MTBC – Learning Center

ICD-10 Delay: What to do now?

The CMS had stated that ICD-10 implementation is not going to be delayed this time. It has already pushed to 2014 from last year. But, I guess you will never know anything for sure in future. Now that ICD-10 is postponed till 2015, we still should not lose the momentum that we achieved so far while trying to implement ICD-10.

We should not put-off the ICD-10 plans for 12 months. Instead, we should utilized this extra time prepare, i.e. schedule upgrades, fix problems and learn new systems.

First of all, this gives the practices more time to focus on implementation of Meaningful Use – Step 2. While implementing step 2, take the following steps to improve practice efficiency now that will pave the way for successful ICD-10 coding:

  1. Improve Clinical Documentation. ICD-10 basically codes the documentation better. If your documentation lacks specific details, you will not have a good ICD-10 code.  To have a successful practice with ICD-10 coding, each clinician needs to focus on his her documentation. More specific and clear the documentation is, the easier it will be to codes for a diagnosis in ICD-10. Medical practices should start practicing developing an ICD-10 codes for their patient encounter so that they can understand what’s lacking in their clinical documentation (if any).
  2. Learn the System. You don’t have to learn the 75,000 or 80,000 codes, but learn the structure and the taxonomy of the codes. Also, learn the process of acquiring the specific codes based on your encounter. It is going to be difficult to fit a large number of codes on a super-bill, you may need a software application to help you come to a code. Use this ICD-10 delay time to learn this process well.

If you were not ready for ICD-10 in 2014, then it is all the more important to use this delay time to get on board. Don’t push it off now completely, otherwise you will be faced with same unpreparedness in October 2015.

How to setup passwords or authentication process on your mobile device?

First step towards securing data on your mobile device is setup a password or an authentication process. Password is a combination of letters, numbers and keyboard characters that allows user to gain access to the mobile device. It is a means of user authentication. Authentication is a process of verifying the identity of a user, process or device.

Steps to setup password and authentication on iOS device:

  • Tap on ‘Settings”, then Tap “General’
  • Select Touch ID & Passcode
  • Select Turn Passcode On
  • Now enter your passcode
  • At the bottom, there is an “Erase Data” field. Enabled means after 10 failed attempts at entering the passcode, iPhone information will be wiped.  This is not only a good feature but essential for iPhone Security.
  • Set the “Auto-Lock” to an appropriate time frame for when to lock the phone for a password

Data protection with encryption

Another advantage of using the password PIN is for a strong whole device encryption of data. The encryption of the data on the phone is done by hardware of the iPhone and is protected by the PIN. When not using the pin, data encryption is not protected.

Steps to setup password and authentication on Android device:

  • From the home screen, press “Menu”, “Settings”, “Location & Security”
  • Under Screen Unlock there will be many options for setting passwords
  • To set screen time-out, go back to “Settings” and click “Display”

Data protection with encryption

Android devices don’t have built-in encryption. You need to install third-party applications to encrypt the phone

What are the risks involved in using mobile devices (tablet, smartphones, laptops) to access patient data on it?

In today’s Information Age, smartphone and tablets have so much processing power that they are no less than a computer for all essential purposes. We now use them for daily usual activities, including searching web, accessing financial accounts, shopping, and communication and even editing documents and performing work related tasks. We even access many EHR related functionalities on the mobile devices. When we access EHR functionalities, e.g. eRx, Chart notes, etc., we bring in patient health information on the mobile device. When the patient’s health information comes on the mobile devices, it raises concern about the security of protected health information (PHI). We need to protect and secure this patient data as the patients have entrusted us to protect their health information.

According to Department of Health and Humar Services (DHHS), the HIPAA Security Rule outlines national standards designed to protect individuals’ electronic protected health information (ePHI) that is created, received, used or maintained by a covered entity.[3] The mobile devices store the data on itself in one of the two ways, a) within the computer internal storage, b) within the external storage card to SIM. The device retains a record of the data accessed on one of these two storage area.

Most people think that since the mobile device has a password lock, it is protected but that is not enough. There are many risks that are related to mobile devices security:

  1. Lost or Stolen Mobile Device. Mobile devices are vulnerable to theft because of small size and portability. If you mobile device is used to access EHR, the patient data can be present at different locations in your device. It could be in phone storage or on external storage card. The password lock is not enough to protect this information then. The thief can directly access the storage card and access the patient related data on it. Some of the password (particularly 4 digits or pattern lock) are not secure enough. With a simple program, the thief can easily run multiple combinations and get access to the pass code.
  2. Download virus or malware on device. You use you mobile device for searching web and accessing multiple other entertainment information online. If you are not careful, you can easily download virus or malware on you device while downloading a song or a pic or just by accessing a “bad” website. This virus or malware can then start tracking all your keystrokes and can potentially get access to your passwords for multiple websites or email accounts. This could be really bad ultimately leading to Identity Theft and of course access a lot more than the patient health data on the mobile device.
  3. Unsecured Wi-Fi network. When you access an unsecured Wi-Fi network, all your data that is floating through the network (web), can potentially be hacked by someone who knows the Wi-Fi systems and aims to capture your data. There are instructions on web as how to access these data for anyone to learn and use. This makes it easy for anyone to potentially hack into your device if you are accessing web on a unsecured Wi-Fi network.
  4. No encryption. Typically the data on mobile devices are no encrypted. Thus, the ePHI stored on mobile device can be accessed by anyone with access to the mobile device.

You may now feel that I can never access EHR on mobile device. But with some safeguards, you can easily protect patient’s health information while accessing EHR functionalities on a mobile device. These are listed below. We go over them in detail in upcoming blogs one by one with examples and recommended apps to achieve those safeguards on mobile devices

  1. Set a strong alphanumeric password or biometric authentication.
  2. Encrypt the device
  3. Use automatic log off feature in most of the sensitive apps on your phone (particularly that are related to patient data)
  4. Enable remote wipe (a very important safeguard for your mobile device)
  5. Setup immediate lock on device when idle
  6. Refrain from sharing your device
  7. Install firewall, antivirus and malware programs on your mobile device
  8. Use secure Wi-Fi network
  9. Keep the device with you all the time

Conclusion: Mobile devices offer both patients and physicians convenient, user-friendly way to interact and access electronic health records. We need to be aware of the risks involved and take appropriate actions to safeguard the protected health information. With due diligent and common sense, we can enjoy the convenience while securing the protected health information.


  2. The Health Insurance Portability and Accountability Act of 1996 (public law 104-191)
  3. The Security Rule.

ICD-10: The Disaster Hoax

With the ICD-10 implementation deadline looming around, most people conceive the idea as a serious threat or potential disaster for the healthcare industry. The perspective predominantly prevalent is that of the concept promoting ICD-10 as a very serious challenge to the physicians, practices and hospitals. No doubt it is a challenge from a psychological stand point; but in fact it is just another regular update to your everyday coding tasks. Logically, it is evident that every major update in our workflows and technology comes as a means of convenience and comprehensiveness in our systems and processes and making our lives easier.

Anticipation of newer versions of operating systems and updates to the tools, gadgets and technology are mostly linked with excitement and welcomed with enthusiasm. Why so in case of a coding upgrade that all IT vendors are presenting it as a threatening upgrade with expectations of losing revenues and workflow effectiveness. Most of the giants in the EHR, practice management and revenue cycle management space are promoting ICD-10 as a scary monster inflicting goose bumps to every soul that comes across this phenomenon.

ICD-10 is a coding system that has already been established by the regulators of International Classification of Diseases providing more comprehensive codes for every diagnosis that is done by the doctors. In short – a single code will cover many aspects of a specific disease or injury. Insurance payers will be more convinced through the new system of coding done at every practice. It will be an easier decision for accepting claims with a thorough explanation and to-the-point codes governing every procedure. Most physicians are not ready for the change primarily due to psychological reasons and unwillingness to accept the changes. In reality, it is a very simple change for every 100 most-used ICD-9 codes at your practice; you will have an option of using maybe an additional couple of hundred ICD-10 codes at your practice. A cardiologist who uses 40 frequent codes in super bills will end up familiarizing himself with 5-10 codes against each ICD-9 code, which should be a matter of only a week’s training to cover it all. There is no rocket science involved, just grab your copy of the specialty-specific ICD-10 codes guide which is easily available online, and practice creating new super bills with ICD-10 codes. It is eventually going to be easier to choose a code for any specific diagnosis that is being concluded. Mostly it is the physicians who will be making the call to use these codes.

For the first couple of months you might be fumbling around for your ICD-9 to 10 thesaurus and would get used to it very soon and might even throw away the guide you had paid for the all-so-hyped-up ICD-10 transition. The sooner you give it a try the earlier it will be over for you and your revenues would come in at an even greater pace.

Eventually it is a matter of just preparing yourself for a little change in what codes you were using, and there is no reason why your transition can’t be done smoothly. We at MTBC are ready to help you out with our easy-to-use tools for ICD-10 transition at your practice. Contact or call us at 866.266.6822 right now to grab your ticket to the ICD-10 flight.

Disclaimer: The information contained within the MTBC® Learning Center is provided for general educational and informational purposes only and should not be construed as legal advice. The author of the Learning Center does not represent the Web site user or the individual submitting a particular question. Please seek the advice of legal counsel to address any specific questions you may have regarding your particular facts or circumstances.

What is Meaningful Use? What are the stages of Meaningful Use?

Electronic health records (EHR) can provide many benefits for providers and their patients, but the benefits rely on its usage. One provider may use it as a glorified word processor, while another provider may utilize all its features to make his practice efficient. To establish this way of utilization for efficient practice, Centers for Medicare & Medicaid Services developed a set of standards which, if followed, will define the usage of EHR to be meaningful. Meaningful use standards govern the use of electronic health records and allow eligible providers and hospitals to earn incentive payments by meeting specific criteria.

The goal of meaningful use is to promote the spread of electronic health records to improve health care in the United States.

The benefits of the meaningful use of EHR include:

●     Complete and accurate information. With electronic health records, it is assumed that providers have the information they need at point of care to provide the best possible care. Providers will be better prepared to see their patients as walk-in-the-room, having access to patient lab, imaging studies, consults, etc. at point of care.

●     Better access to information. EHR allow providers to have increased access to the patients’ health information at point-of-care which in turn helps diagnose health conditions earlier and improves patient care quality and outcomes. EHR also allow information to be easily shared with other providers, hospitals and across the health system, leading to improved patient care.

●     Patient empowerment. EHR will empower patients to take a more active role in the care of their health and the health of their families. Via the patient portal, patients can access their health information securely and communicate with their providers for better provider-patient interactions.

Stages of Meaningful Use

In order to achieve meaningful use, eligible providers and hospitals must adopt certified EHR technology and use it to achieve specific objectives.

These meaningful use objectives and measures will evolve in three stages over the next five years:

MU Stages

Achieving meaningful use during Stage 1 requires meeting both core and menu objectives. All of the core objectives are required. EPs and hospitals may choose which objectives to meet from the menu set.

In coming weeks/months, we will learn about these Stages in detail. Visit next week to learn about timelines for the Stages and regulatory deadlines in 2014 for providers to meet.