The issues of increased cyber-hacking risks and difficulty collecting from patients with high-deductible health plans are unlikely to cease in 2016. Be prepared for both.
If past is prologue to the future, physicians had two big problems in 2015 that will likely continue well into the New Year: Increased cyber-hacking risks and difficulty collecting from patients with high-deductible health plans.
First, let’s address cyber risks. In 2015, we saw one story after another about data breaches in which patients’ protected health information was released. Most of the biggest cases involved health insurers, such as Anthem, Premera Blue Cross, and Excellus Health Plan. However, healthcare systems, such as UCLA Health, were breached as well.
Given that hackers even got into the White House email system, it’s clear that no one is safe. If cyber thieves want to get at your system’s data, they will probably succeed. So, as 2016 dawns, physicians should be particularly careful to not only ensure that their information systems are secure as possible, but more importantly, ensure they have comprehensive insurance coverage against cyber risks.
The key word in any cyber-risk policy is ‘comprehensive.’ Plenty of liability insurers offer physicians free cyber-risk riders on their physicians’ general liability policies. But if they are free, they are unlikely to be as comprehensive as you need.
Plus, consider what you would do once hackers get into your EHR system. Physicians are unlikely to know where to start to resolve such a problem. You’d be much better off with a policy that puts all the services together in one customized package.
At the very least, such bundled services should include coverage for a consultant to handle most of the work that you would have to do such as notifying patients, informing the public, establishing credit monitoring services for affected individuals, and hiring IT security experts. To ensure that your practice has what it needs for coverage against cyber hacking, ask your insurance broker to do a thorough risk assessment to find out the vulnerability of your information systems and what services you’ll need if there is a breach.
The second problem - patients struggling to make their out-of-pocket payments - is likely to continue into the new year as well based on what we’ve seen throughout 2015. Failure to pay is a problem for two reasons. First, and most obviously, the practice loses out on that income. The second reason is a bigger concern: Patients who pay for their own care (or a larger share of their own care) are more likely to sue if they are dissatisfied.
When consumers pay out of their own pocket, their expectations rise, meaning they will presume they are entitled to higher quality care. Another factor to consider is that once physician practices start chasing patients for co-payments that can be quite high, they are, in fact, debt collectors. In 2016, the maximum out-of-pocket limit for any plan on the health insurance marketplace is $6,850 for an individual and $13,700 for a family. Collecting on that magnitude of a bill can be stressful for both patient and practice.
Now, if your patients are unhappy in any way with the quality of care they’ve received and your practice is dunning them with phone calls and letters about unpaid bills, you have a perfect storm of dissatisfaction that could lead to a lawsuit. To head off this storm, talk to your broker about new risk management tools available through many malpractice providers that address managing patient expectations, satisfaction, and quality processes that can dramatically improve your patients' overall experience. Also, many EHR and billing providers offer sound advice regarding best practices for managing collection of patient-portion payments.
2016 is upon us and although these risks are nothing we haven’t heard before, we can expect those listed above to remain important enough to address with your broker in the New Year.