Is Your Business Ready For GDPR?
The clock is ticking. The deadline is just around the corner. Do you know if your company will be required to comply with the European Union’s new General Data Protection Regulation (“GDPR”)?
- Do we offer goods and services to people in the European Union (“EU”)?
- Do we have third parties which store or send data to the EU?
- Do we collect or analyze any data of EU residents?
- Do we have any EU citizens as part of our workforce?
If you answered yes to any of these questions, congratulations! You now have one year to figure out how to comply with the new regulations and avoid significant penalties. The good news is there’s still time to develop and execute an effective strategy for compliance, but it is going to take some work and most likely outside counsel from data privacy consultants and attorneys.
The new data protection law was adopted by the EU in April of last year and is intended to bolster data protections for EU residents. The GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. Companies, government agencies, and nonprofits interacting with EU residents have until May of 2018 to comply.
The GDPR defines scope as:
- Organizations who offer goods or services to individuals in the EU (even if they are based outside of the EU)
- Non-EU based organizations conducting monitoring activities in the EU which entail the processing of personal information
How does GDPR define what constitutes personal data? Any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. This will pose a significant challenge to organizations to identify and control personal data.
Some of the key privacy and data protection requirements of the GDPR include:
- Requiring the consent of subjects for data processing
- Making collected data anonymous to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Basically, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of personal data.
What is the cost of non-compliance? How about maximum fine of 4% of your total revenue or €20 million Euros (about $21.9 million dollars) whichever is higher. Companies can be fined if their outsourced data host or processor is breached, meaning your circle of control must extend outside your corporate walls.
While GDPR represents an important step forward for individual privacy rights, it will require vast changes and potentially significant investments by organizations around the world to comply. The good news is that existing privacy methodologies can be leveraged to assess potential gaps and provide guidance to the organization. The time is now to develop your plan of attack, dig deep into your data to better understand your potential exposure, and begin your journey towards compliance.
So what should you do?
- Start planning – if the process hasn’t already been started, then get moving. The significance of this regulation warrants a dedicated resource to oversee the adaptation of business processes in response to it. Your first step should be to put together a team to develop and execute the strategy
- Review data management processes – the team should give consideration to the information your company currently holds. It should review existing supplier contracts and conduct an assessment of what personal data the company currently stores, how it is being used, to whom it is being disclosed and to where it is being transferred. A full and comprehensive understanding of your current data privacy position will make life easier further down the line
- Put data breach reaction procedures in place – for a company that does not have existing procedures for notification of data breaches to the data protection authority, the creation of a protocol will be mission critical. In the event of a breach, timing, accuracy and transparency are key, and failure to respond appropriately could have significant consequences.
Gilmore Jasion Mahler has recently launched a GDPR networking series bringing together companies in our market that are working towards their compliance goals. This series is an important step in facilitating knowledge sharing and real life examples of how companies are attacking this issue. If your company is interested in participating, please contact us at (419) 794-2000.
Matt Hoverman, CISA is a Director with Gilmore Jasion Mahler, LTD and leads the Firm’s IT consulting practice. He has spent his career helping businesses assess their IT risk level and creating a plan to maximize their technology investments. Concerned about other risks your company may be facing? Learn more about Gilmore Jasion Mahler's risk advisory services.
GJM’s Adele Jasion Honored for Accomplishments
Gilmore Jasion Mahler’s Adele Jasion has been recognized by her alma mater The University of Toledo for her professional accomplishments as well as her dedication to community service.
Adele is one of five recipients of a newly established Outstanding Alumni honor from the University of Toledo College of Business and Innovation. She received the award April 13, 2017 during a reception at UT’s Savage & Associates Business Complex Atrium hosted by College of Business and Innovation Dean Dr. Gary Insch.
“UT has certainly played a role for me in both professional and personal success,” she says. “As a graduate of UT, I’ve had many opportunities that continue to this day. I am grateful for these opportunities and I appreciate this recognition.”
Adele graduated from The University of Toledo with a BBA in accounting and systems. While at the University she was active in Beta Alpha Psi, Beta Gamma Sigma and Delta Delta Delta sororities. She was also a student Pacemaker award recipient.
A founding partner of Gilmore Jasion Mahler, she works with clients in both the public and private sectors in a number of industries including manufacturing & distribution, construction & real estate, healthcare and nonprofit. Adele also oversees Gilmore Jasion Mahler’s quality control efforts.
Adele’s certifications include Certified Public Accountant (CPA) and Certification in Risk Management Assurance (CRMA). She is also a Chartered Global Management Accountant (CGMA). Adele is a member of the American Institute of Certified Public Accountants (AICPA), Ohio Society of Certified Public Accountants (OSCPA), the Institute of Internal Auditors (IIA) and the Institute of Management Accountants (IMA). She is a past-president of the Toledo Chapters of the OSCPA and IMA.
Adele’s philanthropic work in Northwest Ohio is equally impressive. She’s committed to supporting many community organizations and initiatives and has been active on many local boards. A past 20 Under 40 award recipient, Adele is the current chair of Read for Literacy and the Employer’s Association and is also involved on the boards of the Toledo-Lucas County Convention and Visitor’s Bureau, the Library Legacy Foundation as well as the Metroparks of the Toledo Area Audit Committee.
Adele is also a survivor of a rare cancer known as Pseudomyxoma Peritonei (PMP) and has taken an active role with a patient support group known as PMP Pals. She travels around the country on behalf of PMP Pals to help raise awareness, educate and offer support to those who’ve been diagnosed and their families.
Other alumni honored during the reception are UT graduate Darren Munn from the Finance Department, Otto Steele from Information, Operations and Technology Management (IOTM), Christine Menard for Management and Russell Ely for Marketing and International Business.
GJM Intern Jessica Knepper Receives 2017 Student Pacemaker Award
Gilmore Jasion Mahler intern Jessica Knepper is one of this year’s recipients of The University of Toledo College of Business and Innovation Student Pacemaker Award. The honor recognizes academic performance as well as community service and leadership. Past GJM recipients of the award include Adele Jasion, Lindsey Shepherd and Rachel Headley. We’re thrilled to see Jessica recognized for her accomplishments. Here’s what she has to say about the award.
What did it mean to you to find out you were a Pacemaker Award recipient?
- I was delighted when I found out I was a Pacemaker Award recipient! There were many deserving applicants within the accounting department so it was a true honor to get the news. The Pacemaker Award is the highest honor a student can receive within the College of Business and Innovation and I am extremely thankful for this recognition. It feels good that my hard work in my academics and on campus/community involvement paid off. I am thankful for the resources COBI has provided students like the job fairs, academic labs, and wonderful professors that allow students to become involved on campus and develop their leadership skills.
How did you decide on accounting as a career and what do you like the most about it?
- I originally went into college as an undecided major but knew I wanted to study something in the College of Business and Innovation. I took German in high school and thought it would be fun to pair a business major with a foreign language. I took a semester of German and decided I did not want to take that path. My mom is the one who mentioned becoming a CPA so I researched the profession and decided to dive in! They say accounting is the language of business so in essence I am still studying a language. My favorite thing about the accounting profession is the challenges that arise in the field of study. I like the fact that every day there are new problems that need to be solved and you get to work as a team to unravel the problem.
What do you find is most rewarding about your work at GJM?
- Since I am still in school I do a lot of homework and studying for tests. Working on projects and returns that have a real-world impact on our clients is the most rewarding thing I find about my work at GJM. Homework and tests are important but working on things that have an actual impact on people is satisfying. My favorite thing about GJM is our people; working with my coworkers every day to solve issues for our clients is tremendously gratifying!
What kind of service work/community service projects and activities have you gotten involved in at the University and in the community?
- On campus, I am involved in the Institute of Management Accountants (IMA) where I have been a member since 2015. I have served as the secretary and social chair on their executive board. I am also involved in an organization called 1girl. The goal of 1girl is to provide leadership skills to middle-school aged girls in impoverished areas to empower them. We teach skills centered on public speaking, problem solving, critical thinking, goal setting, and conflict resolution. I have served as the treasurer of 1girl for 3 years and programmed with them at Lake Erie Academy and the Boys and Girls Clubs of Toledo. I was also fortunate enough to be a student athlete tutor in the fall of 2016 for The University of Toledo. I tutored athletes in Micro Economics, Statistics, Accounting, and an Intro to Business course.
- Off campus, I hold the title of office manager for Harshman Home Services. We focus on home remodeling in Northwest Ohio (and surrounding areas) and recently became a preferred roofing contractor for Owens Corning. My duties include payroll, job costing, invoicing, and marketing. I have been a volunteer tax preparer for the United Way of Greater Toledo and a volunteer dog walker for the Toledo Area Humane Society. I recently was inducted into Beta Gamma Sigma, an honors fraternity for the top 10% of each class in the College of Business and Innovation.
Any advice for young people who may be considering studying accounting?
Accounting can be an intimidating field to enter so my first piece of advice would be not to get discouraged. No one expects you to know everything, so never be afraid to ask questions. Find someone in the accounting profession to “pick their brain”. My dad would always let me tag along when he would go to his accountant for his yearly filing and that was my place to ask questions about a career in accounting. As I said earlier, accounting is the language of business. Even if you do not want to spend your whole life in accounting, I recommend studying it because it provides a solid foundation in the world of business.
If you're an accounting student wondering if GJM is the right fit for you, we invite you to get to know us!
What is Comprehensive Primary Care Plus (CPC+) and is it Right for Your Medical Practice?
You can add another acronym to your vocabulary. As a healthcare financial decision maker, you most certainly encounter dozens, if not hundreds of abbreviations a day. This is one you will want to learn more about.
CPC+ is the Centers for Medicare and Medicaid Services’ (CMS) continued effort to encourage the development of a national healthcare system that provides comprehensive and coordinated care while also controlling overall healthcare costs. Using the initial Comprehensive Primary Care Initiative (CPC) as its foundation, CPC+ has expanded the opportunity for participation to over 2,800 primary care practices located in 14 U.S. regions. Round 1 of the initiative began January 1, 2017 and runs through December 31, 2021.
CPC+ is Medicare’s advanced primary care medical home model; a model with similar attributes as the Patient Centered Medical Home (PCMH) model advocated by the American Academy of Family Physicians. CPC+ incentivizes practices to raise the bar of patient care by offering greater access to 24/7 care, assisting patients with coordination of care, and managing population health through proactively offering timely and preventive care to their patients. CMS believes that by encouraging practices to deepen their capabilities and care at the primary care level, overall costs will be reduced by potentially avoiding costly urgent and emergent care.
Participating practices will receive additional funds from CMS based on the number of Medicare beneficiaries attributed to each practice and whether the practice chooses to participate in Track 1 or Track 2. Track 1 participation allows practices to continue to receive reimbursement based on Medicare’s physician fee-for-service schedule (FFS) with modest at-risk incentives. Track 2 participation offers a reduced fee-for-service payment and larger at-risk incentive payments; providing more risk with more reward. Track 2 participation includes additional requirements with a focus on patients with complex needs. However, both track requirements will evolve over the five year period.
Below is the CPC+ Payment Summary:
Care Management Fee (CMF)
Performance Based Incentive Payment (PBIP)
Medicare Physician Fee Schedule
$15 average per beneficiary per month (PBPM)
$1.25 PBPM on quality/patient experience and $1.25 PBPM on utilization performance
$28 average PBPM including $100 PBPM to support patients with complex needs.
$2 PBPM on quality/patient experience and $2 PBPM on utilization performance
Reduced FFS with a prospective CPCP
*All payments are subject to 2% sequestration adjustment
With the first quarter of CPC+ Round 1 coming to an end, participating practices should have received the first quarterly advance of the Care Management Fee (CMF), the annual advance of the Performance Based Incentive Payment (PBIP), and a list of Medicare beneficiaries attributed to their practice. Track 1 participants receive a quarterly CMF payment that on average equals $45 per attributed beneficiary (or $15 per beneficiary per month) and an annual PBIP payment of $30 per beneficiary. Track 2 participants receive a quarterly CMF payment that on average equals $84 per attributed beneficiary (or $28 per beneficiary per month) and an annual PBIP payment of $48 per beneficiary. All payments will be electronically deposited. If a participating practice has not received payment, CMS should be contacted immediately through the following channels: CMS CPC+ Portal at https://portal.cms.gov/ or contact CPC+ support at 1-888-372-3280 or CPCPlus@telligen.com.
While CPC+ incentive payments can mean tens of thousands of dollars coming into a practice, CMS expects practices to spend this money towards the advancement of care. The care management fees (CMF) must be used to pay for costs related to meeting CPC+ Care Delivery Requirements; enhancing access and continuity, care management, comprehensiveness and coordination, patient and caregiver engagement, and planned care and population health.
Permitted expenses include:
- Wages for new staff to perform Care Delivery Requirements, such as a care manager, care coordinator, pre-visit planner, quality/data analyst, EHR scribe, pharmacist, or behavioral health clinician
- Wages for existing staff to perform Care Delivery Requirements
- Care delivery tools related to Care Delivery Requirements, such as shared decision making aids
- Training and travel directly related to the implementation of Care Delivery Requirements, such as attending CPC+ learning meetings
Prohibited expenses include:
- Health information technology (HIT) purchases or upgrades
- Income tax payments
- Imaging equipment or other durable medical equipment
- Continuing Medical Education (CME) (if not directly related to CPC+)
- Costs (personnel or other costs) related to any practice billing or coding not related to CPC+
- Office supplies or decorations
- Payments to participating CPC+ practitioners for purposes other than supporting work related to CPC+
- Payment to a Care Management Company
CMS will not require practices to return unused CMF amounts at the end of each program year. Practices may carry forward funds for use during future program years. CMS has yet to provide detail on the annual reporting of used and unused CMF amounts. CMF amounts may be adjusted quarter-to-quarter based on changes in the number of attributed Medicare beneficiaries.
CMS does not place restrictions on use of the Performance Based Incentive Payment (PBIP) funds. The PBIP is paid in advance at the beginning of each program year. It is at risk. Practices can be required to return up to the full amount in the event that the minimum performance goals are not met. Performance goals are based on two components: quality and utilization. The quality component is measured based on the practice’s reporting of electronic clinical quality measures (eCQM) and results of patient surveys fielded by CMS contractors on a sample of the practice’s Medicare, commercial and Medicaid patients. The utilization component is measured based on inpatient hospitalization utilization and emergency department utilization of the practice’s attributed Medicare beneficiaries. A reconciliation at the end of each year will compare practice utilization against national utilization. Because a large portion of the PBIP is driven by data acquired by CMS and fully at-risk, practices may opt to retain some or all of the prospective payment until an annual reconciliation is complete.
While programs like CPC+ may be intimidating at first, CMS has stepped up its game with online education with a series of webinars, CPC+ “Office Hour” Q&A forums and CPC+ Connect blogs to assist participants.
Since participation covers the requirements under MACRA and potentially provides practices with financial resources needed to develop a medical home, there is an upside to this CMS program that primary care practices should seriously consider. Although Round 1 has started, CMS has announced Round 2. CPC+ Round 2 applications will be accepted in the summer of 2017.
CPA Judy Anderson is a member of the Gilmore Jasion Mahler Healthcare Specialist Group, which offers advisory and other services to health care entities including physician and dental practices, hospitals and health systems as well as home care and hospice organizations. GJM also provides a free healthcare newsletter, “Practice Management Advisor,” offering information on timely financial issues affecting healthcare practices.
GJM November Special Event Carnevale 2017 Will Benefit Flag City Honor Flight
Save the date for Friday, November 3, 2017. Gilmore Jasion Mahler will host Carnevale 2017 to once again raise money for Flag City Honor Flight. The nonprofit raises funds to fly veterans to Washington, D.C. to see the memorials built in their honor. Flag City Honor Flight leaders say many veterans cannot make the trip on their own, sometimes due to physical or financial limitations. Gilmore Jasion Mahler's 2016 Carnevale event raised $42,000 for Flag City Honor Flight, which has allowed the organization to operate two 2017 flights: one in June and one in September. Carnevale will once again be held in the beautiful Marathon Center for the Performing Arts in downtown Findlay. The special event will feature engaging performers, live music, an auction, heavy grazing, delicious Italian food and drink and much more. Carnevale sponsorship opportunities are now available. To learn more, please call 419-423-4481.