Skip to Main Content

The past five years have underscored the critical importance of crisis and contingency planning in healthcare. The 2020 public health emergency revealed significant gaps in preparedness as healthcare experienced shortages in supplies and clinical staff, and a lack of respirators and hospital beds to name a few. Government emergency measures and new coding requirements for vaccines added to the burden, leaving billing teams struggling to manage the influx of claims.

More recently, the cyberattack on Change Healthcare highlighted another vulnerability. The attack caused a significant outage, halting payments to physician practices and destabilizing healthcare providers. According to an AMA survey, the consequences were severe: 80% of practices lost revenue from unpaid claims, 85% had to allocate additional staff time and resources to revenue cycle tasks, and 78% lost revenue from unsubmitted claims. Smaller practices were hit especially hard.

Sign up to receive Urgent Care Quarterly

The Need for Proactive Planning

As cyberattacks on healthcare data become more sophisticated, it’s essential to plan for the inevitability of such incidents. If you don’t have a mitigation and recovery plan, now is the time to create one. Your plan should detail the steps for reporting, internal and public communication, and recovering lost information from a data breach.

Key Components of a Crisis Management Plan

  1. Emergency staffing strategies: Ensure you have plans in place to manage staff shortages during a crisis
  2. Continuous data protection: Implement processes to protect data continuously
  3. Expanding supply resources: Develop relationships with multiple suppliers to avoid shortages
  4. Billing support: Form partnerships with additional billing experts to support your internal efforts when needed

The Impact of the Change Healthcare Cyberattack

The Change Healthcare cyberattack had a profound impact on the healthcare system, emphasizing the importance of data security. This incident reminded us that protecting patient health information (PHI) is crucial not only for patient care but also for the financial stability of healthcare organizations.

Best Practices for Data Security

  1. Keep software up to date: Regularly update all software to protect against vulnerabilities
  2. Staff training: Schedule regular training sessions on security protocols for all staff
  3. Protect mobile devices: Ensure mobile devices used by staff are secure
  4. Trusted Partners: Work with partners who are committed to data security
  5. Security Risk Assessment: Utilize tools like the ONC’s Security Risk Assessment Tool to evaluate your data security

The Role of Corporate Mergers and Acquisitions

Corporate mergers and acquisitions are reshaping the healthcare landscape. With consolidation, networks overlap, and even practices not primarily contracted with Change Healthcare were affected by the network outage. While you cannot control the entire process, it’s your responsibility to create a safe and secure environment to protect patient data.

Building a Culture of Health IT Security

To best protect yourself, establish a culture of health IT security where everyone on your team is committed to cybersecurity. Compliance is just the baseline; strive to go beyond the basics to keep patient data safe and ensure the financial security of your practice.

By proactively planning and implementing robust data security measures, healthcare providers can better navigate crises and protect both patient information and their financial health.

Learn more about security, insights, and recommendations for top factors influencing your revenue cycle by downloading the 18th issue of Urgent Care Quarterly.

Download the Data Resource

Sign Up for the Urgent Care Minute

Join over 20,000 healthcare professionals who receive our monthly newsletter.