Personally Identifiable Information in EHRs Makes Them a Target for Cybercriminals

Personally Identifiable Information in EHRs Makes Them a Target for Cybercriminals

Electronic health record (EHR), a digital version of a patient’s medical record often contains details about a patient’s demographics, insurance information, mailing address, Social Security number (SSN), birth date, and notes from prescribing doctor. Though EHR documentation helps providers as well as medical coding companies with better patient data management by enabling quick access to patient records, data security needs to be paid attention to. Other than medical records, these electronic data may also contain billing information such as credit card details and invoices. With EHRs containing Personally Identifiable Information (PII) like SSNs that does not expire, cybercriminals are now targeting this software as well as the vendors.

Attacking cloud-based EHR software vendors allow cybercriminals access to multiple client databases in a single operation. For instance, date of birth, medical insurance ID, and a Social Security number can be combined to acquire medical insurance. According to a report published in Healthcare IT News, more than 3.16 million patient records have been breached so far in 2017.

Healthcare firms are mandated to adopt the use of EHR systems to improve health care by The Health Information Technology for Economic and Clinical Health (HITECH) Act, under the American Recovery and Reinvestment Act of 2009 (ARRA). While incentive programs were provided for the use of EHR systems, there was no guidance regarding the security of these systems.

A major reason behind EHR data breach is the lack of safeguards implemented in healthcare institutions with regard to their digital assets. It happens that often hospitals and/or healthcare organizations may not be equipped with the right staff to handle digital threats and basic security methods. An article in Forbes explains that in the black market, while the going rate for social security number is 10 cents and credit card number is worth 25 cents, electronic medical health record (EHR) could be worth hundreds or even thousands of dollars.

Cybercriminals may use these details to –

  • file fraudulent tax returns
  • create fake identities
  • receive health services
  • purchase add-ons from the vendors such as birth certificates and passports
  • obtain medical insurance by using SSNs and Medicare insurance ID

Personally Identifiable InformationMedical identity theft is yet another concern. When one person’s medical ID is used by another, the EHR is also modified which affects critical information such as the person’s blood type and current medications, resulting in wrong diagnosis or delayed care.

Some EHRs can be accessed through the IP address of the vendor. Hackers can use force attacks like Ransomware or Wannacry to break into the system. They can also hijack insecure EHR systems, replace encryption keys with their own, and force hospitals for money in exchange for returning the access. Sites that store or provide access to EHR should ideally be accessible through an internal network or VPN.

It is highly recommended that healthcare organizations using EHR software should secure the data by

  • educating staff members who access EHRs, on the basics of cybersecurity and risk management
  • seeking assistance from security companies to protect data stored within their facilities
  • having a robust network security that lessens the chances of attackers using the institution’s own network as a gateway into the EHR provider’s network

It is also important for the vendors of EHR software as well as medical billing companies to provide strong encryption for stored data in order to reduce the impact of data breaches.

Real-Time Electronic Prescription Prior Authorization on the Cards

Real-Time Electronic Prescription Prior Authorization on the Cards

Insurance verification and authorization is the first and probably most important step in the medical billing process. Patient eligibility verification involves checking out the patient’s coverage before services are provided. While checking patients’ insurance benefits properly is crucial, recent reports show that getting prior authorizations from insurance for prescription drugs can prove even more time-consuming and frustrating for physicians’ practices. Experts recommend that electronic prescription prior authorization could be an effective solution to the problem.

Payers use prior authorization to make sure patients get the right and most cost-effective medications for their situation. Medications that need prior authorization are those that:

  • have dangerous side effects
  • are harmful when combined with other drugs
  • should be used only for certain health conditions
  • are prone to misuse or abuse
  • are prescribed when less expensive drugs might work better
  • are lifestyle drugs or used for cosmetic reasons
  • are covered by the health plan but are prescribed in a dose higher than “normal”
  • are not usually covered by the health plan or pharmacy benefit manager (PBM), but deemed medically necessary by the physician

Currently, medication authorization is a time consuming and exasperating process for providers, their staff, and patients. An article published last year in Medical Economics pointed out that prior authorization of medications is not done at the time the physicians writes out the prescription. The typical procedure is as follows:

  • Physicians prescribe medications but are usually unaware of whether they require prior authorization.
  • Patients go to the pharmacy to get the drug, but are told that it needs prior authorization.
  • The physician’s office is told about the need for prior authorization and, in 90% of cases, uses phone or fax to contact the insurance company.
  • The payer will examine the clinical documentation and grant authorization after about 24-48 hours.
  • The patient goes back to the pharmacy to get the medication after being informed by the physician’s office about the authorization.

This lengthy process is costly and involves a lot of work for physicians and their staff. It is also a harrowing experience for the patient.

To resolve these issues, technology companies have come up with tools to integrate electronic prior authorization in the e-prescribing process. In the electronic model, physicians would be able to find out which medications need prior authorization and inform patients in advance. Patients may be able to get a prescription approved while leaving the physician’s office. According to these technology experts, making these tools part of the clinical workflow by embedding them in the electronic health records (EHRs) will do away with time-consuming manual prior authorization processes. This will save time and money, reduce administrative burden, and improve both patient and provider confidence and satisfaction.

The electronic claims processing services that professional medical billing companies provide is fast, affordable, and highly efficient. So experts point out that there is no reason why the electronic prior authorization model shouldn’t work too. Of course, fully automated prior authorization may take time to implement. Till then, the best option for busy physicians would be to rely on established outsourcing companies for insurance verification and authorization and electronic claims processing support.

High Growth Predicted for Global Medical Document Management Market

High Growth Predicted for Global Medical Document Management Market

According to a new Medical Market Research report, the global medical management market is expected to reach around USD 527 million by 2019. By application, the medical documentation management market is categorized into four segments:

  • Medical billing systems
  • Medical record management
  • Patient admission registration
  • Medical document scanning or medical document imaging management

The shift from paper-based transactions shifting to electronic mediums is driving the growth of the medical document management market, and the report predicts high growth for the cloud-based segment.

The study found that the U.S. represents the largest market for healthcare, worldwide. In the U.S., outsourcing of medical document scanning to HIPAA-compliant service providers is also growing rapidly with electronic health record (EHR) adoption. These companies scan paper records of patient histories, patient insurance information and patient notes and forms, and provide indexing and storage solutions. This allows physicians’ offices to access medical records easily when required, while meeting all compliances and security regulations.

In addition to hospitals, care centers and specialty homes, healthcare insurance providers are key end-users of medical document scanning services and document management software.

The report forecasts that the need to streamline billing will drive the market for medical billing software. With the substantial increase in the number of hospitals and clinics, the need to track all treatment-related expenses of patients has become a key priority for the healthcare sector. These positive trends will significantly increase the demand for medical billing services and systems over the next four years.

Many medical billing companies work with their own software or use the health care provider’s system to provide end-to-end revenue management services. Outsourcing allows physician practices and hospitals to focus on their core tasks while the service provider takes care of everything from medical appointment scheduling and enrollment to payment collection.

Undetected Cirrhosis Causing Inconclusive Medical Data Entry

Undetected Cirrhosis Causing Inconclusive Medical Data Entry

Precise medical data entry and the resultant medical coding are important in gastroenterology, since many of the vital organs come under this category and issues involving them could result in serious health conditions and even fatalities.

Cirrhosis Undetected in Hepatitis C Patients – Research

Cirrhosis of the liver is a serious condition, causing liver cancer and eventually failure. While the progression of untreated Hepatitis C inevitably ends up with cirrhosis, many Hepatitis C patients are not diagnosed with cirrhosis even if they have it and their medical records or EHR do not reveal it. A recent research carried out on 2788 hepatitis C patients in four major health systems of the nation by Detroit’s Henry Ford Health System and the CDC (US Centers for Disease Control and Prevention) revealed this fact.

The survey showed that 29% of these hepatitis C patients, 2788 of them, were found to have signs of liver damage or cirrhosis, but only 62% of these patients with liver damage, 1727 of them, had any documentation mentioning that in their records. The liver biopsy conducted on them only served to indicate cirrhosis in 661 of the patients. The researchers however conducted a test known as FIB-4 score, a procedure that has been validated but isn’t performed much by clinicians. It has proved to be more effective than a liver biopsy alone since it revealed four times higher prevalence of cirrhosis than the biopsy indicated.

Liver Cirrhosis Under-diagnosed and Undocumented

The conclusion reached was that cirrhosis could be a highly under-diagnosed condition in the population, something which must be set right. Researchers put part of the blame on the liver biopsy test which isn’t conclusive in revealing damage. The FIB-4 score is achieved by calculating liver enzymes of patients along with their platelet counts plus age, and seems to be more effective in revealing the extent of damage. And electronic health records cannot be relied in this regard, if the biopsy is the primary test used to determine the presence and extent of cirrhosis.

  • The diagnosis for reimbursement ICD-10-CM code for liver cirrhosis is K74.69.
  • The ICD-9 code, that must be used till October 1, 2015, is 571 with sub-variants for the specific conditions of cirrhosis.
  • 571.5 denotes cirrhosis without alcohol while alcoholic cirrhosis is denoted by 571.2.

Liver Cancer Undetected

According to Dr. Stuart Gordon, lead researcher in the study, hepatitis C patients sometimes do not realize they have liver cancer. They are also unaware they they’ve developed cirrhosis that has led to the cancer. Gordon says that an ultrasound may not fully reveal the condition – it could only show a slightly enlarged spleen. Platelet count dropping is also an indication of cirrhosis. However, these are subtle indications and more conclusive tests are required.

Improving Diagnosis and Medical Coding for Hepatitis C

As healthcare professionals know, hepatitis C is a viral infection that is curable. It causes the liver to be infected and inflamed and must be monitored and controlled so the cirrhosis or damage does not develop further which could result in liver cancer and ultimately liver failure.

The CDC estimates that 2.7 to 3.9 million people are presently suffering from chronic hepatitis C in the United States, which makes this research quite significant and relevant. It could significantly impact hepatitis C treatment for the better, and make medical data entry and gastroenterology medical coding for the condition more accurate.

Avail of Professional Medical Data Entry Services

Avail of Professional Medical Data Entry Services

Managing clinical data requires knowledge of medical terminology as well as practical knowledge of how the data are collected in the healthcare setting and documented in medical records. Medical data entry is a time consuming task that requires precision and accuracy. Physicians and other healthcare staff usually find it difficult to manage data entry in computerized systems.

Medical data has to be collected and entered in the data base following detailed rules and standards that govern the manner in which medical data has to be recorded. Care should be taken to prevent errors (voluntary or involuntary) during data entry, such as misspellings, duplication of digits, partial data collection, and inconsistencies between forms.

Rather than hire data entry workers to manage the task within the facility, most healthcare facilities now opt for medical data entry services. A reliable outsourcing company would have experts perform the task. They can provide accurate documentation of all data that are applicable to patients, admission, appointments, diagnosis, chart information, doctor’s notes, insurance, account information, claims details, and medical billing and coding.

They provide data entry task for wide range of records that consists of patient records, hospital records, prescription medication, surgical encounter records, medical claim forms, medical insurance billing forms such as HCFA 1500 (CMS 1500) and UB-04 UB, other medical files, documents and records. To provide flawless medical data entry solutions, the company would have multi-level data checks in place to identify errors, protocol violations, and data completeness, inconsistencies and duplication

Outsourcing medical data entry to a HIPAA-compliant healthcare business process outsourcing company will ensure the confidentiality of medical data. The right firm can ensure many benefits including transfer of files through secure email and FTP modes, flexible, customized and accurate medical data entry solutions, quick turnaround time and competitive pricing.