The Emerging Role of the CISO In Your Revenue Cycle Management
We’ve talked in the past about the complexity of the revenue cycle and how, upon closer scrutiny, it can be a complicated and inefficient circuit of administrative, technological, financial and patient-level processes that needs to be streamlined.
But what about security?
Well, evidence clearly shows that there’s an emerging trend toward healthcare providers bringing on a Chief Information Security Officer (CISO) to address that concern, which raises questions about how that will affect the efficiency of your RCM.
Should we expect revenue cycle management to be under the purview of the CISO? Are security issues going to create a drag on the process?
There’s no question that recent data breaches and system hacks have been a wake-up call for security professionals over the past several years.
We are reminded, of course, of the May 2014 incident where the U.S. Department of Health and Human Services slapped Columbia University and New York-Presbyterian with a record $4.8 million HIPAA settlement after patient data wound up on Google.
And earlier this year, hackers went after health plans at Anthem and Premera Blue Cross, compromising the health data of 79 million and 11 million people, respectively. In July, cyber crooks swiped the data of 4.5 million patients at UCLA Health System.
A recent Healthcare IT News article says that more than half of respondents to a 2015 HIMSS Cybersecurity Survey have already hired a full-time CISO to manage information security. And 87 percent indicated that infosec has become a more significant priority during the past dozen months.
The article goes on to say that, not surprisingly, the job demands a diverse skill set. It's not only about IT or security. Rather, today's CISOs are also responsible for developing organizational policy, handling remediation and notification of breaches, interacting with government compliance authorities as well as third-parties responsible for securing information. Most CISO job descriptions also include oversight of the revenue cycle.
For example, at Seattle Children's Hospital, CISO Chris Ewell has to be well versed in all aspects of the hospital's business practices, including risk management and contract negotiations.
Elwell says, “Anything that revolves around data, I'm part of that negotiation to ensure we have the right protection measures in place. That partnership between the CISO and legal and IT and executives -- that's going to be a hard challenge for organizations that don't have CISOs."
So it sounds like, to a large extent, security and revenue cycle will both fall under the control of the CISO. And that’s likely a good partnership, because without secure data, revenue cycle management is at risk for what increasingly appears to be a relentless threat from nefarious sources.