Cyber Security Awareness

Written by: Chris Kujawa, MCSE, MCST
Published: Tuesday, November 13, 2018

The process of getting “hacked” doesn’t always involve a highly trained computer expert on the other end breaking passwords and infiltrating firewalls.  Social engineering has become a very popular way to target individuals and obtain personal information.  It would not be hard to rob a bank if the employees let you into the safe and walk out with the money, right?  Social engineering involves hackers trying to obtain information from or about you via phone, email, social media, etc.  They then use that information to attempt to access your email or online accounts.  A lot of times people will make their mother’s maiden name or pet’s name part of their password reset questions.  A few minutes on Facebook and a lot of that information can be discovered.

Here are some effective ways that you can protect yourself.  Enable two-factor authentication.  Almost all banks or credit institutions have the option.  This service will notify a pre-determined phone or email for verification when logging into your account.  This is currently a much underutilized security feature by most people today.  Facebook, Google, and Apple are all examples of companies that have built-in two factor authentication in their systems that can be enabled.  This feature, while not 100% unbreakable, makes accessing any account extremely difficult without the secondary authentication device.

Be aware of what you are clicking on or saying.  Never use a link via email for account or password updates.  Always go directly to the site in question and sign in.  Some social engineering tactics involve calling the target and pretending to be a sales call.  They then try to extract information about software used, vacations, working hours etc.  The hackers will then use this information to chain together other information in the attack against the target.

Whether it be in the healthcare industry, accounting industry, or any industry that handles private user data these principles can be applied.  Being a victim of social engineering can be quite costly in the areas of private data loss, identity loss, corporate data breaches, firm reputation, and not to mention the time and money involved in the discovery process.

To read more about social engineering, below is a link to the Wiki page:

tags: security - categories: events

Illinois Medicaid Managed Care Transition

Written by: Carol Hamerski, CPA, CPC, CPCO
Published: Thursday, November 1, 2018

We are officially 6 months into the State of Illinois State Wide Medicaid Managed Care Transition.  Of course some areas are running smoother than others.  Now is a good time to take note of what is working in your office and what isn’t.

Implement eligibility checks through your clearinghouse to ensure you have the correct payer for the date of service. MEDI or clearinghouse eligibility should show you if the patient is in fee-for-service traditional Medicaid or with an MCO.

Many of the MCO’s require prior authorization for certain procedures.  Your office and billing staff should be aware of which procedures require prior authorization and how to communicate authorizations obtained with the billing office.    Appropriate coordination and communication between these staff members is essential to ensure payment for those services so the claim matches the provider and procedure with the authorization on file at the carrier.

As the MCO’s are working through this implementation process, there have been multiple claim processing issues come to light.  It is important to promptly notify them of or appeal any claims which appear to be processed incorrectly.  We have found inconsistencies between the carriers in processing of the add-on payments for children and maternal health, sequestration reductions, and fee schedules.  By working with the payer representatives on specific issues and examples, we have been able to get various processing issues addressed and corrected.

If you are still considering contracting with the MCO’s but aren’t sure which one, consider the facilities you provide services in and which MCO’s they participate with, talk with your patients, and review the provider requirements of each carrier.  If you continue to see MCO patients out of network, you are required to have a prior authorization for any service provided, including office visits, which is very time consuming for staff but necessary to be paid for the service.

Tax Planning

Written by: Carol Hamerski, CPA, CPC, CPCO
Published: Wednesday, October 31, 2018

Now is the time to evaluate and plan for your 2018 taxes.  I think about it as being proactive versus reactive.   Early planning allows business owners to implement year end moves to reduce taxes.  Once the year has ended, there are limited moves that can be made to reduce an unexpected tax burden.   There were many changes included in the Tax Cuts and Jobs Act (TCJA) effective in 2018 that may benefit you.

First, if your accounting records are not up to date, NOW is the time to do that.  You can’t plan if you don’t know where you are.  Having accurate and prompt financial information is the key to managing the financial aspects of your business, including appropriate year end planning.   Your tax pro will be able to provide the best advice if they have a good picture of where you expect your financial results to be for the year. 

Thanks to the TCJA, 100% first-year bonus depreciation and increased Section 179 deductions up to $1 million is available for certain qualified new and used property that is acquired and placed in service in calendar year 2018.   This means your business might be able to write off the entire cost of some or all of your 2018 asset additions on this year’s returns. Consult your tax pro for details on how best to get these tax breaks and what types of assets qualify.    And, remember that the acquisitions must be purchased and placed in service prior to the end of the year.  So if there is a piece of equipment or asset you will be purchasing, allow sufficient time to order, pay for, receive and place in service to get the deduction.

There is also a new deduction based on qualified business income from pass-through entities.  The deduction can be up to 20% of a pass-through entity owner’s QBI, subject to restrictions that can apply at higher income levels and another restriction based on the owner’s taxable income.   The new QBI deduction regulations are lengthy and complex.  Contact your tax pro to help you get the best QBI deduction results for your specific circumstances.

With changes to itemized deductions, standard deductions, elimination of personal exemptions, tax rates, and the multitude of specifics included in TCJA, it is important to analyze and plan for your specific situation to maximize the benefits.   

Contact us today to discuss how the new tax law impacts you.

Fraud & Asset Misappropriations

Written by: Carol Hamerski, CPA, CPC, CPCO
Published: Wednesday, October 24, 2018

We often hear about high-profile fraud cases in the news; however, what we don’t realize is how often it happens in our local communities, schools, and businesses. We all share the responsibility for understanding the high-risk areas in our businesses and in the organizations we serve. Let’s look at some key statistics from the 2018 Global Study on Occupational Fraud and Abuse.

Of the three primary categories of occupational fraud, asset misappropriations are by far the most common, occurring in 89% of the cases in the study. Asset misappropriations include theft of cash receipts, such as skimming or misuse of receivables, and fraudulent disbursements, such as payroll schemes or check and payment tampering. The median loss for this type of fraud was $114,000 and the median duration was 16 months. Fraud is most often initially detected as a result of tips from employees or customers of the victim organization, which is why it is imperative that we all stay vigilant.

The data in this report indicates that fraudsters tend to start small and increase their frauds rapidly over the first three years. This is why it is so important for organizations to implement internal controls and fraud detection mechanisms to catch fraudulent activity quickly and minimize the damage.

Click here for a list of things you can do to protect your organization.

Click here to access the 2018 Global Study on Occupational Fraud and Abuse.