Contact Us | Become a Member
This article originally appeared in the October 2018 MGMA Connection magazine. By David Finn
The healthcare industry in the United States has experienced its fair share of cyber incidents — from ransomware to distributed denial of service (DDoS) attacks and data breaches — in recent years. Breaches alone cost the healthcare sector $6.2 billion each year, and a single data breach (across all sectors) costs $4 million.
In healthcare, these costs include forensics, breach notification, lawsuits, fines and remediation costs. They also include diminished brand value and lost revenue. The latter is a bit easier to identify. Organizations know what their financial run rates were historically and leading up to the event, so short-term financial losses after the incident can be extrapolated. On the other hand, brand value can be hard to estimate because reputation is not a tangible asset.
That’s why it’s important for practice leaders to better understand potential intangible losses caused by a cyber incident or data breach. A 2017 study found that 45% of IT practitioners and 42% of chief marketing officers did not believe their senior management understood the importance of preserving their company’s reputation.
For large, publicly traded companies, stock prices drop an average of 5% immediately after a data breach is disclosed, but it’s not as easy to quantify for an industry in which many of the largest providers are private, not-for-profit organizations. Healthcare runs on trust. If patient trust is lost, those patients may walk if they have alternatives, which can result in a significant loss of revenue.
This threat goes beyond breaches, too. In 2014, Boston Children’s Hospital experienced a DDoS attack by the hacker group Anonymous following treatment of a young patient who was removed from her parents’ care by the state. While the hospital never closed, it had to shut down external websites as the attack continued. The incident happened during an annual fundraising event and shut down a website for sourced donations. “This was not a tens of thousands of dollars thing, it was significantly more than that,” the chief information officer said of the incident. The loss was significant enough that Boston Children’s filed a claim against the hospital’s cyberinsurance carrier for the event; however, because there was no breach of data, the underwriter didn’t process the claim. The hospital was able to protect patient data and avoid a breach, despite the financial impacts.
The loss of patients is another way cyber incidents can adversely affect a practice. One study indicated that 54% of patients said they would be very or moderately likely to change providers after a security data breach involving their personal health information. Those patients from that survey also said they would be most likely to switch providers if practice staff had caused the breach.
A separate study by TransUnion Healthcare found similar results: 65% of patients would be likely to switch providers after a data breach.
Changing providers may not be the worst news from the TransUnion study, however. Nearly one-quarter of respondents reported that security concerns inhibit their communications with their doctor: 9% said they always or often withhold personal health information and another 12% indicated that security concerns could lead them to withhold information from their doctors.
If caregivers don’t get a full picture of their patients’ history, treatment won’t be as effective and may actually be inappropriate and cause harm.
On top of this, an analysis of Department of Health and Human Services and Centers for Medicare & Medicaid Services data suggests more than 2,100 patient deaths annually could be attributed to hospital data breaches.
The study compared patient-care metrics at hospitals that have experienced a data breach to those that have not. One of the metrics was the proportion of patients who suffered a heart attack and died within 30 days of admission to a hospital. Analysis found the rate of patient deaths increased by 0.23% one year after a breach and by 0.36% two years after a breach — roughly 2,160 additional deaths per year. Researchers explained that a data breach both diverts funds from patient care and distracts physicians for years after the event. Disruption from remediation activities, regulatory inquiries, litigation and more can occur for years after the breach and result in delays to services that translate to quality of care issues.
The best way for organizations to reduce their risk and improve their ability to respond is by adopting a cybersecurity framework. The most widely adopted framework in healthcare is the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF). Using this framework, organizations can create a risk-based, comprehensive and current approach to information protection and cybersecurity.
A 2018 study on cyber threats evaluated hundreds of facilities, including physician practices, against the NIST CSF on a six-point scale ranging from 0 or “incomplete” to 5, which indicates an “optimized process.” The findings showed that physician practices scored an average of 2.0 and 1.8, respectively, in the areas of “respond” and “recover,” compared to scores of 2.6 and 2.5 for hospitals/health systems and 2.8 and 2.9 for business associates.
Taking proper actions immediately after a cyber incident or data breach can reduce fallout. The better prepared your organization is, the sooner it will be able to identify the incident, what’s been affected, ways to limit its scope, what to do and how to respond — internally and externally — and how to recover from the event.
Published by the U.S. National Institute of Standards and Technology in 2014, the CSF offers guidance on assessment and improvement in private-sector organization’s ability to prevent, detect and respond to cyberattacks.
Updated most recently in April, the core area of the CSF is defined by five key functions applicable to any organizations. Those functions contain various categories relevant to cybersecurity:
1. Identify: Asset management, business environment, governance, risk assessment and risk management strategy
2. Protect: Access control, awareness and training, data security, information protection processes and procedures, maintenance and protective technology
3. Detect: Anomalies and events, security continuous monitoring and detection processes
4. Respond: Response planning, communications, analysis, mitigation and improvements
5. Recover: Recovery planning, improvements and communications
Adoption of the CSF often leads to development of a “current profile” of an organization’s cybersecurity work, which provides a baseline for a “target profile” of improvements.
Contact David at David.email@example.com.
Join us on October 29 for a webinar with Jackson Physician Search. With the physician shortage acute and intensifying, how do some organizations consistently outperform all others? Competition for talent in key specialties can make recruiting top physicians expensive and time-consuming. Healthcare executives are challenged to strategically meet their communities’ needs while physician recruiters must fill positions faster, more efficiently and at less cost than ever.
The solution can be found in “three smart moves” that will help you:
Join us Oct. 9 for our annual insurance CEO roundtable. Leaders will discuss the most pressing issues facing their industry, including the fate of the Affordable Care Act, prescription drug prices, value-based payments and more.
The event is Tuesday, October 9 at the Wisconsin Club in Milwaukee (11:30am – 1pm). Register now (link).
Organization: Plastic Surgery Associates
Position: Medical Practice Administrator
Fill by Date: November 1, 2018
Location: Waukesha, Wisconsin
Education: Master's Degree
Date Posted: 9/12/2018
Years of Experience
5 years in medical practices
GENERAL SUMMARY OF DUTIES: Responsible for overseeing operations of medical practice.
SUPERVISION RECEIVED: Reports to the Physician Owners.
SUPERVISION EXERCISED: Supervises staff and oversees the management of all business entities to include clinic, surgery center, and meta spa activities and staff.
1. Responsible for developing and implementing the clinic's mission and strategic vision.
2. Provides leadership in developing planning and implementing the clinic's business plans to the Physicians.
3. Recommends, develops, implements improvements for the practice.
4. Informs board about current trends, problems and medical activities to facilitate policy making.
5. Establishes, secures approval and overseas clinic operating policies and procedures.
6. Participates and coordinates the physician recruitment.
7. Oversees efforts for recruitment, development, performance evaluation of employees.
8. Oversees the business and financial affairs of the clinic and fiscal management in conjunction with the practice CPA.
9. Oversees and manages the billing and collection processes/department.
10. Enhances operational effectiveness, emphasizing cost containment without jeopardizing important innovation or quality of care.
11. Ensures clinic compliance with all regulatory agencies governing health care delivery and the rules of accrediting bodies. Continually monitors operations, programs, physical properties. Initiates appropriate changes.
12. Encourages community education by initiation participation in health fairs and events to promote awareness. Responsible for managing the overall marketing activities of the practice.
13. Represents the clinic in its relationships with other health organizations, government agencies, and third party payers.
14. Manages all practice managed care relationships, including monitoring of related reimbursement, negotiation with third party payers, provider credentialing, and maintenance of contracts.
15. Serves as liaison and channel of communication between the hospitals, health plans, insurance companies and regulatory bodies.
16. Resolves any medical-administrative problems and keeps lines of communication open with staff to ensure high employee morale and a professional, healthful clinic atmosphere.
17. Maintains professional affiliations and enhances professional development to keep current in the latest health care trends and developments.
18. Maintains strictest confidentiality.
Looking to fill an open position? Check out the WMGMA Career Center today! Job postings are complimentary for WMGMA members!
ACMPE UpdateSubmitted by Tom Ludwig, RN, FACMPEWMGMA ACMPE Forum Rep
Certification and Fellowship Program Changes
Effective January 1, 2019, you will need a bachelor’s degree (or an equivalent number of college credits) to be eligible for Certification. If you do not have a degree, you will need to:
If you do not have a bachelor’s degree and are pursuing Fellowship, receive approval on a business plan proposal or paper outline AND submit a final business plan or manuscript by Dec. 31, 2018.
Also effective January 1 is the requirement to write a business plan for Fellowship. This will replace the professional paper (a master’s degree-type thesis). If you prefer to write a professional paper, you will need to have a paper outline submitted and accepted prior to Jan. 1, 2019. You may then continue working on your paper manuscript up until two years from your outline approval date. Starting in 2019, business plan submissions will be the only acceptable submission if no outline is previously accepted.
MGMA Annual Conference
MGMA18 will be held in Boston September 30-October 3. There are several sessions devoted to ACMPE:
Sunday: Preconference SessionACMPE Board Certification Boot CampThis intensive one-day Board Certification Boot Camp is a comprehensive review of the medical practice management concepts and industry best practices.
MondayA09_E - Room 104
The Value of Board Certification through ACMPE and the Journey to Achieve
This session will review the purpose of achieving the reputable credential and the process to achieve the Certified Medical Practice Executive (CMPE) status. Join us to learn more about your career's next steps.
B14 - Room 102
The Value of Fellowship through ACMPE and how to Attain it
Healthcare executives are thought leaders capable of identifying key improvement areas for the sustainability and success of an organization. Set yourself apart by becoming a Fellow of the American College of Medical Practice Executives (FACMPE). Join us to review the value of demonstrating your mastery and how to begin the journey.
TuesdayG10 - Room 254
ACMPE Certification-What is it?
Learn more about the board certification achievement and how to lead the way towards achieving Fellowship through ACMPE.
I05 - Room 104
Tackling Fellowship - Topic Roundtables
This session will help review the many topics you may have as a Fellowship submission, steer you in a direction most beneficial, and find a colleague for your Fellowship journey to ensure you are headed the right way.
Please feel free to contact me if you have any questions about ACMPE Certification or Fellowship. You can reach me at firstname.lastname@example.org.
By Cristy Good, MPH, MBA, MGMA staff member
Meetings may take a toll on the daily work schedules of healthcare leaders, especially when the time commitment extends beyond the actual meeting.
Beyond the meeting itself, the time commitment includes deciding when to schedule the meeting, inviting the right people to the meeting, setting an agenda, following the agenda and ending it — on time, ideally — with everyone in the room aware of their responsibilities and next steps.
A May 29 MGMA Stat poll found that 39% of practice leaders say they spend zero to five hours in meetings each week, while 40% report spending six to 15 hours. On the other hand, 14% say they spend 16 to 25 hours in meetings a week and 7% say they spend more than 25 hours a week in meetings. The amount of time you spend in meetings is just as important as their effectiveness. When asked if their meetings were productive and effective, MGMA Stat poll users offered a variety of opinions:
When assessing the meetings you organize or attend in your practice, always begin by asking, “why?” In many cases, meetings are scheduled because they’ve always been part of the workflow, so they are not questioned. Imagine if you took that approach to any other part of your business.
Daniel Stover, senior leadership consultant with Integrated Leadership Systems LLC, Los Angeles, said in a recent MGMA webinar that organizations spend a lot of money on meetings that may not be productive because attendees aren’t engaged or aren’t sure why they have been invited.
Start by assessing the cost of each meeting. Consider using the Harvard Business Review meeting cost app, which estimates the true cost of meetings based on their length, number of attendees and those attendees’ salaries. For example: A 15-minute meeting of six employees who average $40,000 in annual salary has a cost of about $42.
Chances are, you have many meetings, not all of which are quick huddles, that include higher-earning members of the practice. The amount those meetings cost in salary alone may be considered even costlier if they do not result in either increased revenue generation or savings.
But before you focus too much on an estimated spend, consider how your team members view meetings. As Stover said, meetings should create alignment, accountability and trust throughout the organization — without those components, rapport is difficult to build, silos can arise between individuals and teams may head in different directions that do not serve the organization.
A good way to open each meeting is with an agenda that includes a mission statement or other method of conveying the importance of the meeting. Annual studies of workplaces by Gallup show that about half of workers do not know their organization’s goals. Stover outlined four reasons to hold a meeting:
Regardless of the meeting’s purpose, there are three pillars of a productive meeting:
Adhering to these pillars will help minimize factors that can make a meeting unproductive, such as lack of organization or side conversations. Meeting organizers and practice leaders can also develop rules about tardiness and engagement to mitigate the impact of late arrivals or attendees who spend time on their phone or other devices when they should be focused on the discussion.
As the facilitator of a meeting, you are:
Facilitator positive self-talk makes a meeting more effective. If you are confident about the value you bring to a meeting and provide a safe and supportive environment, then others will feel more empowered to speak up and the meeting will be more impactful. This encourages engagement and reduces what author Patrick Lencioni calls “sneaker time” — the hours we spend after a meeting on emails, voicemails and walking down the hall to clarify issues or decisions that should have been clear and confirmed at the meeting.1
Effective facilitators tend to:
If you create the right structure and environment, your meeting will run itself. Your job is then to listen, redirect tangents and personal discussion, call for consensus and ask for commitments before the next meeting.
Stover also recommends considering the size of your meeting. A group of 25 attendees or fewer can be facilitated by one person. Beyond 25, you need a second facilitator to keep people engaged. The more attendees, the more potential disruptions, so you need help addressing your ground rules.
As Stover mentioned, “we teach people how to treat us,” so setting expectations on how we want to do business is important. Practice leaders need to walk the talk on this issue to boost meeting productivity and limit wasted time regardless of how much time is spent in meetings each week.
Integrated Leadership Systems (ILS) group meeting ground rules
1. Lencioni P. Death by meeting: A leadership fable … about solving the most painful problem in business. San Francisco: Jossey-Bass, 2004.
Are you looking for a way to become involved in WMGMA? Consider joining the education committee!
Members of the education committee work to provide quality, cost-effective educational programs and webinars offering relevant content, enthusiastic presenters and new ideas for enhancing practice management.
They meet once per month via conference call for one hour. Outside work may include securing speakers and discussing education content with speakers. We are looking for one to two additional committee members.
Contact the WMGMA office to learn more!
Submitted by Tom Ludwig, RN, FACMPE, ACMPE Forum Rep
ACMPE Certification Exams
The next registration period to take the ACMPE certification exams will be July 23 – August 7, 2018, to take the exam in the period of September 8-22, 2018. For more information, contact the MGMA Service Center at 1-877-275-6462, ext. 1888, or at email@example.com.
Continuing Education Credits
Need to claim ACMPE continuing education credit or print out a transcript? Email firstname.lastname@example.org with details of the event(s) you attended or if you need a copy of your current transcript.
If you are requesting other types of continuing education credit for attending a national MGMA event, please log into MGMA.com, visit “My Dashboard,” select “Account Management,” and click on “Claim Education Credits.” Here you may select from a list of MGMA events to request credit.
ACMPE 2019 Program Enhancements – Bachelor’s Degree Requirement
For Nominees pursuing Certification
If you do NOT hold a bachelor’s degree or have 120 college credit hours by Dec. 31,2018 you will need to:
· Complete and pass both examinations by the Dec. 1-15 exam cycle.
· Log all 50 hours of continuing education (CE) hours under the current CE requirements, starting 30 days prior to their acceptance date. If your exams are passed, you will receive a 6 months extension to complete your 50 hours by June 31, 2019 under the 2019 continuing education requirements.
If you have a bachelor’s degree, 120 college credits or are currently in the process of completing their degree, you will remain as a nominee and will need to begin working toward the following starting on Jan. 1, 2019:
· Earn your CMPE credential within three years. If accepted before Jan. 1, 2019, you will have until Dec. 31, 2021 to complete the program.
· Log 50 hours of CE credit under the new 2019 CE requirements.
For CMPEs pursuing Fellowship
If you do NOT hold a bachelor’s degree by Dec. 31, 2018 you will need to:
· Receive approval on a business plan proposal or paper outline AND submit a final business plan or manuscript by Dec. 31, 2018.
If you have a bachelor’s degree AND seven years of healthcare management AND two years in a leadership role; OR if you have a master’s degree with five years management, AND two years in a leadership role, you will need to begin work on the following starting Jan. 1, 2019:
· Complete Fellowship within two years of your application date. If accepted before Jan. 1, 2019, you will have until Dec. 31, 2020 to complete.
· If you have a paper outline submitted and accepted prior to Jan. 1, 2019, you may continue working on your paper manuscript up until two years from your outline approval date. Starting in 2019, business plan submissions will be the only acceptable submission if no outline is previously accepted.
· Log 50 hours of continuing education (CE) every three years following the new 2019 CE requirements. These CE requirements also apply to maintain your current CMPE credential in 2019.
If you have any questions about ACMPE Certification or Fellow programs, please contact me directly at email@example.com.
Nominate yourself or a colleague to serve on the WMGMA Board of Directors today!
WMGMA is run by a volunteer Board of Directors. Board members develop and manage the affairs of the Association, and are supported by Committee Chairs and staff. Board members are elected annually to staggered three-year terms.
WMGMA is seeking nominations for the position of At-Large Director. At-Large Directors provide support to the Board and serve a three-year term starting January 2019. They will also be invited to attend the final Board meeting of 2018.
To be eligible, nominees must be a current WMGMA member who's membership type is individual or group.
How to Nominate
Nominating is easy, quick and simple! Nominations can be conveniently submitted online.
Submit a nomination by completing the Call for Nominations form.
The deadline to submit nominations is August 24, 2018.
Wisconsin Medical Management Group Association563 Carter Court, Suite B, Kimberly, WI 54136920-560-5621 / 800-762-8968WMGMA@Badgerbay.co
MissionTo be a resource for information, education, networking, and advocacy opportunities for all medical group management professionals.