Ransomware hackers target medical billing companies, and it CAN AFFECT your entire company! (Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.)
Often out of one’s control, ransomware hackers target medical billing companies because of the tremendous value of the data. BUT, there are steps that CAN BE TAKEN to protect you, your company, and your patients and/or clients.
NetWalker Ransomware, for example, gained notoriety for targeting hospitals and healthcare providers with e-mails claiming to provide information about COVID-19. (The e-mail usually has an attachment that downloads the ransomware from a remote server when clicked on.) The thing is, this is very lucrative for identity thieves since medical records information sells anywhere from $1-$1000!
As the number of healthcare providers taking advantage of Telehealth continues to increase—now outnumbering in-person visits—the number of ransomware attacks continues to increase as well. This means Billers and Providers must be aware of the programs that are used on their machines and ensure necessary steps are taken to safeguard against hackers and attacks.
How can you protect yourself and/or your organization?
- Carefully monitoring where you store and enter your passwords can be extremely beneficial to help minimize the risk of a hack and keeping personal or patient information protected.
- Routine password changes and monitoring where you store and enter your passwords can be extremely beneficial to help reduce the risk of becoming a victim to a hacker. Passwords should be long, unique in characters, capitalization, and alphanumerical.
- Have you had an accurate and thorough Security Risk Assessment and/or penetration testing? If you haven’t completed an accurate and thorough security risk assessment, you could also be penalized under ‘willful neglect’ (this category alone is $50,000 per violation!) in addition to the higher risk of ransomware attacks.
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- The strength of your passwords directly impacts your online security.
Live Compliance can help. They aggregate breaches which enables you to assess where personal data has been exposed. Dark Web scanning is built right into their Portal, and it allows you to keep an eye on employees whose information was involved in a breach, where the breach took place, and then suggest the next steps to take.
At Live Compliance, they make checking off your compliance requirements extremely simple and to ensure this doesn’t happen to you or your organization:
- Reliable and effective compliance
- Completely online, our role-based courses make training easy for remote or in-office employees
- Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. (Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as password protection.)
- Policies and procedures curated to fit your organization ensuring employees are updated on all workstation use and security safeguards in the office, or out of the office—all updated in real-time
- Electronic, prepared document sending and signing to employees and business associates
So, don’t risk your company’s future on ransomware hackers. Contact one of EZClaim’s partners, Live Compliance, especially since they are offering a FREE Organization Assessment to help determine your company’s status. E-mail them, visit their website at LiveCompliance.com, or call them at 980.999.1585.
For more information about EZClaim’s medical billing software, which provides a best-in-class product with correspondingly exceptional service and support, e-mail, visit their website, or contact them at 877.650.0904.
[ Article contributed by Jim Johnson of Live Compliance ]
The noncompliance of HIPAA security rules has had huge consequences for an IT and health information management company.
CHSPSC LLC, (“CHSPSC”) has agreed to pay over $2 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), for the breach of Protected Health Information (PHI). The Business Associate was notified by the Federal Bureau of Investigation (FBI) that it had traced a cyber-hacking group’s advanced persistent threat into CHSPSC’s information system.
After OCR ‘s investigation, it was found that CHSPSC had “longstanding, systemic noncompliance with the HIPAA Security Rule including failure to conduct a risk analysis, and failures to implement information system activity review, security incident procedures, and access controls.” The large health system provided various Business Associate services, including IT and health information management, to hospitals and physician clinics. These violations could have easily been avoided! OCR Director Roger Severino said, “The healthcare industry is a known target for hackers and cyber-thieves. The failure to implement the security protections required by the HIPAA Rules, especially after being notified by the FBI of a potential breach, is inexcusable.”
In addition to the monetary penalty, the Business Associate will be required to complete a “robust” Corrective Action Plan (CAP) with monitoring activity for at least the next two years. CHSPSC will also be required to do the following:
• Implement technical policies and procedures to allow access only to those persons or software programs that have been granted access rights to information systems maintained
• Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports
• Conduct accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI
All this shows that ANYONE can face HUGE penalties, and they would most likely bankrupt a small billing company or an independent physician practice.
So, based on this specific example, it is VERY important to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, a billing company, or other vendor, suspect a breach, you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action.
Keep in mind, a Business Associate is a ‘person’ or ‘entity’. This means that ALL billing companies—large or small—need to comply with the Federal HIPAA security rules and regulations. So, if your company has not completed an accurate and thorough security risk assessment, there is a possibility that you could be penalized under ‘willful neglect’. (This category alone gas a fine of $50,000 per violation!)
So then, what can be done to ensure this doesn’t happen to my billing company or my organization? Well, one of EZClaim’s partners, Live Compliance, can make determining your compliance requirements extremely simple:
• Completely online, Life Compliance’s role-based courses make training easy for remote or in-office employees
• Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.
• Policies and procedures are curated to fit your organization, ensuring employees are updated on all workstation use and security safeguards in or out of the office. Update is in real time.
• Electronic, prepared document sending and signing to employees and business associates
So, don’t risk your company’s future, especially when Life Compliance is offering a FREE Organization Assessment to help determine your company’s status. Either call Life Compliance at 980.999.1585, visit LiveCompliance.com to schedule an assessment, or e-mail Jim Johnson.
[ Article contributed by Jim Johnson of Live Compliance ]
EZClaim is a medical billing and scheduling software company that provides a best-in-class product, with correspondingly exceptional service and support, and can help improve medical billing revenues. To learn more, visit their website, e-mail them at firstname.lastname@example.org, or call a representative today at 877.650.0904.
The SIX KEYS to sustaining your practice through the COVID-19 pandemic are online payments, Telehealth, automation tools, cyber protection, financial aid, and a good patient experience.
When Coronavirus first started to impact medical practices across the country, providers quickly put temporary solutions in place to ensure they were still able to see patients safely. As the pandemic endured, some of these “temporary” solutions became a “normal” part of doing business. While we can’t predict exactly how COVID-19 will affect us in the future, one thing is becoming clearer every day: Some of the changes that have been made in the past few months will shape how healthcare is managed after the global health crisis is over.
So, it’s time to start thinking long-term with your COVID-19 strategy. Here are six ‘keys’ for sustaining your practice right now that will continue to be important after the pandemic is over.
1. ONLINE PAYMENTS
Most businesses already process a good amount of their payments online (including EZClaim), but healthcare has been slow to adapt in this area. Practices no longer have the luxury of taking their time adopting digital payment options. It’s time to give patients what they’ve been wanting for years: the ability to pay their bills online.
Because the pandemic is still with us, contactless payments have surged. No-touch payments are an easy way to reduce the spread of germs, and most people already have the tools they need to complete these types of payments: phones, computers, and credit cards.
Online payments are encouraged even when you’re meeting patients in the office. EZClaim customers can easily facilitate this with LinkPay. The process is easy and can be done once an appointment is made.
Here’s LinkPay in three simple steps:
1) Create a customized payment link with the required amount
2) Email or text the link to the patient before their visit
3) Patient pays the required amount, which is immediately confirmed and processed
COVID-19 demanded contactless payments for safety, but now patients now expect them for convenience. Medical practices will need online payments if they are to stay relevant in the future.
Telehealth threw providers a lifeline when patients stopped coming into the office. The government acted quickly to relax Telehealth reimbursement policies so providers would be paid just as much for a Telehealth visit as they would for an in-office visit.
Congress is hoping to make these changes permanent. Whether they succeed or not, plan on keeping Telehealth as an option for your patients. Because Telehealth is not just useful during a pandemic, it’s great during normal life, too. Not all visits require an in-person encounter, and patients of all ages can benefit from the convenience of not having to physically leave their homes to get the medical care they need.
Patients have become used to having Telehealth as an option. Keeping it as an option going forward will set you apart from other practices.
3. AUTOMATION TOOLS
Chances are you are working with fewer people than normal. So, with fewer people to handle your billing and payments, your best option is to automate whatever you can.
This could mean setting up AutoPay for patients you see regularly, so they don’t have to manually pay their bill every time. It could also mean setting up a payment plan, in which a fixed amount will be paid automatically every month until the balance is paid off. It could also mean outsourcing your collections.
Automation doesn’t mean you lose control. Rather, it gives your staff more time to manage other essential operations. EZClaim customers have all of these automation options available to them through BillFlash.
4. CYBER PROTECTION
With digital tools becoming more prevalent, it is more important than ever to make sure your systems are protected. Hackers are out in full force right now, so it is imperative that you have proper malware and anti-virus software in place to protect your practice, your patients, and your employees. Do your homework on the tech companies you work with, too. Protecting your practice and your patients should be a top priority!
Of course, your staff will need to be up-to-date on HIPAA protocols, as well. Make sure you are doing everything you need to protect patient privacy online as well as offline.
5. FINANCIAL AID
Some practices are struggling financially and may need government aid to get them through the current crisis. Keep an eye on government funds that are available and stay informed on their different requirements.
If you haven’t already, consider applying for a line of credit. This is a standard operating procedure—even during normal times—and can help protect you from further financial disruptions in the future. No one knows how long this pandemic will last, so having a line of credit to fall back on during the coming months and years could be a game-changer for your practice.
6. A GOOD PATIENT EXPERIENCE
Above all, you need happy patients. That is true whether we are in a recession or not. Happy patients are more likely to pay their bills, more likely to return for future care, and more likely to recommend you to family and friends.
So, as you make some of the changes you made during the pandemic permanent, make sure you are still doing the little things to ensure a positive patient experience. These include:
• Keep wait times short
• Maintain eye contact during visits to assure patients that you care
• Be transparent about payment expectations and insurance, as well as what you’re doing to keep patients and staff safe
• Allow patients to pay using their preferred payment method
• Offer payment plans in lieu of paying large bills in one lump sum
A positive patient experience will be key in bringing your patients back to the office as the global health crisis continues.
NexTrust from BillFlash offers a variety of innovative billing and payments solutions for EZClaim customers. Visit billflash.com or e-mail them at Sales@BillFlash.com to learn more about how you can get paid more, get paid faster, and ensure you have the online tools you need to thrive during the pandemic.
For details and features about EZClaim’s medical billing software, or the other partners they have integrated into their billing solution, visit their website.
[ Written by Kathy Scott, Marketing Manager at BillFlash and NexTrust, Inc. ]