The growing risks associated with data/system security have prompted many senior care organizations to wonder if outsourcing IT is better than managing it in-house. Certainly, it relieves executives of some worries, but how do you decide what's right for your organization?

So, what are some drivers for IT outsourcing?

• Organizations want to achieve efficiency and cost savings.
• Organizations do not have financial or technical resources to develop/maintain an enterprise risk management plan.
• Organizations struggle to bring all parts (procurement, operations, security, etc.) together to establish IT requirements

To help, the National Risk Management Center (NRMC) at the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) compiled Risk Considerations for Managed Service Provider Customers. Following are some highlights on what to consider when outsourcing.

Strategic Considerations

• Balance cost-effectiveness and efficiency with reliability and security
• Account for risks with multiple IT vendors
• Even with outsourcing, executives should still:
• Maintain awareness of the technologies and systems
• Understand risks from potential loss of 1) core systems/services; 2) confidentiality, integrity, and data availability; 3) consumer/market confidence; and 4) productivity and financial (fines, legal fees, or other regulatory costs).

Operational Considerations

• Coordinate procurement, operations, continuity, and security requirements to decrease enterprise risk and improve system performance.
• Organizations with staff dedicated to each of these functions should coordinate IT requirements across organizational silos.
• Organizations with non-dedicated staff should have an enterprise risk management plan to account for each requirement.

Tactical Considerations

• Continue to drive policies around network access, controls, and logs.
• Identify staff to monitor/manage the day-to-day activity of IT providers.
• Set careful access policies for all third-party vendors.

If your organization is considering IT outsourcing, we can help. Take a look at our primeCLOUD service suite or get in touch to discuss.

Last week, our team attended the annual Ohio Health Care Association (OHCA) convention. Our Senior Customer Success Director Debi Damas also lead a session on the state of senior care. She discussed pandemic challenges and encouraged the exchange of strategies to mitigate change. The following is a recap of this valuable session.

Where does senior care stand and what the heck happened?

• Nursing home staffing shortages only worsened as 2020 came to a close
• 48 states saw occupancy of 80% or less, with some as low as 56%

What can senior organizations do right now?

• Develop purpose-driven, compassionate staff
• Adopt technology to increase connectedness, efficacy, and optimal health
• Embrace telehealth
• Develop a culture of positive aging framed by wellness
• Establish trust by being prepared for emergencies and unexpected events

What happened with senior living census?

• Increased push to home health care
• People wanted no part of facility-based care
• Long-term care (LTC) facilities were not admitting
• Skilled nursing facilities (SNFs) turned beds/halls into COVID units
• Senior care providers are now seeing slight increases in census

How can senior organizations build census?

• Marketing value-adds to prospective residents:
• Amenities
• Telehealth
• Wellness focus
• Sharing positive performance data with hospitals:
• Vaccination rates
• Infection control
• Outcome data, readmission rates
• Identifying an ideal niche based on ICD code(s)

How does revenue look in senior care?

• 55% of SNFs are operating at a loss
• Significant increases in claims denials, resulting in more reviews
• Some managed care is moving from PDPM to levels
• Per Mark Parkinson (CEO of AHCA/NCAL), long term success comes down to: 
• State Medicaid rates
• Payer mix
• Financing
• Operational excellence

What staffing trends emerged among senior care employers?

• Rigid schedules/Inflexible call off policies
• 23% of nursing homes had direct care staff shortages in May
• 96% received some government assistance
• 47% received funds from Paycheck Protection Plan (PPP)
• 82% received funds from CARES Act/Provider Relief Fund
• 52% received Medicaid add on or increase from state government

What can senior care organizations do to improve staffing?

• Increase the ways you make staff feel valued
• Change your pay structure
• Offer bonuses – sign-on, working all scheduled shifts, etc.
• Revise staffing policies to benefit employees
• Increase flexibility to accommodate child/eldercare challenges
• Provide a career path; demonstrate benefits of added skills and education
• Be attentive and thorough with screening and hiring
  

To reiterate one of Debi's earlier points, technology can help. Here are three senior care providers who are benefiting right now from our software.

• Embassy Healthcare saves $1.5M in labor with primeVIEW App
• Symphony Care Network increases revenue $1,200/stay with Managed Care MASTER app
• Hyatt Family Facilities rely on primeVIEW app to consolidate data for monitoring Five Star and PBJ reporting

Recently, CEO Jim Hoey and Sales VP Jae Sparks attended Reimbursement-Con by Zimmet Healthcare. CMS' Patient-Driven Payment Model (PDPM) was a hot topic, with speakers offering strategies for skilled nursing facilities (SNF) to maximize reimbursement.

To fully appreciate these strategies, let's back up to what we know, what we expect, and some wildcards with PDPM. 

What We Know

• PDPM was the biggest overhaul in SNF payments in a generation.
• PDPM was supposed to be budget neutral.
• Before the March 2020 public health emergency, experts said PDPM was more generous than CMS intended. 

What We Expect

• CMS wants $1.7 billion back, which could mean a 5% recalibration.
• Using average daily rates in a post-pandemic world could cause a larger recalibration next year, more like 10-12%.

The Wildcards

• CMS did not compensate SNFs for COVID care until April 1, 2020.
• CMS assumed all SNFs were affected by COVID in the same way.
• ACOs and value-based purchasing are forcing shorter lengths of stay with sicker patients.
• Due to transitional care units, hospitals are seeing most of the PDPM benefits.

While legislators seek reform, SNFs must still try to survive in the PDPM world. To this point, speakers discussed the best practices. An overriding theme here was using Interim Payment Assessments (IPAs). Only 3% of SNFs are, and it's to your disadvantage.

IPAs

• CMS wants IPAs to help SNFs track the status of a patient’s conditions and needs for a higher level of care.
• The purpose of IPAs is to establish a payment rate or billing code for billing Medicare Part A.
• Implement IPAs when a resident condition changes and may last 14 days or more.
• Conduct IPAs as a routine when resident stays hits day 21; a lot can change in three weeks.

Other Suggestions

• Offer specialty care and therapy, like speech and language.
• Stress the importance of documenting all work, using multiple documenters, where possible.
• Correct coding, correct coding, correct coding; billers may need refresher courses.
• Applaud payers when they do the right things, but never take that as enough.

Technology can help.

• Our primeVIEW and Managed Care MASTER solutions allow you to customize alerts on certain clinical conditions or changes that should trigger staff to conduct an IPA. 
• Our primeCLAIMS solution makes coding and editing simple and its backed by a support team experienced in post-acute billing.
  
  

Tired of reading documentation in long-paragraph format? We are too. That's why we put together easy-to-scan bullets and a printable infographic for the CDC's Interim Public Health Recommendations for Fully Vaccinated People. 

Why the change? 

While it's safe to resume most pre-pandemic activities, even without a mask, the CDC believes:

• COVID-10 infections can still occur in a small proportion of fully vaccinated
• Fully vaccinated people infected with the Delta variant can spread it 

Self-Quarantining

• DO if you have tested positive in prior 10-days
• DO if you are experiencing COVID-19 symptoms
• DON'T after travel

• DO if experiencing COVID-19 symptoms
• DO at 3-5 days after exposure to suspected/confirmed COVID-19
• DON'T before/after domestic travel 
• DON'T before international travel unless required by the destination
• DON'T as part of routine screening, if feasible

Masks

• DO wear it indoors in public in areas of substantial/high transmission
• CONSIDER it in public indoors, regardless of transmission rate and especially if household members are:  
  • Immunocompromised
  • At increased risk of severe disease
  • Unvaccinated

• DO follow any applicable federal, state, local, tribal, or territorial laws, rules, and regulations.

• Seek medical counseling on the potential for reduced immune responses to COVID-19 vaccines
• Follow previous COVID-19 prevention measures (mask, 6-foot distancing, avoid crowds and poorly ventilated indoor spaces)

For more information, visit these CDC resources:

• Interim Public Health Recommendations for Fully Vaccinated People
• Substantial or High Transmission Areas
• Increased Risk for Severe Disease
• COVID-19 Symptoms
• COVID-19 Prevention Methods

We see many ads on TV about protecting our personal information. But what about protecting your business? Protecting your business is just as important. So treat your business like a modern-day castle. Review this Q&A for a quick education on how you can do it.

• How can my business be attacked?
• How do these attacks impact my organization?
• How can I protect our network from hackers?
• How can I build a wall for our 'castle'?
• How can I lock the gate of our 'castle'?
• How can I train staff to guard our 'castle'?
  
  

How can my business be attacked?

• Ransomware
• Hackers encrypt your files
• Work comes to a stop
• Potentially a permanent file loss
• Even if you pay, no guarantees

• Cyber email/extortion
• Very common as part of ransomware attacks now
• Steal your files and release them on the dark web if you don’t pay

• Access your computer system
  • Steal intellectual property or company secrets to sell to competitors
  • Gain access to your bank account; transfer funds
  • If you store/process confidential information, they can sell:
    • Financial – average $6/record
    • Medical – as much as $259/record

How do these attacks impact my organization?

• Ransom cost to recover data
• Competitor access to your company secrets
• Federal/State fines due to loss of confidential information
• Negative impact on the reputation of your company
• Criminal negligence charges from State governments

How can I protect our network from hackers?

Think of your organization like it’s a castle from the olden days. What would you need to protect your castle? A high wall, a locked gate, and armed guards inside might help?

How can I build a wall for our 'castle'?

• Modern and managed firewall
• Wi-Fi password changed regularly
• Separate guest and business Wi-Fi with different passwords
• Antivirus on your servers, laptops and desktops
• Email protection

How can I lock the gate of our 'castle'?

• Passwords
  • Require them, change them often
  • Employ multi-factor authorization (MFA)
• Physical security
  • Lock server and network equipment rooms
  • Encrypt computers/laptops in case of theft
• Appropriate access
  • Limit access to need to know
  • Extend minimum access necessary
• Data backups
  • Keep backups of your backups somewhere safe

How can I train staff to guard our 'castle'?  

• Provide ongoing training, not just for new employees.
• Conduct phishing awareness training and exercises
• Train staff on response to suspicious emails, websites, and computer behavior
• Prepare an incident response plan (IRP) in case you are a victim of an attack

If you need help protecting your castle, get in touch for an IT assessment today.