MicroMD PM - Associating Lab Companies with Insurance Plans

With all of the new costs, rules, and restrictions on insurance plans it is important to help patients cut costs to keep their business. One way to do this is to make sure that you are using the in-network lab company associated with your patient's insurance plan to prevent the patient from receiving an unexpected and non-covered lab bill. MicroMD allows you to follow your patient's plan by setting up an associated Lab Company at the Plan level. Here is how to set this up:

1. Go into MicroMD PM

2. Go to Maint drop down menu and choose Plan to open the Plan Detail tab

3. In the Plan Detail tab, check mark 'Lab' in the lower right corner and specify the lab company by typing the lab name into the Lab Name text box. This information can then be set to print on the patient encounter form to alert your Provider's & Lab Tech's as to which Lab specimen's should be sent to.



Posted by Ginnie Hollingsworth | Topic: Tips  | Category: Tips


October 24th, 2014

We have helped a few sites where staff have infected their computer *and* server files. This behavior MUST stop and you have the power.

Delete the message. If you are thoughtless enough to open the message, then do not click any links.

This behavior works to prevent issues, every time, no matter how evil and virulent the malware is.

Do you ever get messages with any of these subject lines? You know what to not do. Do not trust anything in your inbox, do not open these. Ignore them all, delete them all. If it is legitimate, someone will contact you in another way. This list is only a sample, Bad Guys use similar and clever techniques.

  • USPS - Your package is available for pickup ( Parcel 173145820507 )  
    USPS - Missed package delivery ("USPS Express Services" <[email protected]>)
    USPS - Missed package delivery  
    FW: Invoice
    ADP payroll: Account Charge Alert  
    ACH Notification ("ADP Payroll" <*@adp.com>)
    ADP Reference #09903824430  
    Payroll Received by Intuit
    Important - attached form  
    FW: Last Month Remit
    McAfee Always On Protection Reactivation  
    Scanned Image from a Xerox WorkCentre
    Scan from a Xerox WorkCentre  
    scanned from Xerox
    Annual Form - Authorization to Use Privately Owned Vehicle on State Business  
    Fwd: IMG01041_6706015_m.zip
    My resume  
    New Voicemail Message
    Voice Message from Unknown (675-685-3476)  
    Voice Message from Unknown Caller (344-846-4458)
    Important - New Outlook Settings  
    Scan Data
    FW: Payment Advice - Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]  
    Payment Advice - Advice Ref:[GB2198767]
    New contract agreement.  
    Important Notice - Incoming Money Transfer
    Notice of underreported income  Notice of unreported income - Last months reports
    Payment Overdue - Please respond  
    FW: Check copy
    Payroll Invoice  
    Corporate eFax message from "random phone #" - 8 pages (random phone # & number of pages)  
    past due invoices
    FW: Case FH74D23GST58NQS  
    Symantec Endpoint Protection: Important System Update - requires immediate action



Posted by Jim Sherrill | Topic: Tips  | Category: Security

Meaningful Use Stage 2 "MGMA & AMA both want MU Exemption extension" http://www.healthcareitnews.com/news/mgma-ama-want-mu-exemption-extension

Every provider and Office Manager needs to be pushing legislators to allow ALL practices to continue with MU Stage 1 (at a minimum). It would probably help to add the penalizing physicians for things that are out of their control is unethical and should not occur!


Let's not forget about ICD10, yes, that ugly word is back in the headlines: "Even if the ICD-10 compliance date is farther away than it once was, it will arrive eventually. (For real, this time. We think.) And while you'd be forgiven for taking a foot off the proverbial gas, this is time that should be spent pushing ahead with preparedness plans."  http://www.healthcareitnews.com/news/prime-time-icd-10-starts-now

Who knows whether or not CMS will make October 1, 2015 a hard date for ICD10. Just make sure that you have a plan in the event they do.


Posted by Ginnie Hollingsworth | Topic: News  | Category: Tips

ICD10 Deadline Approaching

March 2nd, 2014

 Deadline: October 1, 2014 in 30 Weeks

ICD10 - Do you have a plan?

Everyone hoped that the ICD10 deadline of October 1, 2014 would be delayed, again. Despite the push by so many, including the AMA, it doesn't look like a delay is likely. Why? Because the industry as a whole has spent into the billions of dollars preparing for this mandate. As one of the last developed nations to adopt ICD10, the United States will be lucky to any delay whatsoever.

That means, you better have a plan for your practice.

Question: Who is affected by ICD10?    Answer: Almost everyone in your practice.


The good news is that there are plenty of resources to help you begin preparing no matter where you are in the process. CMS has released "Road to 10," an online resource built with the help of providers in small practices. This tool is intended to help small medical practices jumpstart their ICD-10 transition. "Road to 10," includes specialty references and gives providers the capability to build ICD-10 action plans tailored for their practice needs.

Other helpful sites:



Posted by Ginnie Hollingsworth | Topic: News  | Category: ICD10

Save yourself!

January 11th, 2014

A quick note, it is important to be more paranoid of all attachments and links to web sites. This one is a authentic, serious  risk of permanently losing work or home files. Notice that it scans for files on network shares as well.

In addition to paranoia, I recommend downloading and installing this program with the default settings. I have done this on my work laptop and on my home computer.

Read as much as you want about this nasty extortion process:

From SANS:

--New Hampshire Town Lost Files to CryptoLocker
(January 7, 2014)
A New Hampshire town has lost eight years worth of computer files to the CryptoLocker ransomware. An employee at the Greenland, NH, town hall opened an attachment accompanying an email purporting to be from AT&T on December 26. The system administrator did not learn about the issue until four days later, after the deadline for paying the ransom had expired.

Posted by Jim Sherrill | Topic: Tips  | Category: Security

Short story: On April 8, 2014, after you call to wish me a divine natal celebration, Microsoft stops patching XP. Before this amazing day, you should have replaced all your XP machines, or have them so severely disabled that they are nearly useless.

Longer story: There are many web pages advising about this issue, try https://startpage.com/do/search Because the long line of Microsoft operating systems (NT, 2000, XP, Vista, 7, 8, ...) share components --even today-- once a juicy exploit is discovered in say Windows 7, Bad Guys will use that exploit knowledge to create malicious code that will compromise XP.

XP that is connected to the internet or your network possibly exposes you to violation(s) of HIPAA requirements. This is because XP by April, 2014, will receive no security updates from Microsoft. You might say, "But we have anti-virus and anti-malware that is still updating!" Yes, but these new exploits may precede the detection and fix process in those protection softwares. The best plan is to replace XP as soon as you can. Reduce risk and be safe. Right. Now.


Windows Server 2003 has a similar fate in July 2015.


Postscript: Here are some of the relevant HIPAA regulations.

§164.306 Security standards: General rules.

(a) General requirements. Covered entities and business associates must do the following:

(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.

(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.


§164.308 Administrative safeguards.


    (1) (i) Standard: Security management process. Implement policies and procedures to prevent, detect, contain, and correct security violations.

(ii) Implementation specifications:

(A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.

(B) Risk management (Required). Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a).


    (6)    (i) Standard: Security incident procedures.  Implement policies and procedures to address security incidents.

    (ii) Implementation specification: Response and reporting (Required). Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and their outcomes.




Posted by Jim Sherrill | Topic: News  | Category: Security

Learn, think, be more cautious

October 11th, 2013

You had to learn your software tools to provide healthcare, the same skills and efforts are required to stay safe at work and at home.There are many ways to improve your knowledge and behaviors, here is a useful source: SANS tip of the day

Plus, did you read HIPAA §164.312 Technical safeguards yet? "Assign a unique name and/or number for identifying and tracking user identity." For your medical software products, each human must have their own name and password.



Posted by Jim Sherrill | Topic: Tips  | Category: Security

Reducing risk

September 11th, 2013

How many web sites have you visited? Via our secret, elite Big Brother monitoring tools*, I can answer this question precisely: zero. Neither you nor I have ever "visited" a web site, for that is not how web browsing works. Everything you have ever seen in a browser was sent to your computer directly. You have downloaded all images, text, flying monkey animations, and so on.

The purpose of this post is to make you aware that browsing is not a passive activity, like walking by store windows. When you browse the web or click a link in an instant message, you are asking a remote server to send images, text, scripts, and possibly malicious code to your computer. The latter possibility makes clicking any link a potential risk. Be skeptical and careful.


Learn and improve your security awareness; there are many sites for improving your knowledge.


Bonus if you considered not clicking this link, well done!


*Note that the NSA can do this, MSA cannot.

Posted by Jim Sherrill | Topic: Tips  | Category: Security

Medical Software Associates. 1021 McCallie Avenue. Chattanooga, TN 37403