As organizations level up their technology, hackers are leveling up their tactics – with a new target.
The American Hospital Association released a statement about a social engineering scheme where hackers pose as IT help desk personnel to steal information from revenue cycle workers or those in “sensitive financial roles.”
According to AHA, the threat actors will call IT help desks and use the “stolen personally identifiable information” of an employee to answer security questions. Hackers will then request a password reset and enroll a device, like a cell phone, into multi-factor authentication.
The cell phone will typically have a local area code, allowing the hacker to bypass pre-existing multiple-factor authentication to access the email and applications of the employee they’re impersonating.
Ransomware attacks have been the most common cyberattack, putting patient care for entire health systems at risk. In 2020, Oregon’s Sky Lakes Medical Center was forced to shut down all operations after a ransomware attack through a link an employee clicked in an email.
The medical center had to completely rebuild its network, director of information systems, John Gaede previously told HealthLeaders.
“We had to build backups and test them first to make sure they were clean, then run the [main systems] through tests to validate that they can work,” he said. “We didn’t want to start something up, have it [integrate] with another system and have everything fall apart.”
According to John Riggi, AHA’s national advisor for cybersecurity and risk, one health system now requires employees to make password and multi-factor authentication enrollment requests in person after becoming a victim to a social engineering scheme.
“The risk posed by this innovative and sophisticated scheme can be mitigated by ensuring strict IT help desk security protocols, which at a minimum require a call back to the number on record for the employee requesting password resets and enrollment of new devices,” Riggi said in a statement.
“Organizations may also want to contact the supervisor on record of the employee making such a request.”
Patient collections has surpassed denials management as the biggest concern for revenue cycle leaders, a new report found.
Should you be taking a closer look at your back-end operations? While denials management is a longstanding issue for an organization’s revenue cycle, a recent report found that timely patient collections are a growing concern.
In the report, authored by Salucro Healthcare Solutions, 48% of revenue cycle leaders said patient collections are the biggest issue they’re facing, surpassing familiar issues like denials management and hiring/staff training.
Patients have begun covering a larger portion of their care in recent years, and difficulties with understanding benefits, lack of price transparency from providers, and complex billing processes make for a frustrating experience.
Some organizations, like Allegheny Health Network, turned to technology for a solution that would benefit the organization and help patients understand their healthcare costs. After implementing a financial engagement platform, patients now have access to a patient portal where they can set up payment plans and access additional self-service tools.
“It was clear to us that the patient billing process is broken, and that providers and payers alone can’t solve the systemic challenges,” James Rohrbaugh, then chief financial officer and treasurer for AHN, previously told HealthLeaders.
Organizations can also ease the frustration of the patient financial experience by employing cash sharing applications like Zelle and Venmo. In a previous article, HealthLeaders reported on how providers are gradually embracing the apps due to their accessibility and ease of use.
"They don’t have to grow up in the revenue cycle, but they have to be able to cross the network," one executive told HealthLeaders.
When implementing a rev tech solution, strategy, key performance indicators, and vendor-provider collaboration are often touted as ways to ensure its success. However, there’s an additional, lesser-known component within the organizations themselves: the IT department.
By definition, an organization’s information technology department manages and resolves issues relating to computers and its greater technical network (tablets, medical machinery, etc.). As organizations consider investing in tech solutions, Jeanne Stokes believes IT staff should be part of the conversation.
At Ironwood Cancer and Research Centers, where she serves as director of revenue management, the practice has three IT specialists who assist with phone lines, revenue cycle operations, and radiology program software, respectively.
"I think with [IT specialists], we don’t have enough. We traditionally don’t hire huge amounts of IT folk. We hire just enough to get through," Stokes explained.
When the practice was having issues with a payers’ application programming interface (API), she had a member of the IT staff shadow and work alongside front desk workers to get a better understanding of how to address the problem.
"I need him to go to the front-end user to actually learn how their days go and let them be part of the conversation," Stokes said. "I think that would help them feel more engaged and have more ownership in what’s going on. Things would be better if we [consider things] from the front-end staff’s position instead of [from the executive’s position]."
Stokes also touted the benefits of having IT staff having a fundamental understanding of the revenue cycle and knowing where to find answers. For example, Ironwood sends their IT specialist to rev tech vendor conferences almost every year so that they’re able to stay up to date on the software and attend sessions to learn more about the revenue cycle.
"They don’t have to grow up in the revenue cycle, but they have to be able to cross the network," she said.
There’s similar value in bringing revenue cycle workers into the decision-making process, enabling them to become well versed in the solution’s functions and have ownership of its operations.
Price transparency isn’t just a compliance measure — it’s become a patient preference.
Price transparency has become an issue for both patients and providers post-Covid — for patients in particular, the lack thereof.
In a survey by the Marist Poll for Patient’s Rights Advocate, 93% of respondents said hospitals should be required to post their prices, not estimates, for planned care in advance.
Legislation like the No Surprises Act and Lower Costs, More Transparency Act, which was passed to the House of Representatives in December, were developed to increase hospital and provider price transparency, but many are struggling to adhere.
The Centers for Medicare and Medicaid Services (CMS) has not been lenient in their efforts to hold organizations accountable. In April 2023, it announced that noncompliant hospitals would be required to complete a corrective action plan by a deadline, impose earlier civil monetary penalties, and streamline the compliance process.
As hospitals and organizations continue to struggle comply with price transparency regulations, one helpful strategy, according to Tina Barsallo, vice president of revenue cycle operations at Lifepoint Health, is to work with other providers.
“If possible, pull a team together to create joint ownership and partnership in creation of the tools and to help drive consistency and compliance,” Barsallo previously told HealthLeaders.
“Reach out to peers to brainstorm on ways they have accomplished compliance, so you don’t need to reinvent the wheel.”
HealthLeaders surveyed over 80 revenue cycle leaders to see what they’ll be focusing on in the new year.
Hiring and retaining staff is a consistent issue throughout the healthcare sector. HealthLeaders asked over 80 revenue cycle leaders which function is the most difficult to staff and over half stated the front end. Middle functions, like coding, were the second most difficult, and back-end functions, like billing and insurance follow up, where the third most difficult to staff.
The requirements will make exchanging health data more efficient and reduce administrative burden.
Today CMS finalized the Interoperability and Prior Authorization Final Rule, continuing its efforts to improve prior authorization processes.
The rule sets requirements to streamline prior authorization for Medicare Advantage, Children’s Health Insurance Program (CHIP), and Medicaid managed care plans, among others, as part of the MA and Part D final rule.
Issues with prior authorization have been a significant pain point for organizations and health systems, with many investing in different rev tech solutions to solve those problems.
“We’re in a crisis. We’re delaying care because we can’t get prior authorization, so therefore we have to get something in place,” Shanda Richards, revenue cycle director of Alaska’s Central Peninsula Hospital, previously told HealthLeaders.
According to a statement from the U.S. Department of Health and Human Services, the rule’s implementation will result in an estimated $15 billion in savings over ten years.
For one requirement, beginning in 2026, impacted payers will have to send prior authorization decisions for expedited requests within 72 hours, and seven calendar days for standard requests. Impacted payers will also be required to specify the reason for denying a prior authorization request, as well as publicly report prior authorization metrics.
Anders Gilberg, senior vice president of government affairs for Medical Group Management Association, voiced the organization’s support for the rule in a statement:
“The increased transparency provisions – requiring health plans to provide clarity on the reasoning behind care denials and to publicly report aggregated metrics about their prior authorization programs annually – will help shine a light on the egregious abuse of prior authorization by payers under the guise of looking out for patients’ best interests.”
Two executives discuss the use of automation and other rev tech solutions in the front end.
During HealthLeaders’ recent RevTech Exchange in Raleigh, North Carolina, we caught up with Anthony Cunningham, then newly appointed chief revenue officer for LCMC Health, and Jeanne Stokes, director of revenue cycle management for Ironwood Cancer and Research Centers.
We discussed the pros and cons of automation as a rev tech solution.
The following transcript has been edited for length and clarity.
HealthLeaders: What parts of your rev cycle process are automated?
Anthony Cunningham: I think the biggest thing we've been trying to automate, like many other folks, is the initiation of authorizations as well as the follow up; so the status of authorizations. A lot of folks struggle in that space. I think you can do a good job of revenue technology, maybe some of those straightforward authorizations, but when you get into surgeries and things like that, it requires people in my opinion, because of exactly what they're looking for.
Jeanne Stokes: We are constantly scrambling with eligibility on the front end, so retro terms are crippling for us.
If you don't have coverage, or you have new coverage and we didn't know about it, we now don't have an authorization. We do automate our eligibility, and the system presents us with the denials for coverage that people need.
We have self check-in kiosks and we thought that installing them would relieve some of the administrative burden. What we're now getting is apathy from our front desk staff because that was a big part of their job. Their job is to be the face of the practice and greet the patients, and now we've restricted them from coming around, helping people, and networking with the patients.
How can organizations help front desk staff maintain those relationships with patients?
Jeanne: The front desk has become the traffic guard, so we have to teach them how to engage. They’re losing that and they started losing it during the pandemic. I think we do need to find a way to redefine their roles and help them be ambassadors for the hospital, the practice.
Anthony: That front desk position is usually entry level with high turnover, yet it's very difficult to read those coverages. Then when you finally get somebody up to speed, they take another job.
Do you feel there’s a disconnect in the relationship between vendors, C-suite leaders, and those who perform the individual operations? How has this impacted the way you rev tech?
Anthony: I think the only way vendors are successful is if there’s truly a partnership with the organization and staff. A lot of the time, folks will look at a case study of what happened at one organization and they don’t know the amount of effort that went into making it happen. You assume you’re going to get the same benefit. There’s always a disconnect between what you think you’re going to receive and what’s delivered.
A vendor comes in and has their gloss presentation that shows you how everything is created, that you basically plug it in and it's going to work for you, but if it was that simple, everybody would have that solution. It’s that partnership that a lot of folks don't invest the time to make that vendor successful.
Prior authorization has been a consistent pain point for revenue cycle leaders, but hopefully not much longer.
The Centers for Medicare & Medicaid Services rule for the annual review of prior authorization policies went into effect on January 1. It’s too early to know if the rule, which will also ensure that policies stay in place for as long as a patient needs a service, may offer some relief to providers and financially strained health systems.
Here are some previous HealthLeaders articles to get you up to speed.
Prior authorization impacts patient access to care and provider reimbursement, making it an important part of the revenue cycle. With reasons for denials stemming from clerical issues or insufficient documentation, some organizations have embraced automation as a solution and seen results. Others, not so much.
A report by Kaiser Family Foundation found that over two million out of 35 million prior authorization requests were denied by Medicare Advantage in 2021. Adding to a December 2022 proposal, CMS proposed a new rule to strengthen prior authorization protections, including having policies reviewed annually.
Organizations like the American Hospital Association, American Medical Association, Medical Group Management Association, and Better Medicare Alliance voiced their support of CMS’ proposed rule.
The Medical Group Management Association conducted a poll among 601 medical groups on their experiences with prior authorization and Medicare Advantage. Results found issues had gotten worse over the last year, and less than 1% reporting requirements had decreased.
CMS' Medicare Advantage and Part D rule went into effect on January 1.
Will 2024 be the year providers get a handle on prior authorization struggles? With the Medicare Advantage and Part D rule going into effect on January 1, it’s too soon to tell.
The rule, issued by the Centers for Medicare & Medicaid Services (CMS), requires Medicare Advantage plans to review prior authorization policies each year, with the policies remaining in place for as long as the patient needs a service.
Revenue cycle leaders continue to struggle with prior authorization and denials management. With most Medicare Advantage enrollees having plans that require prior authorization for services, the issue is further exacerbated.
Some organizations have tried to solve their prior authorization problems by investing in rev tech solutions. Without a solid digital expansion strategy, organizations can end up with more issues.
In a previous HealthLeaders story, Shanda Richards, revenue cycle director of Central Peninsula Hospital in Alaska, emphasized this while acknowledging the sense of urgency to find a solution.
“We’re in a crisis. We’re delaying care because we can’t get prior authorization, so therefore we have to get something in place,” she said.
Prior authorization is the tip of the iceberg when it comes to organization’s issues with Medicare Advantage. Providers have long been vocal in their frustration with low reimbursement rates and frequent claim denials.
With many health systems struggling financially, it would be unsustainable to keep going back and forth, and many have begun terminating their Medicare Advantage contracts.
“A program intended to promote seamless and higher quality care has instead become a fragmented patchwork of delays, denials, and frustrations,” Steve Gordon, president and CEO of St. Charles Health System, said in a press release. The health system terminated its Medicare Advantage contract in 2023.
“The sicker you are, the more hurdles you and your care teams face.”
HealthLeaders surveyed over 80 revenue cycle leaders to see what they’ll be focusing on in the new year.
After a year rife with payer/provider tug of wars and trying to keep pace with the latest in the rev tech space, revenue cycle leaders have their work cut out for them in 2024.
HealthLeaders surveyed over 80 revenue cycle leaders to see what they’ll be focusing on in the new year, from the highest to lowest priority.
.jpg?itok=1l0FhC4X)
.png)