Physician Practice Roundup—Practice will close after doctors refuse to pay ransom to hackers

Practice will close after doctors refuse to pay ransom to hackers

A Michigan medical practice will close it doors April 30 after hackers deleted all of its patient records when doctors refused to pay a ransom, according to WWMT.

The two doctors, who were partners at the Brookside ENT and Hearing Center in Battle Creek, decided to retire early rather than try to rebuild the practice, according to the report. The doctors refused to pay hackers a $6,500 ransom in exchange for a code to access the practice’s medical files. The hackers deleted all the records, including files, appointment schedules, payment, and patient information.

Hackers did not obtain any patient information because the electronic health record encrypted the files, John Bizon, M.D., co-founder of the center said. The hackers infected the center’s EHR system with ransomware. (WWMT article)

NAACOs, AAMC call for more transparency in CMS innovation payment models

Some of the top policy groups with a stake in alternative payment models (APMs) are calling for the Centers for Medicare & Medicaid Services to improve transparency around its new Center for Medicare & Medicaid Innovation (CMMI) payment models.

Those groups—which also include the National Association of Accountable Care Organizations (NAACOs), the Association of American Medical Colleges (AAMC) and the Healthcare Transformation Taskforce—say there needs to be a more methodical and public process to releasing and updating payment models. 

"As you know, responsibly moving to higher levels of financial risk requires a steady and predictable payment environment. This allows organizations to plan their budgets and care coordination activities and to predict how they will fare under any given model," the groups said in the letter. "Creating clarity and stability for model design will encourage provider organizations to move to higher levels of risk and reward more quickly." (FierceHealthcare)

HHS security policies should focus on incentives, not penalties, health IT leaders say

The federal government needs to provide more resources and incentives to help healthcare organizations better protect their IT systems and data from cyberattacks, according to health IT security leaders.

Currently, the Department of Health and Human Services’ privacy and security standards are too focused on compliance and are unduly punitive to healthcare provider organizations when a breach occurs, they said. 

“It is vital that Congress and HHS identify a pathway for ensuring providers do not unduly shoulder the burden of protecting protected health information in situations outside their control,” wrote leaders of the College of Healthcare Information Management Executives (CHIME) and the Association of Executives in Healthcare Information Security (AEHIS) in a letter to Sen. Mark Warner, D-Va. The letter, penned by CHIME president and CEO Russell Branzell and AEHIS advisory board chair Sean Murphy, was in response to Warner’s request for comment about the state of healthcare cybersecurity. (FierceHealthcare)