Health Insurance Cog

I work on the internal business side of a health insurer--truly, I am just a cog.

Monday, November 26, 2007

Electronic Medical Records: a door to health care fraud?

A week or so ago at my workplace, we had a guest speaker at our weekly staff meeting. The topic? Health care fraud. It was interesting to learn all the different ways in which people commit health care fraud--fascinating even (you would be amazed by some of the things people do).

Yesterday, I received the following letter from my doctor:
Dear patient,

We are writing to inform you that our computer system was attacked by a computer virus on November 8, 2007. We believe that the purpose of the virus was to use our server to send out e-mails (spam). Our research done on this type of virus indicates this is the case. However, we cannot be sure that patient data was not also accessed. Our server does not contain any credit card information.

The security was breached after an update from our Electronic Medical Record was installed. This update opened up access to the server. We have corrected the problem and reconfigured the server to prevent this from happening again. We are taking every step possible to ensure that your health and personal information remains confidential and secure.

Although at this time it does not seem likely the intruders were after the data on our server, it would be prudent to order a free copy of your credit report to check for unusual or unauthorized transactions. . . . It is also a good idea to watch your insurance EOBs (the forms that explain what the insurance company was charged for and what they are paying) to ensure that you are only being charged for legitimate visits. . . .

Thank you for your understanding regarding this unfortunate hazard of our computer age. Our ultimate responsibility is to provide you with the best health care possible, which would not be possible without taking advantage of an Electronic Medical Record. We are confident in our security updates and hope never to have another such incident.

With our sincerest apologies,

All of us at [my doctor's office]
Wow. So, let's start with this statement:
We believe that the purpose of the virus was to use our server to send out e-mails (spam).
Most of us are familiar with these types of viruses, but they apparently didn't get the virus by opening an infected email. The got the virus while updating their EMR system:
The security was breached after an update from our Electronic Medical Record was installed. This update opened up access to the server.
Nice. They also admit to being unsure if patient records were accessed. This doesn't sound like an email/spam virus to me . . .

Let's move on to this statement:
Although at this time, it does not seem likely the intruders were after the data on our server . . .
Oh please. It doesn't seem likely? Should we discuss what the worst case scenario would look like?

And then:
It is also a good idea to watch your insurance EOBs (the forms that explain what the insurance company was charged for and what they are paying) to ensure that you are only being charged for legitimate visits. . . .
Give me a friggin' break. How about advising patients to NOTIFY THEIR INSURANCE COMPANIES to prevent health care fraud from occurring in the first place. Duh. It's also much easier to notify the insurance company than try to watch every EOB that comes your way. Trust me, insurance companies have entire departments devoted to this stuff. Sure, notify the FTC and the credit bureaus (identity theft really sucks--trust me, I know from first hand experience), but I think it's more likely that someone will sell the information to folks planning to commit health care fraud--it's big business these days.

And finally:
Our ultimate responsibility is to provide you with the best health care possible, which would not be possible without taking advantage of an Electronic Medical Record.
Really? Dr. Dino, do you have anything to say about this?
I've thought long and hard about whether an EMR is a worthwhile investment for me at this stage of my life and the life of my practice. Over and over again, I find that each pro-EMR argument is based on assumptions that do not apply to me. . . . But so far, no one has been able to credibly show me that the benefits of adopting this new technology outweigh the considerable disadvantages, starting with the initial monetary outlay, when addressed in the specific context of my practice. Read more (it's definitely worth it) . . .
So tomorrow, I'll be handing a copy of this letter to my insurer. Then my doctor will be getting a phone call from me asking for additional information . . .

From a patient's perspective, I do understand the benefits of EMR--I realized them first hand after suffering an injury requiring several specialists within the same medical system. And a large medical system normally has the technical staff available to guard against this type of intrusion. A smaller office, such as my doctor's office, doesn't have the resources for the information security needed to guard their patients' records. My doctor's office is very similar to Dr. Dino's office--there are only two doctors (no nurses, medical assistants, or physician's assistants). The doctors are wonderful, and they don't hurry through appointments. But they just don't have the resources available to guard the information held in an EMR.

What are your thoughts?

[Photo credit]

Original comments:
Chris said...

Ha, those evil insurance companies! I think we are more in danger of petty smash and grab identity theft from the electronic medical records than the original fear: insurance companies would tap in and deny coverage to those at risk. Like 1.1 million other veterans, I had my medical/identity data stolen from the VA and got a letter similar to yours. Stay cool! -C

Posted by at No comments:
Labels: ,

Sunday, June 3, 2007

Acceptable Risk

I found this on Wired:
"After sorting through red tape, a California hospital has fired nine employees who in April either took or looked at camera-phone photos of a patient's X-ray. Meanwhile, at least three other hospitals across the country are struggling with similar problems." Read more . . .
Hmmm, I think I've seen a few of these in various blogs . . . While I love the medical blogs, I don't want to see anyone lose a job over an x-ray posted online. I know that some folks are tired of hearing about Flea's debacle, and many are worked up over all of the blogs that have disappeared, but this needs to be discussed. We all need to understand what is acceptable to blog about and still keep our jobs. We need to know what the consequences will be if we step over the line. From there, we can decide what our own "acceptable risk" is--this is something we have to decide for ourselves.

To read:
Introduction to Risk Management and Insurance (8th Edition)

[Photo credit]
Posted by at No comments:
Labels: ,

Sunday, January 7, 2007

RateMDs vs. “Mystery Shoppers”

There has been some discussion among medical bloggers regarding RateMDs, a site devoted to rating doctors. Doctors complain that anyone can comment at the site and some even claim that the majority of negative ratings may be made by disgruntled “drug seekers.” Personally, I don’t think RateMDs should be viewed as the physician’s enemy, but rather a friend. Consider this alternative:

A new patient comes to your clinic with an unusual complaint. Because of the complexities involved in his/her complaint, you spend extra time with him/her. Finally, you make your diagnosis, give recommendations along with a prescription (if necessary), and your new patient leaves.

Later, you are called in to your clinic director’s office for a review, including a “mystery shopper/patient” evaluation. Your new patient wasn’t actually a patient at all—he/she was evaluating your performance. You were rated on timeliness, professionalism, and knowledge. The patient/shopper even commented on your breath and the fact that you checked the time during the appointment (never mind the fact that you had several “real” patients waiting and were running over due to the complexities involved with the new patient). Finally, the patient/shopper gave you a rating on a scale of one to seven.

Crazy? Not in other professions. I worked for several years in the financial industry and endured many such encounters which were strikingly similar to the scenario above. In fact, my company had us “mystery shopped” on a quarterly basis, and "shoppers" always have some complex problem to solve that takes forever and keeps the “real” clients waiting. While knowing that I would be “shopped” was a cause for anxiety, I quickly learned that I had nothing to worry about because my delivery was consistent, I was knowledgeable and knew my resources, and I remained professional at all times. Of course, we all have our bad days, and there is always the possibility that one will be shopped on one of those days, but the odds are in your favor if you have a good track record. I don’t mean to brag, but my “mystery shopper” ratings were consistently 7/7—one "shopper" even became my client! Most of my colleagues fared well also, and those who didn’t soon learned the areas where they needed a little work.

What’s my point? If physicians see RateMDs as a tool to use in their favor, it can be their friend. The odds are slim that the negative remarks are coming primarily from disgruntled drug seekers. Honestly, think of the average “drug seeker”—do you see him/her rushing off to find a computer so they can rate the doctor who denied the drugs? I see him/her rushing off to find another doctor . . . Most of the comments I saw when I checked out the site were positive.

As a patient, I can see the usefulness of sites like RateMDs. Having lived in five states and three different countries, I know how hard it is to find a doctor in a new community--using the "yellow pages" isn't a wise option. First, I ask other people in the community whom they recommend. RateMDs is that recommendation taken to the internet. Like the recommendations I get from people in the community, it needs to be "taken with a grain of salt."

I know that a comment like “he’s a jerk” doesn’t necessarily mean a doctor lacks skills, and others do too. If three people recommend the same pediatrician, I’m likely to call his/her office and try to establish a relationship. When I move to a new community, I don’t go to doctors to to get a review of other doctors in the community, so I don’t see a problem with RateMDs allowing anyone to rate a doctor.

How exactly can physicians use this to their benefit? In the financial industry, when someone thanked me for a job well done, I asked him/her to recommend me to friends and family. When a patient expresses thanks, tell him/her about RateMDs, and ask him/her to rate you and add a remark or two about his/her experience with you. I promise you, patients are just as quick to praise a doctor as they are to complain.

Trust me—I just added my pediatrician to RateMDs and gave her a “5” in all categories (highest rating). I also added a comment about what a wonderful doctor she has been for my children.

[Photo credit]

Update (February 2009): Many insurance companies have added doctor rating options to their public facing websites as well.

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)