Browse by Topic
More than 40,000 members value HFMA's thought leadership and practical strategies. HFMA is where you need to be.
Get acquainted with the
healthcare finance industry's leading professional association. Find out why our
members rely on HFMA as their go-to source for insight and
Members have many
options for helping them advance their careers. Conferences, seminars,
eLearning, certification, and more -- our education and events will keep you
Connect the dots on today's big issues, explore collaborations, get career-boosting tips, and network with colleagues nationwide at the leading finance conference. Save $100 off the full conference rate when you register by May 8.
Real-time presentations with nationally recognized experts, networking opportunities, and industry solutions—no travel required!
Get the latest, practical education in key areas of healthcare finance over 1, 2, or 3 days. Choose Essentials Programs or Master Sessions in DC or Seattle. Register early and save $100.
If you're a subscriber to any of our three newsletters, you have access to online education. Learn more or subscribe.
Get the perspectives of leading healthcare finance professionals on today's hottest issues.
Information about leading vendors helps your buying decisions.
Forum members can network during live webinars or access a library of past webinars on topics such as bundled payment, charity care, and ICD-10.
An ever-expanding collection of spreadsheets, policies, job
descriptions, checklists, and more that you can adopt and adapt.
Forum members can submit vexing questions to a panel of experts
using our Ask the Expert service.
Your source for employment solutions.
Find new employment opportunities or
reach out to qualified candidates.
Distinguish yourself as a
leader among your peers and advance your career by earning certification in our
healthcare finance programs.
Get an objective third-party evaluation of products and services used in the healthcare finance workplace.
MAP App is a web-based application that helps organizations improve revenue cycle performance based on industry-standard metrics called MAP Keys.
Find suppliers and products in this comprehensive vendor directory for healthcare finance professionals.
Guidance for understanding and communicating about the price of health care.
Guidelines on how to make it easier for consumers to get information about healthcare prices.
Improve your revenue cycle performance through standard metrics, peer comparison, and successful practices.
As someone who walks the line between finance and health informatics, I read with many of you last week the news of a data breach affecting Valley View Hospital, a facility here in Colorado. First, we have the Target credit card debacle, and now, one more in what seems a litany of attacks against healthcare providers. Sadly, it does not look like the threat will go away any time soon.
Further, the expansion of health IT under the American Recovery and Reinvestment act (ARRA) has created another attractive target for the criminal element. If we haven’t realized it already, the data-rich environment we live in is equally attractive in many ways to the cash-rich environment of health care. The difference is simply the nature of the theft. Events like the one in Colorado should be a reminder to us to look at IT processes and perhaps take a moment of introspection to see that we are doing everything we can to avoid becoming the next “data breach” headline—and the next client of one of those credit monitoring companies we have to retain when a breach is detected.
Because so many of us in finance work (and supervise) the IT function in our organizations, the onus may likely fall to us to show what we are doing to protect our valuable data assets. The task is further complicated for us right now as we prepare for the ICD-10 conversion looming later this year. IT processes can both save and sink our data security efforts.
Here are some things to consider as we look at our defensive posture against data intrusions.
Have you had your defenses tested against attack? Believe it or not, there are hackers out there who are on our side. The “certified ethical hacker” makes a living out of trying to break into our systems and then telling us where our weaknesses are. I have seen investments in these sorts of services pay big dividends in closing data breach vulnerabilities before they are exploited. This sort of penetration testing is also recommended under HIPAA.
Does IT shut the door behind users? So many data vulnerabilities arise from within our own organizations from our own users. Has IT implemented basic protocols such as mandatory password changes (usually every 60-90 days)? What about mandatory inactivity time-outs where a terminal is “locked” after a period of time if the user isn't doing something? Do we have mechanisms in place to ensure that any time an employee leaves the organization, his or her user access to our systems is immediately terminated. That last point is an easy one to forget, because it requires communication between human resources and IT. But the consequences of such a lack of communication can be dire. I have seen situations where employees who have been gone from an organization for nearly a year still have active user access to systems. Scary, isn’t it?
Are we working with IT system vendors to ensure that they are providing timely and adequate security updates as new vulnerabilities are identified? We can only do so much to protect ourselves. The systems we use have to be updated as well. Vendors don't have sole responsibility for system security; we have to be sure that the IT hardware and networks we have are secure. That’s where those ethical hackers can come in handy. But the systems we use must be up to the challenge.
Do we have a plan in place for responding immediately to a breach? This is one of those things that HIPAA tells us to do. But far too many organizations settle on a “cookie cutter” approach for a plan that ultimately is found to be irrelevant to the unique characteristics of a breach. I recommend taking time to do what I was taught when I got my pilot’s license: Plan for the worst, prevent what problems you can, and be prepared to act on that plan. You never know.
These points are easy to overlook in the hustle of month-end close, budgets, and cash flow hassles. But when it comes to safeguarding date, the ounce of prevention can be worth far more than the pound of cure you might need later.
Jeffrey Helton, PhD, FHFMA, CMA, CFE, is assistant professor, Metropolitan State University of Denver, and a member of HFMA’s Colorado Chapter.
Publication Date: Tuesday, March 25, 2014
Brian Kueppers, founder and CEO, Apex, discusses the importance of a robust patient payment strategy in boosting organization revenue and enhancing patient satisfaction.
Brian Grazzini, CFO, HealthPort, describes the importance of efficient and compliant information exchange and audit management in helping HIM staff spend less time on paperwork and more on mission-critical projects.
Cindy Matthews, executive vice president, Community Hospital Corporation, discusses how rural and community hospitals can use collaborative partnering to position for success through tough market conditions.
Rick Heise, senior vice president, revenue cycle, at Cerner Corporation, discusses the importance of integrating clinical and financial data to excel in health care’s changing payment environment.
Dale Hockel, senior vice president of operations, and Jim Fanelli, CFO, TriMedx, share strategies for elevating clinical engineering through innovative management programs.
Russ Graney, founder and CEO for Aidin, and John Laursen, head of business development for Aidin, share insights on how to improve care transitions between acute and post-acute care settings and incentivize high-quality patient outcomes.
Scott Elston, strategic accounts manager, GE Healthcare Services, describes how substantial cost reduction in health care requires rethinking business strategy and asset use.
Robert Williams, MD, director, Deloitte Consulting LLP, and Arielle Freiberger, product strategist, ConvergeHEALTH by Deloitte, explain how sophisticated retrospective, real-time, and predictive data analytics can inform decision making to reduce costs and improve care.
Stuart Hanson, director of business development (healthcare solutions) at Citi Retail Services, discusses how improving the payment experience can benefit consumers and healthcare providers.
Scott Schmidt, vice president, Cerner RevWorks, LLC, shares insights on best practices for maximizing a revenue cycle management partnership.
©2015 Copyright Healthcare Financial Management Association
HFMA.org is best viewed using IE9 or the latest versions of Chrome, Firefox, and Safari.
Join HFMA today and enjoy: