Industry Thoughts
Threats To The Healthcare Industry Continue To Grow​
​
In 2023, 244 bad actors targeted U.S. industries, and 114 of them targeted the healthcare industry. On the dark web, bad actors may sell a driver’s license for $20 or a credit card for $110. However, they will earn far more for medical records, which may be auctioned off online for $250 to $1,000. It is no wonder that, for the past 13 years, the healthcare industry has had the highest average cost of breach, which has doubled in three years to $10.9 million per breach.
Phishing/Social Engineering and Ransomware are the top two cybersecurity threats to health care. Seventy-five percent of all breaches are from hacking and represent 83% of all breached records. A cyber-attack exposes providers to extortion and fraud payments, loss of business, lawsuits, loss of reputation, and government enforcement fines and penalties.
More critical than the cost to providers is the impact that cyber-attacks have on patient safety. The disruption to services and obstacles accessing medical histories caused by cyber-attacks increases the length of stay. The compromised security can result in poor outcomes due to delayed care, which can increase complications and mortality.
For those who own a healthcare practice or are part of a small to medium-sized healthcare organization, cyber-attacks may seem to only affect large hospitals and healthcare organizations. However, the reality is that cyber-attacks can adversely affect healthcare practices of every size and specialization.
So, what can be done? In 2017, the U.S. Department of Health and Human Services established the 405(d) Task Group. This group aims to develop cybersecurity resources, products, and tools and provide organizations with recommendations and best practices to combat cybersecurity threats that can impact patient safety. The task group’s website provides information and posters about cybersecurity threats and mitigation practices, as well as educational videos to train your staff. The 405(d) Task Group’s cornerstone publication, Health Industry Cybersecurity Practices, is available online at https://405d.hhs.gov/cornerstone/hicp. This publication provides step-by-step instructional information about the top five cybersecurity threats and 10 best practices for mitigation.
Now is the time to assess your cybersecurity program and mitigate the threats. Here at Genuine Health Group, maintaining and safely exchanging patients’ protected health information with our providers is our first priority. We are constantly assessing our security systems and training our personnel to ensure we are meeting federal and state standards.
Extensions Of Telehealth Access Options ​
​​
The federal government took a range of steps to expedite the adoption and awareness of telehealth. Some of the telehealth flexibilities have been made permanent, while others are temporary. Telehealth policies allow:
-
Medicare patients can receive telehealth services for non-behavioral/mental health care in their home through September 30, 2025.
-
There are no geographic restrictions for the originating site for Medicare non-behavioral/mental telehealth services through September 30, 2025.
-
All eligible Medicare providers can provide telehealth services through September 30, 2025.
-
Federally Qualified Health Centers (FQHCs) and Rural Health Clinics (RHCs) can serve as Medicare distant site providers for non-behavioral/mental telehealth services through September 30, 2025. For an encounter furnished using interactive, real-time, audio and video telecommunications technology or for certain audio-only interactions in cases where the patient is not capable of, or does not consent to, the use of video technology services, payment to RHCs and FQHCs are subject to the national average payment rates for comparable services under the physician fee schedule (PFS) through December 31, 2025.
-
An in-person visit within six months of an initial Medicare behavioral/mental telehealth service, and annually thereafter, is not required through September 30, 2025. For FQHCs and RHCs, the in-person visit requirement for mental health services furnished via communication technology to beneficiaries in their homes is not required until January 1, 2026.
-
Non-behavioral/mental telehealth services in Medicare can be delivered using audio-only communication platforms through September 30, 2025. Interactive telecommunications system may also permanently include two-way, real-time audio-only communication technology for any telehealth service furnished to a patient in their home if the distant site physician or practitioner is technically capable of using an interactive telecommunications system, but the patient is not capable of, or does not consent to, the use of video technology.
-
Congress extended the telehealth waivers that were set to expire this month through September.
Learn more about the extensions to telehealth here.