Healthcare Patient Data Security – How Safe is Yours?

by Phil C. Solomon on February 9, 2012

in Healthcare Compliance,Hospital Patient Data Security,Hospital Revenue Cycle,Revenue Cycle Outsourcing

InsideARM reports one of the largest revenue cycle management outsourcing companies in the industry experienced a major glitch which has resulted in serious consequences. Accretive Health, Inc, a Chicago based revenue cycle management outsourcing company has agreed to a temporary suspension of its license in Minnesota to resolve issues surrounding data security that was raised when one of its laptops went missing.

According to a statement issued by Minnesota’s Attorney General, Lori Swanson, the state’s Commerce Department suspended the debt collection license of Accretive Health, Inc. for at least 20 days while the Department investigates some allegations.

The AG said at the time that on July 25, 2011, an employee of the company, Accretive Health, Inc. left an unencrypted laptop containing sensitive patient information on 23,500 Minnesota patients of two Minnesota hospital systems — Fairview Health Services and North Memorial Health Care — in a rental car after 10 p.m., in the parking area of the Seven Corners bar and restaurant district of Minneapolis. The laptop was stolen.

Does this make you think twice about how safe your data is with your outsourcing collection agency? It should. Healthcare IT News reports health data breaches in the U.S. increased 97 percent in 2011 over the year before, according to a new report by Redspin, a leading provider of IT security assessments.

So do larger outsourcing partners guarantee a safer data security environment? No, its not the case. On the contrary, many mid-sized collection and outsourcing firms have staunch protection protocols for data security, which exceeds even the largest collection agency’s protections. Here are a few things to consider when choosing a revenue cycle management partner who has access to your patients protected health information and sensitive data:

Make sure all transmission of data is encrypted.
Make sure FTP or other sites for the transmission of data are secured sites.
Make sure your outsourcing partner has a formal security and business continuity plan that is tested yearly.
Make sure your outsourcing partner has a secure off-site storage facility which protects’s PHI in the case of a disaster.
Make sure your outsourcing partner has a formal approach to security by employing a Chief Security Officer or similar position.
Ensure your data is protected by facility security as well as electronic and data security.

And finally, make sure the partner you choose to work with has a commitment to keep you and their company out of the news. No one wants the negative public relations a health care data breach results in. For more information about collection agency security, send me an email at or you can reach me through my blog Revenue Cycle Strategies for Healthcare and I’ll recommend some quality resources and information to help keep your data safe.

Leave a Comment

Previous post:

Next post: