Home » healthcare

Tag: healthcare

WRF Director of Risk Management – “Is Health Care Ready for the Next Big Data Breach?”

As Wind River’s Director of Risk Management, Doug Buan understands data security and the dangers stemming from a data breach in intricate detail. His 23 years of experience encompass everything from law enforcement to retail loss prevention to fraud investigation. With that history comes a complex understanding of how to better manage data risk and mitigate security weaknesses.

Since joining our team, Doug has been using his expert knowledge to educate health care organizations about the risks associated with data breaches, especially in terms of the loss of sensitive patient financial information.

Recently, Doug contributed an article for the Healthcare Financial Management Association (HFMA). His article asks the question of whether health care is ready for the next big data breach. It’s a vital question. Back in 2017, approximately 5.6 million patient records were put at risk due to data breaches. With each ongoing year, the health care industry becomes a more and more enticing target for hackers. This fact ensures that data security needs to be an absolute top priority for these organizations.

In the article, Doug lays out security practices for how health care organizations can better protect themselves from a breach. The core concept comes down to implementing a Security First mindset. By shifting to focus on security above all else, IT departments and executives will be able to react quickly and strategically to any threat to their organization’s data while still meeting the PCI compliance framework.

If you’d like to read more about Doug’s strategy, make sure to check out the full article over on HFMA.org.

Top Three Healthcare Technology Trends from HIMSS 2018

Top Three Healthcare Technology Trends from HIMSS 2018

Healthcare information and technology professionals gathered in Las Vegas in early March for the Health Information and Management Systems Society (HIMSS) Global Conference & Exhibition to double down on the latest healthcare technology trends. In case you missed the conference this year, we thought we’d give you a casino advantage and deal out our top three takeaways from HIMSS 2018.

1. There’s A Difference Between Compliance and Security

The Identity Theft Resource Center recently reported that healthcare was the second most breached sector in 2017 with 374 breaches accounting for 23.7 percent of total reported breaches. So it’s no surprise cyber security took center stage at HIMSS 2018 with a full-day forum on the topic. With stakes this high, panelists and attendees agreed, compliance is not security. While being compliant is a key step, security is not just a checkbox approach. There must be support from the board-level down, and security best practices must be spread throughout the organization. To encourage organizations to take a security-first mindset, Wind River developed the Advanced Security Package (ASP). ASP presents a customized solution of security tools to help mitigate risk, assist with certifying PCI DSS compliance and help ensure your business is secure.

2. Cloud Computing. Cloud Computing Everywhere

Cloud technology was another healthcare technology trend regularly mentioned by presenters and discussed by attendees across the conference. HIMSS research concluded that many users found the cloud more effective at mitigating security risk. Before moving to the cloud, however, it is imperative to understand data governance and have a mature security model. As health systems continue to embrace cloud services, it is essential to actively manage cloud security strategies and call on experts to guarantee security.

3. Amazon, Apple and Uber Roll the Dice on Healthcare

Amazon, Apple and Uber recently announced they are making their way into healthcare, which made for popular discussion among the professionals at HIMSS. Each of these massive tech companies has its own exciting innovation to bring to the table: Amazon offering group purchasing, Apple providing employee clinics and Uber contributing transportation to hospitals. While these announcements are definitely disrupting the healthcare industry, they may not have hit the jackpot quite yet considering all of these ideas are already being covered in an existing format. Like many others technology trends, we’re skeptical about just how much these companies will revolutionize the healthcare industry, but we’re also excited about the push for innovation and adoption of new technologies.

The immense knowledge shared at HIMSS made everyone a winner. From cyber security to new technology and innovations, healthcare technology trends are advancing to improve the patient experience and keep data safe. At Wind River, we stay on top of these trends to mitigate risk, keep patient information secure and improve the overall patient experience.

Improved Revenue Cycle Management

Improved Revenue Cycle Management Starts at the End

How simple, intuitive, patient-friendly payment options can impact your RCM

When it comes to keeping the financial systems of a healthcare organization stable and efficient, revenue cycle management (RCM) is key. RCM is a pivotal, long-term process that can track patient episodes from appointment scheduling all the way to the payment of the final balance by integrating personal and financial patient information with vital data about quality of care and treatment. This interaction between the clinical and financial sides of organizations is meant to simplify the healthcare process for both providers and patients across numerous interactions.

But with so many factors that go into RCM, simplifying is sometimes easier said than done. Making effective changes to benefit patients and providers can be hard to justify the costs or simply hard to understand. Oftentimes, hospital RCM services grow piece by piece over a number of years, costing an organization hundreds of thousands of dollars in both monetary and labor resources. One component after another is added to the existing system until complications arise, making life difficult for both patients and providers. Problems that take years to create aren’t simple to solve, and RCM processes can be so multifaceted and complex that it’s impossible to know where to start.

Begin by asking yourself, what needs simplification? What do these processes even do, and how much is each costing your organization?

A simplified payment process

Don’t be surprised if your answers lead you to the end of the RCM process. The fact is that the world of healthcare is complex, and myriad factors influence RCM and organizational cash flow. Every detail counts, and the most seemingly insignificant details that go into the final piece of the RCM process—payment of the final balance—can have massive effects on the efficacy of an organization’s RCM.

Simple-to-understand payment options benefit everyone. The more streamlined an organization’s payment processing technology is, the easier it is for patients to pay their co-pays or medical bills. This means frontline staff spend less time fielding calls or answering questions related to billing. Research also shows that when making a payment is easier for patients, providers get paid more quickly and receive higher scores on patient experience surveys. A timely, low friction payment process means less money and labor costs involved in the collections process.

Healthcare IT departments working together with external payment processing partners to simplify this process and improve the payment piece of the patient experience have seen great results and saved organizations time and money in a number of ways.

Increased cash flow

For healthcare organizations, improving payment channels means improving cash flow, and a higher cash flow is key for improving your bottom line. Cash flow will never change, however, if your RCM process makes it complicated for patients to pay bills in a timely fashion.

Work to understand patients’ wants and needs in the payment space—what are they looking for in a payment experience?—and simplify your payment process accordingly. As healthcare organizations monitor trends in patient preferences, they also should updating their payment options to match these preferences. In the long run, this will make the payment piece of the RCM process as simple as possible.

For example, more and more, patients are interested in online payment options. Helping patients access their payment history and pay bills from a computer, tablet, or even a smart-phone guarantees a more effortless payment process. A broader range of seamless options for patients to pay their bills can lead to more timely payments, increasing your organization’s cash flow.

Experts from community-orientated healthcare providers echo these sentiments. According to the Director of Revenue Cycle at Fort HealthCare John Bartell, the best way to improve RCM is to create as many avenues as possible for patients to pay any balance or bill. He recommends looking for ways the payment process can be streamlined to reduce burden on the patient and increase efficiency in business processes. Reducing steps in the RCM process means easier payments for patients, less administrative labor and an improved cash flow.

Increased days cash on hand

Not only can a simplified payment process increase your organization’s cash flow, it also can drastically improve days cash on hand (DCOH), providing increased financial stability. Simple, intuitive and patient-friendly payment options make it easier for patients to pay their co-pays or medical bills in a more timely fashion. As payments are made on-time on a more consistent basis, less money is spent on collections, allowing for a stable amount of cash on hand.

Patient payments become more and more crucial as experts see out-of-pocket and self-payment expenses increasing as changes continue happening in the healthcare sector. An increased number of unpaid bills can easily lead to a greater increase in collections-related costs if payment processing is complicated. By making payment easier on the front end, healthcare systems are able to minimize the number of charges that end up in collections.

DCOH is important to allow your organization to get money faster. Like cash flow, this financial metric demonstrates an improved bottom line and is a significant measure of hospital liquidity. By preventing expenses associated with the collections process, providers can easily increase DCOH and focus on quality of care and other metrics with more confidence about their organization’s financial stability.

Other benefits

From an accounting perspective, a simplified payment process can lead to simplified, improved reconciliation. As patient needs change, new platforms are introduced and new methods to pay are being added. The more complicated your system becomes, the more time- and resource-consuming the reconciliation process can be.
Healthcare organizations should work to streamline the reconciliation process into a single technology platform. No matter the number of payment options offered—from kiosks and online portals to recurring payment solutions—transactions are merged into a single point of reconciliation for convenient use.

A number of healthcare organizations are linking their payment processes and technology solutions to their electronic health records (EHR). By using this technology to merge patient personal and financial information, organizations are better positioned to assign and manage patient numbers and unique identifiers to keep records straight and simplify patient reporting and records. Having this data linked can lead to additional improvements in an organization’s RCM.

Industry professionals recommend forming “symbiotic relationships” between healthcare organizations and payment processing solutions. For example, Bartell noted payment processing partners help healthcare organizations stay up-to-date on the most recent advancements in payment options. Likewise, keeping the people working on your payment process current on the latest healthcare industry trends will guarantee payment processing solutions are flexible to meet an organization’s specific needs.

For most healthcare organizations, RCM is a constantly-growing line item. Expenses, both financial and labor-related, can grow slowly over years until the process is eating up five percent or more of your profits. Even worse, as previously stated, by the time RCM becomes a bother, your process can be so bogged down with added systems and procedures that it can be almost impossible to understand where the resource drain is coming from.

It may seem counterintuitive, but as you look to improve RCM in 2018, render your RCM system down to brass tacks and try starting at the end of the process. Look at the payment piece of the puzzle and find places where you can simplify and create a more frictionless experience for both your organization and your patients.

Ring In the New Year with the Right Payment Processing Solution for Your Hospital

If there’s one thing we can all agree on, it’s that 2017 was a crazy year for health care. As the industry continues to transform, how is your payment processing technology evolving to compliment those changes? Looking toward the New Year, here are a few questions to ask when deciding upon the best payment processing solution for your health system, hospital or clinic.

Does it simplify and positively impact revenue cycle management (RCM)?

The right customized, streamlined payment processing solution will reduce steps in the RCM process and make it easier for patients to pay their co-pays or medical bills. Providers will spend less time collecting reimbursements and more time on their passion: helping people through practicing medicine.

Does it increase cash flow and days-cash-on-hand?

When it comes to financial stability, every detail counts. By using payment processing technology to receive reimbursements more quickly and to minimize expenses associated with the collections process, providers can easily increase cash flow and days-cash-on-hand.

Does it improve the patient experience?

Going to the hospital can be an intimidating process for many, and figuring out how to pay the bills that follow can be even more daunting. In fact, research shows providers’ scores on patient satisfaction surveys tend to drop after patients receive their bill(s). Healthcare-specific payment processing solutions that focus on the patient payment experience are key in this consumer-driven world.

Does it implement a security-first approach?

The growing number of data breaches is another trend that has disrupted the healthcare industry. Payment processing solutions that focus on security first rather than just checking off the boxes necessary for PCI compliance are better positioned to protect patients’ financial information.

Does it include an all-star support team?

Industry professionals recommend forming “symbiotic relationships” between healthcare organizations and payment processing partners. Look for a vendor that provides around-the-clock support, dedicated relationship managers and flexible contracts with regular program reviews.

Implementing a customized, streamlined payment processing solution will create a snowball effect that benefits patients, providers and frontline staff. A payment processing solution matching your organization’s unique needs and goals will lead to happier patients, greater financial stability, and more efficient and secure payments. If you’re interested in our customized, healthcare-specific payment processing solutions, please contact me at juselman@windriverfinancial.com or 1-800-704-7253 x4238.

A New Form of Advocacy #WRF Proud Partner

Dove Healthcare has been consistently recognized as the provider and employer of choice for skilled nursing and rehabilitation services in their community and long-term care industry. With a diverse workforce of more than 1,000 employees, Dove Healthcare provides compassionate care and service to an average of 425 residents and patients every day.

“Our industry is in constant motion and we’re continually adapting to the needs of our clients including their changing payment preferences,” said Jeremy Kiley, Regional Director of Operations. “We saw a trend and need to expand our payment acceptance capabilities, and we wanted to get in front of it.”

Kiley felt that he wasn’t receiving the level of service and pro-active ideas from their previous payment processor so he reached out to Brian Schoeneck, VP of Financial and Regulatory Services at LeadingAge Wisconsin.

LeadingAge Wisconsin is a statewide Association comprised of more than 500 nonprofit organizations and serves as a valuable source of information to assist their membership, and advance the fields of long-term care, assisted living and retirement living. LeadingAge Wisconsin had been a Wind River client since 2012, and Schoeneck suggested that Kiley talk to Wind River.

“It gave us a lot of comfort that Wind River came as a referral from one of their current clients in LeadingAge Wisconsin, whom we trust,” said Kiley. “In addition, Wind River has great online reviews.”

Wind River identified that Dove Healthcare was introducing more training and certification courses, and saw a desire for their clients to self-serve, and make payments on their own schedule.

“The team at Wind River helped us implement a payment technology platform that not only meets our current needs, but is scalable to add additional payment channels such as website payments in the future. Wind River’s process has been very good and different from what we had experienced with other payment providers in the past. From the initial sales engagement, to implementation and ongoing support, they have a team to support us with an organized, detailed approach.”

Do you have questions about your current payment platform, or interested in a free consultation to help you plan for the future, contact Wind River now.

The top 5 issues hospitals have with their payment processors (that aren’t even known by the organization)

Payment processors play a key role in a hospital’s finances, as well as the organization’s ability to meet minimum requirements and maintain PCI compliance. But as is the case in many institutions, organizational layers, antiquated processes or simply a lack of accountability can lead to issues below the surface that greatly impact efficiency and compliance.

Here we’ll examine the top 5 issues hospitals have with their payment processors…which the hospital may not even realize exist.

So without further ado, the list:

1. Cost Benefit Confusion – A cost benefit analysis is a foundational practice for any organization or business venture, and hospitals are certainly no exception. It is important that hospitals ask, “what are we paying?” and “what are we receiving for our money?” in order to determine if there is value in the investment. If the answers to these questions are not known, there is a problem. Confusion regarding statements can lead to over payments or worse – continued payment for a service that is not being utilized.
2. Delays – Response time is crucial. Clients should not settle for “pulling a service ticket” or waiting 24 hours (or longer) to receive an answer to a question. We’ve all heard the adage, “time is money.” In few places is this sentiment more true than a hospital. The more time passes, the more billable hours practitioners may accrue, which may either be passed on as costs to the patient or essentially “eaten” by the hospital. Delays can further complicate hospital billing and eventually stall a patient’s discharge or even the initiation of care in some instances. Whether it’s a matter of dollars or negative health outcomes for the patient, the bottom line is that delays are bad for business.
3. The Changing Face of Risk – In our digital world, systems and technology are rapidly evolving. Unfortunately, so too are the threats, entities and individuals who seek to breach hospital data. New vulnerabilities and areas of risk are also coming to light as technology evolves. For example, as chip card acceptance continues to grow, so too does online fraud – a threat that is significantly expanding. If defenses are not up-to-date, payment data will be at risk and extremely susceptible to new iterations of cyber-attacks in healthcare.
4. Overpaying on Card Brand Fees – No one wants to pay more than necessary. When overpayments occur in the hospital setting, they often result in large sums of money down the drain. Overpayment can be attributed to a couple of primary factors. First, utilizing the wrong technology can result in a hospital paying more in card brand fees than necessary. The other common factor is the provider failing to proactively manage payment channels.
5. Unequipped to Assess – Lacking the ability to assess the health of the merchant services program is another significant issue that hospitals can have with their payment processors. In personal health, a multitude of factors come together to determine the well-being of a patient on a given day, as well as their level of risk for the future. The same is true of merchant services’ health. Elements must be taken individually and together. Balancing cost, security, efficiency for staff and customer payment experience are a few of the factors that converge to create a healthy program.

Learn more
Be sure to check out the other installment in our series on payment processors – “4 questions every hospital should ask its payment processor.

4 questions every hospital should ask its payment processor

Payment processors play a key role in a hospital’s finances, as well as the organization’s ability to meet minimum requirements and maintain PCI compliance.

To ensure that your medical center is ticking all the correct – and critical – boxes on the PCI compliance checklist, it’s important that your payment processor is able to answer some key questions regarding processes, systems and your organization’s ability to respond to a changing digital payment environment.

So grab a pencil and schedule a meeting with your payment processor, because here are the 4 questions you should be asking:

  1. How can we mitigate our risk exposure AND ease the process of PCI compliance? It’s important to recognize that easy PCI compliance and a secure institution are not mutually exclusive ideas. Keeping threats at bay does not have to be painful or onerous. Make “work smarter, not harder” your mantra. Streamline your processes in accordance with PCI requirements to create a sustainable system. This will ensure your hospital can protect its valuable data and sail through PCI compliance requirements at the same time.
  2. How does our growth in credit card volume impact our merchant services program? Growth is generally a good thing, it’s the growing pains that are hard. Increased credit card volume can sometimes change terms, limits and other aspects of a merchant services relationship. Areas such as minimum transaction, chargeback maximum and other elements may be impacted. Knowing the answer to this question is key to understanding how to position your organization for success and ensure the continued safety of data.
  3. What payment industry changes are going to impact us? What, if anything, can we do about it? It’s doubtful that your payment processor has a crystal ball (if they do, please contact us…we have a few predictions to confirm). But what he or she does have access to is information and trends that can help adjust practices and prepare for industry changes. For example, in October 2015 the EMV liability shift took effect, transferring counterfeit fraud liability from the credit card issuers to the party that had not enabled the chip – the merchant. Then in June 2016, both Visa and American Express extended temporary modifications to the EMV liability shift. As evidenced by this example, the industry is constantly changing. It is critical that your payment processor has a pulse on the industry and is keenly aware of developments and rule changes.
  4. Beyond having transactions passed through the system, what value should we expect from our merchant services provider and how do we quantify this value? Measuring expectations is a key component of your organization’s relationship with a merchant services provider. Asking this question will allow you to determine how the provider will be evaluated and what defines value at your hospital. It’s important to not just blindly trust that your provider is delivering. Minimum transaction, chargeback maximum, availability of EMV terminals – these are all elements of the merchant services relationship with which the payment processor should be intimately familiar. If your payment processor cannot speak to these areas or provide numbers, it’s time for him or her to get on the phone with your merchant services provider.

Need help?

Wind River Financial (WRF) can help you ask these questions and assess your systems and processes for opportunities. But it doesn’t stop there – we have the experience and know-how to turn questions into answers, opportunities into action.

Contact one of our relationship managers or sales associates today to learn more and discover what the WRF advantage can mean for your hospital.

Point-to-Point Encryption 101: What it is and why it’s so important for healthcare providers

“What’s in a name?” This timeless question was posed by one of William Shakespeare’s most well-known characters, Juliet, as she argued that lineage was irrelevant when it comes to matters of the heart.

While we’re no experts on love or blood feuds, we do know that when it comes to protecting your healthcare data, a name means an awful lot. When looking to ensure the security of your organization’s information, the name you need to know is “point-to-point encryption.” Point-to-point is a practice that is aptly named as it encrypts data at various points. If you’re wondering how exactly this process occurs, keep reading…we’ll explain.

So what exactly is point-to-point encryption?

According to the PCI Security Standards Council, point-to-point encryption – commonly referred to as “P2PE” – is a “combination of secure devices, applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.”

In simple terms, P2PE is the practice of transmitting encrypted data from point A to point D. Whereas data could potentially be stolen at points B and C in the process, with P2PE the risk is mitigated by devaluing the data and rendering it useless if stolen. How is this done? By ensuring that the encrypted data, and the decryption keys, are not in the same place until the data has reached its destination.
Different compliance frameworks define P2PE in different ways. Some key tenets of P2PE as it relates to the Payment Card Industry (PCI) are (1.) the solution encrypts credit card data at the point of interaction, and (2.) the merchant does not have the decryption keys.

Why is P2PE important for healthcare providers?

Medical centers and medical insurance providers are top hacking targets because they are essentially “one stop shops” for full consumer profiles, allowing hackers to access a plethora of sensitive and confidential data.

This data includes not only credit card information, but also consumer identifiers such as date of birth, social security number, address, telephone, email and more. This information can allow hackers to perform very extensive identity thefts.

WRF: your partner in protecting patients through P2PE

At Wind River Financial (WRF), we have successfully partnered with several healthcare organizations in strategically deploying P2PE solutions. We’ve worked with these clients to understand and strategize payment industry compliance and risk in order to shore up their systems and safeguard against breaches.

Check out some of our testimonials to hear from the clients themselves. Contact one of our relationship managers or sales associates to learn more and discover how WRF can start you down the path to P2PE protection.

Are your patients at risk?

Preventing card data breaches. 
Hospitals must meet numerous compliance requirements to ensure the security of patients’ financial and medical information, and for good reason – health care institutions are a major target for hackers and a frequent victim of data breaches. According to the Ponemon Institute’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, 89% of organizations experienced data breaches. The damage inflicted by breaches can be far-reaching and costly. Ponemon’s study found that the cost of data breaches to the United States’ healthcare industry could be as much as $7 billion per year.

As these figures indicate, PCI compliance really isn’t an option – you simply cannot afford to risk your organization’s security with the ever-present threat of hackers and other cyber threats.

Is your organization PCI compliant? If the answer is “no” or if you are unsure, both your patients and your institution may be at risk. But not to fear, we’re here to help. Read on to find out how.

WRF has you covered.
Wind River Financial (WRF) can assess your environment for point-to-point encryption (P2PE) capability to help minimize PCI scope and risk. We will help you deploy P2PE to achieve PCI compliance. Better yet, we will establish a structure for P2PE in your organization that is sustainable and ensures your continued success after our work is done. After all, PCI compliances is a marathon, not a sprint.

The experience to get the job done.
At WRF, we have successfully partnered with several health care organizations in strategically deploying P2PE solutions. From assessment to implementation, education and training – we will work with you every step of the way. When it comes to PCI compliance and defense against breaches, we’re your one stop shop.

Don’t take our word for it.
We never get tired of compliments from clients. We take pride in serving our customers and stand behind our products and services. Exceptional customer service, seamless integration and the ultimate hospital “radar” system – these are just a few of the kind words our satisfied customers have shared in describing our services.

But don’t take our word for it – check out some of our testimonials to hear from the clients themselves and learn what the WRF advantage can mean for your organization.

What are you waiting for?
Contact us today to discuss your organization’s needs and find out how WRF can help you choose a P2PE solution that will prevent credit card breaches and ensure the security of your patients’ information.

The Lowdown on PCI Compliance for Hospitals

How to Keep Your Payment and Patient Data Safe and Secure

Medical centers and medical insurance providers are top hacking targets. Why? Because they are essentially “one stop shops” for full consumer profiles, allowing hackers to access a plethora of sensitive and confidential data.

The bad news
This data includes not only credit card information, but also consumer identifiers such as date of birth, social security number, address, telephone, email and more. This treasure trove of information can allow hackers to perform very extensive identity thefts, and it often carries some of the highest prices in online hacker markets.

PCI: protecting you
Payment Card Industry (PCI) requirements exist to protect credit card data, but may also help with HIPAA compliance by protecting sensitive patient information and safeguarding personally identifiable information (PII) and other sensitive details if implemented for these purposes.

The good news
While medical centers may be in hackers’ crosshairs, they also offer an ideal structure for protection against hackers. Allow us to explain. The fact that hospitals tend not to integrate credit card payment data with patient services, inventory or other data means they offer an excellent environment in which to deploy point-to-point encryption (P2PE).

What is P2PE? If you guessed a droid from Star Wars, you’d be wrong. P2PE is a state-of-the-art credit card security solution. A standard established by the PCI Security Standards Council, P2PE is delivered by a third party solution provider, and is a “combination of secure devices, applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.”

WRF has your back
At Wind River Financial (WRF), we know our P2PE. We have successfully partnered with several health care organizations in strategically deploying P2PE solutions. We’ve worked with these clients to understand and strategize payment industry compliance and risk to ensure that credit card data is protected from hackers. But don’t take our word for it, check out some of our testimonials to hear from the clients themselves.

Interested in learning more? Contact us to discuss your organization’s needs and find out how WRF can help you choose a P2PE solution that will keep your patient and payment information safe and secure.