Costs of Data Breaches Growing Across Health Care Industry

Enforcement of data security practices and breach prevention is an increased focus at the Department of Health and Human Services. ACA International has upcoming webinars to help companies working in health care collections evaluate their policies and procedures with clients.

8/13/2019 2:30 PM

Costs of Data Breaches Growing Across Health Care Industry

The costs of data breaches in the health care industry are extensive for providers, insurance companies and business associate partners in the accounts receivable management industry.

“I’ve seen estimates of over $5 billion in costs to the health care industry annually,” Lisa Rivera, a partner at Bass, Berry and Sims who focuses on health care security, said in an article from Healthcare Finance titled “Healthcare’s Number One Financial Issue is Cybersecurity.”

After a data breach earlier this summer, the parent company for American Medical Collection Agency (AMCA), Retrieval-Masters Credit Bureau Inc., filed for Chapter 11 protection, ACA International previously reported.

AMCA, in a statement provided to ACA, said it continues to investigate the data incident resulting from an unauthorized user’s access to the company’s system that reportedly impacted millions of patient records.

The ongoing and extensive impact of the AMCA data breach and those impacting other industries is another sign that data breach prevention policies and procedures and cyberattack responses need to be airtight and reviewed on a regular basis.

“Every sector of business has attacks, but health care is experiencing the largest growth of cyberattacks because of the nature of its information,” Rivera said in the Healthcare Finance article. “It’s more valuable on the dark web.”

Tim Dressen, ACA’s communications consultant, reports in the August issue of Collector magazine that the number of enforcement actions and their settlement amounts will likely grow as the U.S. Department of Health and Human Services (HHS) seeks to penalize organizations that fail to sufficiently protect patient data.

In 2018, the Office of Civil Rights at HHS settled 10 Health Insurance Portability and Accountability Act (HIPAA) cases and was granted summary judgment in another, Dressen reports. Together, these enforcement actions totaled $28.7 million, surpassing the agency’s previous record of $23.5 million in 2016.

In the first half of this year, HHS was already investigating well over 100 reported HIPAA breaches affecting 500 or more people by health care providers and their business associates.

There are growing risks with protecting consumer, patient and client data, but ACA has resources to help mitigate those risks and stay on top of regulations and trends in health care collections.

Certified Instructors Leslie Bender, IFCCE, CCCO, chief strategy officer and general counsel at BCA Financial Services Inc., and Michael O’Meara, president, The O’Meara Law Office PS, will lead the CORE Curriculum Seminar, Data Security and Privacy I, Sept. 10-11 to provide tools to implement effective policies and procedures.

The webinar will also include guidance on how to notify consumers in the event of a data breach and explore essential safeguards and strategies to develop a Data Security Compliance Program.

Bender, in an interview with Dressen, outlined why it is important to have a full understanding of where your sensitive data is stored and how it’s transmitted.

“You may think you keep everything in your collection software, but do you really?” Bender asked. “Where are all the places in your organization where nonpublic information is allowed to reside? Is there any data stored in spreadsheets? Do employees have Notepad on their computers, where they may have copied and pasted information? Is there anything preventing them from sending nonpublic consumer data using email?”

There are all important questions to ask and part of the focus of ACA’s CORE curriculum on data security and privacy.

Following the webinar from Bender and O’Meara, register for the CORE Curriculum: Healthcare Collection Management webinar to refresh your education on health care accounts and risks and benefits of collecting on each type of account Sept. 17-19. Certified Instructors Beth Conklin, account executive at State Collection Service Inc., and Irene Hoheusle, vice president of collections and education at Account Recovery Specialists Inc., will cover the difference between health care collections and other collection practices and specific strategies in self-pay and Medicare accounts in the comprehensive webinar.

Hoheusle also recently discussed tips to approach health care collections and training on ACA Cast.

Meanwhile, more coverage on Protecting Health Care Data is also available in the August issue of Collector magazine.

ACA also recently updated SearchPoint® documents on credit reporting and hospital collection practices for members.

Follow ACA International on Twitter @ACAIntl and @acacollector, Facebook and request to join our LinkedIn group for news and event updates. ACA International members are welcome to submit news items for possible publication to Visit our publications page for news submission guidelines and subscriptions to ACA Daily, Collector magazine and Pulse.

Advertising is available for companies wishing to promote their products or services. Be sure to visit the ACA Events Calendar on the Education and Training page to view our listing of upcoming CORE Curriculum and Hot Topic seminars featuring critical educational opportunities for your company.

Subscribe to ACA Daily NEWSROOM