One of the most onerous tasks of practice management is credentialing. Because of the time and effort spent gaining primary source verifications, it’s no wonder the number of Credential Verification Organization (CVOs) and credentialing Software as a Service (Saas) providers have found success lately. For a fee, they offer to take the credentialing and provider enrollment burden off your hands or provide the digital tools to streamline the process. Not only can these organizations improve your day-to-day processes, they can also provide something of even more value: cyber security. By tapping into the provider data banks and handling the myriad procedures required by payers, they can help your staff focus on generating revenue and ensure safe storage for your important documents and information.
How Safe Is Centralized Information in the Cloud?
A substantial amount of collaboration has been underway to create a centralized location for medical provider information. Now that cloud computing has reached a level of functionality suitable to the needs of complex information exchange procedures, credentialing professionals have digital opportunities to make their jobs much easier. Yet, an important question to ask when selecting an in-house team or partner CVO is whether their access to provider information will remain secure.
Data Insecurity Is Expensive
Recent technological improvements in program and application development have made it easier for start-ups to create customized practice management solutions quickly and relatively cheaply. This is wonderful news for an industry in desperate need of automation of low-value processes and integration of data streams within and without HCOs. However, if developers of an integrated application suite overlook—or, worse yet, underestimate the need for—web portal security, your practice can find itself embroiled in the costly fallout of a data breach where provider information is compromised or stolen.
A Secure Portal Reduces Risk of Lawsuits
Hackers capturing patient records makes headlines, but that’s not all they’re after. Imagine the damage identity thieves can do with sensitive provider information. Should cyber crooks find an easy opening into your organization or the centralized databases containing provider information, your credentialing team may face lawsuits from affected providers. After all, a damaged reputation will cost that provider dearly. That’s why it’s critical that your credentialing and provider enrollment team utilize only an encrypted and very secure web portal for provider information exchanges.
Take Extreme Care If Credentialing In-House
Sam Rehman, writing for InfoSec Island December, 2016, discussed how application program interfaces (APIs)—which are building blocks of code used within custom cloud-based applications—usually aren’t created with built-in security. Even encryption additions can be hacked in the right circumstances. However, Rehman says, “By putting security measures like [camouflaging encryption keys and tamper-proof coding] in place to protect the cryptographic keys, developers can ensure APIs are able to communicate safely with networks and other applications. With the inherent security flaws taken care of, cloud software can take full advantage of the benefits of APIs without exposing themselves or their clients to attack.” If you’ve signed up with a software service for credentialing and provider enrollment, are you certain your SaaS partner has cured the security vulnerabilities in their web portal?
Credentialing Vendor Takes on the Risk of Web Portal Security
Besides solving the problems of finding and funding qualified credentialing staff, a proven CVO also bears the responsibility for you if somehow a security breach occurs through their web portal and provider data is lost or stolen. You can, and should, insist on this provision in your Service Level Agreement (SLA). With their credibility on the line, no established and reputable CVO takes a chance on their security strategy. Their business depends on keeping your business safe.
It remains the duty of the practice administrators to protect providers when exchanging their data through web portals. By choosing an outsourced credentialing partner with a proven track record and proper security systems in place, you can fulfill your duty to your providers and even cut your operational expenses, as well.