New IT Security Coming in August
By Patric Morgan, Systems Engineer
With healthcare data under attack more than ever before, we are taking another step to upgrade our IT security posture by deploying multi-factor authentication (MFA), a simple measure to take that will greatly increase security for our patients’ data and our organization. Beginning in mid-August, all employees will need a second step beyond a password to log into BHG computer resources. The second-step authentication is already employed in many other areas of our lives, such as online banking, and will quickly become second nature. We are excited to bring this enhanced security to further protect the privacy and security of our patients’ records and appreciate everyone’s continued support.
Patient information is most valuable data to cyber criminals
High numbers of healthcare records continue to be exposed each month. According to the latest Healthcare Data Breach Report, 34.4 million healthcare records have now been breached in the past 12 months, 11.2 million of which were breached in 2021. According to Health IT Security, the healthcare industry accounts for 79% of all reported data breaches resulting from hacking, and attacks against health care providers and organizations are up 45% overall.
There are three ways to confirm your identity when accessing technology. Something you know – a password. Something you have – a smart card or credit card. Something you are – an iris scan or fingerprint. Using one of these is reasonably secure, but using two makes it harder for hackers to get both right.
A recent study by Microsoft has revealed that two-factor authentication has a 99.9% success rate in blocking automated cyberattacks, the most often seen type of attack.
You are most likely already using MFA without realizing it. Most Major banks have been doing it for several years now. Google has recently turned MFA on automatically for anyone who has an Android Phone and a Gmail account. Email is important to protect because it is often what you use to reset your password. If your email becomes compromised, then all of the accounts you have connected to that email address are at risk as well.
Take your next security step by mid-August
The IT department will be communicating specific deadlines to each clinic, but all individuals will be required to register by mid-August. Our preferred method is for you to download the easy-to-use Microsoft Authenticator app here. While not as secure, you can also register a phone number. We prefer you not use your office number, but if that is the only option you have, then it is acceptable. You can view or register any MFA factor by going to aka.ms/mysecurityinfo
Once you have registered your second factor, there are three places you are going to see the MFA prompt:
- when you log into a Microsoft application on your desktop;
- when you connect to VPN or sign into SharePoint or any other website set-up for single sign-on;
- and whenever you launch an application through BHG apps, i.e., SAMMS.
You will only be asked once to use two-factor login the first time you open an app for the day. If you launch another BHG app, you should not be asked again for another authentication. You will only be asked to authenticate (by phone call or app notification) when you try to log in. If you receive a notification when you are not trying to access something, it likely means someone is trying to access your account. If you believe your account has been compromised, you should immediately change your password and notify IT.
Thank you for doing your part to protect our network.
New Version of SAMMS to Improve Processes, RCM and Patient Experience
By Rebecca Hardman, Director of Project Management and Clinical Informatics
Good changes are coming with the next version of SAMMS (Substance Abuse & Medication Management System), our Electronic Health Record (EHR) system. Over the next several months, our treatment centers will see significant system updates that are tailored to BHG’s needs more than ever before.
One of the most significant changes in SAMMS V6 will be storing of discrete data captured in forms as we collect information and medical history for new and existing patients. These improved forms will reduce redundant work and make information available for reporting because the data is stored and follows through from screen to screen. Workflows will become more intuitive, reporting will be more robust, and we will see improvements to RCM by collecting better data upfront. The patient experience is also in for some changes including reduced check-in time through self-check-in kiosks in treatment center lobbies. Eventually, patients will have the ability to pay for services at the kiosks.
Other updates include:
- The call center can begin assisting with insurance eligibility checks at the time an appointment is made.
- Patients may be able to receive and complete paperwork at home before their appointments.
- Appointments will be color coded on treatment center calendars to indicate who has insurance or not so that front desk staff knows when to focus on doing eligibility checking.
- We will get improved clinical documentation by having data stored in a more traditional database where we can query whatever information we need. Right now, our documentation is free form which makes it impossible to pull useful metrics or to do thorough audits.
- We’ll have better quality control by making sure all information was collected, including the right insurance plan or payment method and whether or not a pre-authorization is required.
- More “clean” patient information will go into the front end of RCM which will mean fewer errors and if we do get denials, we’ll see why more quickly and lessen the payment delay.
One of the primary drivers for updating SAMMS is to provide more and better data for meeting our payors’ increasingly complex standards. If we can’t produce documentation when they audit us, we run the risk of having to pay them back or extending payment cycles way beyond our standard 32-35 days. Better documentation also leads to better treatment and patient care, which will in turn bring better and more measurable outcomes.
Transitioning to this new version of SAMMS will create some short-term growing pains, as change always does, but the long-term gain of a more efficient, repeatable and streamlined process will be worth it. These changes will document a higher-level proof of care and are ultimately the right thing to do for our business and our patients.
If you have questions, please feel free to reach out to me at [email protected] or on my cell at 972-896-0801. The Informatics Team and I are looking forward to working with all of our treatment centers soon.
