Medical

If you are a practice manager or physician owner, you know the sinking feeling of looking at your Accounts Receivable (AR) aging report. The “Over 90 Days” bucket is growing, and cash flow is tightening.

In the past, high AR was usually an insurance problem. Today, it is a patient collection problem. With the rise of High-Deductible Health Plans (HDHPs), patients are effectively becoming your largest “payer,” often responsible for 30% to 40% of the total bill.

Reducing AR in this new landscape isn’t about calling louder or sending more paper statements. It requires a fundamental shift in your Revenue Cycle Management (RCM) process—moving from “chasing debt” to “securing payment.”

Here are 5 proven tactics to reduce your AR days and stabilize revenue, based on the latest industry standards.

1. Implement a Mandatory “Card on File” (COF) Policy

The most effective way to reduce AR days is to secure the payment method before the service is rendered.

• The Tactic: Update your financial policy to require a credit card on file for all patients, with a signed authorization to charge balances up to a specific limit (e.g., $200) after insurance adjudication.

• The Impact: This eliminates the “statement cycle” entirely for small balances. Instead of waiting 30 days for a patient to open a bill and write a check, you capture the revenue the moment the EOB (Explanation of Benefits) arrives.

• The Stat: Practices with COF policies see a 35-45% reduction in patient AR days within the first 6 months.

2. Master the “Good Faith Estimate” (No Surprises Act)

Compliance can actually be a revenue driver. The No Surprises Act requires you to provide cost estimates for uninsured/self-pay patients, but smart practices are doing this for everyone.

• The Tactic: Use your PM system to generate accurate out-of-pocket estimates prior to the appointment. Present this to the patient 24 hours before arrival.

• The Psychology: Patients are more likely to pay when they know the number. “Shock” bills are the #1 reason for non-payment. When you remove the surprise, you remove the friction.

• Best Practice: Collect the estimated copay and deductible at the front desk before the patient walks back to the exam room.

3. Frictionless “Text-to-Pay” Technology

If you are still mailing three paper statements before making a phone call, you are operating on a 1990s timeline in a 2026 world.

• The Tactic: Implement “Text-to-Pay” (SMS billing). Modern patients do not open mail, and they do not answer unknown calls. They do look at texts.

• The Impact: Digital payment links have a 98% open rate.

• The “One-Click” Rule: Ensure your payment portal does not require a complex login or account number. If it takes more than 60 seconds to pay, the patient will abandon the transaction.

4. The “24-Hour” Denial Rule

While patient debt is rising, insurance denials remain a massive chunk of AR. The longer a denial sits, the less likely it is to be overturned.

• The Tactic: Implement a “24-Hour Work” rule. Any denial received from a clearinghouse must be reviewed and categorized (coding error, eligibility, authorization) within one business day.

• Root Cause Analysis: Don’t just rework the claim; track the source. If 30% of denials are “Eligibility,” the problem isn’t in billing—it’s at the front desk. Fix the intake process to stop the bleeding.

5. Segment Your Strategy (The 60-Day Cliff)

Stop treating a 30-day balance the same as a 120-day balance. Your internal staff is expensive; do not waste their time chasing old debt that requires specialized leverage.

• Days 0-60 (Internal Team): Focus your staff here. This is “customer service.” Use texts, emails, and gentle reminders.

• Days 61-90 (The Danger Zone): If they haven’t paid after two cycles, they aren’t going to pay without a push. Continued internal calls yield diminishing returns.

• The Solution: This is where you deploy a Third-Party Demand service. A formal letter from an external agency changes the psychological dynamic.

How NexaCollect Supports Your Strategy

Even with the best front-end tactics, some accounts will slip through the cracks. When they do, you need a safety net that doesn’t eat your profits.

We offer a hybrid solution designed to clean up the “Danger Zone” without the high cost of traditional collections.

• Step 1 & 2 (Flat-Fee Recovery): For a simple $15 per account, we send official third-party demands. This gives you the leverage of a collection agency while you keep 100% of the funds.

• Step 3 (Contingency): Only for the stubborn accounts that ignore everything else do we move to a percentage-based fee (40%).

FAQ: Medical AR Management

Q: Is “Card on File” legal?

A: Yes, provided you obtain a signed authorization form that clearly states the terms and limits. It is standard practice in many specialties (Dermatology, Concierge Medicine) and is rapidly adopting Primary Care.

Q: How do we handle patients who claim they “never got the bill”?

A: This is a common delay tactic. By moving to digital billing (email/text) with read receipts, you verify delivery. Furthermore, switching to a third-party service (Step 2) eliminates this excuse because the demand comes from a new, official source.

Q: What is a healthy Denial Rate?

A: You should aim for a denial rate under 5%. If you are over 10%, your front-end revenue cycle is broken, and no amount of backend collections will fix it.

Fix Your AR Process Today

Reducing AR days isn’t magic; it’s a mix of policy, technology, and timing. Implement these tactics to capture revenue upfront, and let us handle the backend cleanup.

Click here to Contact Us and streamline your revenue cycle.

Medical practices are facing an uncertain future – at least financially. A recent report by Deloitte found that nearly half of all medical practices are either uncertain or very uncertain about their ability to stay in business over the next three years, with 40% of respondents noting that they were not confident about their financial stability. As a result, many practices are taking steps to reduce operating costs in the interest of remaining solvent. This article will discuss some actionable steps that medical practices are taking to minimize operational costs in the pursuit of fiscal stability.

Why Do Medical Practices Need To Cut Costs?

Cuts in reimbursement rates are one of the primary factors motivating medical practices to reduce costs. As reimbursements decrease, administrative costs make up an increasingly large percentage of practice revenue. A Deloitte report on the state of the industry notes that in 2018, 39% of respondents reported spending more than 20% of their day on activities related to billing and collecting payments. Analysis by the Medical Group Management Association shows that in 2016 billing and collecting accounted for 38% of total operating expenses for American physician groups.

In addition, the lasting impact of COVID-19’s lockdowns, restrictions, and mandates has severely impacted medical practices financially. Atrius Health reports that at the height of the pandemic, patient footfall rates were down 75%. That translated to revenue losses of as high as 50% for some clinics and medical practices. While things are improving steadily as life begins to approximate normality, these deficits have still necessitated immediate cost-cutting measures.

How Medical Practices Are Minimizing Operating Costs

There are several different approaches medical practices can take in an attempt to minimize their operational costs while staying afloat.

Using Technology To Reduce Labor Costs

Many medical practices opt to reduce costs by using new technologies or developing tools that help increase productivity or automate tasks currently performed by humans. For instance, one study on hospital-based emergency department physicians found that more than half are interested in incorporating wearable diagnostic devices into emergency triage protocols because they can reduce false-positive diagnoses which are costly to both patients and providers.

In addition, with advancements like electronic health records (EHRs), remote patient monitoring (RPM), and telemedicine services, doctors can spend less time focused on administrative tasks and more time concentrating on patients. According to a study published by Health Affairs, telemedicine services are estimated to have saved the Medicare program $136 million between 2010 and 2013 through reductions in face-to-face office visits. Healthcare Finance News estimates that practices that use these emerging technologies can save up to 50% on operating costs.

Shifting Billing Online

A recent survey of healthcare providers found that 56% of respondents were interested in receiving payment online through electronic checks (EC) or credit card payments. Implementing online billing and collections systems allow providers to save on administrative expenses associated with paper billing systems, which cost approximately $0.06 more per invoice than online alternatives.

Outsourcing Scheduling

A survey conducted by WebMedRx found that providers are among the heaviest users of appointment scheduling software, with nearly 90% of respondents reporting some utilization of an online scheduling platform. By reducing the number of times providers have to actively book appointments during their clinic hours, they can cut costs associated with administrative assistants and front desk staff.

Reducing Staff Hours

Many practices are reducing hours to cut costs. According to Fierce Healthcare, more than one-third of physicians have reduced hours or overtime for part-time employees to limit operating costs. In addition, Forbes reports that 20% of top-performing practices have cut some staff hours.

While simply reducing hours is enough for some practices, others have opted to reduce staff hours by reducing the number of staff they have on payroll.

Renegotiating With Service Providers

Many practices are also beginning to renegotiate their agreements with vendors and providers in an attempt to reduce operating costs. This strategy varies based on the needs of each practice. However, many practices have luck when renegotiating leases (where rent reductions of up to 20% aren’t unheard of) and contracts with IT and maintenance service providers who must contend with high competition levels.

Making Marketing More Efficient

Although marketing can be an effective strategy for attracting new patients, an inefficient marketing strategy can be a drain on resources. Therefore, to remain profitable and minimize operational costs, medical practices should focus their marketing efforts on the channels most likely to produce a return on investment. Uncovering these channels through a marketing strategy audit will require an upfront investment, but doing so allows practices to get the most out of their marketing budget.

Decreasing Waste

Another area where practices are cutting back on expenses is supplies – namely by reducing waste. While single-use supplies are attractive due to their ease of use and low upfront cost, they actually cost practices more in the long run due to frequent reordering. One Canadian hospital reports that by reducing their use of single-use supplies by 30%, they were able to reduce their supplies expenditure by $570,000 annually. This influx of cash allowed them to hire more specialists and schedule 150 additional operations the following year. Smaller practices will likely see proportional returns, but reducing waste remains an extremely attractive method of reducing operating costs.

Reorganizing Operations

Finally, another way that medical practices are cutting back on costs is by reorganizing their operations. Practices can do this in multiple ways—such as relocating to a smaller office space with cheaper rent, having one physician provide services across multiple locations, and optimizing workflows to reduce the need for overtime. Often, small operational changes create ripple effects that lead to reductions in operating costs which exceed the cost of implementation many times over.

Leverage Electronic Health Records (EHRs):
Transition from paper-based records to EHRs to improve the efficiency of data management and ensure that patient information is easily accessible and secure.

Implement Appointment Scheduling Software:
Use scheduling software to manage appointments, reduce no-shows, and minimize patient wait times. Consider implementing reminder systems through texts or emails.

Optimize Billing and Coding:
Use billing and coding software to automate the process. Regularly train staff on coding updates to ensure compliance and reduce errors that can lead to claim denials or delayed payments.

Standardize Procedures:
Develop standardized protocols and procedures for various tasks in the medical practice. This reduces variability and increases the efficiency and consistency of services.

Use Telemedicine Services:
Implement telemedicine for consultations and follow-ups that don’t require physical examination. This can save time for both the healthcare professionals and patients.

Delegate Tasks Appropriately:
Ensure that tasks are delegated based on competency and qualifications. This allows doctors to focus on patient care while administrative staff handle clerical tasks.

Implement Inventory Management Systems:
Streamline the process of ordering, storing, and tracking medical supplies to reduce waste and ensure that necessary materials are always available.

Continuously Train Staff:
Regularly train staff on new technologies, best practices, and regulatory requirements. Well-trained staff are more efficient and make fewer mistakes.

Enhance Communication Channels:
Improve communication among staff members and between staff and patients. Ensure there are clear channels for communication and that staff are responsive to inquiries and concerns.

Use Data Analytics:
Leverage data analytics to monitor and analyze various aspects of the practice, such as patient flow, billing, and revenue cycles. Use insights gained to make informed decisions on improving processes.

Solicit Feedback:
Actively seek feedback from patients and staff to identify areas for improvement. Implement changes based on feedback to enhance patient satisfaction and streamline operations.

Implement Check-in Kiosks:
Utilize self-service kiosks to streamline the patient check-in process, reducing administrative workload and enhancing patient experience.

Practice Preventive Maintenance:
Regularly maintain medical equipment to prevent unexpected breakdowns that can disrupt operations.

Leverage Task Automation:
Automate repetitive tasks such as data entry, appointment reminders, and prescription refills. Automation reduces the chances of human errors and frees up staff time.

Outsource Non-Core Activities:
Consider outsourcing activities like billing, transcription, or payroll services. This allows the practice to focus on core competencies such as patient care.

Ensure Regulatory Compliance:
Stay updated on healthcare regulations and ensure compliance to avoid fines, penalties, or loss of licensure.

Reducing Operating Costs Is A Win-Win

By taking steps to reduce operating costs, medical practices are adapting their business models to remain profitable in the face of a changing industry. This isn’t just good for medical practices, though. Reducing operating costs means that funds are freed up to improve the quality and scope of patient services offered. Nobody loses out when organizations take the time to streamline their operations, and that makes exploring cost-cutting strategies a no-brainer for any medical practice.

When it comes to your medical practice, it is essential that you accurately portray the patient experience (read it positive experience). In the digital age, there are many ways that patients can share their feedback, communicate with others, and let you know how you did in caring for their needs. Google reviews are among the most critical and widespread forms of reviewing any business.

How Google Reviews Work

If you believe that any of your patients seem happy with your service, request them to leave a positive Google review online. If they feel compelled, they will share their favorable views without hesitation. Patients can rank your practice from one to five stars, and they also can leave comments. Your objective should be collecting at least a few genuine 5-star Google reviews weekly. These positive Google reviews not only help in improving your online reputation but more importantly – getting more patients to your office.

Google reviews can be a valuable tool for gaining insights into patients’ experiences at medical clinics. Here are some of how these reviews can be beneficial, as well as some considerations to keep in mind:

1. Build Trust and Credibility: Positive reviews build trust among potential patients. When people see that a clinic has received positive feedback from other patients, it increases the clinic’s credibility.
2. Improve Online Visibility: Google reviews play a role in search engine optimization (SEO). Having a larger number of positive reviews can improve a clinic’s ranking in Google search results, making it more likely that potential patients will find the clinic when searching for medical services.
3. Gain Insights and Feedback: By reading and analyzing the reviews, clinics can gain valuable insights into what they are doing well and areas where they need improvement. This feedback can help them make necessary adjustments to enhance patient satisfaction.
4. Attract New Patients: Many patients rely on online reviews when choosing a healthcare provider. A good online reputation, as reflected in Google reviews, can be a deciding factor for patients looking for a new clinic.
5. Enhance Communication and Engagement: Responding to Google reviews (both positive and negative) demonstrates that the clinic values patient feedback and is committed to patient satisfaction. This engagement can foster stronger relationships with patients.
6. Competitive Advantage: Having a high star rating and positive reviews can provide a competitive advantage over other clinics in the area that may not have as strong of an online presence or reputation.
7. Market Perception: Reviews can influence how the market perceives the clinic. Special mentions about the efficiency, expertise, or state-of-the-art equipment can become associated with the clinic’s image.
8. Word-of-Mouth Referrals: Satisfied patients who leave positive reviews might also be likely to recommend the clinic to friends and family, resulting in word-of-mouth referrals.

However, there are also considerations and limitations to using Google reviews:

1. Bias and Subjectivity: Reviews are subjective and may be influenced by personal biases. For example, a patient who had a single negative experience might leave a disproportionately scathing review.
2. Authenticity: There is no surefire way to know if a review is genuine or if it has been posted by someone with a vested interest, such as a competitor or someone affiliated with the clinic.
3. Lack of Medical Expertise: The average reviewer may not have the medical knowledge to assess the quality of care accurately. They may base their review on factors such as bedside manner or wait times rather than the actual medical care provided.
4. Limited Information: Reviews typically provide limited information and might not address specific concerns or needs that are important to you.

Negative reviews can have the opposite effect, driving potential patients away. It’s important for clinics to respond to negative feedback professionally and constructively and where appropriate, take steps to address any valid concerns raised by patients in reviews.

While Google reviews are generally more honest, they can also be instrumental, as Google is a central social media platform. People can share their views for better or worse, but everyone has access to this information, and Google showcases it to the world when your location shows up on their web browser.

If something is inaccurate, you can report it, but for most reviews, Google allows patients to be as honest as they please. With this in mind, Google reviews are essential for your medical practice. Here are some ways they can help or hurt your business.

Help Patients Make an Informed Decision

Choosing the proper medical practice is an important decision for patients. If you have accumulated a collection of positive reviews, you will likely notice a change in how many patients you serve.

In other words, your Google reviews can help patients see the value in your business, what you have to offer, and an unfiltered view of what it is like to visit your practice for their medical needs. This can help them make an informed decision.

One entity that customers trust more than the facts and the data is reviewed. So if you have plenty of great reviews online on Google, you will see patients feeling more comfortable about their choice and their decision to see you for their medical needs.

The Opportunity for Free Marketing

Have you ever heard the expression that any press is good press? This is mostly untrue, but you can rely on your positive reviews on Google to help you seal an opportunity to earn more clients. This is because your reviews are not just a reflection of your practice but also free marketing.

One way to examine this is through the eyes of other businesses. If you are looking for a restaurant to go to that evening, will you choose a poorly reviewed or one that has hundreds of positive reviews? Of course, you would go for the positive reviews!

Marketing for your practice is not as hard as you might think. With enough satisfied customers sharing their views and experiences, you can capitalize on free marketing without spending a dime on these positive comments!

Personal Reviews Vs. Professional Reviews

Medical practices stand out from other businesses because they must adhere to specific safety and health codes. While you might pass every health code and safety requirement possible, this is expected of all practices. Your professional reviews and approvals for your facility only go so far, which is why you need other forms of reviews for your business.

Google reviews can be seen as more personal and better for customers to share their views honestly. At the same time, professional studies by medical organizations confirm that you are up to code and within regulations; customers also care about the bedside manner and their experience with you as the physician and owner of the practice.

Google reviews are the only form of honesty that patients can share to help them get a sense of who they are. With stellar reputations, individual doctors can easily make it to the top of the recommended physicians in the area and impact through these reviews.

Use Google Reviews for Other Platforms

Often, your Google reviews can also translate into other positive ranks. This is because Google can connect to multiple platforms and even the search engine. This can help you improve your ranking on the search engine and other social media platforms.

This means that people might be able to see your rankings on their insurance database while they search for a physician of their choosing. So your Google reviews don’t just help Google, but they also help other platforms and connections you might have for your medical practice.

How to Create More Google Reviews

When it comes to having clients share their thoughts, there are many ways that you can encourage your patients to share their views about how your medical practice is doing. While some might feel compelled to share based on their feelings, others might have to be reminded.

Keeping a business card where patients have access to a reminder is necessary. This helps them keep your information handy for when they need your help and allows them to have a visual tip to share their thoughts. This is free marketing; all it takes is adding one little line of text on the back or bottom of your business card!

Improve Your Business With Google Reviews

While you might assume you don’t need more Google reviews, we shared many reasons today why you do. Focus on giving your patients great care; you will see the reviews! Even feel free to remind them of the opportunity to share their thoughts gently.

Over time, the more positive reviews you have, the more you are trusted by your community. When this happens, you will see an influx of patients and continue to have the opportunity to positively impact your neighborhood’s health and well-being.

For those health care practitioners who want to reap the benefits of automating their account receivable (AR) processes, we offer here a few tips on how to make this transition from paper invoices and bills to streamlined digital AR functions and operations.

Manual AR still constitutes an expensive financial loss for some providers, and while they may want to change things, many don’t know where to start. Just some of the disadvantages of resorting to manual processes in AR include the staffing needed to process bills and issue invoices and to follow-up with customers and patients, the operational burden represented by delays, repeated calls to bad payors, misplaced checks, trips to the post office and in-person deposits at the bank, the lost chance to recover owed amounts when an employee forgets to issue or mail an invoice and the subsequent loss in cash or idle liquidity.

Where to start

The first step to convert is to identify any regulatory restrictions or requirements for your type of business. For a medical practice, HIPAA remains the overarching law. In that case, even though “using payment processors does not fall under the HIPAA regulation, invoicing and billing needs to comply with HIPAA requirements”.

Not all software programs or payment platforms are HIPAA-compliant. As long as you can password-protect your files, you can even issue invoices in Word or Excel. But once you list the payment options on the invoice, you must verify that they’re all HIPAA compliant. For instance, Quickbooks and Paypal, for all their practicality and reputation, are not. Those which are HIPAA compliant usually have a blue HIPAA badge in the processor’s profile on their website. However, it’s always advisable to confirm with them before signing up.

As you choose a HIPAA-compliant medical accounting program, there are several criteria you need to consider: the features of the program such as patient registration and scheduling, automated coding and claim management, credit card payment and reporting, and criteria like business support which includes training offered to employees, tech support when problems occur, spam filters and other security and encryption protections, and more.

Making the transition

Normally, once you have acquired an EHR solution and or/payment processing platform, it’s relatively easy to introduce new customers to it from the beginning: either when they set up their first appointment or when the patient intake is done. It’s the old customers you’ll be having problems with.

For those with an existing patient chart, the process will entail heavy scanning and data entry. It’s best to start with patients who have already scheduled future appointments. You can also ask your IT provider for advice on how to digitize records quickly and efficiently. Spacing outpatient appointments, where possible, should give your staff enough time to convert the information and to receive the training they need.

Facilitate patient adoption of the new system

One of the obvious challenges to paperless billing is the reluctance of your patients to sign up for online notifications or download your app. You’ve converted your billing system, how are you going to convert your customers?

Be mindful of your demographic. Millennials are much more likely to use technology and prefer e-billing. People in their 50s and above may feel more comfortable with paper invoices. Try to be sensitive and flexible. Offer to train the patient or even offer a financial incentive like a discount in order to get them to sign up for paperless billing. Make sure to obtain each patient’s signed authorization before switching them to electronic invoices. If your software or portal presents the bills in a completely different way from the paper bills, you can try to format your paper bills first, so they match the electronic version as closely as possible and the patient can get used to the new format. Later, the patient is introduced to the electronic bill which they’re already familiar with.

Third-party billing specialists

Here are some examples of popular payment providers:

1. BillingTree offers strong patient data security and is HIPAA compliant. Their CareView solution includes POS payments, web and online portals, credit and debit, and even text payments. While BillingTree doesn’t advertise its prices on its website, you may request a demo and then obtain a quote. For more information, you may contact them directly or read this review.
2. Chase acquired FisaCure in 2007, a “leading provider” of HIPAA-compliant payment solutions. Formerly known as Chase PaymentTech, Chase Merchant Services has been known as one of the most efficient and reliable B2B service providers. While this is another provider who chooses not to display its prices on their website, you can find some information here or fill out a ‘contact form’ on their website.
3. Instamed, a JP Morgan company, advertises a comprehensive set of tools for health care providers. Among other services, they offer Instamed Online for Payers which “seamlessly integrates with payer systems”, providing payment capabilities to your existing system. As with the aforementioned providers, their prices are also not displayed on their website.
4. Payline declares a low-cost, affordable solution for health care providers, with transparent pricing and no long-term contract requirements. Some of the fees are displayed on the website, but for customized services and final prices, you have to contact them.
5. Kareo’s flexible and comprehensive set of tools is specifically designed for “your independent practice, not for a hospital”. They offer help with the digitization of paper records and conversion to electronic billing, plus free coaching for the first 60 days once you sign up for one of their packages. Kareo also requires direct contact for accurate pricing, but some information is available on Investopedia.

As part of your ‘best practices’ guidelines, before you commit to any technologies, you have to make sure you understand the billing process. Even if you start with password-protected invoices in your MS Suite or with issuing paper invoices, having a clear idea of how billing works will help you identify where you’re losing cash and how you can adjust your processes to collect. Physicians and coders have to be on the same page and stay knowledgeable about insurance claims as well as what the patients themselves have to pay: copayment, coinsurance and deductibles. When an insurance company rejects a claim or only partially covers it, the balance gets transferred to another insurance carrier or to the patient. Promptly following up and obtaining at least partial payments as soon as possible, hopefully before the patient’s next billing cycle and appointment should be a priority for any billing system.

Health care providers, health plans such as insurers and HMOs, healthcare clearing-houses and any business entities using and disclosing “individually identifiable health information” during claims processing, billing, data analysis, and other operations, are governed by the HIPAA Privacy Rule.

HIPAA laws ensure that patient’s data is kept safe from unauthorized access and data leaks. Personal information like – Patient names, SSN, Driver’s license numbers, insurance details, Date of birth, details of treatment received etc.

HIPAA is the Health Insurance Portability and Accountability Act of 1996, which is a federal law protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge. The Office of Civil Rights within the Department of Health and Human Services enforces the HIPAA privacy rules. This rule applies to all medical practitioners across the board including hospitals, dentists, doctors, nurse practitioners and clinical labs.

Need a HIPAA compliant Medical Debt Collection Agency? Contact us High recovery rates | Serving Nationwide | Cost-effective | Easy to use

HIPAA Rules

The entities covered by HIPAA have the obligation to be compliant across all of their operations and to have the proper technical, physical and administrative safeguards in place.

The Privacy rule aims to protect an individual’s personal health information while allowing a smooth flow of health information between patients and “covered entities” in order to promote high-quality health care. Regardless of how the protected health information (PHI) is transmitted, whether orally, electronically or on paper, the protection extends to the past, the present and the future, from the moment that information is collected or created, through its transmission, maintenance, archival and final destruction. Because years and decades may pass from that first moment until the last, the HIPAA Security rule protects the PHI regardless of what system or technological tool the covered entity uses over time: paper records, server-based storage or cloud-storage.

When cloud storage is used, being HIPAA compliant means that the cloud storage provider, like Google and Amazon, becomes a covered entity. As required by HIPAA, a Business Associate Agreement is formed between the cloud platform and its customers.

The standards for protection are high out of necessity because breaches, inadvertent or malicious, can happen at any time. The Breach Notification Rule protects individually identifiable health information from impermissible use and disclosure. Examples of breaches are: sharing information with unauthorized entities, loss or theft of PHI, unauthorized access, getting hacked, storing and archiving PHI in unsecured physical or electronic locations.

Risk Assessments

HIPAA risk assessments are an essential part of HIPAA compliance, and they should be conducted periodically by a qualified person or team within the organization. As with other things, it’s better to prepare for threats and prevent breaches than do damage control later, when the loss of PHI information may be inevitable and the extent of its dissemination unquantifiable. The risk assessment should identify the following:

1. What PHI is;
2. Where and how it is used, stored and shared;
3. Who has access to it: employees and others in your network (vendors, consultants, etc);
4. What verification process you have in place to ensure compliance is maintained across the board;
5. What safeguards you already have in place and evidence they’re being used properly;
6. What safeguards your company should implement and what training should be involved for everyone with access to PHI;
7. A scenario for a mock breach to make sure the controls are in place, and to assess the potential extent and damage of such a breach;
8. A review of concerns and suggestions from your staff to either discover potential threats, lapses in compliance or better ways to protect the information.

How to become HIPAA compliant

The following items offer some suggestions to help you prevent breaches and to stay or become HIPAA compliant.

1) Identify the protected information and ensure the staff knows what constitutes a breach and why it is important.

2) Have a closed system in which PHI is trackable through its entire lifecycle: creation or intake of a patient’s file, maintenance and storage, update and closure, and archival and destruction.

3) Have levels of access to restrict employees from protected data if they don’t use it in their work. Ensure passwords have a high level of complexity and end access to data as soon as an employee leaves your organization, even if it’s for a temporary leave. If possible and resources are available, have a tiered system of exposure, in electronic form and on paper, where the least amount of information is transmitted at any given point, and only doctors and other medical staff have access to full patient information. If a breach happens, then at best, the information exposed should be minimal and worthless for sale or ransom.

4) Avoid unnecessarily duplicating patient data, such as printing their information on paper, if it’s not absolutely necessary. If you need to print it, make sure it is tracked as thoroughly as any other PHI in your organization.

5) Vet your online fax provider, collection agency, billing software, or any kind of software or app you use to process or transmit PHI.

6) Encrypt your data and perform all of the required security updates as notified by your software programs. Install a good firewall and make sure your IT department or provider routinely checks on the stability and security of all of your systems. That being said, make sure that any IT engineers or consultants also understand that they’re also bound to HIPAA privacy rules.

7) Every time a new factor is added, such as a new employee or a transfer of data, a new assessment should be made to ensure that the PHI is not compromised in any way.

8) Conduct periodic checks on your vendors, consultants and other partners to verify that they’re also compliant.

9) Stay up to date with any changes or updates in HIPAA laws. The CDC website has a page dedicated to news on Public Health Law.

10) Healthcare organizations must document all HIPAA compliance activity including privacy and security policies, risk assessments and audits, and staff training sessions. It is recommended to designate a Privacy Compliance Officer within your company.

11) Don’t hesitate to take action immediately after a data breach. Any delay in properly notifying of the breach or in attempts to reduce its impact can attract a serious fine from the Office for Civil Rights. Some electronic breaches have become harder to detect nowadays because hacking is more sophisticated so no secure system is absolutely 100% hack-proof. The important thing is to do everything possible to protect the information and, if a breach does happen, to immediately take steps to notify relevant entities and involved individuals that a breach has occurred.

HIPAA Certification

Because HIPAA compliance is an on-going process increasing in complexity all the time, there is no HIPAA certification requirement at this time. The Department of Health and Human Services (HHS) offers only HIPAA training materials for covered entities, and those materials are usually subject to change to match changes in the law. The CDC offers internships and externships in Public Health Law but only to law students. Third-party HIPAA certifications are available but none of them is endorsed or approved by the HHS even though HIPAA training is required for a covered entity to remain compliant. Taking all of that into consideration, a hybrid process of initial certification and continuing education would probably work best as it would ensure stakeholders have the minimum required HIPAA knowledge through certification and it would also fall in line with the regulatory changes in HIPAA laws to fit a changing society.

Nursing Home Safety: The Spotlight Is Still On

The worst of COVID may feel like yesterday’s news, but it left one lasting change: families, regulators and the media now watch nursing homes much more closely than before.

Nursing homes remain the next level of long-term, residential care for people who can’t safely live on their own. Residents and families now expect not just a bed and basic supervision, but:

• Safe infection control

• Adequate staffing and oversight

• Honest communication and transparency

Facilities that treat these as real priorities, not buzzwords, are the ones that will keep their census strong and protect their reputation.

---

The Health & Safety Risks That Matter Most Today

The core risks for nursing homes have not changed, but the tolerance for failure has.

1. Infection control and respiratory illnesses
Even outside of a pandemic, influenza, RSV, norovirus and other infections can move quickly through a facility:

• Shared dining and activity spaces

• Residents with multiple chronic conditions

• Staff working across multiple rooms and units

Regulators still expect a written infection prevention plan and, more importantly, proof that it is actually followed:

• Consistent hand hygiene and PPE practices

• Clear isolation / cohorting procedures

• Regular cleaning and disinfection of high-touch surfaces

• Symptom screening and rapid response when something looks wrong

2. Chronic understaffing and missed care
Staffing shortages are the number one safety risk many residents feel every day:

• Call lights answered slowly

• Assistance with toileting or transfers delayed

• Meds, hydration and nutrition rushed instead of monitored

Recent federal staffing rules have been proposed and challenged, and some numerical minimums have been rolled back or put on hold. Still, data on hours per resident day is public, and comparisons between “high-staffed” and “low-staffed” facilities are widely used by families and journalists.

Facilities that aim just for the bare minimum are competing against those that visibly staff above it.

3. Ownership structures and financial pressure
Most U.S. nursing homes are run as for-profit businesses, often with complex ownership or management chains.

That doesn’t automatically mean poor care, but it does mean:

• Pressure to control labor and supply costs

• Temptation to understaff or delay upgrades

• Confusion about who is accountable when something goes wrong

In today’s environment, “care first, profits second” is not a slogan; it’s a survival strategy.

---

Infection Control: Make the Basics Boring and Non-Negotiable

The original version of this article focused heavily on infection control, and that theme is still correct—just make it routine and measurable, not panic-driven.

Key elements:

• Daily hygiene discipline

  • Hand hygiene, glove use and surface disinfection built into every shift

  • PPE stocked, accessible and actually used—not locked away “for emergencies”

• Smart assignment patterns

  • Limit unnecessary staff movement between units, especially when there’s an outbreak

  • Keep consistent staff-resident groupings to reduce cross-exposure

• Practical screening

  • Simple symptom checks for residents and staff

  • Clear rules for when to send staff home or seek medical evaluation

• Resident awareness

  • Explain risks and precautions in plain language

  • Teach residents who can understand it how to report new symptoms early

The goal is to make infection control feel ordinary—part of the culture, not a separate, crisis-only activity.

---

Wearables, Oximeters and Simple Monitoring Technology

The earlier article talked about smartwatches and pulse oximeters mainly in a COVID context. Today, the same tools are useful far beyond any single virus.

Practical, affordable ways to use them now:

• Pulse oximeters and vitals checks

  • Routine monitoring for residents with heart, lung or infection risks

  • Automated alerts when readings fall outside safe ranges

• Basic wearables

  • Track movement, steps, sleep patterns and sometimes heart rate

  • Help staff spot changes in mobility, restlessness or nighttime wandering

• Central dashboards

  • Pull data from vitals machines and wearables into simple views

  • Let nurses see at a glance which residents may need extra attention

These tools are not magic, but they act as early-warning systems, helping staff intervene before a minor issue becomes an emergency.

---

AI in Nursing Homes: Quiet, Useful, and Behind the Scenes

Artificial intelligence in this context isn’t about robots replacing caregivers. It’s about reducing paperwork and catching patterns that busy humans might miss.

Useful applications:

• Speech-driven documentation

  • Nurses and doctors dictate their notes during or right after a visit

  • The system structures and files the note immediately in the electronic record

• Risk flagging

  • AI looks across diagnoses, meds, vitals and notes to suggest who may be at higher risk for falls, infections, delirium or rehospitalization

• Workload and scheduling support

  • Matching staff levels to resident acuity and peak activity times

  • Reducing overtime and burnout by making schedules more realistic

Any AI solution used in a nursing home must be HIPAA-compliant, with role-based access and audit trails. When done right, staff spend less time typing and more time caring.

---

Patient Portals and Family Access: Transparency Prevents Crises

The first version of this article correctly emphasized portals and social tools; that idea is even more relevant now.

Modern families expect:

• Online access to key health information, appointments and updates

• A clear way to ask questions and get responses without waiting for a call back

• Honest explanations when something goes wrong

For facilities, good communication tools:

• Reduce confusion and repeated phone calls

• Help families understand what staff are doing and why

• Document what was explained and when, which matters for both trust and risk management

Encouraging residents (when possible) and families to log concerns or symptom changes early can bring issues to light before they turn into formal complaints or survey citations.

---

Care First, Profits Second: What That Looks Like in Practice

The “Care first, profits secondary” section in the old article hit a vital point: ownership decisions show up on the floor.

In a present-day context, that means:

• Budgeting to meet or exceed staffing expectations rather than aiming for the lowest safe number

• Investing in training, infection control and basic tech before cosmetic upgrades

• Simplifying internal corporate structures where possible so responsibility is clear

Facilities that consistently choose resident safety and staffing over short-term margin cuts are the ones that:

• Get better inspection results

• Have fewer serious incidents

• Spend less on crisis management, legal defense and reputation repair

In a world where inspection data and quality ratings are public, the financial logic is straightforward: good care is good business.

---

Reputation Is Now a Clinical Asset

Online ratings, state inspection reports and word of mouth have turned reputation into a clinical risk factor:

• A poor star rating or a widely shared news story can slow admissions

• Families now compare facilities not just on price and location, but on safety, staffing and communication

• Staff recruitment is harder at homes known for thin staffing or repeated problems

To protect and grow reputation, a nursing home should:

• Track and openly address patterns in complaints and incident reports

• Celebrate and retain good staff—high turnover is instantly visible to families

• Show visible commitments to safety (signage, training, tech, staffing ratios)

Your reputation tells families what’s likely to happen when they’re not there. Today, that perception directly affects occupancy, payer relationships and long-term survival.