Imagine Blog

Thom Ransom

Thom Ransom

Thom is SEO Specialist overseeing search marketing for ImagineSoftware. He has spent eight years managing campaigns in healthcare and financial services, and consultants with Charlotte small businesses on ways to attract more online customers.

You can contact Thom via email at

Website URL:

Risks in Healthcare Cybersecurity and How to Avoid Them

Healthcare Cybersecurity Statistics 2019

  • This year, there have been 3.68 million individuals affected by data breaches currently under investigation by the U.S. Department of Health and Human Services.
  • Healthcare data breaches are reported at a rate of one per day.
  • Security company Cybersecurity Ventures predicts that healthcare will incur two to three-times more cyber-attacks than the average of all other industries.
  • The most common locations of breaches to patient health information (PHI) are email, printed documents, and a company’s network server.
  • Hacking and IT-related incidents account for most data breaches. Other causes include misuse of administrative privilege, improper disposal, theft and unauthorized access.
The average cyberattack for a small healthcare provider can cost upwards of $1 million in recovery. Download white paper, "Healthcare, Cybersecurity, and You."
btnLearnMore orange

What is Data Privacy in Healthcare?

The most widely agreed upon standard for data privacy in healthcare comes from the HIPAA Privacy Rule which establishes national standards to protect patient medical records and health information.  The rule requires appropriate safeguards for ensuring the privacy and security of PHI including who is covered by the privacy rule, the type of information that’s protected, and limitations in how PHI can be used by a company or practice.

Sensitive healthcare data can include patient data like PHI, payment records, payer and provider employee data, and data related to wired and wireless IoT (Internet of Things) medical devices.  47 states have laws that require security breaches involving personal data to be reported to the authorities in addition to HIPAA’s Privacy Rule.

Importance of Data Security in Healthcare

Why is information security important in healthcare? For starters, it’s a market opportunity, and it’s a goldmine for criminals!  Cyber criminals cost the global economy over $400 billion a year, according to estimates by the Center for Strategic and International Studies.  As we saw with Target in 2013, just one data breach can throw a $145 million wrench in the cogs.  Healthcare data breach costs are the highest of any industry at $408 per record.  While credit card information and PII sell for a couple dollars on the dark web, patient health information can sell for as much as $363 according to the Infosec Institute.

Types of Healthcare Data Security Threats

One of the best preventative measures you can take to secure your company’s data is to educate yourself on the methods used by hackers to access PHI.  Most threats are a combination of software and social engineering.

  • Ransomware – Ransomware is a type of malicious software where an attacker holds a user’s system or personal information hostage in exchange for payment.  The healthcare industry accounted for 88% of all ransomware attacks in the U.S. in 2016.
  • DOS Attacks – DOS or denial-of-service attacks are a type of attack where your server is bombarded with traffic requests to overwhelm and shut the service down.  Like Ransomware attacks, DOS is often used to hold a web-based service hostage.
  • Phishing – A phishing scam tricks users into unknowingly providing access to a system through an email or pop up disguised as a legitimate request.  According to a 2018 report by phishing defense company Cofense, terms most often used in email subject line for phishing attacks include “New Message in Mailbox” and “Attached Invoice.”
  • Man-in-the-middle Attacks – This is a type of cybersecurity attack where an attacker eavesdrops on communication between two entities.  Man-in-the-middle attacks can occur through your SSL, Wi-Fi network, and DNS.
  • Malware – A malicious software like a virus, worm or Trojan horse where code is injected into your computer to steal, delete or encrypt information.

Healthcare Data Security Challenges

Annual data breaches have increased by 73% between 2010 and 2017.  34% of healthcare data breaches occur from unauthorized access or disclosure.  While seemingly more threatening, malicious breaches occur half as often as breaches due to internal mistakes.

According to the FBI, an increase in healthcare cyber intrusions is likely due to a lack of resilience compared to the financial and retail industries.  Health organizations have a lot of information that’s valuable to criminals.  They often have a bunch of personal information that can be used for traditional financial fraud, as well as health insurance information that can be sold for even more on black markets.

Most healthcare breaches are motivated by financial gain, with healthcare workers most often using patient data to commit tax or credit fraud.

The unfortunate truth is that the healthcare sector is an easy target for cyber criminals because of its vast ecosystem.  There are so many interconnected individuals that have access to medical and billing records – patients, dependents, specialists, physicians, hospitals, billing service providers, health insurers… the list goes on and on.  Not to mention medical records are the highest valued credentials on the dark web at $20-$50 per record – that’s at least 90% higher than the value of someone’s credit card information.

According to a recent study by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG), the top cause of risk to cybersecurity in healthcare include a lack of training, lack of enforcement, and overconfidence.

Tips for Cybersecurity in Healthcare

Healthcare data security is by no means "one size fits all."  A small, rural practice will invest differently than a large, metropolitan hospital.  Based on your business and your needs, you should identify what data is most important to protect, then plan your safety measures accordingly.  Perhaps you'll realize that technology isn't what's needed, but people and processes instead.
  1. Promoting safety standards isn't just IT's job.  Appoint a security officer within each department to help promote good practices, you’ll have more eyes and ears dedicated to the cause and spread awareness on a more granular level.
  2. Use firewall and anti-virus to protect against malicious intrusions.  The firewall inspects all messages coming in from the outside and decides whether the message should be allowed in based on pre-determined criteria.  Anti-virus stops malicious software that has already surpassed your safety measures and entered the system.
  3. Passwords are your first line of defense when preventing backs into any server.  By ensuring that employees have a strong password, a company can all but eliminate 75-80% of cyber-attacks.
  4. If a hack or breach does occur, disclose the incident immediately to your security team.  Information can often be recovered if authorities are notified soon after a security breach.  Recovering data is extremely difficult as more time goes by because of the network of offshore channels this information is relayed through.

Your company may have the most intuitive healthcare cybersecurity software and direct safety processes set in place, but at the end of the day, your safety culture won’t shift until every single employee consciously decides to make the change.  It requires leadership and commitment!


How Automation Improves Medical Billing in Practice Management Systems

Everyone in healthcare knows receiving payments is hard. They know it’s not just one thing that makes it hard. It’s all the small, routine tasks that are never reported, all the conversations, and all the files moving between systems that are never mentioned in your monthly report that determine your budget and help to make smarter business decisions.

Industry experts have been saying for the past five years how a surge of automation is leading to the next big change in healthcare. One example we meticulously follow is the day to day operations and financial impact of automation on medical billing and practice management. In this article, we will explore some of the challenges associated with medical billing in practice management, as well as the benefits of automating your current practice management system software.

Medical billing with 1,400 interfaces configurable with your
current practice management system
btnLearnMore orange

Medical Practice Management Workflow

  • Patient Scheduling and Registration - setting an appointment via an online portal or with the front desk; providing demographic data, updated contact details, and payer information
  • Eligibility Check and Demographic Verification - including pre-authorization, instantly highlights issues with payer compatibility. Resolving these issues prior to a patient visit can reduce your denial rate later
  • Coding and Review - translating medical practice diagnostics, equipment and procedures as billable records while reducing instances of denials due to incorrect or missing information
  • Collection of Co-pay/Balance - the fixed amount received from a patient for a service immediately after the appointment or soon after
  • Claim Management - creating, validating and submitting a claim to a clearinghouse or payer, either electronically as an e-claim or manually as a paper claim
  • Correcting Errors/Denials - systematically addressing the causes of why a claim was rejected or denied before resubmitting it for consideration
  • Payment Posting - posting payments into into the respective patient accounts against a particular claim to reconcile them
  • Patient Statement and Communication - sending patient invoices and reminders via their preferred method of contact, either over the phone, through email, or as a printed statement
  • Analytics/Data Analysis - comprehensive financial dashboards can help you and your team analyze the performance of your practice at a single glance

Challenges Associated with Medical Billing in Practice Management

Obstacles of implementing a medical practice management software include a lack of time to set up the infrastructure, lack of expertise, and system privacy/security:

  • Security and privacy of web-based or cloud-based practice management software is a concern when hosted on another company’s server. Since this software is available from anywhere with a web connection, it’s also vulnerable to attacks by cybercriminals. Consider the financial and reputational risks related to use of third parties for core services. If security is a priority, check out ImagineMedFMTM VPN, encryption, and user authentication.
  • Billing and collections, charge capture and coding was rated as one of the top risk areas for healthcare organizations in 2019. While outsourcing medical billing is a common method for offloading organizational tasks, lack of visibility into controls of third-party systems can result in lost revenue and lower claim resolve rates. Furthermore, outsourcing occasionally requires careful supervision to ensure business and patient experience standards are upheld.
  • Value-based care holds a healthcare organization accountable for both the clinical and financial outcomes of a patient’s care. 36% of hospital system executives are exploring medical practice management systems that will allow them to streamline financial and clinical systems. This challenge increases exponentially for multi-specialty practices whose claims are spread out across multiple billing systems.
  • Staff turnover and retaining talent affects provider workloads, patient outcomes and costs when managed using manual billing systems. Some doctors will choose employment with a healthcare system as a way to avoid the clerical responsibilities associated with running their own practice. For practice owners who remain independent, they are faced with the challenge of providing the necessary training and resources their staff needs to manage their day to day.

Benefits of Automated Practice Management System Software

Products like ImagineBillingTM built for high-volume, complex medical billing can be configured to your current practice management software workflow while automating it in the following ways:

  • Real-time validation of demographic information, insurance eligibility checking, and pre-authorization makes quick work of top sources of claim denials.
  • Claim generation, scrubbing and submission automatically looks for issues in your claims before they are sent to your clearinghouse or payer.
  • Electronic Remittance to automatically post insurance payments and reconcile balances much faster than can be done manually.
  • Real-time analytics and business intelligence gives you centralized access to business information and status reports for making smarter business decisions.

10 Ways to Automate Your Denial Management

Does your denial management process resemble a closed door, or a bridge? If you are a billing manager, you are all too aware of how difficult it is to manage denied claims. While looking for ways to increase the number of claims your healthcare organization is processing, it’s important not to lose sight of how many of those claims are being denied by the payer. When you’re processing hundreds, if not thousands of complex medical claims every week, a small percentage of denied claims can have a significant impact of your bottom line. This is where automated denial management comes in. Here are some ways automation can help bridge the gap between claim denials and higher profit for your healthcare organization.

reImagine your denial management and recovery strategy from a foundation of data discovery, prioritization, and intelligence
btnLearnMore orange

Importance of a Denial Management Strategy

Healthcare organizations lacking a focused strategy for denial management are more likely to receive declined denials. According to the American Medical Association, between 1.38 percent and 5.07 percent of claims are denied by insurers on the first submission. What’s more, denied claims are 3x more costly to rework than submitting a clean claim the first time. If the average cost to rework a claim is around $25, then the difference in value between a clean claim and a denied claim is around $15-17 dollars per claim depending on your clearinghouse. The challenges only compound with the increase in payers and specialties your practice adds to its revenue cycle.

Automating the Denial Management Workflow

According to a 2016 HIMSS survey, nearly a third of providers are still using manual claims denial processes. Out of the 69% using an automated denial management solution, 44% use a vendor and 18% manage their own system in-house. The best solutions to common medical billing mistakes are those which catch a mistake before they occur. For larger healthcare organizations, the sheer volume of claims requires more than a manual process. Automation fits into a well-tuned denial management strategy at three-phases: pre-denial, post-denial, and advanced reporting:

Pre-denial Management

    Start by putting the necessary processes and technology in place to ensure all anticipated causes of denials are accounted for and segmented into the correct course of action to be resolved.

  • Correct errors like duplicate billing, incorrect CPT modifiers, and inaccurate patient demographic information. Reconcile missing patient information with existing records. An automated tool like ImagineAITM verifies and corrects patient demographic details immediately.
  • Get insurance authorization for healthcare services that require prior approval. Systems like Imagine’s Pre-AuthorizationServices can do this in minutes instead of hours like manual processes.
  • With changes in a patient’s policy and greater payment responsibility falling on the patient, it’s no surprise insurance eligibility is the most common type of denied claim. Tools like ImagineDiscoveryTM are great for identifying coverage opportunities including overlooked alternative payment methods.
Post-denial Management
    Recover hidden revenue and minimize the impact of denials by top causes and sources of denials.

  • Automatically sort by dollar amount from greatest to least and/or date of service to head off filing any late claim denials. NOTE: This can take an entire day to do manually. With an automated system, it can happen before billing managers start their day.
  • Systematically assess the business impact of each kind of denial. Prioritize denials that either represent the greatest opportunity for quick revenue recovery.
  • Implement a system where claims with the same payer and cause of denial are appealed in bulk.
  • Isolate complex bills into a separate bucket to be reviewed by a trained billing manager.
Advanced Reporting
    High-level data analytics can help determine if you do not have enough people working on denials, if your process is broken, or if there’s problems elsewhere.

  • Conduct “root cause analysis” to pinpoint trends in denials. Say for instance claims submitted over the course of a few months were denied because a provider was mistakenly marked as not contracted with a payer.
  • Share insights about the reasons for denials with front-end and middle-stage revenue cycle teams can help reduce the flow of denials and address issues further upstream. For instance, if a significant portion of your denials are prior-authorization denials, review your front-end authorization process.
  • Establish benchmarks, analyze workflow performance, and track staff productivity related to denied claims. Review automatically created clean claim and denial rates with your employees can open silos and discover new opportunities for collaboration.

How Medical Billing Companies Use Data Discovery in Business Intelligence (BI)

In medical billing, we often talk about the importance of reporting and business intelligence for finding opportunities to reduce cost and increase revenue. Whether you’re a medical billing manager or the owner of a billing company, everyone employed by your company benefits when given access to data and reports related to their job performance. With that in mind, I’d like to take a step back and talk about the process that goes into creating those reports, called data discovery.

Business analytics to drive growth and show value to your clients
btnLearnMore orange

What is Data Discovery?

Data discovery is the process of collecting raw data from various sources, consolidating it into a single source, and converting it into useful information in the form of reports and visualizations. The usefulness of information is identified through recurring trends, anomalies, or predictive analytics broken down by factors like region, office, or procedure.

Data discovery can be demanding for medical billing managers when you’re accountable to both your management team and clients. Fortunately, client needs are like management needs in many ways. At a high level, clients want to see a lot of productivity reports and net gross collections, and so do billing companies. They need to know what you’re working on, changes in their revenue, and reassurance that your work is having a positive impact on their ROI.

Why is Data Discovery Important?

Data discovery is the first step into a more data-driven approach for monitoring your company’s and clients’ performance. Instead of reacting to the needs of your manager or client after the fact, a data discovery approach considers the goals and challenges of a company before building out a system for collecting and delivering the most useful information. This approach utilizes the full value of structured data to improve decision-making, optimize operational processes, and fuel new business.

Data discovery helps remove some of the biases and assumptions built into reports people create, helping them focus more on the things that practice owners and medical billing managers can control. Steps in data discovery include:

  • Collecting and preparing data -- This step can take a lot of time because of all the different business applications used by multi-specialty medical practices. Collection and preparation is traditionally a manual process that begins with extracting data every month, structuring it into a common format, and aggregating it into a central database. Today, the best business intelligence software largely automates this process.
  • Visualization -- Using visuals like graphs and dashboards to remove noise from data and highlight what’s useful information; visualizing data helps billing managers identify areas that need improvement, helps business owners understand which procedures to focus their attention, and can predict changes in the resulting revenue.
  • Advanced analysis -- Manipulating data in ways to uncover relationships between two or more data points at any given point in time; tasks include segmentation, correlations, and forecasting future value.

What Are the Best Uses for Data Discovery?

Here’s a look into some of the ways medical billing companies are using the data discovery process in business intelligence solutions to drive profitability, reduce waste, and create competitive advantage for themselves:
  • Improved operational efficiencies -- Billing companies and healthcare organizations need to be as lean as possible. Data discovery can be used to analyze a company’s operations for ways to reduce ongoing costs and maximize existing resources. For example, comparing your payer mix with the number of similar claims being processed by a certain payer as well as the amount of revenue you stand to receive will let you know where to prioritize your resources. Over time, you may notice a trend of similar claims being processed across multiple practices and can use that information to negotiate better payer rates.
  • Improved services and patient procedures -- Data discovery can track individual revenue streams to determine which services and patient procedures drive revenue and which are not. For example, a monthly report of collection trends may show a spike in certain laboratory tests being performed by pathology groups at certain times of the year. This information could be used to attract patients who typically receive the test the same time each year.
  • Transparency with clients and team members -- Medical billing companies should be able to supply practices with comprehensive performance reports at the click of a button. Provide customized reports to every client based on their unique challenges and performance focus.
  • Expertise -- Medical billing managers should be knowledgeable in how to approach troublesome denials. For example, denial rate gives billing companies data between all public and private payers and compares which provide the highest or lowest rate of denials for certain procedures. Once a procedure has been successfully adjudicated, the same process can be applied to the same procedure and payer in the future.
Subscribe to this RSS feed

If you enjoyed this post, you'll love our email updates!

Receive content on industry topics, upcoming webinars, current healthcare trends, and more!