The events of the first half of 2024 highlighted a crucial lesson. No health system is immune to cyberattacks. These attacks impact patient care and can lead to significant financial consequences, including class action lawsuits and fines from HIPAA and the Securities and Exchange Commission (SEC).
However, one often overlooked impact of a cyberattack is its effect on the revenue cycle. A recent study by the American Hospital Association revealed that a cybersecurity breach at a clearinghouse resulted in a daily revenue loss of nearly $1 million for 60% of the affected hospitals.
While hospitals have contingency plans for events like power outages and extreme weather — backup generators, secondary chillers, and fiber for internet coverage — they can typically neglect vulnerabilities in the revenue cycle.
Financial redundancy is essential to maintain operations in the wake of an attack. This article covers the concept of financial redundancy in RCM and recommends proactive measures for hospitals and revenue cycle management/clearing house partners.
Five costs of revenue cycle management downtime
Inability to submit claims or receive payments: Disruptions can halt the flow of revenue, affecting the financial stability of healthcare providers. In such cases, providers may need to rely on cash reserves. Applying a multi-cloud infrastructure can help mitigate this risk by diversifying data storage and reducing the likelihood of a single point of failure.
Failure to process insurance eligibility or authorization requirements: This can delay patient care, present unneeded reimbursement risk and lead to a backlog of administrative tasks. To manage the issue, it may be necessary to extend payment terms with payers and vendors. Establishing hybrid deployments that combine on-premises and cloud-based solutions provides added resilience and flexibility in managing revenue cycle data.
Unable to calculate costs and coverage for pharmaceuticals: This situation affects medication pricing and patient billing, potentially leading to increased costs and treatment delays. In response, providers may revert to paper processing, resorting to labor-intensive manual processes that strain already limited staff. Continuous monitoring of systems can ensure early detection and swift response to any issues, thereby minimizing downtime.
Disruption to verifying insurance coverage: Patients often face uncertainties about their coverage, leading to potential treatment delays. To address this issue, providers might consider adopting a secondary/backup clearinghouse strategy. It is critical to maintain comprehensive backup systems that store data securely and can be quickly accessed in the event of a system failure or data breach.
Incident command/crisis response resources: A fragmented approach to incident response can exacerbate the crisis, leading to inefficient handling of the situation. Ensuring redundancy in planning through multi-cloud infrastructure, hybrid deployments, continuous monitoring, and comprehensive backup systems further strengthens the ability to manage such crises effectively.
Health systems that prioritize financial redundancy can avoid last-resort options and significantly reduce the impact of disruptions on cash flow, patient care and staff well-being. Financial redundancy ensures that hospital expenses are maintained, allowing staff to be paid, and operations to continue, which helps maintain morale and operational readiness. It also supports cash flow maintenance to promote smooth financial operations and prevent disruptions in service delivery.
Furthermore, it safeguards supply chain management, ensuring that medical supplies and pharmaceuticals remain available without interruption. Additionally, financial redundancy provides a buffer against unexpected financial shocks, allowing the organization to sustain essential services without compromising quality or accessibility. By implementing financial redundancy, healthcare organizations can protect critical functions, ensure continuity of care, and maintain stability even during financial system failures. This proactive approach not only enhances resilience but also fosters trust and confidence among patients, staff, and stakeholders, securing the long-term viability of healthcare operations.
Photo: CreativaImages, Getty Images
Greg Surla is the Senior Vice President and Chief Information Security Officer at FinThrive. With over 30 years of experience, he has worked across a diverse range of industries, including software, government, manufacturing, and more. Greg is highly skilled in Security Architecture, Business Continuity Planning, Penetration Testing, Business Intelligence, Governance and Regulatory Compliance, and Threat/Vulnerability Management.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.
