Aspects of AI will be a part of the conversation all throughout our agenda, as we explore how AI will shape the future of eye care. Scot Morris, OD, FAAO, will take us on a deeper dive during his presentation on Monday, November 3. This course promises to demystify AI and reveal how AI and AMI will fundamentally reshape eye care delivery. Ensure you are augmented—not replaced. AI can transform everything from your front desk to diagnostic capabilities and patient education.

Dr. Morris brings his experience as a nationally recognized leader in optometry with over two decades of experience in clinical care, education and business development. He is a part of an innovative group of speakers who we will continue to feature here in the months leading up to our meeting.

You can get more agenda details our Clearwater 2025 page here. Don’t forget…you can get paid for attending! Check out our stipend information, too.

Register today! As summer slips away, the meeting will be here before you know it.

For nearly eight years, Dr. Lehr has been focused on his sublease practice, Insight Eye Care in Sioux Falls, South Dakota. He is consistently looking for ways to improve the business and make it the best that it can be. He’s thankful to his dad’s connection to the SNAPP Group, and Dr. Lehr has found great value in his own membership.

Kevin Lehr and Dr. Travis Lehr

The education and connections made within the SNAPP Group have helped him find success by following his own vision. “I discovered that I could run a sublease location the way I wanted to with my background in ocular disease and surgical co-management,” says Dr. Lehr. “It afforded me the option to practice primary care and also to develop the ability to treat disease and build up a base there.” His state has recently expanded his scope of practice, and he looks forward to integrating even more services soon.

Dr. Lehr also spoke highly of the SNAPP Group leadership team and its emphasis on forming a strong group camaraderie. “It’s the leadership that tries to drive that vision and preach innovation,” he says. “All of the leaders possess different strengths that are valuable as a collective. That’s what rallies the group, keeps it in line and interesting.” He makes it a point to attend the annual SNAPP Group meeting.

Dr. Lehr has also joined the SNAPPGroupMasterminds to focus further on the business. He knows he can turn to colleagues in both parts of the SNAPP Group for advice as his business continues to grow and evolve.

Security Rules Update

By Practice Performance Partners (PPP)

In Part One, we covered changes to the Privacy Rules. Part Two will discuss the far more significant changes to the HIPAA Security Rules. As of this time, these rules are only proposed. We feel most of them will likely become law by late 2025 or early 2026. Due to the complexity and volume of changes, we are not recommending changes until the final rule passes. This summary will help explain the extensive changes being proposed.

The preamble to the amendment explains the severe impact cybersecurity issues are having on patient privacy.

• The Department of Health & Human Services (HHS) reports a 50% increase in data breach costs in the last four years.

• Victims of resultant identity theft incur, on average, costs over $13,000 to recover from the exposure.

• To date, only minor changes to the original Security Rule have been implemented and have resulted in little impact on the escalating number of protected health information (PHI) breaches.

• Healthcare entities are the hardest hit because the information collected is far more immutable than financial data. Addresses, phone numbers and even emails change, but social security numbers, driver's license numbers, date of birth and health care history rarely change.

• HHS also reports massive non-compliance with even the existing rules, stating small healthcare practices are “easy targets”.

It is based on this background that sweeping changes to the Security Rule are being proposed. HHS estimates the proposed changes will cost the healthcare sector $34 billion over the next five years. When asked during the comment period about the increased financial burden on providers to comply with the changes, the comment was “cost is not meant to free covered entities from their responsibility”.

The basic changes proposed are:

• Elimination of “addressable standards”. The scaling offered to small practices by allowing them to actively comply with less than half the security standards will be mostly eliminated. This will significantly increase the complexity and volume of data required for compliance.

• Mandatory encryption. While HHS has long stated encryption would be considered reasonable for all data, it will now be mandatory. This will mean encryption of all communications—email, text, FAX, server files, all backups and information on all testing equipment.

• Enhanced risk analysis. The risk analysis that was historically flexible based on individual practice characteristics will now become far more comprehensive and structured—regardless of practice size.

• Vulnerability scanning and testing, once recommended, will be required.

• More extensive regulations and documentation of incident response plans and active incidents will be required.

• Use of multi-factor authentication will be mandatory. It is not yet clear what levels of media devices this will apply to, but it appears the intent is to apply the rule to every login of every device that contains or can access PHI.

• Alignment with National Institute of Standards and Technology (NIST) guidelines. At this time, there is no definitive explanation of what “alignment” means. Full alignment with all NIST regulations would be next to impossible for small healthcare practices.

• Significant increase in penalties for non-compliance, negligence and repeat breaches.

WHAT DOES ALL THAT MEAN?

In a nutshell, it means that the process of risk analysis and management and changes in more than half the 45 security standards will be necessary. This will require a rewrite of every covered entity's Security Manual and customization to their practice.

Again, due to the significant forthcoming changes and potential edits to the rule, we do not recommend making any changes until the final rules are passed. There will likely be a time allowed to make these rather sweeping changes. PPP will be working with our colleagues to make these changes in the best way possible.

Questions on the new privacy rules can be directed to info@practiceperformancepartners.com.

ACUVUE® OASYS MAX 1-Day family has expanded to serve astigmatic patients! It all started with the June launch of ACUVUE® OASYS MAX 1-Day Multifocal for Astigmatism that delivers crisp, clear vision at all distances and in all lighting conditions, plus all-day comfort and exceptional stability.

Johnson & Johnson also launched ACUVUE® OASYS MAX 1-Day for Astigmatism in July. The launch of both products marked the completion of the first and only daily disposable family to include a multifocal toric lens. Learn more here.

Photo credits—Getty images: soar: Michal Krakowiak; update: Melpomenem; VR headset: Andriy Onufriyenko; blood: ahadjidakis