In healthcare, data breaches and cyber threats can disrupt patient care, compromise sensitive information, and even lead to financial losses.
A strong cyber resilience plan isn’t just about preventing attacks; it’s about preparing, responding, and recovering quickly if one occurs.
Here’s a step-by-step guide to building a cyber resilience plan tailored to the healthcare industry, ensuring your organization is well-prepared for cyber threats while maintaining patient trust.
1. Assess Your Current Cybersecurity Position
Begin by evaluating your cybersecurity strengths and weaknesses. Identify all digital assets linked to your network to uncover potential vulnerabilities. These include patient data systems and any third-party software, such as electronic health record (EHR) platforms. It’s also crucial to assess any digital health tools, like mobile apps or wearable tech integrations, that interact with patient data.
Once you’ve mapped out your assets, review defenses like firewalls, encryption, and system access policies to establish a baseline. This helps pinpoint gaps, providing a clearer picture of where to prioritize security improvements.
2. Set Clear Goals for Cyber Resilience
Define what “cyber resilience” means for your healthcare organization, focusing on maintaining essential services, protecting sensitive data, and reducing recovery time during an attack. These goals are critical in healthcare, where patient care depends on system availability.
Setting benchmarks, such as maximum allowable downtime or acceptable data loss, gives your team clear, measurable outcomes. This alignment ensures everyone understands the plan’s priorities and what success looks like.
3. Implement Cloud Security
Cloud technology is essential in healthcare for storing and sharing patient data, but it brings unique risks. Strengthening cloud security involves using multi-factor authentication (MFA) for system access and encrypting all data stored or transferred in the cloud.
Choose cloud providers who comply with healthcare regulations and conduct regular audits to ensure ongoing security. With robust healthcare cloud security measures, you protect patient data and enhance recovery options if a cyber incident occurs.
4. Develop Incident Response and Recovery Protocols
An effective resilience plan includes detailed incident response and recovery protocols. Your response plan should outline immediate steps for a breach, such as identifying the threat, containing it, and notifying affected parties under the Health Insurance Portability and Accountability Act (HIPAA) guidelines.
Disaster recovery protocols focus on restoring systems and retrieving data quickly, minimizing operational disruption. Automated backup tools help reduce downtime, and regular testing ensures readiness for real-world incidents.
5. Train Your Staff in Cybersecurity Awareness
Employee mistakes are a frequent cause of security incidents, often due to actions like clicking unsecured links, sharing passwords, or ignoring security alerts. Regular training equips your team to identify phishing emails, avoid unauthorized software downloads, and report unfamiliar devices connected to hospital equipment.
Additionally, encourage proactive security habits, such as locking screens when away, securing personal devices used for work, and updating passwords regularly. Hands-on activities, like unauthorized access scenarios or fake login prompts, help employees practice responses effectively. A culture of cybersecurity awareness empowers staff to safeguard data, fortifying your defense against potential breaches.
By Dara St. Louis, executive vice president and a founding partner, Reach3 Insights.
Many of us know exactly how many steps we’ve taken today. A quick glance at our phone or other fitness tracker makes quantifying certain aspects of our health a literal no-brainer. But while digital health is integrating snugly into everyday life for many Americans, there’s a catch: For every digital health evangelist, a similar number of Americans don’t trust big tech to use their health data responsibly.
In a study of 1,012 Americans 18 and older, we uncovered a tension between growing adoption and lingering trust issues that poses a unique challenge for companies in the healthcare tech space. Companies that can strike the right balance between innovation and trust could win over both sides of the trust spectrum, especially among younger, tech-savvier generations.
Digital Health Adoption Continues to Surge
Our latest digital health research suggests Americans are ready and willing to use technology to help them manage their health needs. Our latest digital health research reveals significant growth in the adoption of health-related technology among Americans:
— 66% of Americans now use health-related devices (up from 18% in 2021).
— 72% of Americans are using health-related apps, a sharp increase from 55% in 2021.
Fitness wearables and health apps have become mainstream, especially among younger generations:
— 29% of Gen Z and 23% of Millennials are particularly drawn to holistic wearables.
These users aren’t just downloading apps—they’re using them regularly. In fact:
— 88% of users actively engage with their health and wellness apps, especially for tracking: Fitness, nutrition, sleep, and mental health.
Mental health app usage is particularly notable among younger users, as 26% of Gen Z and 31% of Millennials use mental health apps. Many Americans say they’re open to AI playing a role in their health as well:
— 53% of respondents have positive or very positive feelings about AI in health and wellness.
— 17% specifically seek out applications that use AI.
— Over two-thirds might be interested in AI for digital health, especially for: Fitness, diagnosis, and screening applications.
The average American seems excited for digital health integration on the part of healthcare tech providers. There’s just one issue.
Americans Don’t Trust Big Tech with Their Health Data
The convenience is appealing, but when it comes to handing over sensitive health data, many are hitting pause. We saw this skepticism crop up several times in our research: The tech is promising, but Americans’ relationship with Big Tech is a stumbling block.
Fifty-seven percent of Americans believe tech companies could bring down the cost of healthcare, but 53% say they would never trust these companies with their personal health data. Over time, Americans have developed more reservations about Big Tech’s involvement in healthcare, with 44% expressing concerns in 2024 (up from 28% in 2022). Data privacy remains a key issue, as 49% of consumers are afraid it may be misused by the companies.
The pharmaceutical industry is constantly evolving, driven by advances in science, technology, and patient needs. One of the most prominent trends shaping this industry is the outsourcing of various stages of drug development.
As companies aim to optimize costs and resources, outsourcing has become a strategic approach for pharmaceutical organizations looking to streamline operations, accelerate timelines, and maintain flexibility in a highly competitive market. By partnering with specialized organizations, companies can focus on their core competencies while leveraging the expertise and capabilities of external providers.
The Growing Importance of Outsourcing in Drug Development
Outsourcing is now a well-established strategy within the pharmaceutical industry. Particularly in the areas of research and development (R&D) and clinical trials, outsourcing offers significant advantages, from cost reduction to faster access to specialized skills. In an industry where time and quality are critical, outsourcing provides an opportunity for pharmaceutical companies to stay agile and meet regulatory requirements efficiently. Furthermore, outsourcing supports the global expansion of drug development, allowing firms to navigate regional regulations and access patient populations more effectively.
A recent report by Forbes underscores how pharmaceutical companies are increasingly relying on outsourcing partners to meet their R&D needs and manage costs. This trend is expected to grow as companies face rising pressure to bring innovative treatments to market quickly while balancing budget constraints. Outsourcing allows companies to meet these demands without compromising on quality or compliance, leading to faster and more efficient drug development processes.
The Role of Contract Research Organizations (CROs)
Contract Research Organizations (CROs) play a central role in the outsourcing landscape. These organizations provide a range of services, from preclinical studies to clinical trial management, ensuring that pharmaceutical companies have access to the resources and expertise required to conduct thorough, compliant research. CROs have the specialized knowledge needed to navigate complex regulatory requirements across different regions, which is particularly beneficial for pharmaceutical companies with global ambitions.
One notable example of specialized CROs is US clinical research organizations like Ergomed, which focus on supporting drug development through high-quality, regulated trials. These organizations bring expertise in protocol design, patient recruitment, data management, and reporting, enabling pharmaceutical companies to concentrate on advancing their therapeutic areas while CROs handle the operational complexities of clinical trials. By collaborating with reliable CROs, pharmaceutical companies can also benefit from enhanced data accuracy, regulatory compliance, and faster trial execution.
By Stephanie Jamison (Greenway Health) and Leigh Burchell (Altera Digital Health), Chair and Vice Chair, EHR Association Executive Committee, and Greg Thole (Oracle), Chair, EHR Association Certification Workgroup
Following an in-depth analysis of HTI-2 and the process of drafting comments (available here), the EHR Association has identified several overarching issues, as well as specific concerns related to Insights measures within the proposed rule.
Highlighting the Positives
Before we delve into the negatives, however, it is important to note that we are highly supportive of several of ASTP’s recommendations. One is the proposal to expand the Certification Program to include criteria focused on the adoption and use of certified health IT by both payers and public health agencies (PHAs) to supplement criteria for healthcare providers. Holding all parties to specific and consistent standards and procedures is critical to achieving real end-to-end interoperability.
Greg Thole
Another is the way ASTP has structured the numerous new proposed FHIR API-based required features (e.g., dynamic registration, SMART Health Cards, CDS Hooks, Subscriptions) in a manner that allows developers to re-use the same capability for multiple different use-case-focused criteria. This is a helpful format that allows developers to streamline and avoid duplicating work effort.
Finally, in the context of the Insights requirements, many of ASTP’s proposals demonstrate attentiveness to the questions and concerns raised by the Association and its member companies since the measures were originally finalized in HTI-1 rulemaking. Some of these tweaks to measurement specifications will reduce the burden and make for more consistent and valuable reporting data.
Overarching Concerns
While we do support many elements of HTI-2, there are also several areas of real concern. We’ve raised many of them previously in comments, but they have yet to be adequately addressed by ASTP and other regulatory agencies.
For example, a common refrain in the Association’s comment letters and RFI responses is that compliance timelines and the scope of work in ASTP regulations create significant burdens for all health IT developers, as well as our healthcare provider customers. We delivered this message related to HTI-1, and our members are now devoting extensive resources to compliance—sometimes at the cost of innovation clients have requested.
Yet, as evidenced by the extensive scope of the HTI-2 proposals, ASTP and CMS continue to ignore the significant and serious timeline concerns we’ve voiced for years. CMS programs, such as the Medicare Promoting Interoperability program and Merit-based Incentive Payment System (MIPS), require healthcare providers to use upgraded certified EHR technology effective essentially on the same deadlines set by ASTP for vendors to deliver those updates. This forces developers to deliver compliant solutions significantly earlier than the deadlines officially listed by ASTP and does not allow adequate runway after the deadline for healthcare providers to adopt the updates, potentially compromising a safe and effective implementation process.
External audit volume more than doubled in 2024 over 2023-including higher rates of pre-payment audits-and total at-risk dollars increased fivefold to $11.2 million per MDaudit customer, impacting healthcare provider organizations’ cash flow and exposing them to higher potential denial rates.
Additionally, improvements in revenues and operating margins throughout 2024 were tempered by higher denial rates, including an increase in coding-related denials of more than 125% and in medical necessity-related denials of 75% for outpatient claims and 140% for inpatient claims. These trends highlight the pressing need to overhaul revenue cycle management (RCM) strategies in the coming year.
These were among the key findings of the 2024 MDaudit Annual Benchmark Report released today by MDaudit, an award-winning cloud-based continuous risk monitoring platform for RCM that enables the nation’s premier healthcare organizations to minimize billing risks and maximize revenues. Last year’s report forecast strong volumes for healthcare organizations, the impact of which was constrained by challenges related to controlling costs, improving margins, and seizing opportunities to generate new revenue streams-predictions that held true as operating margins improved by more than 4% against a surge in audits and denials.
Ritesh Ramesh
“Looking ahead to 2025, those same headwinds, along with new risks around timely reimbursement and cybersecurity costs, will impede continued progress toward financial stability,” said Ritesh Ramesh, CEO, MDaudit. “This backdrop of challenges elevates RCM transformation to a strategic imperative for health systems in 2025, with an emphasis on continuous monitoring of financial risk to enable proactive mitigation of issues before they impact operations.”
Payer Behavioral Shifts Send Audits Surging
An increase in external audit volume, coupled with an increase in the average denied amount per claim across professional (~4%), outpatient (~3%) and inpatient (7%) settings, exerted additional financial pressures on healthcare providers. This year also saw a trend in more pre-payment audits. Unlike traditional post-payment audits that can result in clawbacks, pre-payment audits increase denial risks and cause cash flow issues.
Payers also stepped up clinical documentation scrutiny, sending audits surging by 100% over 2023 levels and contributing to a 3-year increase in clinical denials of 51%. To counter this trend, providers must focus on high-value services and ensure that clinical documentation improvement (CDI), billing, coding, and RCM programs are tightly coupled to implement a closed feedback loop from the backend to the mid-cycle to drive efficiencies.
Additionally, the Centers for Medicare and Medicaid Services (CMS) has put Medicare Advantage (MA) plans under the microscope as it continues ferreting out fraud and abuse-efforts that led to a 72% rise in hierarchical condition category (HCC) and Risk Adjustment audits and a 51% increase in total denial amounts for MA plans.
This heightened scrutiny, coupled with more strident authorization requirements and higher denial rates, have many providers rethinking participation in MA plans. At minimum, billing compliance and coding teams should be focused on eliminating improper practices that will lead to heavy fines and penalties. This is particularly critical considering MDaudit findings that more than 25% of providers on average failed audits across both professional (33%) and hospital (23%) care settings.
Over the past decade, credit card spending has more than tripled, leading to billions of dollars in processing fees for merchants. Despite the size of this industry, many find its complexities challenging to navigate. Credit card processors frequently hide and inflate fees, resulting in substantial annual expenses that could otherwise be reduced or eliminated.
Navigating the ever-changing changing landscape of the processing industry and opaque merchant statements can be especially daunting for medical offices. Those without the expertise or resources to review these costs often wind up paying more than necessary. However, it is possible for experts to demystify these fees through a merchant statement analysis to identify potential savings for medical practices.
Eric Cohen
Eric Cohen, CEO of Merchant Advocate, specializes in assisting businesses and medical practices of all sizes—from large medical groups to small clinics—in uncovering hidden fees and optimizing revenue structures without switching processors.
Below are some common questions Eric encounters from medical office administrators and managers about managing processing fees.
Why should medical practices prioritize optimizing their credit card processing costs?
All businesses would benefit from optimizing their processing costs, but for medical practices, this is even more true given their unique challenges. These include costly fees from virtual credit insurance payments, software integration issues, and handling sensitive patient data, which can mean inflated fees, penalties, and a higher risk for security breaches. Medical practices looking to reduce these unnecessary expenses can bring in a third-party consultant or advisor to find hidden fees and potential areas to optimize their costs, ultimately strengthening their bottom line.
How much do credit card processing fees typically cost medical practices?
Credit card processing fees typically cost anywhere from 2.5% to 4.5%, depending on the type of transaction, merchant category, and card used. Since medical practices often handle large volumes of payments, these fees can go unchecked, becoming quite costly. Businesses can save on these fees by understanding and analyzing their merchant statements to identify areas where they are being overcharged and negotiating with their processor.
How can medical practices avoid these processing fees?
Beyond regularly reviewing credit card statements, medical practices can avoid unnecessary fees by regularly updating their practice management software. With critical patches for security and compatibility, delays in these updates can lead to serious consequences, such as HIPAA violations. These violations can result in hefty fines and damage to your business’ reputation. In addition to protecting your reputation, keeping your software up-to-date and compliant protects your business from any penalties that may arise if not all the required data is passed to the processor.
How can medical practices prepare for credit card surcharging?
Practices considering a surcharge program need to be aware of the laws and regulations that vary by state and card network. For example, New York State recently introduced a law requiring businesses to disclose credit card surcharges, limit them to the processor’s fee, and display the total cost including the surcharge or the cash price alongside the card price before checkout. It’s more important than ever for practices to prepare, which can be achieved by knowing what the law requires of your practice in your state, including familiarizing yourself with fee caps and signage requirements. Many states mandate visible signage at the point of sale, with some requiring signage at the entrance to inform customers about surcharges.
By Ben Manning, director of product management, ETHERFAX.
Despite significant progress in health information technology (HIT) and artificial intelligence (AI), many healthcare processes remain inefficient. Administrative workflows are cumbersome and error-prone, and they can lead to serious repercussions, including delayed patient care, clinician burnout, and mounting costs.
Generative AI (Gen AI) is a type of artificial intelligence that creates new content—such as text, images, or even insights—by learning from large datasets. In healthcare technology, Gen AI has transformative potential. It can automate tasks like generating medical summaries, assisting with diagnostic image analysis, or even suggesting personalized treatment plans, thereby saving time for healthcare providers and improving accuracy in patient care.
Additionally, Gen AI can streamline administrative tasks and data analysis, helping organizations manage records, optimize workflows, and enhance decision-making. However, realizing this potential requires a deep understanding of existing challenges in healthcare workflows and a strategic approach to integrating automation into day-to-day operations.
The Ripple Effect of Inefficiencies
Inefficiencies in healthcare workflows are not isolated incidents; they affect a wide range of stakeholders, each of whom bears the brunt in different ways.
Clinicians find themselves overwhelmed by administrative tasks such as charting, billing, and data entry. These tasks, though essential, are contributing to clinician burnout—a significant issue in the healthcare industry. Dealing with inefficient workflows is also leading to lower job satisfaction and higher turnover rates among medical professionals.
For administrative staff, inefficient workflows translate into an overwhelming volume of paperwork and repetitive manual tasks. This not only lowers productivity but also increases the likelihood of errors, which can have cascading effects throughout the healthcare system. The repetitiveness of data entry workflows, compounded by often inadequate compensation, makes it difficult to attract and retain qualified administrative staff.
For patients, inefficient workflows can manifest as longer wait times, delayed diagnoses, and poor patient experience. When administrative or clinical processes are bogged down by inefficiency, patients experience frustration and dissatisfaction. Worse, their health outcomes may be negatively affected by delays in receiving necessary care.
Digitizing workflows without automation tools often perpetuates existing inefficiencies. Too often these workflows fail to optimize and streamline administrative processes, limiting the potential benefits of health information technology. The push to digitize workflows often means repeating the same paper process, but in a digital format; which doesn’t make the process more efficient.
By Rahul Ajmera, SVP of Provider Market, CitiusTech.
Over three years since U.S. healthcare providers and payers adopted new cost transparency regulations designed to make healthcare costs more accessible. While the intent behind these regulations is in empowering consumers to compare prices across various healthcare services and insurance options, many healthcare organizations continue to struggle or are hesitant in achieving full compliance.
This article aims to quickly decode & rethink the importance of price transparency rules for healthcare organizations, with a change in mindset–embracing it not only as a regulatory requirement but also as a pivotal chance for enhancing care services, improving patient experience, and gaining a competitive edge.
Understanding the compliance gap
The journey to compliance has been slow for some either since pandemic-related disruptions or owing to resource limitations. Many organizations still find it difficult to navigate the intricacies of these regulations, which require a comprehensive overhaul of existing data management practices. The process involves consolidating diverse data sets from various systems and ensuring they are structured appropriately for public disclosure–additionally, a demanding skill set from IT, if they are already overstretched. But before we dive into the complexities, it is due to note that if compliance becomes more widespread, organizations may discover new avenues for more than just operational improvements through careful analysis of the data generated, lead to better patient experience and give competitive edge.
Opportunities for improvement
The push for price transparency presents not just challenges but also opportunities. By making pricing data readily available, hospitals and insurers can facilitate better consumer understanding of direct expenses made. Moreover, the new pricing landscape allows organizations to leverage data analytics at a vantage point. By utilizing data-driven insights gleaned from commercial rates that payors are mandated to publish, healthcare providers can identify reimbursement rates in their participation agreements that are too low relative to what other providers are receiving.
Access to the new price transparency data opens opportunities to modernize and expand traditional health data models to incorporate and analyze vast amounts of unstructured pricing data, offering real-time insights and personalized recommendations to consumers. Advanced analytics and Generative AI can be leveraged to optimize supporting documents for claims, and to simplify complex medical billing correspondences, making it easier for patients to understand costs. An established technology known as Knowledge Graphs can be incorporated with Generative AI to link related data points, ensuring that pricing information is not only accurate but also contextually relevant, driving better decision-making for both providers and patients.