ink.

Aetna Cuts Payment for NPP-Care

 Author: Seymore Bones  Published Date: January 31, 2025  Leave a Comment on Aetna Cuts Payment for NPP-Care

By Alisa Pierce ~ TMA

UPDATE: Please see update to this article, posted 2/13/25

Starting April 1, Aetna will pay physician practices only 85% of the Medicare Physician Fee Schedule’s allowed amounts for services provided by non-physician practitioners (NPPs)

This will be regardless of whether you bill Medicare directly or “incident-to” physician supervision. 

  • Both direct and incident-to claims will still be required to include modifiers SA or SB to indicate what type of NPP rendered the service, such as a nurse practitioner or certified nurse midwife.
  • NPPs will still be required to be employed by supervising physicians and registered with the Texas Medical Board as having delegated prescriptive authority. 

“This is essentially [Aetna] getting rid of incident-to billing,”

To read the complete TMA article
Aetna's January 2025 Provider News Letter

What are the Security Requirements for HIPAA Compliant Emails?

 Author: Seymore Bones  Published Date: January 30, 2025  Leave a Comment on What are the Security Requirements for HIPAA Compliant Emails?

Security Rule (§164.306)

(a) ENCRYPTION: Securing email containing PHI from end to end. You may visit “The National Institute of Standards and Technology” for advice on the latest and most suitable standards for email services.

(b) Email Phishing Protection: Technology can include email filters and spam protection systems that help detect and block phishing emails before they reach the user’s inbox. Anti-phishing software solutions can detect and block phishing attempts by analyzing web traffic and identifying malicious websites designed to steal user credentials.

(c) Spam Protection: Email spam protection is a system designed to detect and block unwanted or potentially harmful email messages from reaching a user’s inbox.

(d) Virus Protection: Installed on email servers and user devices, virus protection solutions scan emails, including attachments and links in emails for viruses. The software is automatically updated with the latest virus definitions to protect against new threats and provide continuous monitoring and real-time protection of email traffic. 

(e) Ransomware Protection: Ransomware security protection involves a range of measures and tools designed to prevent, detect, and respond to ransomware attacks. In addition to antivirus software, phishing detection, spam filters, and email filtering discussed above, ransomware includes endpoint protection which monitors and secures individual devices against ransomware attacks along with the entire network of devices.

For more content follow this link to "The HIPAA Journal"

ALERT: BCBS Not All PPO in the Suitcase Cards Follow the Rule

 Author: Seymore Bones  Published Date: January 29, 2025  Leave a Comment on ALERT: BCBS Not All PPO in the Suitcase Cards Follow the Rule

SAY IT ISN’T SO!

Things to look for: But remember cards are so tricky these days, what applies to one, may not apply for another:

Is the “Texas Department of Insurance” acronym TDI on the card?  If a health insurance card does not have “TDI” on it, it is likely an ERISA plan, meaning it is a self-funded plan regulated by federal law and not by the Texas Department of Insurance (TDI) because the employer directly pays claims instead of relying on an insurance company; the absence of “TDI” indicates the plan is self-funded and therefore likely falls under ERISA regulations. (resource tdi.texas.gov)

Look for these phrases, usually on the back of the card:

“BCBS provides administrative services only and assumes no financial risk for claims.”

“JBS will utilize Anthem to handle member contract for Health plan administration”

“Anthem Blue Cross and Blue Shield provide administrative claims payment services only and does not assume any financial risk or obligation with respect to claims”

BCBST provides administrative services only and assumes no financial risk for claims.”

2/11/25 Amended to add Cigna. Look for these terms on Cigna Commercial cards:

  • Shared Administration (S)
  • Benefits are not insured by Cigna or Affiliates

Scrutinize each member’s card on an individual patient basis. No rule is across the board.