FISMA Reforms Heading to White House

The Federal Information Security Management Act (FISMA) is the law under which Federal agencies and their departments are held accountable for the security of their IT. Under the current system, every three years agencies are required by FISMA to reconfirm the status and security of their IT systems and processes using what is effectively a rubber-stamp check-the-box process to attest that all due diligence was performed, without any monitoring or verification.

On December 10-11, Congress enacted reforms to FISMA which would see this process change from a tri-annual event to one of continuous authorization and ongoing monitoring. Those changes are heading up Capitol Hill to the White House and will be the first major change to cybersecurity legislation since FISMA was originally enacted in 2002, twelve years ago.

CMS Rule Proposal Would Defer Penalties By 3 Years

On Monday December 1st, the Centers for Medicare and Medicaid (CMS) Services released a 429 page proposal which if adopted will restructure the Medicare Shared Savings Program (MSSP) to give program participants up to an extra three years of grace before incurring performance penalties. This delay, in conjunction with the offering of an alternate model, is hoped to encourage Accountable Care Organizations (ACO's) to come on board and sign up for the Medicare financial incentive program for ACO’s.

An ACO is basically a collective, where all stakeholder participants (doctors, hospitals, other healthcare practitioners) coordinate purchases within their group, with the objective of reduced healthcare costs and associated improvement of patient outcomes. Cost benefits are shared among the members of the ACO, as are penalties. Both are based on whether performance benchmarks for quality of care are met, or missed.

Dutch Engineer Develops Unusual Ambulance Network

This is the story of Alex Momont, a design engineer at the Technical University of Delft in the Netherlands. He recently graduated by presenting his Master Thesis, a research project that we will come to later. You should know that Alex is one of only five people ever to achieve a maximum grade during the fifty years that this University has been open. What he worked on is spectacular. No other word does it justice.

Background: In the European Union, around 800,000 people per year suffer a cardiac arrest. Ambulance response times vary, but average at ten minutes from first call. Irreversible brain death occurs at around 4 to 6 minutes after the heart stops beating. First responders know before they even turn on the ambulance siren that 8% of cardiac arrest victims will need to be pronounced dead on arrival. Enter Alex.

Are Practitioner Mobile Health Apps Secure? Not Always.

A growing number of apps are available on all platforms for self-help, personal fitness and medical monitoring. Practitioners are increasingly getting into the app market, with apps for patient management. Some of these may compromise data security, maybe even HIPAA. Here's how.

First, I want to avoid litigation. I am not therefore naming any specific app or vendor. Generically, then, this article is about broad strokes. To take one non-specific scenario to demonstrate the point: Medication reminders.

Some provider-provided apps contain medication calendars that not only remind patients when meds are due, but also allow them to confirm when those meds have been taken. Practitioners can monitor, and even send out alerts if doses are missed. They can also update dosages and frequencies via push notifications. This functionality allows practitioners to eliminate unnecessary appointments, and patients taking up seats in waiting rooms. That sounds fantastic, and is in fact really useful, but it could hold a sting in the tail.

Practitioners have no way to know who is holding the receiving device.

Sigmund at the CCPA 45th Annual Meeting

If you find yourself at a loose end in Hartford, CT, on Thursday December 14, please take the opportunity to come over to the Hartford Marriott Downtown (next to the Connecticut Convention Center) to take in the 45th Annual Connecticut Community Providers Association (CCPA) meeting.

The CCPA represents organizations that provide services and supports for individuals with significant challenges including children and adults with substance use disorders, mental illness, developmental and physical disabilities.

Announcing the Winners...

Sigmund Software ran another Reward A Colleague contest recently, in which we again encouraged entrants to nominate someone from within their team for outstanding contributions.

The contest proved very popular with the OPEN MINDS 2014 conference attendees that came over to talk with Sigmund about some of the cutting-edge developments that we have introduced during the year. Yes indeed, we have been working hard to stay ahead of the field and maintain our reputation for ongoing development. We are always raising the bar. It's what we do. But enough about Sigmund. This is about you...

Fun And Prizes on the Exhibition Floor!

By Dawn D'Angelo

One of the many enjoyable moments from the 2014 OPEN MINDS conference was being able to participate in the Raffle in the Exhibit Hall. 16 Prizes were provided by various vendors, including Sigmund Software. There were really wonderful prizes ranging from gift cards to technology gifts which included Sigmund’s contribution of a UWatch, a universal Bluetooth Smart Watch.

Conference attendees were provided with a raffle card, on which were written many of the exhibitors names and booth numbers. Participants were required to visit each booth and obtain a signature on their card, then turn it in to participate in the raffle. It was a great networking opportunity and I enjoyed the sheer fun of the meet and greet!

True Tales of Technology

In the week following the OPEN MINDS conference, which focused on medical technology and all things EHR, this next item seems highly relevant. It is a story about data security and breach protection. It is a story which shows how easy it can be to be the unwitting source of a data breach.

I have worked in various sectors of the computer industry for many years. So has my lovely and talented wife. This is her story, one she shared with me about an event earlier this week. With her kind permission, I now share it with you. It goes like this...

A local wholesaler regularly purchases consignments of returned electrical equipment from a well-known outlet chain. Now, like any consignment purchase, some things are good and some are not, and you don’t know which is which until you unpack the skid. My good lady wife is on a retainer to go through anything computerish (a technical term curiously absent from most spell checkers) and see what still works, and whether it can be fixed. She restores computers to default, resets routers, tests printers, leaps tall buildings in a single bound, that kind of thing. Did I mention, she is talented?

In this particular consignment was a 1Tb hard drive, returned because it was apparently no longer working. Dead. Using her years of experience and trusty suite of diagnostic tools, the problem was identified and the drive fixed within minutes, ready for resale. Job, as they say, done. Or so you would think. But of course, that's where the story really starts... 

CMS Final Rule Expands Telehealth

Announced on Friday November 1, the Centers for Medicare and Medicaid (CMS) final regulations for the Medicare Physician Fee Schedule contain changes which will take effect on January 1, 2015.

Those changes include an increase in coverage for wellness and behavioral health, one of which will permit physicians to invoice $40 per month for patients suffering more than one chronic condition, that they have not seen physically.

A notable amendment to the final rule sees CMS easing the EHR requirement for eligibility to now permit submissions from both 2011 AND 2014 certified EHR's. Either certification will be allowed when claiming chronic care management payments during the 2015 fiscal year. This is in response to some provider concerns about the overall interoperability of their current EHR system, which may not prove flexible enough to support chronic care management services effectively.

Also, the CMS rules address the Affordable Care Sunshine Act in several key ways, particularly exemptions. Payments associated with accredited continuing medical education are no longer exempt and must be declared. CMS advises that group purchasing organizations and affected manufacturers will now be required to report any compensation given to physician speakers at educational events, in the majority of cases. The stated intent is to clarify the indirect payments which must now be reported to CMS when medical education is underwritten by stakeholders.

Open Minds Technology Institute Conference 2014

2014 sees the tenth anniversary of the OPEN MINDS Technology and Informatics Institute conference, which this year focuses on the development of strategies to help health providers gain the most from current and upcoming technologies in the health and human service arenas.

The two main areas of focus this year are Service Delivery and Operations Management. The changes in service delivery methods, organizational administration, and management of daily operations which have come about during the past ten years due to the rapid pace of technological innovation have been game-changing. Where does this leave modern healthcare providers? And what of the future? These questions and many more will be answered by more than twenty five speakers and industry experts.

What is Strategic Risk?

Security is a minefield, and few places hold more danger of fatal misstep than the fields of electronic health records, interoperability, Meaningful Use, and patient engagement.

Ever larger security breaches are announced every day. I personally fear the ones which remain unannounced. The ones as yet undiscovered. Why? Because nobody gets up to close a door if they think it is closed. And that leads neatly away from the subject of security, to the subject of Strategic Risk.

It is a requirement for Meaningful Use and HIPAA that organizations create a written plan for worst-case scenarios. In some high-visibility headlines this has not been done and organizations have been penalized heavily. But that really is closing the stable door after the horse has bolted. Security is a moving target. Breaches will always occur. Taking that as a starting point, everything becomes so much clearer. The thing to remember is this: If it can happen, there is a good chance that it will. If a door is open, someone will eventually walk through it. So, plan for it.

At the American Health Information Management Association (AHIMA) conference in San Diego, the Centers for Medicare and Medicaid (CMS) released some interesting statistics.

Up to July 2014 the Medicare and Medicaid incentive programs have jointly paid out $24.87 billion, with roughly $16 billion going to Medicare and $8 billion for Medicaid.

CMS says that 92% of hospitals have received incentive payments. Of the possible eligible professionals (EP) that could have registered, 90% are shown to have done so. That is quite a remarkable adoption rate.

Specify, For Effective Billing and Reimbursement

Until the move to ICD-10 is globally adopted, many physicians prefer to continue using the ICD-9 coding system.

Section I.B.6. of the ICD-9 manual advises that, "Codes that describe symptoms and signs, as opposed to diagnoses, are acceptable for reporting purposes when a related definitive diagnosis has not been established (confirmed) by the provider."

The key word is "definitive". In practice this means that unconfirmed diagnoses are best avoided as they may later incur denials and / or delays to reimbursement. The presence of doubt is sufficient to introduce delay.

Patient Assessment and Progress Notes with AURA EHR from Sigmund Software


Leverage flexible Content Management Controls in AURA to develop organizationally defined instrumentation that has intelligence.

Click to find out more

Custom User Interfaces with Administrative Dashboards in the AURA EHR from Sigmund Software



Enjoy greater controls over the vital signs of your organization with personalized custom administrative Dashboards from AURA.

Click to find out more