Cyber Threats & Regulatory Issues You Need to Know About
While healthcare has always been on the forefront of technology when it comes to clinical medicine, it has sometimes been a bit slower to adopt and adapt to the ever-changing world of information and communication — especially regarding security and regulatory issues.
Even with recent industry-wide investment in digital infrastructure, healthcare needs to stay vigilant and updated on the latest cyber threats as well as rapid changes in regulatory requirements.
Old Threats, New Challenges
The only constant is change, and with cyber threats and regulatory issues, this is doubly true. But also remember, persistence against existing and new issues is not only necessary but worth the effort. Here are five trends you need to pay attention to the most:
No. 1: Social-Engineering Attacks
Though ransomware is still prevalent, social engineering-based cyber-attacks — the use of psychological manipulation and misinformation to gain access to sensitive information or break security protocols — is on the rise. In 2021 alone, attacks increased by 270%.
And hackers are getting trickier, developing new scams that are harder to detect. One of the latest attacks is low-tech, yet effective (and sneaky). A phone call is placed to a practice claiming to be a new patient who is having trouble filling out required forms on the online portal. The caller asks for the forms to be emailed; once the hacker returns the forms to the practice and opened by staff, malware is downloaded onto the network.
No. 2: Breach of Change Healthcare
After the recent ransomware attack on Change Healthcare earlier this year, the U.S. Department of Health and Human Services (HHS) issued a clarification regarding the information and data breach. Providers may choose to delegate the responsibility of notifying affected parties to Change Healthcare. The HHS website provides an in-depth FAQ section addressing the breach, updates and the subsequent investigation.
No. 3: Stark-Law Reminder
The Stark Law — also known as the Physician Self-Referral Law — prohibits physicians from referring patients to "designated health services" owned by them or an immediate family member with a financial stake. However, keep in mind this relationship doesn’t have to be a direct ownership-stake to possibly be in conflict with the law. As an example, a physician group which also includes in-house, third-party lab services, could potentially raise a red flag when it comes to these types of referrals.
No. 4: False Claims Act & Healthcare
Along with the recent trend of applying the False Claims Act to hold government contractors accountable for cybersecurity lapses and breach issues, there’s a distinct possibility this could also be extended to healthcare providers. In the near future, we might see cybersecurity requirements and assurances become standard requirements in Medicare contracts for providers. Stay tuned.
No. 5: Review All Billing Codes
The Centers for Medicare & Medicaid Services (CMS) is on the lookout for provider overpayments for amniotic products — such as fluid injections and skin substitutes — and durable medical equipment. Why? Well, because it’s low-hanging fruit and relatively easy for the agency to pursue.
To make sure you’re not overpaying — and to avoid undue scrutiny from CMS — don’t just rely on the AI features within your EHS system for coding bills related to these services; review all payments for accuracy and the use of proper modifiers.
Also, make sure to use these modifiers to indicate special circumstances; such as when a patient completes a single physician-visit, but two separate health issues are discussed (or use a modifier for telehealth visits).
MagMutual’s Learning Center offers many additional resources concerning the business, practice and regulation of medicine. MagMutual also offers comprehensive insurance protection for healthcare providers and organizations. You can learn more about these resources and services here.
Disclaimer
The information provided in this resource does not constitute legal, medical or any other professional advice, nor does it establish a standard of care. This resource has been created as an aid to you in your practice. The ultimate decision on how to use the information provided rests solely with you.