Final Update on UHIN’s Response to Change Healthcare Cybersecurity Event

We are pleased to announce that our efforts to restore full functionality following the cybersecurity event at Change Healthcare (CHC) have been successful.

Streamlining Enrollment Processes: Since the last update, we have completed key initiatives around streamlining enrollment, which has increased the number of Electronic Remittance Advice (ERA) submissions through our new partner network.

For providers who are still not receiving ERAs, please complete re-enrollment in MYUHIN. If you have any questions, please contact us at enrollment@uhin.org.

Updated Payer List: UHIN has updated its payer list. If you are getting rejections regarding a payer ID, please check https://uhin.org/resources/payer-list.

Continued Progress and Support: UHIN remains fully committed to providing a seamless claims processing experience for all our customers.

Thank you for your continued trust and partnership.

Newsletter: August 2024 Issue

AUGUST 2024

In this issue, we discuss compliance with the Information Blocking Rule (IBR), share updates on our CHIE portal and Clinical Data Repository migration, as well as our progress following the Change Healthcare cybersecurity event. Looking ahead, we’re preparing for Virtual Payer Panels, CHIE platform trainings, and in-person conferences around the country. Finally, we’re proud to share that Gartner highlighted the UHIN Clearinghouse, emphasizing our long-standing commitment to compliance, security, and privacy.

Stay in the know – join us on LinkedIn!


We’ve been working hard with our vendor to set up the new CHIE portal and Clinical Data Repository, as well as migrating data and connections for our interfaces. We anticipate going live at the end of September. We’ll send weekly updates with more information on what to expect. Click here to learn more about the new CHIE Platform.  
​​​​​
Portal users will see a more modern experience, including an updated homepage dashboard and patient summary. Based on feedback from users, we are migrating 5 years of data. We will migrate a longer history for allergies, immunizations, colonoscopies, and opt out requests.  

If you are not currently using the portal, you should not notice any changes in current functionality, and your alerts and interfaces should continue to work as they always have.


Update

We’re pleased to provide a positive update on our ongoing efforts to restore full functionality following the cybersecurity event at Change Healthcare (CHC). Keep reading for updates on expanded payer network coverage, increased ERA submissions, streamlining enrollment processes, re-enrollment, and support.


Hand under hologram of health data symbols

As healthcare continues to share data and information more frequently, the importance of adhering to information blocking regulations cannot be overstated. Particularly as disincentive regulations for healthcare providers went into effect on July 31, 2024. See how HIEs play a role in Information Blocking Rule (IBR) compliance and benefit both patients and providers.


September 13: Utah Medical Association (UMA) annual House of Delegates in Midvale, UT

September 26-27: Wisconsin Association of Health Plans Annual Conference in Elkhart Lake, WI

October 15-17: Civitas Annual Conference in Detroit, MI

November 4-6: Texas Covered Health Care Conference + Expo Event in Austin, TX


In the months ahead, we’ll host Virtual Payer Panels and CHIE platform trainings. Sign up in the email preference center to stay informed of dates and details.

Interested in learning how to use the CHIE or MYUHIN to their fullest capabilities? Make sure to visit the UHIN Education channel ​​​​​​to watch our how-to videos on YouTube. 


Gartner released a report to help CIOs reexamine their clearinghouse solution to solve critical business and security concerns. The authors specifically highlighted UHIN as a stand-alone clearinghouse. For decades we’ve supported our customer’s efforts to prioritize compliance, security and privacy. We appreciate the recognition after all these years!



Newsletter: July 2024 Issue

JULY 2024

As the world’s greatest athletes convene and compete in Paris, we look at the ways each of us can strive for greatness in our own healthcare arenas. We all have a part to play in realizing collective success: Pursuing peak performance in electronic data interchange (EDI), building connections across organizations, and forming new bonds for lasting impact. How can you prepare and perform to claim gold in your respective field of play in healthcare?

Follow us on LinkedIn for weekly posts and updates!


Leaders in healthcare electronic data interchange (EDI) must pursue peak performance in claim management and data excellence, akin to athletes pushing to win at the highest levels.

Just as sprinters, gymnasts or divers prepare meticulously and train relentlessly, EDI leaders must ensure accuracy, innovate continuously, harness data effectively, surmount challenges, foster a culture of teamwork, and celebrate successes along the way.

For health plans, the results from these collective efforts include significantly reduced costs, enhanced processes, and improved member satisfaction. Learn how you can incorporate the best practices of the world’s greatest athletes to achieve data excellence and become an EDI champion.


Sarah Stierch (CC BY 4.0)

The U.S. Department of Health and Human Services (HHS) has announced a reorganization aimed at enhancing its technology, cybersecurity, data, and artificial intelligence (AI) strategy and policy functions. This restructuring consolidates these responsibilities into a newly renamed office, the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC), to oversee key roles, including the Chief Technology Officer, Chief Data Officer, and Chief AI Officer. 

Why This Matters for Leaders in Health Information Exchange and Healthcare Data:

1. Centralized Oversight and Strategy: The reorganization centralizes technology, data, and AI oversight under the ASTP/ONC, ensuring a cohesive strategy and streamlined decision-making process.

2. Enhanced Cybersecurity Measures: By moving the “405(d) Program” to ASPR, HHS aims to enhance its cybersecurity efforts, providing a more robust, consolidated and coordinated approach to protecting health sector infrastructure. 

3. Focused Leadership and Expertise: The establishment of dedicated roles, including the Chief Technology Officer, Chief Data Officer, and Chief AI Officer, highlights HHS’s commitment to drive innovation, improve data governance, and ensure the safe and ethical use of AI in healthcare, benefiting both providers and patients.


Claim managers at health plans can achieve excellence by adopting specific action items, such as refining validation processes, increasing their auto-adjudication rate, and ensuring secure transactions. Drawing inspiration from world-class athletes, they must remain focused, resilient, and committed to continuous improvement. Read this month’s blog post to see how you can incorporate the best practices of Olympic divers, gymnasts, cyclists, hurdlers, basketball teams, and sprinters to win gold and become an EDI champion.


July 30: Provider Resource Fair hosted by Aspen Grove Behavioral Hospital in Orem, UT

September 13: Utah Medical Association (UMA) annual House of Delegates in Midvale, UT

October 15-17: Civitas Annual Conference in Detroit, MI


Coming soon: Our virtual Payer Panel series and training sessions on the new CHIE platform, specifically for portal users. Subscribe for more details and notifications!


Got a story or event that your peers in healthcare and tech just have to know? An innovative interoperability solution or point of view?

Please email us at communications@uhin.org and we’ll include links to our favorite community content each month.



EDI Champions: Achieving Data Excellence

Leaders in healthcare electronic data interchange (EDI) must pursue peak performance in claim management and data excellence, akin to athletes pushing to win at the highest levels. Just as divers, gymnasts, cyclists, hurdlers, basketball teams, and sprinters train relentlessly to execute with precision, EDI leaders must remain focused, while taking meaningful actions to improve their operations every day.

The Pursuit of Perfect Precision

Divers focus on every detail to dive with precision from platforms up to 33 feet above the water and break the water with a splash-less entrance. For divers, hitting the surface with flat palms for a “rip entry” leads to a medal-worthy, tiny splash. Achieving excellence in claim management stems from meticulous attention to claim accuracy and closing the proximity of error. This pursuit involves reducing manual claim processes, refining validations, and improving auto-adjudication rates that will reduce costs and alleviate staff bandwidth. This makes the difference between winning gold and watching from the bleachers.

Automation of claims transactions could reduce the cost per transaction by up to 50% for health plans.

CAQH Index Report | 2023

Adaptation and Innovation

In the high stakes world of gymnastics, adaptation and innovation are key to staying ahead of the competition. Similarly, the healthcare industry is constantly evolving, and staying competitive requires embracing innovation and adaptation. From adopting cloud-based EDI solutions to integrating Fast Healthcare Interoperability Resources (FHIR), EDI managers must be at the forefront of technological advancements. These innovations are revolutionizing claim management in ways that will enable enhanced data accuracy and improve compliance with ever-changing regulations.

Harnessing the Power of Data

Data is the lifeblood of both cyclists and claim managers. For world-class cyclists, data-driven insights and performance metrics are crucial for fine-tuning their training regimens. Power output, revolutions per minute, heart rate, watt-to-weight ratio, and other data help cyclists cross the finish line first. In the realm of healthcare, harnessing the power of data can transform claim management. Health plans can leverage claim data in many valuable ways, like identifying high-utilizers who drive up costs and loss ratios, detecting fraud, optimizing payouts, and more. This proactive approach – rooted in data analysis – can lead to reduced costs, precise payouts, improved security, and enhanced efficiency across the business.

Overcoming Hurdles

To win gold, world-class hurdlers prepare rigorously to clear physical hurdles without losing momentum. Similarly, EDI managers face daily challenges like dealing with paper claims, EDI enrollment, and meeting claim resolution within the mandated time frame. The right claim management solution will help to alleviate daily issues, deliver accurate data and facilitate consistent communications that ensure a smoother path to claiming gold in data excellence.

The Role of Teamwork

Behind every successful team is a dedicated group of coaches, trainers, and support staff. In healthcare data management, teamwork is equally vital. Collaboration between EDI managers, IT and operations teams, and technology partners is essential for achieving peak performance. By fostering a culture of open communication and cross-functional cooperation, organizations can ensure that every team member is aligned with the common goal of excellence in data management. This collaborative effort results in seamless workflows, fewer errors throughout the claim lifecycle, and enhanced automation. 

Celebrating Achievements

Every milestone reached on the track, whether it’s a personal best or a new world record, is a cause for celebration. In healthcare data management, it’s important to recognize and celebrate achievements. From achieving a new high in auto-adjudication rates to successfully implementing a new EDI system or resolving complex claim issues, these accomplishments are a testament to the hard work and dedication of the entire team. Celebrating these successes not only boosts morale but also reinforces the commitment to continuous improvement and excellence.

Health plans can deliver short-term business cost savings affecting about 10% of total payer expenses by aggressively simplifying operations in 2024.

Gartner | 2024

The Path Forward

In conclusion, claim managers at health plans can achieve excellence by adopting specific action items, such as refining validation processes, increasing their auto-adjudication rate, and ensuring secure transactions. Drawing inspiration from world-class athletes, they must remain focused, resilient, and committed to continuous improvement. 

Leveraging data effectively and fostering teamwork are crucial for precise claim management and improving overall efficiency. Embracing innovation and adaptation will keep health plans competitive, cost-efficient and compliant in the evolving healthcare landscape. Thoughtful preparation and execution will help EDI managers overcome the hurdles on a daily and long-term basis. Coming together as a team, including with your EDI partner, leads to better communications, reduced manual work, and seamless workflows. Celebrating achievements, no matter how small, reinforces the commitment to excellence and motivates the entire team to strive for peak performance. 

The journey may be challenging, but the rewards of excellence in healthcare data management are well worth the championship effort.

Partnering with an established leader in claim management, like UHIN, sets your health plan on a path towards EDI excellence. As a mission driven clearinghouse, UHIN approaches claim management differently: we pass cost savings on to customers, provide expert, US-based customer service, and focus on the success of our customers – not our own.


Unlocking the Potential of FHIR: An Overview of its Impact and Future

Doctor hands on tablet with hologram overlay of patient data

As the CTO of UHIN, I’ve seen firsthand the challenges and frustrations of trying to achieve seamless interoperability. Data silos, incompatible formats, and outdated standards have long hindered our ability to share information effectively. But HL7® FHIR® (Fast Healthcare Interoperability Resources) offers a glimmer of hope, a path toward a more connected and efficient healthcare ecosystem.

Understanding FHIR: A Paradigm Shift

FHIR represents a paradigm shift in healthcare data exchange. Unlike older standards like HL7 v2, which often resemble complex, rigid blueprints, FHIR is akin to a set of modular building blocks. These blocks, called “resources,” represent discrete units of healthcare information – a patient record, a medication order, a lab result, and so on.

The true power of FHIR lies in its flexibility. Resources can be combined and exchanged in various ways to suit specific needs. Need to share a patient’s medication history with a specialist? FHIR allows you to do that without sending the entire medical record. Want to integrate a new mobile app with your EHR system? FHIR’s web-friendly technologies make it easier than ever.

Dispelling the Myths: FHIR is NOT a Panacea

While FHIR offers immense potential, it’s important to be realistic about its limitations. It’s not a magic wand that will instantly solve all our interoperability woes.

First and foremost, FHIR is a standard, not a solution. It provides a common language for exchanging healthcare data, but it doesn’t address the underlying technical and organizational challenges that often impede interoperability.

Second, FHIR is not a plug-and-play technology. Implementing it requires careful planning, technical expertise, and collaboration among stakeholders. Organizations with legacy systems may face particularly daunting challenges.

Finally, FHIR doesn’t guarantee interoperability. While it facilitates the exchange of data, it doesn’t ensure that the data will be understood and used consistently across different systems. Achieving true interoperability requires not just technical compatibility but also semantic interoperability – the ability to interpret and apply data in a meaningful way.

The Benefits of FHIR: A Catalyst for Innovation

Despite its limitations, FHIR offers significant advantages over older standards. Its flexibility, ease of use, and strong community support make it a powerful catalyst for innovation.

By adopting FHIR, healthcare organizations can:

  • Improve data sharing: FHIR enables more granular and tailored data exchange, making it easier to share information with the right people at the right time.
  • Accelerate development: FHIR’s web-friendly technologies lower the barrier to entry for developers, potentially leading to faster innovation.

For example, UHIN’s Clinical Health Information Exchange (the CHIE)  is currently migrating to a new FHIR-enabled platform. Built on a highly scalable architecture, the platform allows for more efficient and secure sharing of data across enterprises.

The Road Ahead: A Strategic Approach to FHIR Adoption

To reap the full benefits of FHIR, healthcare organizations need to adopt a strategic approach. This involves:

  • Developing a clear roadmap: Start by defining your interoperability goals and identifying specific use cases where FHIR can add value. Transitioning totally functional workflows from older specifications to FHIR, just for the sake of using a more modern data structure, won’t create new healthcare outcomes on its own. We need to use FHIR when it’s appropriate and when it will provide the most advantage to our interoperability goals. 
  • Building a strong foundation: Invest in the necessary infrastructure, tools, and expertise to support FHIR implementation.
  • Collaborating with stakeholders: Engage with vendors, partners, and other stakeholders to ensure that FHIR implementations are aligned and interoperable.
  • Focusing on education and training: Ensure that your team has the knowledge and skills to work with FHIR effectively. While the FHIR structure can lead to an easier onboarding of software engineers, it also increases the complexity of a given use case by having multiple resources required to accomplish the same goal that a single CCDA may have solved previously. HL7 International offers online courses covering the fundamentals (for a price) and educational videos on its YouTube page here.
  • Embracing a culture of innovation: Foster a willingness to experiment and adapt as FHIR evolves. Many early adopters of FHIR were burned by the rapid change that occurred from version to version of FHIR. Knowing that there will be maturation of the standard is important to understand before starting an implementation. 

Conclusion: The Future of Healthcare Data Exchange is FHIR

FHIR is not a silver bullet, but it is a significant step forward in our quest for interoperability. By embracing FHIR and addressing the challenges it presents, we can unlock a wealth of opportunities to improve healthcare delivery, enhance patient outcomes, and drive innovation.

The future of healthcare data exchange is FHIR. Let’s seize this opportunity to build a more connected and efficient healthcare ecosystem.


Update on UHIN’s Response to the Change Healthcare Cybersecurity Event: Progress on ERA Delivery and Continued Collaboration

Dear Valued Customers,

This message serves as an update on our ongoing efforts to minimize disruption caused by the cybersecurity event at Change Healthcare (CHC), with a specific focus on Electronic Remittance Advice (ERA) delivery (835 files). We appreciate your continued patience and understanding as we work to resolve these challenges. Please click here for more information on expediting enrollment with UHIN and FAQs regarding the CHC cybersecurity event.

Collaborative Efforts to Restore ERA Delivery:

UHIN is actively working to restore consistent ERA delivery for our broader provider community. Our internal teams, including enrollment specialists, application support staff, business analysts, and software engineers, are collaborating closely with their counterparts at our clearinghouse partners. This combined effort is focused on facilitating the smooth and efficient transmission of 835 files.

Acknowledging Provider Challenges:

We understand the difficulties this outage has caused for providers who rely on timely ERAs for accurate payment reconciliation. We are committed to making significant progress in opening these critical channels for a wider range of providers.

Positive Developments and Upcoming Information:

We have made significant strides in restoring ERA delivery functionality. We will provide more detailed information and a clearer timeline for full restoration once we complete the next round of testing currently underway.

Continued Commitment and Support:

UHIN remains dedicated to resolving outstanding issues and ensuring a smooth claims processing experience for all our customers. We will continue to provide regular updates and are here to assist you. Please do not hesitate to reach out to our customer support team if you have any questions or require further assistance.

Thank you for your continued partnership.

Sincerely,

The UHIN Team


Newsletter: May 2024 Issue

MAY 2024

For many of us, Memorial Day marks the unofficial start to summer. Hard to believe we’re heading into June! In this month’s newsletter, we look at the importance of resilient, redundant and interoperable systems, the events and webinars coming up, and we attempt to foretell everything that will happen for the rest of the year.

Remember to join us on LinkedIn for frequent news and updates!


The first half of this year was packed with exciting news and rocked by tech incidents. While we can’t predict the future, we can plan a better path ahead

Look into your crystal ball 🔮 What are your predictions (big or small) for things to come in healthcare this year? And, what are your goals that you hope to accomplish? We want to hear from you! 


John Lynn and Colin Hung look at where the industry stands just two months following the ransomware attack. For healthcare professionals, this could be a watershed moment for information security, revenue cycle management (RCM) and back-up planning for potential, future incidents.


City connected with blue lines of communication

Our most recent blog post (authored by Brian Chin, UHIN’s CEO) addresses the importance of redundant and resilient healthcare systems, and how they support seamless interoperability in times of crisis. There are, of course, great benefits and challenges when it comes to maintaining interoperability during disaster recovery (see them below👇).


September 13: Utah Medical Association (UMA) annual House of Delegates in Midvale, UT

October 15-17: Civitas Annual Conference in Detroit, MI

​​​​More to come: Stay tuned!


people icons

We’ll host training sessions on the new CHIE platform, specifically for portal users. Stay tuned for more details on our virtual Payer Panels where you can ask questions and get answers from health plan representatives.


May is Mental Health Month. Our partners and customers offer services and solutions that can help, including AARP Utah’s mental health and wellness resources and Valley Behavioral Health’s treatment programs and services for children and youth. We invite you to learn how you can get involved all year by visiting Mental Health America.



Newsletter: April 2024 Issue

APRIL 2024

This month we announced our affiliation with Comagine Health and added new CHIE data sources from CommonSpirit Health. We look forward to growing with our new strategic partners, customers, and you! Keep reading for what else happened in April and what’s coming up next month.​​​​​​

P.S. Follow our LinkedIn page for more frequent news, posts and insights


“Aligning our health care knowledge and expertise through affiliation is a profound opportunity to advance our parallel missions, while delivering greater success to our customers and partners. We have collaborated successfully for more than a decade. As affiliates, UHIN and Comagine Health can serve as a unified force for change in health care for the foreseeable future.”

​​​​​​- Brian Chin, UHIN’s Chief Executive Officer

Keep scrolling for more information on our affiliation.


Comagine logo, UHIN logo, Comagine and UHIN affiliation announcement

We have announced our official affiliation with Comagine Health, a national nonprofit healthcare consulting firm. We have a long history of working together over the last decade on federal and state initiatives to advance electronic health record (EHR) adoption, cost transparency reporting, capacity and functionality of all-payer claims databases (APCDs) and interoperability and surveillance activities. Combining our technology solutions and Comagine Health’s analytic services will enable more actionable health insights and more sustainable, transformational improvements for communities.​​​​​​


CommonSpirit health logo, UHIN logo, New data source CommonSpirit Health

The CHIE continues to add important data sources, providing healthcare professionals with vital medical information when it is needed most. Recently, we’ve onboarded CommonSpirit Health as a data source.


WEDI spring conference

We’re attending the WEDI Spring Conference from May 13 – 16 (virtually). We look forward to learning more from experts, like Aneesh Chopra, about solutions to improve information exchange, enhance care quality, and reduce cost and burden. 

Are you planning to attend online, too?


In addition to online product trainings for our customers, we’re preparing virtual payer panels for later this year. These will be similar to the payer panels you may have attended in previous years at the HIT Conference.


We’re reading the recent CAQH report on the wide differences in administrative transaction costs for generalists, specialists and behavioral health providers. “The medical industry spends an astonishing $83 billion annually on staff time to conduct routine administrative transactions between providers and health plans during and after a patient-provider encounter. Providers shoulder 97 percent of these costs.”



Newsletter: March 2024 Issue

MARCH 2024

“Our life is March weather, savage and serene in one hour” (Ralph Waldo Emerson)

Such was life in the healthcare information technology sector this month. We collectively faced daunting cyber circumstances and peered into an optimistic future filled with the possibilities of A.I., resilient and redundant networks, and healthcare interoperability for all.


Cyberattacks affect all of us. We're here to help.

UHIN is dedicated to maintaining interoperability for all payers, providers and partners. When an event as large as the Change Healthcare cyber incident impacts our community, we know we need to serve as a bridge to stable ground. Read more about the actions we’re taking to support our community at this time.


We’re actively supporting Providers by expediting enrollment with Payers to get claims flowing again. Providers can leverage our solutions to create and send professional and institutional claims, submit via SFTP, file tool or online hand-entry, check claims status, manage denials and rejections, and search, view, and download payment information.

We can connect with health plans, so they may receive claims from providers through a direct connection to our clearinghouse. Empower your provider network by elevating your collaboration efforts, securely sharing information and data, and providing better affordable care for your members.​​​​​​


Typing on computers

The alarming rise in cyber threats – namely ransomware – highlight the urgent need for enhanced cyber resiliency and robust security measures in healthcare. Read our recent blog post with five ways to reduce your risk and secure personal health information (PHI) from cyberattacks.


HIMSS shared their recap of the 2024 Global Health Conference & Exhibition (March 11-15 in Orlando). Cybersecurity, A.I.,and health equity and access to care delivery were big themes this year. What were you most excited to learn at HIMSS this year?


We’re preparing a series of online trainings for CHIE users this year. Explore our new platform and share feedback with our HIT experts. Stay tuned for updates on upcoming trainings.


Comagine Health logo

Comagine Health President and CEO Marc Bennett addresses how the organization has been managing competing tensions while building partnerships to serve as a prime contractor for the 13th Statement of Work in the Midwest CMS QIN-QIO Region 6.



The Future of Healthcare Cybersecurity

Typing on computers

The experiences of 2023 have underscored the critical importance of cybersecurity in the healthcare sector. Per HIPAA Journal, “133 million records were exposed or stolen” in 2023. The recent Change Healthcare cyber incident, which is still impacting the healthcare ecosystem, indicates that 2024 could likely be another record-breaking year for healthcare cyberattacks in the U.S.

Ransomware attacks are the fastest growing threat in the U.S. The U.S. Department of Health and Human Services (HHS) and Office of Civil Rights (OCR) identified a 278% increase in cyberattacks involving ransomware from 2018-2022. To clarify, this is just the data breaches that were reported to the OCR.

The fallout from a ransomware attack is comprehensive:

  • Loss of personal health data
  • Loss of trust by patients, members, customers and partners
  • Decrease in employee productivity and morale
  • Extensive system downtime
  • Legal and regulatory fines
  • Steep financial implications, like paying the ransom and the cost to get systems back up and securely running

The alarming rise in cyber threats – namely ransomware – highlight the urgent need for enhanced cyber resiliency and robust security measures in healthcare. The healthcare sector is predicted to continue its investment in cybersecurity, focusing on resilient data management practices, threat detection, and employee training, while expanding into new technologies (like artificial intelligence) and collaborative efforts.

Here are five ways to reduce your risk and secure personal health information (PHI) from cyberattacks

1. Consistent Data Management Practices

Consistency is key, especially when it comes to basic cyber protection. These five stepping stones are just a start to laying out a consistent cybersecurity plan.

  1. Create a secure cybersecurity policy – Establish a firm security stance, then periodically review, modify and update policies and procedures in response to environmental or operational changes affecting the security of Electronic PHI.
  2. Encrypt data – Convert data to ciphertext that can only be read if decrypted
  3. Backup data – Ensure PHI data are backed up frequently, at least nightly, and stored in a HIPAA-compliant data center
  4. Update systems and software – Verify information systems are up to date with the latest security patches and diligently check programs for updates.
  5. Assess and monitor vendors Ensure that third-party vendors agree to a business associate agreement (BAA) and monitor their activities to be sure they adhere to the policies. Review vendors to ensure compliance on a consistent basis.

2. Detection

As Benjamin Franklin said: “If you fail to plan you are planning to fail.” Detecting and addressing vulnerabilities in advance of an incident is critical to ensuring a strong security posture. The investment in audits and technology improvement almost always outweigh the costs of a ransomware attack.

Implementing a threat detection strategy is critical to identifying and preventing data breaches. Healthcare institutions and security leadership, like the chief information security officer (CISO), are investing more in security infrastructure. Guidehouse’s 2024 report found 85% of respondents’ organizations planned increases to their 2024 digital and IT budgets, with cybersecurity listed as their top investment priority. This demonstrates the industry’s commitment to safeguarding patient data. 

3. Employee training

To err is human and healthcare employees are no exception. Taking a human-centric approach to organizational security can cultivate shared cybersecurity responsibility, which in turn could dramatically reduce the chances of a data breach, HIPAA violation, and the costs associated with both. Given that social engineering now represents more than 50% of incidents (per Verizon’s DBIR Report 2023), the focus on the human element is pivotal to securing your data. 

Adopting this approach can (1) increase awareness of accidental and intentional HIPAA violations, and (2) empower appropriate responses to social engineering. Ultimately staff need to make decisions and take action. However, leadership must engender the organizational identity around shared security responsibility.

Instilling the values of cyber detection and resiliency helps employees feel more invested. If they understand what’s at stake, then they can make quicker decisions and adhere to monotonous, daily security measures, like multi-factor authentication (MFA).

Employers and employees should be aware of the human elements that factor into data breaches, including:

  • Stolen credentials – Implement a strong password protocol that eliminates easy to hack passwords or the use of post-it notes with passwords on desks.
  • Phishing – Monitor email (and other technology) and train employees to recognize signs of phishing, such as unusual messages from leadership or HR, and clicking on links or attachments from unknown sources.
  • Error and Misdelivery – Ensure employees review the recipient of all of their communications so they don’t send PHI or other data to the incorrect audience.

One place to start: Conduct regular employee training.

Healthcare organizations can use a wide range of training programs and courses to keep employees up-to-speed on the latest security best practices. Updated approaches will mitigate insecure employee behaviors and tackle outstanding cybersecurity risks. 

Security leaders should continue to review vendors and software to ensure they meet all requirements (such as HIPAA regulations) to effectively evaluate and educate staff, and reduce overall risk.For small and medium sized employers who have limited resources, HHS is providing free cybersecurity training courses for their staff.

4. Artificial Intelligence (A.I.)

Like nearly every other sector, the healthcare vertical is actively exploring and investing in A.I. Specifically, how it can improve data security. In fact, 73% of CIOs said they’re increasing investments into A.I. and Machine Learning (ML) (Per Gartner, 2024 Gartner CIO and Technology Executive Survey).

A.I. solutions present vast opportunities for automation: from visualization of networks, to identifying vulnerabilities at scale, to detecting suspicious behavior. Furthermore, machine learning models and A.I.-driven security can aggregate knowledge from previous experiences (in your own system and broader ecosystems) to predict and quickly respond to abnormalities. This knowledge can accelerate cyber defense within an organization and empower health systems to take proactive, automated measures to protect its network.

Before considering A.I. or another new technology, healthcare companies should continue to focus on shoring up foundational security technologies. This includes firewalls, encryption, and MFA.

5. Collaboration

One entity cannot secure everyone. Healthcare is built on interoperability. The strength of every single bond can determine the success or failure of our ecosystem. Hospitals, payers, providers, third-party vendors, and government entities must work together to ensure our security against cyber attacks.

Collaboration between healthcare institutions is anticipated to increase. While the use of disparate systems creates barriers to collaboration, the focus on standardization and interoperability can develop a more holistic, resolute system. By sharing knowledge and resources, we can collectively strengthen our defenses against cyber threats.

The U.S. Government continues to put cybersecurity in the healthcare industry at the forefront, instituting policies in the National Cybersecurity Strategy that will address cyber threats. Learn more about the HHS and the National Cybersecurity Strategy here.

In Conclusion

Early investments in consistent practices, detection, employee education, new technologies and collaboration can ensure a strong security posture that offsets potential costs of recovery and crises of confidence caused by a data breach. The lessons learned from 2023 have made it clear that cybersecurity is not just an IT issue, but a patient safety issue. As we move into the future, it is critical that the healthcare sector continues to prioritize and invest in cybersecurity measures to safeguard patient data and ensure the seamless delivery of healthcare services.