Nexa Collections

Medical

Lower Medical AR Days: 5 Proven Tactics

If you are a practice manager or physician owner, you know the sinking feeling of looking at your Accounts Receivable (AR) aging report. The “Over 90 Days” bucket is growing, and cash flow is tightening.

In the past, high AR was usually an insurance problem. Today, it is a patient collection problem. With the rise of High-Deductible Health Plans (HDHPs), patients are effectively becoming your largest “payer,” often responsible for 30% to 40% of the total bill.

Reducing AR in this new landscape isn’t about calling louder or sending more paper statements. It requires a fundamental shift in your Revenue Cycle Management (RCM) process—moving from “chasing debt” to “securing payment.”

Here are 5 proven tactics to reduce your AR days and stabilize revenue, based on the latest industry standards.

1. Implement a Mandatory “Card on File” (COF) Policy

The most effective way to reduce AR days is to secure the payment method before the service is rendered.

  • The Tactic: Update your financial policy to require a credit card on file for all patients, with a signed authorization to charge balances up to a specific limit (e.g., $200) after insurance adjudication.

  • The Impact: This eliminates the “statement cycle” entirely for small balances. Instead of waiting 30 days for a patient to open a bill and write a check, you capture the revenue the moment the EOB (Explanation of Benefits) arrives.

  • The Stat: Practices with COF policies see a 35-45% reduction in patient AR days within the first 6 months.

2. Master the “Good Faith Estimate” (No Surprises Act)

Compliance can actually be a revenue driver. The No Surprises Act requires you to provide cost estimates for uninsured/self-pay patients, but smart practices are doing this for everyone.

  • The Tactic: Use your PM system to generate accurate out-of-pocket estimates prior to the appointment. Present this to the patient 24 hours before arrival.

  • The Psychology: Patients are more likely to pay when they know the number. “Shock” bills are the #1 reason for non-payment. When you remove the surprise, you remove the friction.

  • Best Practice: Collect the estimated copay and deductible at the front desk before the patient walks back to the exam room.

3. Frictionless “Text-to-Pay” Technology

If you are still mailing three paper statements before making a phone call, you are operating on a 1990s timeline in a 2026 world.

  • The Tactic: Implement “Text-to-Pay” (SMS billing). Modern patients do not open mail, and they do not answer unknown calls. They do look at texts.

  • The Impact: Digital payment links have a 98% open rate.

  • The “One-Click” Rule: Ensure your payment portal does not require a complex login or account number. If it takes more than 60 seconds to pay, the patient will abandon the transaction.

4. The “24-Hour” Denial Rule

While patient debt is rising, insurance denials remain a massive chunk of AR. The longer a denial sits, the less likely it is to be overturned.

  • The Tactic: Implement a “24-Hour Work” rule. Any denial received from a clearinghouse must be reviewed and categorized (coding error, eligibility, authorization) within one business day.

  • Root Cause Analysis: Don’t just rework the claim; track the source. If 30% of denials are “Eligibility,” the problem isn’t in billing—it’s at the front desk. Fix the intake process to stop the bleeding.

5. Segment Your Strategy (The 60-Day Cliff)

Stop treating a 30-day balance the same as a 120-day balance. Your internal staff is expensive; do not waste their time chasing old debt that requires specialized leverage.

  • Days 0-60 (Internal Team): Focus your staff here. This is “customer service.” Use texts, emails, and gentle reminders.

  • Days 61-90 (The Danger Zone): If they haven’t paid after two cycles, they aren’t going to pay without a push. Continued internal calls yield diminishing returns.

  • The Solution: This is where you deploy a Third-Party Demand service. A formal letter from an external agency changes the psychological dynamic.

How NexaCollect Supports Your Strategy

Even with the best front-end tactics, some accounts will slip through the cracks. When they do, you need a safety net that doesn’t eat your profits.

We offer a hybrid solution designed to clean up the “Danger Zone” without the high cost of traditional collections.

  • Step 1 & 2 (Flat-Fee Recovery): For a simple $15 per account, we send official third-party demands. This gives you the leverage of a collection agency while you keep 100% of the funds.

  • Step 3 (Contingency): Only for the stubborn accounts that ignore everything else do we move to a percentage-based fee (40%).

FAQ: Medical AR Management

Q: Is “Card on File” legal?

A: Yes, provided you obtain a signed authorization form that clearly states the terms and limits. It is standard practice in many specialties (Dermatology, Concierge Medicine) and is rapidly adopting Primary Care.

Q: How do we handle patients who claim they “never got the bill”?

A: This is a common delay tactic. By moving to digital billing (email/text) with read receipts, you verify delivery. Furthermore, switching to a third-party service (Step 2) eliminates this excuse because the demand comes from a new, official source.

Q: What is a healthy Denial Rate?

A: You should aim for a denial rate under 5%. If you are over 10%, your front-end revenue cycle is broken, and no amount of backend collections will fix it.

Fix Your AR Process Today

Reducing AR days isn’t magic; it’s a mix of policy, technology, and timing. Implement these tactics to capture revenue upfront, and let us handle the backend cleanup.

Click here to Contact Us and streamline your revenue cycle.

Operational Resiliency: The Blueprint for Modern Medical Practice Survival

The current medical landscape is at a financial crossroads. With rising inflation and reimbursement rates failing to keep pace with administrative overhead, nearly half of all independent practices report uncertainty about their ability to remain solvent. Staying in business is no longer just about clinical excellence; it is about operational agility. Below is a comprehensive blueprint for streamlining your practice to ensure long-term stability.

1. The Digital Backbone: Automation Over Administration

Manual administrative tasks are the “invisible drain” on medical revenue. Leveraging technology is the most effective way to reduce labor costs without sacrificing care quality.

  • AI Medical Scribes: Implementing ambient AI scribes can reduce documentation time by up to 50%, allowing providers to see more patients or reclaim hours lost to “pajama time” charting.

  • Intelligent Self-Service: Beyond simple check-in kiosks, modern practices use home-based patient portals for pre-visit registration. This ensures high-quality data entry and reduces front-desk bottlenecks.

  • Task Automation: Repetitive processes—such as appointment reminders, prescription refills, and lab result notifications—should be fully automated to free up staff for high-touch patient interactions.

  • Telemedicine & RPM: Telehealth for follow-ups and Remote Patient Monitoring (RPM) for chronic care management not only save on physical office overhead but also create steady, efficiency-driven revenue streams.

2. Workflow Optimization & Standardization

Inefficiency is often a result of variability. Standardizing the “how” of your practice reduces errors and saves time.

  • Standard Operating Procedures (SOPs): Develop clear, written protocols for everything from rooming a patient to handling specialized equipment. This ensures consistency and speeds up the onboarding of new staff.

  • Clinical Task Delegation: Doctors should operate at the “top of their license.” Clerical tasks, basic triage, and documentation should be delegated to qualified administrative staff or medical assistants.

  • Optimized Patient Flow: Use data analytics to track the “door-to-provider” time. Reorganizing your physical layout or scheduling blocks can often reduce patient wait times and allow for one or two additional slots per day.

3. Strategic Resource Management

Every dollar not spent on waste is a dollar that supports your payroll and infrastructure.

  • Inventory & Waste Reduction: Moving away from expensive single-use supplies toward reusable alternatives—and implementing a just-in-time inventory system—can save thousands annually.

  • Preventive Maintenance: Unexpected equipment failure disrupts patient flow and leads to emergency repair costs. A regular maintenance schedule for medical devices and IT infrastructure is a mandatory cost-avoidance strategy.

  • Outsourcing Non-Core Activities: Activities like payroll, transcription, and IT maintenance are often more expensive to manage in-house. Strategic outsourcing allows you to focus exclusively on your core competency: patient care.

4. Financial Health Beyond the Exam Room

Operational survival requires a sharp focus on the “business” side of the clinic.

  • Dynamic Contract Renegotiation: Do not treat vendor contracts as static. Regularly renegotiate leases, IT service agreements, and supply contracts. High market competition often allows for rent reductions or service upgrades at no additional cost.

  • Real-Time Eligibility Verification: Streamlining the front-end insurance verification process prevents downstream claim denials. Automating this step ensures that every patient visit is actually covered before the provider enters the room.

  • Electronic Payment Shift: Moving to electronic checks and online payment portals reduces the administrative cost per invoice by roughly $0.06 to $0.10 compared to traditional paper billing.

5. The Human Element: Retention & Training

In a competitive labor market, it is significantly cheaper to retain a high-performing employee than to hire a new one.

  • Continuous Staff Development: Regularly train staff on the latest EHR updates, regulatory compliance (like HIPAA), and patient communication. A well-trained staff makes fewer mistakes that lead to costly corrections.

  • Burnout Mitigation: Reducing staff hours or eliminating mandatory overtime through better scheduling is often more sustainable than hiring more people. Focus on “efficiency over hours” to protect your team’s mental health.

  • Actionable Feedback Loops: Solicit feedback from both staff and patients. Those on the front lines often see “small” workflow glitches that, when fixed, lead to massive time savings.

6. Lean Marketing & Reputation Management

Attracting the right patients is as important as managing them.

  • ROI-Focused Marketing: Conduct a marketing audit to identify which channels (SEO, local referrals, or social media) actually drive patient volume. Cut spend on underperforming “vanity” metrics.

  • Data-Driven Decision Making: Use data analytics to monitor patient flow and billing cycles. Insights gained here allow you to make informed decisions rather than “guessing” where your practice is losing money.

The Bottom Line

Operational streamlining is a win-win strategy. By reducing the friction of administrative waste, you free up resources to improve the scope of patient services and the quality of your workplace. In the current 2026 market, the most resilient practices are those that treat efficiency as a vital sign of their business health.

Why Google Reviews Are Important for Your Medical Practice

When it comes to your medical practice, it is essential that you accurately portray the patient experience (read it positive experience). In the digital age, there are many ways that patients can share their feedback, communicate with others, and let you know how you did in caring for their needs. Google reviews are among the most critical and widespread forms of reviewing any business.

Google reviews

How Google Reviews Work

If you believe that any of your patients seem happy with your service, request them to leave a positive Google review online. If they feel compelled, they will share their favorable views without hesitation. Patients can rank your practice from one to five stars, and they also can leave comments. Your objective should be collecting at least a few genuine 5-star Google reviews weekly. These positive Google reviews not only help in improving your online reputation but more importantly – getting more patients to your office.

Google reviews can be a valuable tool for gaining insights into patients’ experiences at medical clinics. Here are some of how these reviews can be beneficial, as well as some considerations to keep in mind:

  1. Build Trust and Credibility: Positive reviews build trust among potential patients. When people see that a clinic has received positive feedback from other patients, it increases the clinic’s credibility.
  2. Improve Online Visibility: Google reviews play a role in search engine optimization (SEO). Having a larger number of positive reviews can improve a clinic’s ranking in Google search results, making it more likely that potential patients will find the clinic when searching for medical services.
  3. Gain Insights and Feedback: By reading and analyzing the reviews, clinics can gain valuable insights into what they are doing well and areas where they need improvement. This feedback can help them make necessary adjustments to enhance patient satisfaction.
  4. Attract New Patients: Many patients rely on online reviews when choosing a healthcare provider. A good online reputation, as reflected in Google reviews, can be a deciding factor for patients looking for a new clinic.
  5. Enhance Communication and Engagement: Responding to Google reviews (both positive and negative) demonstrates that the clinic values patient feedback and is committed to patient satisfaction. This engagement can foster stronger relationships with patients.
  6. Competitive Advantage: Having a high star rating and positive reviews can provide a competitive advantage over other clinics in the area that may not have as strong of an online presence or reputation.
  7. Market Perception: Reviews can influence how the market perceives the clinic. Special mentions about the efficiency, expertise, or state-of-the-art equipment can become associated with the clinic’s image.
  8. Word-of-Mouth Referrals: Satisfied patients who leave positive reviews might also be likely to recommend the clinic to friends and family, resulting in word-of-mouth referrals.

However, there are also considerations and limitations to using Google reviews:

  1. Bias and Subjectivity: Reviews are subjective and may be influenced by personal biases. For example, a patient who had a single negative experience might leave a disproportionately scathing review.
  2. Authenticity: There is no surefire way to know if a review is genuine or if it has been posted by someone with a vested interest, such as a competitor or someone affiliated with the clinic.
  3. Lack of Medical Expertise: The average reviewer may not have the medical knowledge to assess the quality of care accurately. They may base their review on factors such as bedside manner or wait times rather than the actual medical care provided.
  4. Limited Information: Reviews typically provide limited information and might not address specific concerns or needs that are important to you.

Negative reviews can have the opposite effect, driving potential patients away. It’s important for clinics to respond to negative feedback professionally and constructively and where appropriate, take steps to address any valid concerns raised by patients in reviews.

While Google reviews are generally more honest, they can also be instrumental, as Google is a central social media platform. People can share their views for better or worse, but everyone has access to this information, and Google showcases it to the world when your location shows up on their web browser.

If something is inaccurate, you can report it, but for most reviews, Google allows patients to be as honest as they please. With this in mind, Google reviews are essential for your medical practice. Here are some ways they can help or hurt your business.

Help Patients Make an Informed Decision

Choosing the proper medical practice is an important decision for patients. If you have accumulated a collection of positive reviews, you will likely notice a change in how many patients you serve.

In other words, your Google reviews can help patients see the value in your business, what you have to offer, and an unfiltered view of what it is like to visit your practice for their medical needs. This can help them make an informed decision.

One entity that customers trust more than the facts and the data is reviewed. So if you have plenty of great reviews online on Google, you will see patients feeling more comfortable about their choice and their decision to see you for their medical needs.

The Opportunity for Free Marketing

Have you ever heard the expression that any press is good press? This is mostly untrue, but you can rely on your positive reviews on Google to help you seal an opportunity to earn more clients. This is because your reviews are not just a reflection of your practice but also free marketing.

One way to examine this is through the eyes of other businesses. If you are looking for a restaurant to go to that evening, will you choose a poorly reviewed or one that has hundreds of positive reviews? Of course, you would go for the positive reviews!

Marketing for your practice is not as hard as you might think. With enough satisfied customers sharing their views and experiences, you can capitalize on free marketing without spending a dime on these positive comments!

Personal Reviews Vs. Professional Reviews

Medical practices stand out from other businesses because they must adhere to specific safety and health codes. While you might pass every health code and safety requirement possible, this is expected of all practices. Your professional reviews and approvals for your facility only go so far, which is why you need other forms of reviews for your business.

Google reviews can be seen as more personal and better for customers to share their views honestly. At the same time, professional studies by medical organizations confirm that you are up to code and within regulations; customers also care about the bedside manner and their experience with you as the physician and owner of the practice.

Google reviews are the only form of honesty that patients can share to help them get a sense of who they are. With stellar reputations, individual doctors can easily make it to the top of the recommended physicians in the area and impact through these reviews.

Use Google Reviews for Other Platforms

Often, your Google reviews can also translate into other positive ranks. This is because Google can connect to multiple platforms and even the search engine. This can help you improve your ranking on the search engine and other social media platforms.

This means that people might be able to see your rankings on their insurance database while they search for a physician of their choosing. So your Google reviews don’t just help Google, but they also help other platforms and connections you might have for your medical practice.

How to Create More Google Reviews

When it comes to having clients share their thoughts, there are many ways that you can encourage your patients to share their views about how your medical practice is doing. While some might feel compelled to share based on their feelings, others might have to be reminded.

Keeping a business card where patients have access to a reminder is necessary. This helps them keep your information handy for when they need your help and allows them to have a visual tip to share their thoughts. This is free marketing; all it takes is adding one little line of text on the back or bottom of your business card!

Improve Your Business With Google Reviews

While you might assume you don’t need more Google reviews, we shared many reasons today why you do. Focus on giving your patients great care; you will see the reviews! Even feel free to remind them of the opportunity to share their thoughts gently.

Over time, the more positive reviews you have, the more you are trusted by your community. When this happens, you will see an influx of patients and continue to have the opportunity to positively impact your neighborhood’s health and well-being.

Start Accepting Online Payments for your Medical Practice

For those health care practitioners who want to reap the benefits of automating their account receivable (AR) processes, we offer here a few tips on how to make this transition from paper invoices and bills to streamlined digital AR functions and operations.

Manual AR still constitutes an expensive financial loss for some providers, and while they may want to change things, many don’t know where to start. Just some of the disadvantages of resorting to manual processes in AR include the staffing needed to process bills and issue invoices and to follow-up with customers and patients, the operational burden represented by delays, repeated calls to bad payors, misplaced checks, trips to the post office and in-person deposits at the bank, the lost chance to recover owed amounts when an employee forgets to issue or mail an invoice and the subsequent loss in cash or idle liquidity.

Medical Online Payments

Where to start

The first step to convert is to identify any regulatory restrictions or requirements for your type of business. For a medical practice, HIPAA remains the overarching law. In that case, even though “using payment processors does not fall under the HIPAA regulation, invoicing and billing needs to comply with HIPAA requirements”.

Not all software programs or payment platforms are HIPAA-compliant. As long as you can password-protect your files, you can even issue invoices in Word or Excel. But once you list the payment options on the invoice, you must verify that they’re all HIPAA compliant. For instance, Quickbooks and Paypal, for all their practicality and reputation, are not. Those which are HIPAA compliant usually have a blue HIPAA badge in the processor’s profile on their website. However, it’s always advisable to confirm with them before signing up.

As you choose a HIPAA-compliant medical accounting program, there are several criteria you need to consider: the features of the program such as patient registration and scheduling, automated coding and claim management, credit card payment and reporting, and criteria like business support which includes training offered to employees, tech support when problems occur, spam filters and other security and encryption protections, and more.

Making the transition

Normally, once you have acquired an EHR solution and or/payment processing platform, it’s relatively easy to introduce new customers to it from the beginning: either when they set up their first appointment or when the patient intake is done. It’s the old customers you’ll be having problems with.

For those with an existing patient chart, the process will entail heavy scanning and data entry. It’s best to start with patients who have already scheduled future appointments. You can also ask your IT provider for advice on how to digitize records quickly and efficiently. Spacing outpatient appointments, where possible, should give your staff enough time to convert the information and to receive the training they need.

Facilitate patient adoption of the new system

One of the obvious challenges to paperless billing is the reluctance of your patients to sign up for online notifications or download your app. You’ve converted your billing system, how are you going to convert your customers?

Be mindful of your demographic. Millennials are much more likely to use technology and prefer e-billing. People in their 50s and above may feel more comfortable with paper invoices. Try to be sensitive and flexible. Offer to train the patient or even offer a financial incentive like a discount in order to get them to sign up for paperless billing. Make sure to obtain each patient’s signed authorization before switching them to electronic invoices. If your software or portal presents the bills in a completely different way from the paper bills, you can try to format your paper bills first, so they match the electronic version as closely as possible and the patient can get used to the new format. Later, the patient is introduced to the electronic bill which they’re already familiar with.

Third-party billing specialists

Here are some examples of popular payment providers:

  1. BillingTree offers strong patient data security and is HIPAA compliant. Their CareView solution includes POS payments, web and online portals, credit and debit, and even text payments. While BillingTree doesn’t advertise its prices on its website, you may request a demo and then obtain a quote. For more information, you may contact them directly or read this review.
  2. Chase acquired FisaCure in 2007, a “leading provider” of HIPAA-compliant payment solutions. Formerly known as Chase PaymentTech, Chase Merchant Services has been known as one of the most efficient and reliable B2B service providers. While this is another provider who chooses not to display its prices on their website, you can find some information here or fill out a ‘contact form’ on their website.
  3. Instamed, a JP Morgan company, advertises a comprehensive set of tools for health care providers. Among other services, they offer Instamed Online for Payers which “seamlessly integrates with payer systems”, providing payment capabilities to your existing system. As with the aforementioned providers, their prices are also not displayed on their website.
  4. Payline declares a low-cost, affordable solution for health care providers, with transparent pricing and no long-term contract requirements. Some of the fees are displayed on the website, but for customized services and final prices, you have to contact them.
  5. Kareo’s flexible and comprehensive set of tools is specifically designed for “your independent practice, not for a hospital”. They offer help with the digitization of paper records and conversion to electronic billing, plus free coaching for the first 60 days once you sign up for one of their packages. Kareo also requires direct contact for accurate pricing, but some information is available on Investopedia.

As part of your ‘best practices’ guidelines, before you commit to any technologies, you have to make sure you understand the billing process. Even if you start with password-protected invoices in your MS Suite or with issuing paper invoices, having a clear idea of how billing works will help you identify where you’re losing cash and how you can adjust your processes to collect. Physicians and coders have to be on the same page and stay knowledgeable about insurance claims as well as what the patients themselves have to pay: copayment, coinsurance and deductibles. When an insurance company rejects a claim or only partially covers it, the balance gets transferred to another insurance carrier or to the patient. Promptly following up and obtaining at least partial payments as soon as possible, hopefully before the patient’s next billing cycle and appointment should be a priority for any billing system.

How to become HIPAA Compliant: Patient data security

HIPAA Complaince
Health care providers, health plans such as insurers and HMOs, healthcare clearing-houses and any business entities using and disclosing “individually identifiable health information” during claims processing, billing, data analysis, and other operations, are governed by the HIPAA Privacy Rule.

HIPAA laws ensure that patient’s data is kept safe from unauthorized access and data leaks. Personal information like – Patient names, SSN, Driver’s license numbers, insurance details, Date of birth, details of treatment received etc.

HIPAA is the Health Insurance Portability and Accountability Act of 1996, which is a federal law protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge. The Office of Civil Rights within the Department of Health and Human Services enforces the HIPAA privacy rules. This rule applies to all medical practitioners across the board including hospitals, dentists, doctors, nurse practitioners and clinical labs.

Need a HIPAA compliant Medical Debt Collection Agency? Contact us

High recovery rates | Serving Nationwide | Cost-effective | Easy to use

HIPAA Rules

The entities covered by HIPAA have the obligation to be compliant across all of their operations and to have the proper technical, physical and administrative safeguards in place.

The Privacy rule aims to protect an individual’s personal health information while allowing a smooth flow of health information between patients and “covered entities” in order to promote high-quality health care. Regardless of how the protected health information (PHI) is transmitted, whether orally, electronically or on paper, the protection extends to the past, the present and the future, from the moment that information is collected or created, through its transmission, maintenance, archival and final destruction. Because years and decades may pass from that first moment until the last, the HIPAA Security rule protects the PHI regardless of what system or technological tool the covered entity uses over time: paper records, server-based storage or cloud-storage.

When cloud storage is used, being HIPAA compliant means that the cloud storage provider, like Google and Amazon, becomes a covered entity. As required by HIPAA, a Business Associate Agreement is formed between the cloud platform and its customers.

The standards for protection are high out of necessity because breaches, inadvertent or malicious, can happen at any time. The Breach Notification Rule protects individually identifiable health information from impermissible use and disclosure. Examples of breaches are: sharing information with unauthorized entities, loss or theft of PHI, unauthorized access, getting hacked, storing and archiving PHI in unsecured physical or electronic locations.

Risk Assessments

HIPAA risk assessments are an essential part of HIPAA compliance, and they should be conducted periodically by a qualified person or team within the organization. As with other things, it’s better to prepare for threats and prevent breaches than do damage control later, when the loss of PHI information may be inevitable and the extent of its dissemination unquantifiable. The risk assessment should identify the following:

  1. What PHI is;
  2. Where and how it is used, stored and shared;
  3. Who has access to it: employees and others in your network (vendors, consultants, etc);
  4. What verification process you have in place to ensure compliance is maintained across the board;
  5. What safeguards you already have in place and evidence they’re being used properly;
  6. What safeguards your company should implement and what training should be involved for everyone with access to PHI;
  7. A scenario for a mock breach to make sure the controls are in place, and to assess the potential extent and damage of such a breach;
  8. A review of concerns and suggestions from your staff to either discover potential threats, lapses in compliance or better ways to protect the information.

How to become HIPAA compliant

The following items offer some suggestions to help you prevent breaches and to stay or become HIPAA compliant.

1) Identify the protected information and ensure the staff knows what constitutes a breach and why it is important.

2) Have a closed system in which PHI is trackable through its entire lifecycle: creation or intake of a patient’s file, maintenance and storage, update and closure, and archival and destruction.

3) Have levels of access to restrict employees from protected data if they don’t use it in their work. Ensure passwords have a high level of complexity and end access to data as soon as an employee leaves your organization, even if it’s for a temporary leave. If possible and resources are available, have a tiered system of exposure, in electronic form and on paper, where the least amount of information is transmitted at any given point, and only doctors and other medical staff have access to full patient information. If a breach happens, then at best, the information exposed should be minimal and worthless for sale or ransom.

4) Avoid unnecessarily duplicating patient data, such as printing their information on paper, if it’s not absolutely necessary. If you need to print it, make sure it is tracked as thoroughly as any other PHI in your organization.

5) Vet your online fax provider, collection agency, billing software, or any kind of software or app you use to process or transmit PHI.

6) Encrypt your data and perform all of the required security updates as notified by your software programs. Install a good firewall and make sure your IT department or provider routinely checks on the stability and security of all of your systems. That being said, make sure that any IT engineers or consultants also understand that they’re also bound to HIPAA privacy rules.

7) Every time a new factor is added, such as a new employee or a transfer of data, a new assessment should be made to ensure that the PHI is not compromised in any way.

8) Conduct periodic checks on your vendors, consultants and other partners to verify that they’re also compliant.

9) Stay up to date with any changes or updates in HIPAA laws. The CDC website has a page dedicated to news on Public Health Law.

10) Healthcare organizations must document all HIPAA compliance activity including privacy and security policies, risk assessments and audits, and staff training sessions. It is recommended to designate a Privacy Compliance Officer within your company.

11) Don’t hesitate to take action immediately after a data breach. Any delay in properly notifying of the breach or in attempts to reduce its impact can attract a serious fine from the Office for Civil Rights. Some electronic breaches have become harder to detect nowadays because hacking is more sophisticated so no secure system is absolutely 100% hack-proof. The important thing is to do everything possible to protect the information and, if a breach does happen, to immediately take steps to notify relevant entities and involved individuals that a breach has occurred.

HIPAA Certification

Because HIPAA compliance is an on-going process increasing in complexity all the time, there is no HIPAA certification requirement at this time. The Department of Health and Human Services (HHS) offers only HIPAA training materials for covered entities, and those materials are usually subject to change to match changes in the law. The CDC offers internships and externships in Public Health Law but only to law students. Third-party HIPAA certifications are available but none of them is endorsed or approved by the HHS even though HIPAA training is required for a covered entity to remain compliant. Taking all of that into consideration, a hybrid process of initial certification and continuing education would probably work best as it would ensure stakeholders have the minimum required HIPAA knowledge through certification and it would also fall in line with the regulatory changes in HIPAA laws to fit a changing society.

Safer Nursing Homes: Staffing, Tech & Reputation

Assisted Living Community

Nursing Home Safety: The Spotlight Is Still On

The worst of COVID may feel like yesterday’s news, but it left one lasting change: families, regulators and the media now watch nursing homes much more closely than before.

Nursing homes remain the next level of long-term, residential care for people who can’t safely live on their own. Residents and families now expect not just a bed and basic supervision, but:

  • Safe infection control

  • Adequate staffing and oversight

  • Honest communication and transparency

Facilities that treat these as real priorities, not buzzwords, are the ones that will keep their census strong and protect their reputation.

The Health & Safety Risks That Matter Most Today

The core risks for nursing homes have not changed, but the tolerance for failure has.

1. Infection control and respiratory illnesses
Even outside of a pandemic, influenza, RSV, norovirus and other infections can move quickly through a facility:

  • Shared dining and activity spaces

  • Residents with multiple chronic conditions

  • Staff working across multiple rooms and units

Regulators still expect a written infection prevention plan and, more importantly, proof that it is actually followed:

  • Consistent hand hygiene and PPE practices

  • Clear isolation / cohorting procedures

  • Regular cleaning and disinfection of high-touch surfaces

  • Symptom screening and rapid response when something looks wrong

2. Chronic understaffing and missed care
Staffing shortages are the number one safety risk many residents feel every day:

  • Call lights answered slowly

  • Assistance with toileting or transfers delayed

  • Meds, hydration and nutrition rushed instead of monitored

Recent federal staffing rules have been proposed and challenged, and some numerical minimums have been rolled back or put on hold. Still, data on hours per resident day is public, and comparisons between “high-staffed” and “low-staffed” facilities are widely used by families and journalists.

Facilities that aim just for the bare minimum are competing against those that visibly staff above it.

3. Ownership structures and financial pressure
Most U.S. nursing homes are run as for-profit businesses, often with complex ownership or management chains.

That doesn’t automatically mean poor care, but it does mean:

  • Pressure to control labor and supply costs

  • Temptation to understaff or delay upgrades

  • Confusion about who is accountable when something goes wrong

In today’s environment, “care first, profits second” is not a slogan; it’s a survival strategy.

Infection Control: Make the Basics Boring and Non-Negotiable

The original version of this article focused heavily on infection control, and that theme is still correct—just make it routine and measurable, not panic-driven.

Key elements:

  • Daily hygiene discipline

    • Hand hygiene, glove use and surface disinfection built into every shift

    • PPE stocked, accessible and actually used—not locked away “for emergencies”

  • Smart assignment patterns

    • Limit unnecessary staff movement between units, especially when there’s an outbreak

    • Keep consistent staff-resident groupings to reduce cross-exposure

  • Practical screening

    • Simple symptom checks for residents and staff

    • Clear rules for when to send staff home or seek medical evaluation

  • Resident awareness

    • Explain risks and precautions in plain language

    • Teach residents who can understand it how to report new symptoms early

The goal is to make infection control feel ordinary—part of the culture, not a separate, crisis-only activity.

Wearables, Oximeters and Simple Monitoring Technology

The earlier article talked about smartwatches and pulse oximeters mainly in a COVID context. Today, the same tools are useful far beyond any single virus.

Practical, affordable ways to use them now:

  • Pulse oximeters and vitals checks

    • Routine monitoring for residents with heart, lung or infection risks

    • Automated alerts when readings fall outside safe ranges

  • Basic wearables

    • Track movement, steps, sleep patterns and sometimes heart rate

    • Help staff spot changes in mobility, restlessness or nighttime wandering

  • Central dashboards

    • Pull data from vitals machines and wearables into simple views

    • Let nurses see at a glance which residents may need extra attention

These tools are not magic, but they act as early-warning systems, helping staff intervene before a minor issue becomes an emergency.

AI in Nursing Homes: Quiet, Useful, and Behind the Scenes

Artificial intelligence in this context isn’t about robots replacing caregivers. It’s about reducing paperwork and catching patterns that busy humans might miss.

Useful applications:

  • Speech-driven documentation

    • Nurses and doctors dictate their notes during or right after a visit

    • The system structures and files the note immediately in the electronic record

  • Risk flagging

    • AI looks across diagnoses, meds, vitals and notes to suggest who may be at higher risk for falls, infections, delirium or rehospitalization

  • Workload and scheduling support

    • Matching staff levels to resident acuity and peak activity times

    • Reducing overtime and burnout by making schedules more realistic

Any AI solution used in a nursing home must be HIPAA-compliant, with role-based access and audit trails. When done right, staff spend less time typing and more time caring.

Patient Portals and Family Access: Transparency Prevents Crises

The first version of this article correctly emphasized portals and social tools; that idea is even more relevant now.

Modern families expect:

  • Online access to key health information, appointments and updates

  • A clear way to ask questions and get responses without waiting for a call back

  • Honest explanations when something goes wrong

For facilities, good communication tools:

  • Reduce confusion and repeated phone calls

  • Help families understand what staff are doing and why

  • Document what was explained and when, which matters for both trust and risk management

Encouraging residents (when possible) and families to log concerns or symptom changes early can bring issues to light before they turn into formal complaints or survey citations.

Care First, Profits Second: What That Looks Like in Practice

The “Care first, profits secondary” section in the old article hit a vital point: ownership decisions show up on the floor.

In a present-day context, that means:

  • Budgeting to meet or exceed staffing expectations rather than aiming for the lowest safe number

  • Investing in training, infection control and basic tech before cosmetic upgrades

  • Simplifying internal corporate structures where possible so responsibility is clear

Facilities that consistently choose resident safety and staffing over short-term margin cuts are the ones that:

  • Get better inspection results

  • Have fewer serious incidents

  • Spend less on crisis management, legal defense and reputation repair

In a world where inspection data and quality ratings are public, the financial logic is straightforward: good care is good business.

Reputation Is Now a Clinical Asset

Online ratings, state inspection reports and word of mouth have turned reputation into a clinical risk factor:

  • A poor star rating or a widely shared news story can slow admissions

  • Families now compare facilities not just on price and location, but on safety, staffing and communication

  • Staff recruitment is harder at homes known for thin staffing or repeated problems

To protect and grow reputation, a nursing home should:

  • Track and openly address patterns in complaints and incident reports

  • Celebrate and retain good staff—high turnover is instantly visible to families

  • Show visible commitments to safety (signage, training, tech, staffing ratios)

Your reputation tells families what’s likely to happen when they’re not there. Today, that perception directly affects occupancy, payer relationships and long-term survival.