By Mike Peluso, Chief Product and Strategy Officer, Rectangle Health.
Rising costs, consolidation, and new mandates have pushed healthcare payments to a breaking point. Both payers and providers are recognizing that the current system is too slow, too manual, and too fragmented to keep pace with the rest of the digitalized consumer economy.
Administrative work now accounts for a significant share of total U.S. healthcare spending, and outdated payments platforms are a major contributor to this trend. Much of this inefficiency stems from fragmented payer and provider payment systems that rely on manual workflows to move funds and remittance data.
At the same time, patients are bringing retail expectations into every interaction. They want clear, convenient, digitally native ways to understand and pay their bills, and they will gravitate toward providers who offer that experience.
Here are five ways healthcare payments are likely to shift in 2026:
Payer–Provider Payment Rails Will Finally Connect
Today, claims, remittances, and patient responsibility calculations often move across separate rails, with staff bridging the gaps through spreadsheets, uploads, and manual re-keying. This separation creates avoidable delays, limits visibility, and places unnecessary strain on provider revenue cycles.
In the coming year, more organizations will invest in platforms that connect payers and providers in real time. Eligibility, benefits, and point-of-service estimates will sync more cleanly with downstream billing and payment workflows, and funds and data will travel together instead of being split across separate systems.
Rising healthcare costs and mounting financial pressure are making the modernization of these rails impossible to ignore. Recent surveys show that more than two-thirds of payer executives say their firms’ manual payment platforms are reducing efficiency, reinforcing the need for payer and provider payment systems to operate in a more connected way. For providers, better connectivity means faster, more predictable reimbursement, and fewer unpleasant surprises for patients at the end of the process.
Card-on-File Technology Will Become the Default, Not the Exception
Patients are already accustomed to card-on-file experiences in retail and streaming, and are now expecting the same convenience from healthcare, especially for recurring visits, membership plans, and subscription-style care. A large number (73%) already prefer to pay medical bills online using digital wallets.
In 2026, storing payment information securely will be standard practice for many medical offices. Secure vaulting and pre-authorization will make recurring charges easier to manage, reduce repetitive payment conversations, and shorten the lag between service and payment. Providers that pair card-on-file with clear consent, strong security, and transparent policies will be in the best position to build patient trust, and increase payment efficiency..
Paper Checks Will Fade into the Background
Paper checks and cash are unlikely to disappear entirely in 2026, but they’ll continue to decline in healthcare as patients opt for online bill pay, text-to-pay links, and digital wallets. More organizations will encourage patients to opt for mobile-first options and unified online experiences, where they can review charges, ask questions, and pay all in one place. As digital tools and real-time payment rails gain ground, paper-based payments will continue to shrink. For providers, moving away from checks reduces delays, cuts fees, and lowers the risk of misplaced or misapplied payments.
Automation Will Push Practices Toward Zero-Day A/R
Automation becomes significantly more effective when payer and provider systems are connected, allowing payments and data to move together without manual intervention. Practices can’t afford to have staff tied up with manual billing, posting, and reconciliation while wages climb and margins shrink, making automation capabilities in healthcare payments shift from a convenience to a core operational need.
In 2026, more organizations will rework their revenue cycle to collect as close to the time of service as possible and keep days in accounts receivable near zero. Automated tools will calculate patient responsibility in real time, send digital statements and reminders without staff intervention, and post payments while reconciling across systems in the background.
That shift frees staff to focus on higher-value work, such as patient conversations, financial counseling, and maintaining full schedules, instead of keying line items into aging systems. According to insights from PwC, with administrative costs already accounting for approximately 25% of total U.S. healthcare spending, utilizing automation to bend that curve will no longer be optional.
Patient Payment Experience Becomes a True Differentiator
Payment is no longer just a back-office function. It shapes how patients feel about their care. People are accustomed to transparent pricing, straightforward statements, and flexible digital options in other aspects of their financial lives.
As the new year unfolds, more providers will treat payments as a key differentiator in their competitive strategy. That will show up in clearer, jargon-free bills, unified digital experiences instead of scattered portals, and flexible options such as payment plans, cards, ACH, and digital wallets. According to the previously cited PwC research, nearly half (47%) of higher-income healthcare consumers plan to invest more in their health, and 40% are ready to use unified digital records and virtual-first providers, signaling that ease, access, and transparency now drive patient loyalty.
Practices that combine empathetic communication with modern tools for estimating, collecting, and managing payments will be better equipped to build and retain patient trust.
From Intent to Implementation in 2026
Together, these trends point toward smarter, faster, more integrated payment experiences for payers, providers, and patients. Healthcare systems will increasingly favor platforms that support secure, digital movement of both funds and payment data across the payer and provider ecosystem. Automation will push accounts receivable closer to zero, stored payment methods will become routine, paper will continue to fade, and the rails between payers and providers will grow more connected.
Organizations that act now will ensure a future with more stable cash flow, reduced administrative burden, and patients who feel respected rather than overwhelmed by the financial aspects of care. Those who wait may find it harder to thrive in a market where payment experience has become a key factor in how quality is judged.
Over the past decade, patients have steadily shifted from word-of-mouth referrals to digital search when making healthcare decisions. Today, that evolution is accelerating even faster as artificial intelligence (AI) tools, not traditional search engines, emerge as the new front door to finding care.
Instead of spending time talking to friends or browsing through pages of Google results, patients now often simply ask ChatGPT, Google’s AI Overviews, and other consumer AI assistants a simple question: “Who is the best doctor near me?” These tools don’t return lists anymore. They return answers. And which doctors are recommended depends on signals most practices still don’t understand or fully control.
The result? A patient visibility vortex is emerging, where AI will decide which providers appear, which disappear, and which rise above their competitors in 2026 and beyond.
AI is Rewriting the Patient Search Journey
According to rater8’s 2025 Patient Preferences Survey, 31% of patients already use AI tools to research providers. Even more striking: 52% trust AI results as much as or more than traditional search. This shift is accelerating.
AI models now ingest large volumes of public information: practice websites, review sites, news articles, directory listings, Reddit posts, and social media posts. They synthesize all of it into a single recommendation.
As John Bulmer, Public Information Officer at Capital Cardiology Associates, observed in a recent rater8 panel webinar: “Your website is no longer the first place prospective patients meet you — it may be the second or third. And now, with AI pulling information from sources you may not even realize, your broader online presence has never mattered more.”
The old rules of patient search habits no longer apply. Online visibility isn’t earned once and done; it must be constantly maintained because AI evaluates recency, consistency, and credibility across every corner of the internet. Practices that can’t keep pace risk becoming digitally invisible, even if they provide exceptional care in real life.
Inconsistent Information is Killing Your Online Visibility
When AI tools scan the web, they look for clarity. If a practice’s online presence is fragmented or difficult to parse (e.g., different hours listed across directories, mismatched provider bios, or outdated service information), AI hesitates to recommend that practice.
This is where many practices fall behind. Their information may be technically available, but it isn’t standardized. Imagine telling someone to visit your practice, but on one map the building is open, on another it’s closed, and on a third the doctor they’re trying to see doesn’t even work there anymore. That inconsistency erodes trust instantly.
Practices that maintain consistent provider names and credentials, matching hours and phone numbers across major directories, schema-optimized provider pages, and regularly updated content give AI confidence. That confidence translates directly into recommendations.
As healthcare consumerism moves into an AI-first model, structured data will become the new digital bedside manner that signals accuracy, reliability, and professionalism before the patient ever walks through the door.
The Power of the Patient Voice in the Age of AI
Of all the signals AI consumes, verified patient feedback has emerged as one of the most powerful trust indicators.
Unlike testimonials or website copy, verified reviews provide rich, unfiltered, keyword-dense sentiment about the patient experience. AI systems favor this content because it’s recent, specific to the provider, generated by real patients, and difficult to manipulate. This explains why many practices with strong clinical reputations still underperform in AI-driven search. They lack the volume and recency of patient-generated content that AI models prioritize.
Verified reviews, particularly those captured through structured, patient-initiated systems, give AI the credibility it needs to confidently recommend a provider. These reviews also reduce the influence of outdated or unrepresentative feedback, helping practices build a more balanced and accurate online reputation.
Preparing for the Visibility Vortex of 2026
As AI assistants become the default method of care navigation, practices need to think less about SEO tactics and more about visibility ecosystems. That includes:
Maintaining structured, consistent practice and provider data across all major directories
Building a steady cadence of verified patient reviews across Google, Healthgrades, WebMD, and specialty sites
Creating clear, AI-readable content that answers common patient questions
Monitoring how AI interprets their brand across platforms
The patient search process is changing faster than most organizations realize. But with the right strategy, healthcare providers can position themselves at the center of this visibility vortex: earning trust, improving transparency, and making sure their best physicians are the ones AI recommends next.
As artificial intelligence accelerates across healthcare, wellness, and caregiving, the next phase of innovation is shifting from raw capability to emotional understanding. In 2026, the most impactful AI systems won’t just process information faster—they’ll interact more like humans, responding to emotional cues, adapting to individual needs, and supporting real-world behaviors over time.
Below are five AI predictions for 2026 from Dan Hungerford, CEO and Co-Founder of EverFriends, an AI company focused on emotionally intelligent companion systems designed to support caregiving, mental well-being, and human connection.
Hungerford’s outlook highlights a broader industry move toward human-centered, ethically designed AI that prioritizes trust, emotional dignity, and long-term support—particularly in health and care environments.
1. AI Will Develop Meaningfully Higher Emotional Intelligence
Dan predicts that 2026 will mark a major breakthrough in AI’s ability to recognize, interpret, and respond to human emotions. Rather than relying solely on language inputs, AI systems will increasingly understand tone, facial cues, micro-movements, and behavioral patterns, enabling interactions that feel more naturally aligned with human emotional states.
2. Conversational AI Will Become Indistinguishable from Human Interaction
Dan believes conversational AI will evolve into near-human exchanges that are fluid, responsive, and continuous. AI companions will retain long-term context, remember personal preferences and nuances, and adapt their communication styles to individual users. This evolution will shift AI from a transactional tool into a truly relational interface.
3. Precision AI Will Replace Broad, Generalized Responses
According to Dan, 2026 will usher in a move from generalized AI outputs to scalpel-level precision. AI systems will guide users through complex tasks step-by-step, including physical therapy, skill development, and behavior-change routines, delivering highly personalized, accurate, and real-time assistance.
4. AI Will Become a Foundational Support Tool in Health, Wellness, and Caregiving
Dan anticipates that emotionally intelligent AI will play a growing role in addressing loneliness, supporting mental well-being, reinforcing daily habits, and assisting with caregiving responsibilities. Rather than simply answering questions, AI will support users through routines, provide encouragement, monitor subtle changes, and help improve adherence to health-related activities.
5. Human-Centered AI Design Will Become a Priority Across the Industry
Dan expects 2026 to be a turning point for ethical, values-driven AI development. Emotional dignity, safety, accessibility, and relational consistency will become core priorities for product teams. As a result, AI products will be designed to feel more trustworthy, transparent, and genuinely supportive, not just efficient.
By Lee-Ann Ruf, Senior Vice President of Product, MDaudit.
When the Centers for Medicare & Medicaid Services (CMS) launches its Transforming Episode Accountability Model (TEAM) initiative next year, the aim will be to improve the patient experience by better coordinating care between healthcare providers.
For more than 700 hospitals across the country, it will mean meeting new accountability, cost, outcomes, and quality standards for surgical care.
The five-year, episode-based payment model is one of the boldest attempts yet by CMS to link financial incentives to patient outcomes by focusing on six common, costly procedures: lower extremity joint replacement, surgical hip femur fracture treatment, spinal fusion, coronary artery bypass graft, and major bowel procedure.
The government projects TEAM will generate $481 million in Medicare savings over five years by reducing hospital readmissions, shortening recoveries, and more smoothly coordinating care.
For hospitals, TEAM success will depend on more than deft surgical skills. It will hinge on using advanced technologies to manage each episode of care from beginning to end.
Greater Accountability
Hospitals will continue billing Medicare fee-for-service (FFS) next year, but those that are part of TEAM will receive a target price for certain surgical episodes. If actual spending falls below that target without sacrificing quality, the hospital may earn a reconciliation payment. But if they are over budget, the hospital may end up paying CMS.
CMS will evaluate TEAM’s impact using statistical and multivariate analyses to examine care quality, access, costs, and patient-reported experiences.
To stay ahead of the curve, hospitals will need to move away from retrospective reporting and embrace real-time performance management. The key to success will be treating data as a strategic asset rather than a compliance responsibility.
The Data Asset
For hospitals that will be a part of TEAM, preparation is key. For many, that means identifying and closing data gaps, modernizing analytic capabilities, and creating an integrated view of cost and quality across episodes of care.
This involves:
Integrating and standardizing clinical and financial data. Episode-based models require hospitals to understand the full spectrum of care that contributes to cost and outcomes, from pre-operative assessments to follow-up visits. But in many organizations, data is essentially trapped in electronic health records (EHRs), revenue cycle systems, post-acute care organizations, and payer portals. To succeed under TEAM, hospitals will need interoperable data pipelines that integrate clinical, claims, and cost data in a standardized format. They should begin by evaluating whether their data infrastructure supports these functions today and where any integration or data standardization work is required.
Building advanced analytics and predictive capabilities. CMS will examine which factors drive variation in quality and cost within a hospital. Healthcare providers must mirror this same analytic sophistication internally. Predictive models, for example, can flag patients at high risk of readmission, spot potential cost outliers, and trigger proactive interventions before patient health worsens. Hospitals should use machine learning and AI-driven analytics to forecast total episode costs, simulate performance across different scenarios, and identify which post-acute care settings offer the best balance of cost and recovery speed. Clinical decision support tools, dashboards, and care coordination workflows help translate insights into actions.
Investing in data governance and team readiness. Analytics are only as effective as the data behind them. Robust data governance programs to ensure accuracy, completeness, and timeliness of data are a must for hospitals that join TEAM. The key is preparing the people who will handle the data, e.g., clinical, financial, and operational teams must understand how TEAM calculates metrics, tracks performance, and interprets dashboards that guide day-to-day decisions. Additionally, investing early in cross-disciplinary education positions hospitals to embed data-driven decision-making into daily practice.
Strengthening Value-Based Care
TEAM participation is mandatory for many hospitals, especially those with experience in bundled payment models, as well as safety-net, rural, and critical access hospitals.
For these providers, TEAM can be a catalyst for broader digital transformation. By building the data and analytics foundation that TEAM will require, hospitals can also create long-term readiness for other value-based care initiatives.
With the beginning of TEAM and with future goals in mind, hospitals should consider:
Evaluating past bundled payment experience.
Engaging post-acute and primary care partners early.
Piloting real-time dashboards and implementing a TEAM “sandbox.”
Benchmarking and scenario-planning using historical claims data to model potential gains or losses under TEAM’s (and other value-based care) target pricing methodology.
Compliance as a Competitive Advantage
TEAM’s varying risk tracks, which range from no downside risk for some facilities to higher risk and reward for others, will let hospitals ease into full participation. But even those in the lower-risk categories should treat TEAM as more than a mere compliance exercise. It’s a chance to mature data capabilities and unlock future opportunities to improve clinical and financial performance.
TEAM also offers the chance to establish a strong foundation for sustained success as the next generation of value-based care emerges. Investing in integrated data systems, advanced analytics, and robust data governance will strengthen a healthcare organization’s position within TEAM and elevate its revenue cycle operations in the long term.
By leveraging revenue cycle analytics to comprehensively track procedural charges, evaluate reimbursement trends, and accurately forecast payments, TEAM organizations will enhance financial performance and compliance through data-driven decision-making.
Organizations that make these investments will be in a leading position as the next generation of value-based care begins.
By Susan Lofton, VP of outcomes & clinical transformation, WebPT.
The recent layoffs at the Department of Health and Human Services (HHS) have far-reaching implications, not just for policymakers and providers, but for patients who rely on rehabilitation therapy services.
With HHS reducing its workforce by 25%, critical functions that support patient access, program funding, and policy guidance are under pressure.
With 300 positions eliminated at the Centers for Medicare & Medicaid Services (CMS), the agency faces a reduced capacity to provide operational support. This affects implementation guidance, billing and coverage clarification, and problem resolution. When new rules take effect, fewer staff are available to respond to therapists’ questions, creating delays that directly impact patient access and timely care delivery.
Impact on Patient Access and Services
The workforce changes have several potential implications for patients who receive rehabilitation services:
Telehealth Access Beyond September 2025
Medicare telehealth waivers that allow rehabilitation therapists to provide services remotely expired on September 30, 2025. Without further legislative action, PTs, OTs, and SLPs are not able to receive Medicare reimbursement for telehealth services billed after that date.
This matters particularly for homebound patients and those in rural areas who rely on remote therapy services. The uncertainty about telehealth creates significant planning challenges for practices that have incorporated telehealth into their service models and for patients who depend on remote access to care.
Service Delivery and Patient Access
When policy guidance is delayed or unclear, and when administrative processes take longer due to reduced staffing, healthcare facilities face challenges in service delivery. This can translate into longer wait times for appointments, delays in starting treatment, and uncertainty for practices trying to navigate new policies with less federal support available to answer questions.
Research and Future Innovation
Changes to National Institutes of Health (NIH) research funding and oversight may affect the timeline for translating new research findings into clinical practice. While research will continue, the reduced capacity for managing research programs could slow the development and dissemination of new rehabilitation techniques and evidence-based practices that ultimately benefit patients.
Impact on Specific Populations
Jill Jacobs, executive director of the National Association of Councils on Developmental Disabilities, commented on the changes to the Administration for Community Living: “People with disabilities are at risk. This isn’t just about shifting funding. They are taking away a federal agency that is for and about people with disabilities and those who are aging.”
Patients from lower-income backgrounds, those with rare conditions, or individuals in rural areas often rely more heavily on federally supported programs. The Administration for Community Living specifically served older adults and people with disabilities – populations that frequently require PT, OT, and SLP services.
Quality Oversight
A smaller HHS workforce means reduced capacity for oversight activities. This includes monitoring of Medicare Advantage plans, which have become the primary Medicare option for many beneficiaries. According to a senior CMS official quoted in Government Executive: “Service standards for Medicare Advantage beneficiaries and Affordable Care Act consumers will suffer with a reduction in the people that handle their cases and with diminished oversight of the Medicare Advantage plans.”
What Rehabilitation Therapists Should Do
Given these changes, there are several practical steps therapists can take:
Stay Informed: Monitor updates through professional organizations – the American Physical Therapy Association (APTA), American Occupational Therapy Association (AOTA), and American Speech-Language-Hearing Association (ASHA). These organizations track policy developments and provide guidance to their members.
Plan Financially: With the 2026 final rule expected in November, practices should prepare for potential scenarios. Reduced CMS staffing may affect both the timing of the final rule and the availability of implementation guidance. Plan conservatively until the final rule provides clarity on actual reimbursement rates. Consider payer mix strategies that reduce dependence on any single payment source.
Document Thoroughly: Maintain thorough documentation. With reduced federal staffing and potential delays in policy clarification, clear records become increasingly important for managing audits and payment disputes.
Advocate: Contact congressional representatives to share how policy changes or delays affect your practice and patients. With the September 30 telehealth deadline lapsing, this is particularly urgent. Specific examples and concrete data are most effective. Participating in future public comment periods on proposed rules provides an opportunity to share your clinical perspective and concerns about policy changes.
Continue Professional Development: Stay current with continuing education and evidence-based practices, even as research funding patterns may shift.
Looking Ahead to 2026 and Beyond
There is debate about whether these workforce reductions will achieve the HSS stated efficiency goals or whether they will compromise service delivery. Public health experts have noted that maintaining current service levels with a significantly reduced workforce will be challenging; however, some proponents suggest the changes could lead to greater emphasis on chronic disease prevention, an area where rehabilitation therapists play an important role through mobility training, functional rehabilitation, and prevention of secondary complications. Whether reduced federal staffing will support or hinder initiatives in this area remains to be determined.
The Bottom Line
The HHS workforce reductions represent a significant change in federal healthcare administration. For rehabilitation therapists, this means navigating uncertainty around payment policies, adapting to potential delays in policy implementation and guidance, and managing possible changes in program funding. For patients, particularly those who depend on federally funded programs or Medicare services, there may be impacts on access timing and service availability.
The rate of payer audits accelerated in 2025, with hospital inpatient and outpatient average denial amounts that increased by 14% and 12%, respectively. Denial volumes were also up overall, led by a nearly fivefold increase in Request for Information (RFI) and medical necessity denials for Medicare Advantage plans.
The total at-risk amounts, number of claims and average amount per claim increased by 30% in payer audits. Denials related to outpatient coding increased by 26%. These trends send a clear signal to providers that successfully navigating today’s complex financial and regulatory landscape requires prioritizing billing compliance, coding integrity, robust denial prevention strategies, and redefining revenue integrity to ensure sustainability.
These were among the key findings of the 2025 MDaudit Annual Benchmark Report released today by MDaudit, an award-winning cloud-based continuous risk monitoring platform for RCM that enables the nation’s premier healthcare organizations to minimize billing risks and maximize revenues. The central theme of this year’s report is the evolution of revenue integrity from a defensive stance to a proactive discipline that unites charge capture, coding, billing compliance, and denials management within a connected, data-driven framework.
Ritesh Ramesh
“Reactively fixing denials after they occur or addressing compliance findings after the fact is costly and unsustainable,” said Ritesh Ramesh, CEO, MDaudit. “This year’s Benchmark Report clearly demonstrates the urgency behind adopting a unified approach to billing compliance, coding integrity, and denial prevention wherein data intelligence and automation are shared across revenue functions, allowing finance leaders to efficiently shift from managing crises to protecting revenue with foresight and confidence.”
Key Takeaways
The new Benchmark Report reveals several trends provider organizations should act on now, and identifies where to focus their attention, investments, and process improvements to safeguard income and manage risk as they enter 2026.
1. Rising Denial Rates
The upward trajectory of denial volumes and amounts signals the need for providers to sharpen denial prevention strategies. In 2025, the average denied amount for hospitals rose from $4,730 in 2024 to $5,390 (14%) in outpatient settings, and from $504 to $565 (12%) in inpatient settings. This includes a 70% increase in average denied amounts from RFI and medical necessity denials across all settings. Telehealth-related denials were up 84% in 2025, due primarily to missing information, errors in claim submission, non-covered charges, or duplicate claims
To reverse these trends, provider organizations need to take steps to monitor denial trends by payer, setting, and claim type and reinforce root-cause analysis of denials, such as coding, documentation, and charge capture. Investing in early-warning tools and audit workflows that catch high-risk claims before submission is also recommended.
2. Payer Audits Increase
External payer audits surged again in 2025, with total at-risk amounts and audit cases per customer rising by 30%, and the average amount at risk per claim growing 18%. Of the top payer types, 45% of the at-risk amount was driven by commercial payers, while Medicare and Medicaid accounted for 28%. The average at-risk amount for a payer audit in a hospital setting was approximately $17,000, whereas the average at-risk amount at a professional setting was $1,172.
Intensified payer scrutiny necessitates faster response times, stronger documentation, and proactive risk management. This can be accomplished by mapping current audit exposure by payer, audit type, and service line, and prioritizing the highest dollar-at-risk claims for review and remediation. Additionally, providers should build robust workflows to manage audit requests, capture documentation, and respond within deadlines to retain revenues.
3. Outpatient Coding Worsens
Outpatient coding-related denials increased in 2025, rising 26% after a 126% spike in 2024, signaling their critical vulnerability. To slow this escalation, providers must begin treating coding integrity as a foundational risk area rather than an afterthought. This includes conducting targeted risk-based coding audits in outpatient service lines, focusing on training, review, and oversight of outpatient coding workflows, and ensuring that coding tools, documentation support, and coder oversight align with the heightened scrutiny, governance, and human oversight requirements.
4. Technology Unlocks Outcomes
There was a silver lining in the 2025 Benchmark Report: technology- and data-driven approaches are gaining traction and delivering measurable improvements, and revenue integrity teams are increasingly adopting data- and AI-driven approaches to unlock revenue opportunities and mitigate risk. Risk-based audits within the MDaudit platform increased by 25%, and pre-bill audits increased by 30%.
“Provider organizations that leverage data-driven platforms and deploy real-time, continuous risk monitoring can stay ahead of payers by better understanding real-time billing, coding, and payment trends,” said Ramesh. “This allows them to take proactive action to educate providers and coders while addressing other issues.”
Looking Ahead
Technology-including the responsible integration of artificial intelligence (AI) and real-time performance data shared across multiple functions-will continue to play an outsized role in driving competitive advantage and assuring financial resiliency in the year ahead. Integration of autonomous coding, predictive audit sampling, and workflow automation is expected to expand across the industry. Meanwhile:
Continuous risk monitoring tools will reduce payer audit response times by half and maintain tighter oversight of at-risk revenue through automation and centralized audit tracking.
Pairing automation with intelligent human oversight will drive measurable gains in accuracy, compliance, and speed.
AI-powered revenue integrity platforms will result in exponential lifts in operational efficiency and denial overturn success rates.
“The 2025 benchmark data makes clear that the margin for error in billing, coding, and audits has shrunk, and technology is becoming a differentiator,” said Ramesh. “Organizations that adopt analytics, proactive audit/pre-bill workflows, and coding integrity will have a distinct advantage.”
About the Report
The MDaudit 2025 Annual Benchmark Report is a comprehensive examination of real-world data representing the first three quarters of 2025, from a network of more than 1.2 million providers and over 4,500 facilities across 40+ states.
Few in the healthcare industry question the need to modernize the HIPAA Security Rule, the proposed overhaul of which is expected to be finalized in 2026. But even if the final rule is modified to scale back requirements or lengthen timeframes, compliance will be a heavy lift for many physician practices, hospitals, and health systems.
That reality, coupled with the common-sense need for robust security around protected health information (PHI) and other patient data, makes procrastination a compliance strategy that is doomed to fail.
Cyberattacks have reached unprecedented levels in the two decades since the HIPAA Security Rule was passed. The first, and last, major update to the rule took place in 2013, a year when healthcare organizations experienced just 269 data breaches. By 2024, that number had skyrocketed to 734 incidents involving more than 500 records each. Based on current trends, 2025 could experience 750–800 large breaches and analysts warn that more than 300 million records could be compromised if mega breaches continue.
Also at play are covered entities (CEs) and business associates (BAs), which raise healthcare’s risk profile with the threat of unintentional and nefarious events that can endanger electronic PHI and other sensitive data.
Thus, OCR determined that it was time to update the rule to address technological advancements and evolving breaches and cyberattacks. The proposed rule also acknowledges OCR’s greater enforcement experience, improved guidelines, best practices, methodologies, procedures, and processes for protecting ePHI, and various legal decisions that have impacted enforcement.
It also re-addresses one of OCR’s most significant challenges when it comes to regulating security: the rapid advancement of both health IT and the methods employed by malicious actors.
Too-prescriptive mandates would necessitate updating the rule more frequently than is realistic. Previous iterations of the HIPAA Security Rule attempted to address this by being flexible with compliance and classifying many security measures as “addressable implementations,” meaning they were strongly recommended but not explicitly required.
For example, the current rule requires any organization touching ePHI to conduct a security risk assessment to evaluate potential risks and vulnerabilities, resolve any identified vulnerabilities, and document the steps taken. OCR even provides a tool for use in conducting the evaluation. But beyond that, there is no prescriptive guidance. As a result, many healthcare organizations that lacked the resources or technical knowledge to conduct a comprehensive risk assessment wound up taking shortcuts.
While industry support for the HIPAA Security Rule overhaul is broad, so are concerns that the compliance burden will be too high for many organizations it affects. There was a consensus throughout the nearly 4,750 letters submitted during the proposed rule’s public comment period that many requirements would be almost impossible for some organizations to meet without assistance.
Additionally, the proposed rule converts many addressable implementation specifications to required, eliminating a core flexibility aspect of the rule. Finally, for many, compliance with the updated HIPAA Security Rule will not be feasible with their existing technical infrastructure. It would necessitate significant investments in new technologies capable of protecting ePHI as mandated by the rule.
Lessening the Burden
The good news is that compliance does not have to come at the cost of financial ruin. Small steps toward anticipated mandates can be taken now to lessen the compliance burden—many of which are common-sense protective measures that should be implemented with or without regulatory dictates. For example:
Multifactor authentication (MFA) is a highly effective yet reasonably priced protection against phishing and other forms of infiltration.
Regularly backing up data ensures continuous access to information in the event of a system outage.
Ransomware or exfiltration protection that goes beyond encryption can prevent bad actors from exploiting vulnerable access points once they are inside a system.
Other actions that should be taken now include conducting a security risk assessment and drafting a mitigation and remediation plan. Doing so allows for the prioritization of limited resources.
It is also likely that even well-resourced healthcare organizations will require third-party support to take these early actions or achieve compliance within the timeframes outlined in the final security rule. As such, now is the time to identify the right trusted IT management firm to assist with enhanced security and, eventually, regulatory compliance.
Look for firms with a deep understanding of healthcare-specific compliance requirements. Prospective partners should also offer comprehensive services to ensure they can address the comprehensive needs related to compliance with the HIPAA Security Rule and other issues that may arise, including the ability to future-proof security. They should also possess advanced expertise and the willingness and ability to leverage cutting-edge tools and processes that can outperform older or less adaptive technologies.
Look for a partner that emphasizes long-term relationships and offers personalized customer support. Other must-haves include flexibility and scale in their approach to services, transparent price structures, and simple contracts with clear and fair service terms. Finally, during the evaluation process, be sure to ask prospects about response times and disaster recovery capabilities and obtain—and check—references.
Ending Procrastination
While the final requirements may differ from what has been proposed, there is little likelihood that OCR will retract its decision to overhaul the HIPAA Security Rule. It is an action that is long overdue and should serve as a reminder that strengthening data protection is the right thing to do, whether mandated by OCR or not.
Taking steps now will significantly ease compliance burdens and protect one of healthcare’s most valuable assets. For provider organizations with limited resources, taking small steps towards compliance now will go a long way toward protecting patient data.
By John Wallace, PT, MS, FAPTA, chief compliance officer, WebPT.
Being efficient doesn’t mean cutting every cost. In rehab therapy, it means knowing where lean systems are enough and where targeted investments pay off. Many practice owners take pride in their resourcefulness, but avoiding necessary spend can be just as damaging as overspending. True efficiency requires discernment, not deprivation.
Invest in Prevention, Not Just Cleanup
Many compliance challenges are preventable and often come down to education. Annual CPT coding refreshers, documentation training, and payer-specific updates help teams avoid the most common reasons for denials. Fortunately, these resources are widely available and affordable.
Associations like APTA, AOTA, and ASHA offer low- or no-cost defensible documentation checklists. Some EMRs also include built-in CPT code training modules that therapists can complete on demand. Even one annual training session can prevent dozens of costly mistakes and appeals.
A practice that spends wisely on education avoids far more costly cleanups later.
Know the Limits of Internal Fixes
Internal reviews, peer audits, and checklists can resolve most routine issues. But when audit denial rates spike, especially over the 50% mark, it’s time to rethink the DIY approach.
If you’ve already submitted records and received a wave of denials, don’t rush into appeals without backup. Bring in someone who can review your submissions, flag weak points, and ensure the full documentation story is being told. Even one overlooked missing element can tank an otherwise appropriate episode of care.
Waiting too long to get help can turn a manageable problem into a financial crisis.
Reevaluate Your Payer Strategy
Some of the most expensive mistakes rehab practices make don’t come from what’s in the documentation but from who they sign contracts with. It’s common for new owners to accept every payer agreement offered, thinking more plans means more patients. But each payer adds administrative overhead. If the reimbursement doesn’t offset the documentation burden, denials, and audit risks, that contract might be a liability, not an asset.
There are large commercial payers known for aggressive takeback audits. Talk to peers, evaluate patterns, and think critically about which payers are worth the work.
Out-of-network models, while not for everyone, offer more control and less regulatory friction. They require more patient communication and claim support but can protect clinical autonomy and reimbursement consistency in the long term.
When You Do Need Help, Get the Right Kind
Not every challenge requires outside support, but some absolutely do. If a payer is demanding a multi-year takeback or you’re staring down potential legal action, you need a healthcare attorney, not the business lawyer who helped set up your LLC. These legal experts specialize in payer appeals and regulatory defense, often working alongside compliance consultants to prepare defensible documentation reviews.
Start your search through professional associations, peer groups, or online rehab therapy communities. Platforms like Facebook and LinkedIn host active forums where practice owners regularly recommend experienced consultants and attorneys.
It’s not about bringing in an expensive expert for every small hiccup. It’s about knowing who to call when the stakes get high and acting early enough to protect your practice.
Efficiency with Intention
Running a low-cost practice doesn’t mean cutting corners or taking on every responsibility yourself. The most resilient clinics are the strategic ones, whose leaders are intentional with their budgets, prioritize staff training, protect themselves from risk, and avoid contracts that aren’t in their best interests.
Lean doesn’t mean minimal. It means strategic. Knowing when to pull in help or walk away from risk is one of the smartest moves a practice owner can make.
The rate of payer audits accelerated in 2025, with hospital inpatient and outpatient average denial amounts that increased by 14% and 12%, respectively. Denial volumes were also up overall, led by a nearly fivefold increase in Request for Information (RFI) and medical necessity denials for Medicare Advantage plans.
