2015 September Newsletter

The Summit
Success For Medical Practice Management
September 2015
Inside this issue:
Message from the 1-2
Board
Message from the Board
MGMA Utah
Sponsors
3-4
As a manager we are often tasked with the responsibility with providing constructive criticism to those around us. I came across an article recently that provides
excellent advice on this subject and I thought I would share it with you.
ACMPE: 5 Quick
Notes
5
How to Give Effective Criticism
The MGMA Body
of Knowledge: A
Framework for
Success
6-7
HIPAA Compliance: Securing
Mobile Device
Data
8-10
Upcoming Events 11
Association Con- 11
tact Information
Special Points of
Interest:
 How to Give Effective
Criticism
 Utah MGMA Sponsors
 ACMPE Quick Notes
 MGMA Body of
Knowledge
 Securing Mobile Device Data
Go in cool, calm, and collected. Before you begin to give criticism, make sure
you have your emotions in check. This is particularly important if the person did
something that really ticked you off. If you go in yelling and banging your fist on
desks, you’ll probably get the problem fixed in the short term. However, when
you don’t take the time to have a cool and reasoned discussion, you miss out on
an opportunity to solve underlying problems.
Be specific. If there’s one thing you remember from this post, let it be this: be as
specific as you can in your critiques. Don’t just tell the person, “This sucks,” or
“This could be better.” Explain exactly why their work or action is subpar. A blanket criticism will put the person on the defensive, and they’ll never be able to correct their problem.
Criticize the action, not the person. Try to keep the person as separated from
their mistakes as possible by criticizing their action and not them. It makes the
criticism less hurtful and much more effective. So don’t say things like, “Jeez
Louise you must be an idiot! Look at all these mistakes you made in this report!”
Just because someone makes a mistake, that doesn’t make the person a pinhead.
We all have bad days.
Be a diplomat. When giving your specific criticism, it sometimes helps to use
diplomatic words. Our old friend Benjamin Franklin was a master at this (which is
why he was probably such a successful diplomat). In his autobiography, Franklin
said this about using diplomatic language in discussion:
When I advance anything that may possibly be disputed, [I never use] the words certainly, undoubtedly, or any others that give the air of positiveness to an opinion; but rather say, I
conceive or apprehend a thing to be so and so; it appears to me, or I should think it so or so, for
such and such reasons; or I imagine it to be so; or it is so, if I am not mistaken.
Page 2
The Summit
September 2015
This can help take the sharp edge off of criticism. Sometimes, however, people need that edge to spur them to
action. Use your discretion in deciding whether a harsher approach would be more appropriate.
Make specific suggestions for improvement. The goal of criticism should be to help someone make improvements. While specifically pointing out the problem is the first step to correction, if a person doesn’t know
what they can do to improve, knowing their mistakes won’t help them one bit. Don’t just tell people what’s
wrong with their work, give them specific suggestions on how they can improve it. The key word, once again, is
“specific.”
Personalize your approach. Consider a person’s disposition when deciding how to approach the delivery of
your criticism. In general, you can be harsher with a man than with a woman. Case in point: at my high school
there was an assistant football coach that tore his players up and down for their mistakes. His philosophy was
to “tear them down and then build them up.” He then became the girls basketball coach and continued the
same uber-harsh tough love approach to coaching. The girls did not respond as the football players had; instead, they broke down and cried and became so nervous before practice that some would throw up. Of
course, some women want to hear it like it is, and some dudes are dainty. So think about who you’re dealing
with before you lay into them.
Point out positives. When criticizing someone, it’s always good to point out the positives in their work or actions as well. Two benefits exist from this exercise. First, it makes the criticism easier to swallow and reminds
the person they’re not a complete screw up. Second, it shows the person what they’re doing right and gives
them a reference point on which to base their future work. When beginning a conversations with someone,
start with the compliments first. Then transition into your criticism by saying something like, “There is just one
area I thought could use improvement……”
Follow up. Always, always make sure to follow up after giving constructive criticism. Your criticism won’t do
any good if the person doesn’t put into practice your suggestions. Schedule a follow up with the person you’re
criticizing. Say something like, “How about we talk to each other next week to see how your changes are coming and to answer any new questions you might have?” By letting the person know you’ll be following up with
them, they’re more likely to get their butt in gear and make the needed corrections.
Remember, an effective leader is one who can provide criticism that helps those around her or him to improve
and be better.
Quincy Robinson, Utah MGMA Secretary/Treasurer
Source:
“How to Give and Take Criticism like a Man”, Nov. 4, 2008, www.artofmanliness.com. http://www.artofmanliness.com/2008/11/04/how-to-give-and
-take-criticism-like-a-man/
“When I advance anything that
may possibly be disputed, [I
never use] the words certainly, un
-doubtedly, or any others that
give the air of positiveness to an
opinion;” Benjamin Franklin
Page 3
The Summit
September 2015
Sponsor Recognition
MGMA Utah thanks our business partners!!
The following companies sponsor a variety of MGMA Utah events throughout the year.
Please join us in expressing our sincere appreciation for their support.
Platinum sponsors
www.mica-insurance.com
www.umia.com
www.mountainlandcollections.com
www.questdiagnostics.com
www.ssfcu.org
Gold sponsors
[email protected]
www.labcorp.com
Page 4
The Summit
September 2015
S p o n s o r R e c o g n it io n
SILVER SPONSORS
www.medusabil.com
www.expressrecovery.com
Bronze Sponsors
Page 5
The Summit
September 2015
Latest ACMPE News and Notes
5 quick notes for ACMPE
Plan now for the final certification exams of 2015. September 24 begins the registration period for the
final CMPE exam session in 2015. Exams will be offered from Nov 9 – 21 in various locations across the
state. The registration period ends on October 6.
Medical Group Management Body of Knowledge Review Series, 3rd edition is now available. The updated review books for the new 3rd edition of the Body of Knowledge are now available on the MGMA website.
The ACMPE Certification Exam Workbook was recently published in ebook format. The new format presents the content of the most popular exam preparation resource in an interactive manner guiding you
through assessments, practice questions and detailed answers.
Already certified? Consider making 2016 the year you become a Fellow of the American Academy of
Medical Practice Executives. Share your expertise and insights and add to the body of knowledge by
completing a professional paper in 2016. Be recognized with other MGMA fellows at the MGMA annual
conference in San Francisco next October.
Grow professionally by investing in others. Lead a study group, share your expertise in one of the Body
of Knowledge Domains, grade practice essay questions, or simply offer an encouraging word or experience with one of many MGMA-Utah members who are pursuing certification.
For more information visit mgma.com or contact the MGMA-Utah ACMPE forum representative, David
Owens at [email protected].
Start your own journey in 2015 and
become a Certified Medical Practice
Executive! Contact David Owens at
[email protected] or 801621-0285 if you have any questions.
Page 6
The Summit
September 2015
Latest ACMPE News and Notes
(Cont.)
The MGMA Body of Knowledge: A Framework for Success
MGMA regularly compiles a list of specific areas of knowledge and skills which are imperative for managers of
physician practices in order to be successful. This is produced as the Body of Knowledge. In 2014, MGMA
completed a revision to the Body of Knowledge to keep it relevant to today’s practice needs. As managers of
physician practices, this is a valuable tool we can use to keep our skill sets and knowledge current. This tool
set is available online at mgma.org/bok. On the website you can access a brochure outlining the Body of
Knowledge, take quizzes to assess your level of knowledge regarding the defined skills and knowledge areas
contained in the Body of Knowledge, and find additional resources you can use to increase your knowledge
and skills in these defined areas. If you haven’t gone on the MGMA website to review the Body of Knowledge
you really should find the time. It doesn’t matter how long you have been in your career. I am sure if you take
the assessments, you will identify areas where you can learn and improve.
The Body of Knowledge is divided into six domains. These are:






Operations Management
Financial Management
Human Resource Management
Organizational Governance
Patient-Centered Care
Risk and Compliance Management
These domains each contain a set of specific performance objectives for practice managers proportional to the
importance of successfully managing a practice. For example, the Operations Management domain is the largest domain within the Body of Knowledge making up approximately 29% of the total skill sets defined in the
Body of Knowledge. This domain includes the following Performance Objectives:

Demonstrate knowledge of industry benchmarks, best practices and total quality management techniques for process improvement.

Demonstrate knowledge of master budgets, employment law, healthcare rules/regulations and the ability to apply project management techniques to support the strategic plan.

Demonstrate skill to establish and coordinate the process of purchasing and asset management.

Demonstrate skill to provide a high-quality and safe environment.

Demonstrate skill to identify and govern outsourced business services and external expertise.

Demonstrate knowledge of how information technology supports business needs and organizational
goals.

Demonstrate knowledge of communications, marketing and community relations.

Demonstrate knowledge of compensation plans, revenue allocation methods, expense allocation methods, and merger and acquisition agreements that establish productivity and compensation benchmarks
for physician and staff.
Page 7

The Summit
September 2015
Demonstrate skill to monitor physician conduct and performance expectations.
These Performance Objectives are further broken down to a more granular level to help you identify what you
need to know and be able to do. For example, the first Performance Objective under the Operations Management Domain has the following identified abilities:


Explain how quality assessment tools (process maps, run charts, Pareto diagrams, flowcharts, affinity diagrams and decision matrices) can identify organizational needs, potential risks and desired outcomes.
Establish a process improvement analysis to maintain and enhance quality within a medical group practice.
So, simply obtaining a copy of the Body of Knowledge brochure (a free download) and reading through it will
likely help you identify areas where you could hone your skills as a practice manager. This is a great first step.
Additionally, another way to assess your abilities is to take the free quizzes found on the MGMA website for
each domain. The questions for these quizzes are based on the exam questions for ACMPE certification (for
more information on certification, talk to David Owens, the UMGMA ACMPE Forum Representative). The
quizzes on the website are not as long as the certification exams, but will provide you a quick way to identify areas you may want to focus on for study and improvement. An example of a question in the Financial Management domain quiz is:

Which of the following is a valuable indicator of the efficiency and speed of your billing and collection
activities?
 Total accounts receivable
 Days in accounts receivable
 Overhead percentage
 Bad debt ratio
At the end of each quiz, you get feedback on the level of your knowledge within that domain and the specific
questions you got right or wrong along with the correct answer.
Finally, once you have identified areas for further study and improvement, there is a list of resources for each
domain you can use for your study. The types of materials included in these lists include the following MGMA
publications and resources:



Articles and Papers
Surveys and Books
Education and Conferences
Many of these items are available for download online. Some examples include self-study online courses, ondemand webinars, DVD’s, Books, and the list goes on.
In conclusion, MGMA has created a great framework for managers of physician practices to use as a tool to understand what you need to know and the skills you need to have to be successful. This resource is easily accessible online even without being a member of MGMA. In addition to the Body of Knowledge, MGMA also provides online tools to help you quickly assess areas for further study and improvement. And, finally, they provide
resource lists to help you find the study materials you will need. Whether you are new to physician practice management, looking to become certified through ACMPE, or a seasoned veteran, I highly recommend you check
out the latest revision of the Body of Knowledge and take the time to improve your skills.
Daryl Smith, FACMPE, Chief Operations Officer, Wasatch Pediatrics
Page 8
The Summit
September 2015
HIPAA Compliance: Securing Mobile
Device Data
By: Karen Wright, Senior Risk Management Representative, MICA
Mobile devices, such as smart phones, PDAs (personal digital assistants) and tablets, provide multiple modes of communication, significant processing power, large
storage capabilities, and, in many respects, are replacing personal computers
(PCs). With the increased use of mobile devices, physicians and other healthcare
clinicians are experiencing greater access to electronic protected health information
(e-PHI), which can increase productivity and improve the timeliness of their care
decisions.
There have been a number of security incidents reported under the HITECH Act related to the use of laptops and other portable and/or mobile devices that contain
or are used to access e-PHI (US Department of Health and Human Services, n.d.a). Mobile devices may be more vulnerable to security breaches than PCs or even
laptops. Their small size makes them more susceptible to theft or loss and they
may be unintentionally left unattended in a public area.
Healthcare IT supports a wide variety of E-PHI, including electronic patient records
and e-prescribing, but security must remain an overriding concern. The Office for
Civil Rights (OCR) has the responsibility to enforce the HIPAA Security Standards
and will determine if a physician’s or other covered entity’s actions are reasonable
and appropriate for protecting the confidentiality, integrity and availability of e-PHI.
As a covered entity, physicians and group practices are required to comply with the
HIPAA Security Rule (U.S. Department of Health and Human Services, n.d.–b). Reviewing and modifying, where necessary, security policies and procedures on a
regular basis are among the Rules’ requirements. If you utilize any mobile devices
for patient care purposes, you should familiarize yourself with the security requirements and incorporate mobile device management into your overall plan to ensure
continued compliance (U.S. Department of Health and Human Services, n.d.-c).
This is particularly relevant if you have remote access to e-PHI through your mobile device or allow employees to access patient information on mobile devices that
you do not own or manage. In general, it is best to exercise caution when allowing
the offsite use of, or access to e-PHI. When it is determined to be necessary for
patient care purposes, policies, procedures and thorough training for physicians
and staff is critical to ensure the requirements of the HIPAA Security Standards are
consistently followed.
In the HIPAA Security Rule Guidance, OCR identifies three areas where covered
Page 9
The Summit
September 2015
entities should focus their attention with respect to remote access to or use of ePHI. These are risk analysis and risk management strategies; policies and procedures for safeguarding e-PHI; and security awareness and training on the policies
and procedures for safeguarding e-PHI.
The physician or covered entity should conduct an analysis of the potential risks
and vulnerabilities associated with the use of mobile devices for remote access to,
and offsite use of e-PHI and identify risk reduction measures. HHS groups the risks
of remote access and offsite use of e-PHI into three categories: access, storage
and transmission.
Access
Policies and procedures should be designed to ensure that users only access data
for which they are authorized. Additionally, before granting remote access, proper
clearance procedures and verification of training should be established. Potential
risks in this area include lost or stolen log-on or password information that could
result in unauthorized or improper access to e-PHI, or an unattended device without appropriate session termination (time-out).
Storage
Policies and procedures should establish effective security requirements for media
and devices that contain e-PHI and are moved beyond the covered entity’s physical
control. For example, a mobile device is lost or stolen, potentially resulting in unauthorized or improper access to or modification of e-PHI stored on the device or accessible through the device. Additionally, policies should detail how e-PHI will be
completely deleted from mobile devices at the end of their operational lifecycle.
This may entail the use of specialized deletion tools or physical destruction of the
device.
Transmission
Policies and procedures should be implemented to ensure the integrity and safety
of e-PHI sent over an electronic communications network. Risk exposures in this
area could include interception or modification of data during transmission, or contamination of systems by a virus introduced from an external device used to transmit e-PHI. Additionally, require all mobile devices that store e-PHI to employ encryption technologies of appropriate strength.
A thorough risk analysis and appropriate policies and procedures will have little
benefit if an effective training program is not planned and executed. The training
program should specifically address any vulnerability associated with the use of
mobile devices and remote access to e-PHI. Clear and concise instructions should
be given for password management procedures, such as requiring the use of
strong passwords, changing and safeguarding passwords, and prohibiting leaving a
mobile device in unattended cars or public areas. Training should also stress the
importance of reporting a lost or stolen device, even if the device is not owned or
managed by the physician or group. Because mobile devices are relatively easy and
Page 10
The Summit
September 2015
inexpensive to replace, a user may be tempted to purchase a new device and not
report the potential data breach.
While consultants may be helpful in advising covered entities regarding compliance
with the HIPAA Security Rule, ultimately it will be the covered entity that will be
held accountable for assessing the risk, establishing appropriate policies and procedures, and training everyone in the practice or group. For more information regarding the HIPAA Security Rule go to the OCR website and the Security Rule and Guidance Material (U.S. Department of Health and Human Services, n.d.-c). Additionally, the American Medical Association has released a toolkit designed to help physicians navigate the new revisions to the HIPAA privacy and security rules (American
Medical Association, 2015).
References:
American Medical Association (2015). HIPAA: Health Insurance Portability and Accountability Act. Retrieved from http://www.ama-assn.org/ama/pub/physicianresources/solutions-managing-your-practice/coding-billing-insurance/hipaahealthinsurance-portability-accountability-act.page?
US Department of Health and Human Services (n.d.-a). Breach portal: Notice to the
Secretary of State of HHS breach of unsecured protected health information. Breaches
affecting 500 or more individuals. Office for Civil Rights. Retrieved from
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
US Department of Health and Human Services (n.d.-b). For Covered Entities and Business
Associates. Office for Civil Rights. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html
US Department of Health and Human Services (n.d.-c). Security Rule Guidance Material.
Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf (2006,
no additional updates)
Article provided by:
“If you utilize any mobile
devices for patient care
purposes, you should
familiarize yourself with
the security requirements
and incorporate mobile
device management into
your overall plan to ensure
continued compliance.”
Page 11
The Summit
September 2015
Joining MGMA Utah is easy! Visit us on
the web, complete the application and
pay online with a credit card. That is all it
takes!
MGMA Utah
Executive Board
Browse our site to learn more about
MGMA Utah, meet our Executive Board,
President
Dan Smith
register for conferences, luncheons, and
President Elect
Kathi Newman
much more!
Secretary/
Treasurer
Quincy Robinson
Member at
Large
Amanda Babbitt
Past President
John Braun
Visit Our Website
www.umgma.com
Questions? Contact Cyd Fox, Association
Administrator at [email protected] or
(801) 944-8646
Upcoming Events
Governmental Forum
Thursday, November 12, 2015
Networking begins at 11:30 a.m.
Thanksgiving Point Golf Course Club House
Presenter: Jennifer McLaughlin,
MGMA Government Affairs Representative
Registration ONLINE beginning October 8, 2015!
Sponsored by: