IT Improvements in Cybersecurity and Patient Flow

Jul 18, 2019 at 04:52 pm by steve

UAB\'s patient check-in kiosks.

Patient Check-in Tech Ups Collections

IT has now migrated into the waiting room. "Patient check-in has come a long way in the last two years," says Thomas Kane with Keep IT Simple. What began with clipboards being replaced by digital tablets for gathering patient information has grown into kiosks, allowing the patient check-in process to be almost completely automated.

"Before they even get to the office, patients have the capability to fill out all their forms via their phone, iPad or their computer," Kane says. That information then drops into the clinic's electronic health record, billing and credit card systems, alleviating the need to manually enter data previously provided by patients on paper forms in the waiting room.

Once the patient arrives, kiosks can gather any remaining information, verify their insurance eligibility in real time, and scan their driver's license. It even requests payments not only for the upcoming copay on the current visit, but past due amounts.

UAB, Andrews Sports Medicine, and Baptist Health have been using a digital patient self-service engagement platform developed by Clearwave. During their first year of utilization, the company partnered with the three healthcare organizations in a two-month case study on the system's effectiveness.

Overall, the digital operation increased collections by 24 percent. "They reported 40 to 60 percent of unpaid balances were paid at the kiosks," Kane says. "I think the kiosks are effective in collections because of the privacy of a digital request for payment. It also relieves the front desk personnel from the discomfort of having to ask for money."

The study also found time savings for both staff and patients. "It's a reduction in check-in time by 90 percent," Kane says. Before the digital options, the average check-in ran 20 to 40 minutes. Now they take 2.5 minutes.

The cost for the software and tech systems vary by company. For example, Phreesia, which was one of the first to offer digital check-in services, takes a percent of monies collected by the system. Clearwater charges only a subscription fee of a few hundred dollars per month for smaller practices, upping with each practitioner. The set-up fees charged by most of the companies generally begin at a few thousand dollars.

With the public growing more comfortable with technology, and younger patients even preferring it, the self-service, digital check-in options are likely to grow in popularity. "It frees up the staff, collects more money, and speeds up the flow at the front desk," Kane says. "Practices that aren't using this are missing an opportunity."


Time for a Second Level of Sign-Ins

"Email hijacking in healthcare IT systems happens at least every month. We personally see it happen all the time," says Curtis Woods with Integrated Solutions. The scenario is not new, but the frequency and sophistication of the attacks have evolved.

In an email, the hacker entices an employee to click a link or an attachment. That action quietly downloads software that steals the user's password and highjacks their email account. "The hacker gains access to that mailbox and starts sending out emails as that person, phishing for wire transfer opportunities and sources of money," Woods says. They can discover an array of information about the person, the company, and even infect the system with ransomware.

One of the more powerful solutions to this problem is the use of two-factor authentication (2FA), which tacks on an additional step to log-in or use a piece of equipment or an account. The second step can rely on something the user knows, such as a password or answer to a question; or something the user is, such as facial, fingerprint or retinal recognition; or something a user has, such as a phone or fob with a screen that displays a code.

"For most healthcare organizations and practices, the phone makes the most sense, Woods says. "It's a low cost option for medical clinics that enhances their security dramatically. 2FA can be hacked, but it's a much, much deeper hack. We haven't seen it happen, but there is nothing that is completely secure.

"With 2FA, the user logs into their email account with their password per usual, but must then look at their smartphone for a code to enter as well. So while the hacker can get my password, they can't get my authentication code, so they can't log in."

Google offers a free 2FA authenticator that generates that code. Their app downloaded to the user's phone ties into the email account. When opened by the user, the app displays a different number code each time which must be entered to complete the log-in.

Though Google Authenticator will work with most email platforms, healthcare entities will need to look to other developers to protect their management, billing and patient record software. "Duo has been popular with many healthcare organizations by employing the same reliable code-generation function," Woods says.

In Duo's 2FA program costs about $6 per month per user. "If you're shopping for something like this, get with your IT support, because it's too deep of an implementation to research and implement," Woods says. "It requires a certain level of tech knowledge to make it work."

Sections: Business




March 2024

Mar 20, 2024 at 11:19 am by kbarrettalley

Your March 2024 Issue of Birmingham Medical News is Here!