Cybersecurity and Medical Billing and Coding Services: What You Need to Know Today

Cybersecurity might not be the first thing you think of when you think of medical billing companies or medical coding solutions, but it’s highly related. 

Your medical billing and coding services have a direct impact on your cybersecurity health, which is why we want to get you updated on recent changes and tips that can help you keep patient information safe. Read on to learn more about the recent Healthcare Cybersecurity Act and how you can leverage training and other tips to rise above compliance. 

First, let’s cover the bill that was introduced to strengthen cybersecurity for the industry. 

On March 23, 2022, the Healthcare Cybersecurity Act was introduced by U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV). The point of the act is to direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate in improving cybersecurity processes for hospitals and health systems. In their press release on the bill, they state that, “In 2021, 46 million Americans had their health information breached as a result of a cyberattack, a threefold increase in three years. Cassidy and Rosen are both members of the Senate Health, Education, Labor, and Pensions (HELP) Committee.”

Anyone who’s worked with or considered medical billing companies should pay attention, because to reach this goal, the bill will take on healthcare cybersecurity from a few different angles. 

• It would require HHS and CISA to collaborate to improve cybersecurity in both healthcare and the public health sectors.
• It would authorize training in cybersecurity in the healthcare and public health sectors for operators and asset owners on risks in cybersecurity as well as how those risks can be mitigated. 
• It would also require CISA to study risks specific to healthcare and public health. This would include analyzing how cybersecurity risks impact healthcare assets, evaluating the challenges these healthcare assets face in terms of securing updated information systems, as well as assessing relevant cybersecurity workforce shortages. 

Cassidy also stated that, “health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyberattacks. This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.” Rosen also contributed thoughts, “In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities. Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.” [1]

It’s important for those interested in working with medical billing companies to note that cyber incidents aren’t slowing down, and this is especially true in healthcare.

If you’re working with medical billing companies and medical coding solutions, know that you can play a part in improving the state of cybersecurity in healthcare, and help move it out of the top position in data breach reports – a spot that it's held for 11 years now. Here are a few tips [2].

Understand that compliance isn’t cyber security

Compliance is important, but it doesn’t automatically equate to a substitute for good cybersecurity standards. For example, maintaining HIPAA or PCI compliance in your medical billing and coding services isn’t the same as addressing risk in your environment. It also doesn’t guarantee that you won’t face additional fines. 

Address the physical environment

One of the reasons people consider outsourcing medical billing and coding services is because they have less to be directly responsible for in terms of on-site security. This is because physical risk is also a cybersecurity risk. Consider the issues in storing files or accepting credit cards in person. This is why your approach to cybersecurity has to be holistic and consider multiple threats. 

Reach beyond technology

While technology is important, security also involves processes and people. To see results, you have to address all three. This includes training on how to spot cybersecurity threats (such as email phishing).  

As you’re considering what you need to update, keep in mind that your patients’ information is incredibly attractive. They provide you with a wealth of information in your medical billing and coding services. Even your medical coding solutions can provide sensitive private information if it gets into the wrong hands. And know that your patients are paying attention. They’re looking for providers who are doing everything they can to protect their information and identities and who are going beyond compliance to provide them the best healthcare experience possible – revenue cycle included. 

It’s for this reason that many revenue cycle leaders have considered outsourcing medical billing and coding services to vendors who can take cybersecurity concerns off their plates. If that's something you might be interested in, please visit us to learn more.