The MedRisk Blog
Maryland Cybersecurity Law: In June, Maryland enacted legislation that sets cybersecurity standards for insurers, TPAs and their third-party service providers. According to the National Association of Insurance Commissioners, Maryland becomes the 18th state to adopt a version of the NAIC Insurance Data Security Model Law (#668). Along with the New York regulation “Cybersecurity Requirements for Financial Services Companies” (addressing the same issues but following a different model), the legislation establishes generally accepted data security standards for workers’ compensation payers and their trading partners.
Implications: The provisions of the model act offer a guidepost for payers’ internally developed cybersecurity standards, since they are now broadly required by state law. Fortunately, they are reasonable, requiring payers to develop and implement a data security program to identify and protect against risks, respond to data incidents and investigate and disclose cybersecurity events to regulatory authorities and affected consumers and trading partners. Payers are also required to oversee compliance of their third-party service providers using or accessing the payer’s confidential information.
New York WCB Clarification regarding Payer Objection Notices: The Workers’ Compensation Board has clarified its earlier guidance, stating that Form C-8.4 notices to providers and the Board need not be sent if the reasons for lower payment are standard bill review adjustments, including PPO network reductions. Specifically, the bulletin states:
Payments may be appropriately reduced, but objections should not be submitted by the insurer to the Board in the following scenarios:
Implications: This revision should greatly reduce the voluminous paperwork burdening claim organizations doing business in New York. On a related topic, the WCB is in the midst of a multiple-year move to electronic submission of filings, a key feature of which is the OnBoard application. For more information go to the Payers section of the Medical Portal here: http://www.wcb.ny.gov/medicalportal/.
Telehealth Compliance with HIPAA: The Office of Civil Rights (OCR) within the US Department of Health and Human Services has recently issued guidance broadly endorsing the use of audio-only telehealth services to increase access to health services by patients who have limited financial resources or who live in rural areas with limited broadband availability. The guidance can be found here: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-audio-telehealth/index.html.
Implications: OCR enforces federal privacy regulations (e.g., HIPAA) that generally don’t apply to WC payers, but health care providers and payers’ third-party service providers don’t enjoy those same exemptions, so this clarification comes as a welcome relaxation of regulatory constraints.
On a related telehealth topic, a new study from physical therapy quality analytics firm Focus on Therapeutic Outcomes (FOTO) found that, for telerehabilitation for low back pain, telerehab (a) was equally effective in improving functional status outcomes for patients with low back pain compared to traditional in-person office visits, (b) usually involved significantly fewer visits, and (c) had roughly equal patient satisfaction ratings (82% for telerehab versus 86% for in-person office visits.
Sign up for the MedRisk newsletter to get the latest updates from the leading provider of managed physical medicine.
Please fill out this form to receive an access code to see our full list of clients.
Please fill out the following form for an access code to see our full Providers list.