In today's digital age, ensuring the security of your organization's data and systems is more critical than ever. It is not just about having anti-virus software installed; it is about continuously monitoring and improving your security posture. Here are four basic security Key Performance Indicators (KPIs) that your IT team should be providing you to ensure your organization stays protected.
Phishing KPIs
Phishing attacks are one of the most common and dangerous cyber threats. These attacks trick individuals into providing sensitive information, such as passwords or credit card numbers, by pretending to be a trustworthy entity. A robust internal phishing campaign, where your IT staff pose as hackers by sending compelling but misleading emails to persuade your staff to disclose information, is critical to keeping your environment safe. The results of these campaigns need to be distilled into KPIs that measure how well your organization is defending against these attacks. Key metrics include the number of phishing attempts detected, the percentage of employees who fall for phishing simulations, and the time it takes to respond to a phishing attempt. By tracking these KPIs, you can identify areas where additional training or security measures are needed.
Exposure KPIs
Exposure KPIs focus on the real-time vulnerabilities and threats your organization faces from viruses, malware, and other cyber threats. These KPIs focus on organization-wide cyber risks (both internal and external). They utilize threat intelligence, vulnerability data, and attack surface insights to quantify the effectiveness of your security measures in mitigating these threats.
Secure Score
Secure Score is a comprehensive metric that evaluates the overall resilience of your organization's devices and systems. Areas of focus include such things as identity protection, device security, app security, and data protection. It includes policies for encryption, password management, and other security measures managed through security configurations and compliance with best practices. Key metrics might include the percentage of devices with encryption enabled, the strength of passwords used across the organization, and compliance with security policies. A high Secure Score indicates that your organization is following best practices and is well protected against potential threats.
Patch KPIs
Keeping your systems patched is crucial for maintaining security. Patch KPIs measure how well your organization keeps up with software updates, not just for operating systems but for all applications. Key metrics include the percentage of systems with the latest patches installed, the time it takes to apply patches after they are released, and the number of vulnerabilities addressed by recent patches. Regularly monitoring these KPIs ensures that your systems are protected against known vulnerabilities and reduces the risk of a security breach.
Conclusion
Security is an ongoing process that requires constant vigilance and improvement. Scores can drop quickly if not monitored regularly, especially as new threats emerge. By tracking these basic security KPIs, you can ensure that your IT team is placing the proper focus on security and that your organization is well-protected against cyber threats. Remember, it is not just about having anti-virus software installed; it is about continuously monitoring and improving your security posture to stay ahead of potential threats.
About the Author
Patrick Kelly is the President and CEO of 4th Season Consulting. With over 20 years of experience in value-based medicine, population health, and care management, Patrick has led numerous successful initiatives in the healthcare industry. His expertise spans various roles, including CIO/CTO at Phytel, Loopback Analytics, and MPOWER Health, as well as Vice President of Information Systems at Catalyst Health Group.
About 4th Season Consulting
4th Season Consulting specializes in the unique needs of the healthcare industry by providing a wide range of consulting services including business intelligence, custom development, IT support, cloud infrastructure, HIPAA and compliance consulting, and digital marketing. The 4th Season Consulting team brings a depth of expertise tailored to the unique needs of healthcare providers, from solo practitioners to large organizations. All without contract minimums or long-term obligations.
Contact Us today for more information.
This article is the forth in a multiple-part series exploring the intricacies of value-based care in the U.S. healthcare system.
Because it is not how many times you get knocked down, but how many times you get up that counts, we have added this bonus fifth article is our multiple-part series exploring the intricacies of value-based care in the U.S. healthcare system.
Implementing Value-Based Care (VBC) is a complex process that requires careful planning, collaboration, and investment. However, there are several common pitfalls that can lead to failure. Here are some key factors that can derail your efforts.
Untrained Sales TeamIf you are a group selling VBC or even if you are attempting to rally support for VBC internally to your own group, a unique approach is needed compared to traditional sales efforts. It involves a deep understanding of the healthcare landscape, patient-focused care, and specific billing practices allowed under VBC programs. Sales professionals must be well-versed in various billing codes, reimbursement models, and compliance requirements to effectively communicate the financial benefits to potential clients. Additionally, they need to demonstrate an understanding of care coordination, preventive care, and chronic disease management to build trust with providers. By providing case studies, data, and real-world examples, sales professionals can inspire confidence in VBC programs and highlight their value.
A common issue specific to VBC groups is the failure of salespeople to effectively transition clients to the implementation and account management teams after program launch. This can lead to confusion, miscommunication, and a lack of continuity in the implementation process. To avoid this, establish clear protocols for handover and ensure that sales and implementation teams work closely together. The skills needed to show the value of VBC, and the skills needed to successfully implement and run a VBC program are distinct and different.
One of the biggest challenges in implementing VBC is getting providers on board. Without their buy-in, the initiative is doomed to fail. Providers may resist change due to concerns about increased workload, financial risks, or a lack of understanding of the new model. To overcome this, it is crucial to engage providers early in the process, provide adequate training, and address their concerns.
It is difficult to meet a provider that is looking for more things to do in a day and making time for a new process is difficult. This is where leveraging advanced algorithms, predictive models, AI, and other technology is critical. To this end, if a program must wait for a busy provider to review and approve each and every identified patient before care managers are allowed to engage, it will be difficult to achieve critical mass. This can lead to inefficiencies and distract providers from their primary responsibilities of delivering high-quality care. By striking the right balance between provider involvement and technological support, organizations can streamline the patient identification process and enhance the overall effectiveness of VBC initiatives.
Implementing VBC requires significant investment in technology, training, and infrastructure. Without adequate funding, it is impossible to achieve the desired outcomes. Organizations must be willing to invest in the necessary resources to support the transition to VBC. This includes investing in advanced data analytics tools, comprehensive training programs for staff, and robust infrastructure to support new care models. Additionally, securing ongoing financial support is crucial to sustain the initiatives and ensure continuous improvement.
Having an experienced technical team is crucial for the successful implementation of VBC. Technology is a vast area with various specializations. The group that is supporting email and laptops has a different skillset than the team that will design, implement, support, and/or develop VBC software. The proper team plays a vital role in integrating advanced data analytics tools, developing robust infrastructure, and ensuring seamless interoperability between different systems. Their expertise in handling complex healthcare data and technology is essential for identifying suitable patients, tracking outcomes, and optimizing care delivery. Moreover, an experienced technical team can troubleshoot issues quickly, adapt to evolving requirements, and provide continuous support to healthcare providers.
In conclusion, successfully implementing VBC requires a strategic approach that addresses common pitfalls such as lack of provider adoption, inadequate investment, mis-matched technology teams, and ineffective sales transitions. By leveraging technology, investing in necessary resources, and fostering collaboration among all stakeholders, organizations can overcome these challenges. Ultimately, a well-executed VBC initiative will lead to improved patient outcomes and significant cost savings.
Patrick Kelly is the President and CEO of 4th Season Consulting. With over 20 years of experience in value-based medicine, population health, and care management, Patrick has led numerous successful initiatives in the healthcare industry. His expertise spans various roles, including CIO/CTO at Phytel, Loopback Analytics, and MPOWER Health, as well as Vice President of Information Systems at Catalyst Health Group.
4th Season Consulting specializes in the unique needs of the healthcare industry by providing a wide range of consulting services including business intelligence, custom development, IT support, cloud infrastructure, HIPAA and compliance consulting, and digital marketing. The 4thSeason Consulting team brings a depth of expertise tailored to the unique needs of healthcare providers, from solo practitioners to large organizations. All without contract minimums or long-term obligations.
This article is the third in a multiple-part series exploring the intricacies of value-based care in the U.S. healthcare system.
Financial Models Driving Value-Based Care
This article is the third in our series on Value-Based Care. In our previous articles, we explored the disincentives faced by advocates and the history and current state of Value-Based Care and how its role in transforming the healthcare landscape by emphasizing patient outcomes and cost efficiency rather than traditional fee for service. Now, we will delve into the various revenue models within Value-Based Care, highlighting their pros and cons.
Full Schedules
The easiest revenue incentive related to Value-Based Care is a good process that can lead to higher patient volumes. While this may seem counter to the overall objectives, these increased encounters tend to be related to less acute needs such as follow-ups and routine care designed to intervene with patients before they present with complications related to higher poor outcomes. There are no changes needed at the facility or revenue cycle level. However, there is potential patient frustration if they cannot see their provider in a timely fashion.
Capitated Payment per Patient by Payors
Capitated Payments is a revenue model in which healthcare providers receive a fixed amount of money per patient from payors, regardless of the number of services provided. This model focuses on preventative care and provides immediate and predictable revenue, but it may generate less revenue overall and create incentives to withhold care from patients. Further, without a well-thought-out plan for outliers, a few high-cost patients can disrupt the model.
Traditional Billing for CPTs
This model includes billing for Chronic Care Management (CCM), Transitional Care Management (TCM), Principal Care Management (PCM), Remote Patient Monitoring (RPM), and Care Coordination & Care Planning. This is an easy revenue model as it works with the current revenue cycle and billing process, and revenue is guaranteed. However, there may be reluctance among providers, especially specialists, to participate. Further, different payors may reimburse differently, if at all, and the reimbursement rates tend to be low.
Shared Savings
A Shared Savings model is a revenue model that allows providers and payors to share the savings achieved from reducing healthcare costs while maintaining or improving the quality of care. This model has a potentially strong upside as everyone has a stake in the game, and metrics are well defined. However, revenue is not guaranteed, and there is a need to verify results reported between partners. Additionally, agreeing on a baseline that does not change over time can be challenging, and a few high-cost patients can disrupt the model.
Bundled Payments
Bundled Payments is a revenue model that encourages efficiency by providing a single payment for all services related to a specific episode. However, revenue is not guaranteed, and there can be a long tail on revenue, especially with retrospective bundles. It can be challenging to determine what constitutes an episode as well as what services are included as part of that episode. Further, distributing the bundle effectively to all caregivers, and as patient choice cannot be subverted, it may be difficult to encourage patients to see participating providers. Additionally, there is a need to remain vigilant about avoiding Stark violations and, like other models, a few high-cost patients can disrupt the bundle.
Conclusion
Each revenue model within Value-Based Care offers unique advantages and challenges. Healthcare providers must carefully evaluate these factors to determine the best approach for their practice. By understanding the nuances of each model, providers can make informed decisions that align with their goals of improving patient outcomes and achieving cost efficiency. Ultimately, the success of Value-Based Care depends on the ability to balance these models effectively and adapt to the evolving healthcare landscape.
About the Author
Patrick Kelly is the President and CEO of 4th Season Consulting. With over 20 years of experience in value-based medicine, population health, and care management, Patrick has led numerous successful initiatives in the healthcare industry. His expertise spans various roles, including CIO/CTO at Phytel, Loopback Analytics, and MPOWER Health, as well as Vice President of Information Systems at Catalyst Health Group.
About 4th Season Consulting
4th Season Consulting specializes in the unique needs of the healthcare industry by providing a wide range of consulting services including business intelligence, custom development, IT support, cloud infrastructure, HIPAA and compliance consulting, and digital marketing. The 4th Season Consulting team brings a depth of expertise tailored to the unique needs of healthcare providers, from solo practitioners to large organizations. All without contract minimums or long-term obligations.
This article is the second in a multiple-part series exploring the intricacies of value-based care in the U.S. healthcare system.
In the U.S., most people receive health insurance through their employers. This means that as individuals change jobs, they often change their health insurance companies as well. This frequent switching of insurance providers can lead to a lack of continuity in care and an understandable reluctance on the part of payors to invest in long-term health initiatives for their members.
The shift towards Value-Based Care in the U.S. healthcare system aims to improve patient outcomes while reducing costs. However, this model faces several challenges that can hinder its effectiveness. These disincentives, rooted in the structure of the healthcare system and the behavior of key stakeholders, create barriers to achieving the desired goals of Value-Based Care. Understanding these challenges is crucial for developing strategies to overcome them and ensure the success of Value-Based Care initiatives, as follows:
Despite the numerous challenges and disincentives associated with Value-Based Care, payors and providers are increasingly adopting this model. The primary reason for this shift is the potential for improved patient outcomes and overall reduced healthcare costs – especially if the entire care continuum adopts this philosophy. Value-Based Care focuses on preventive measures, chronic disease management, and overall wellness, which can lead to better health outcomes for patients. Furthermore, the shift towards Value-Based Care is supported by policy changes and initiatives from government and private payors, which are designed to promote this model and address some of the existing disincentives.
In conclusion, while the transition to Value-Based Care presents significant challenges, the potential benefits for patients, providers, and the healthcare system are driving its continued adoption. The alignment of financial incentives with patient health outcomes, the focus on preventive measures and chronic disease management, and the support from policy changes and initiatives are all contributing to the momentum behind Value-Based Care. Addressing the disincentives and barriers identified in this article is crucial for realizing the full potential of this model and achieving better health outcomes for all.
Stay tuned for the next article in our series, in which we will explore the history and objectives of Value-Based Care.
About the Author
Patrick Kelly is the President and CEO of 4th Season Consulting. With over 20 years of experience in value-based medicine, population health, and care management, Patrick has led numerous successful initiatives in the healthcare industry. His expertise spans various roles, including CIO/CTO at Phytel, Loopback Analytics, and MPOWER Health, as well as Vice President of Information Systems at Catalyst Health Group.
About 4th Season Consulting
4th Season Consulting specializes in the unique needs of the healthcare industry by providing a wide range of consulting services including business intelligence, custom development, IT support, cloud infrastructure, HIPAA and compliance consulting, and digital marketing. The 4th Season Consulting team brings a depth of expertise tailored to the unique needs of healthcare providers, from solo practitioners to large organizations. All without contract minimums or long-term obligations.
This article is the first in a multiple-part series exploring the intricacies of value-based care in the U.S. healthcare system.
In the ever-evolving landscape of healthcare, Value-Based Care has emerged as a transformative approach aimed at improving patient outcomes while controlling costs. But what exactly is Value-Based Care, and why is it gaining so much attention?
Value-Based Care is a healthcare delivery model in which providers such as hospitals, physicians, specialists, and even post-acute care facilities are paid based on the quality of care provided, encouraging efficiency and effectiveness. This model contrasts with the traditional fee-for-service approach, in which providers are compensated based on the volume of care services they deliver.
The origins of Value-Based Care can be traced back to the early 20th century, in which healthcare providers and policymakers began recognizing the limitations of the fee-for-service model. Visionaries such as Dr. Ernest Codman, a surgeon in the early 1900s, advocated for outcome measurement and accountability, setting the groundwork for a value-based approach. However, true strides toward Value-Based Care were taken in response to rising healthcare costs and disparities in care quality in the mid-20th century. The term “Value-Based Care” was coined in 2006 by scholars Michael Porter and Elizabeth Olmsted Teisberg in their seminal work, “Redefining Health Care”.
The key components of Value-Based Care that drive the success of this transformative healthcare model include patient-centered care, preventive care, outcome-based payments, and data-driven decisions.
The benefits of Value-Based Care are numerous and impactful, focusing on enhancing patient outcomes, reducing healthcare costs, and increasing provider accountability.
Improved Patient Outcomes: By focusing on quality rather than quantity, Value-Based Care aims to enhance patient health outcomes. Patients receive more personalized and coordinated care, leading to better health and satisfaction.
Cost Efficiency: Value-Based Care helps reduce healthcare costs by preventing unnecessary treatments and hospitalizations. By promoting preventive care and managing chronic conditions effectively, it minimizes the need for expensive interventions.
Enhanced Provider Accountability: Providers are held accountable for the care they deliver. This accountability drives continuous improvement in care quality and fosters a culture of excellence.
While Value-Based Care offers many benefits, it also presents challenges. Implementing Value-Based Care requires significant changes in how healthcare is delivered and reimbursed. Providers must invest in technology and data analytics to track and measure outcomes. Additionally, aligning incentives across different stakeholders, including payers, providers, and patients, can be complex.
Value-Based Care represents a paradigm shift in healthcare, focusing on delivering high-quality, patient-centered care while controlling costs. As healthcare continues to evolve, embracing Value-Based Care can lead to better health outcomes, greater patient satisfaction, and a more sustainable healthcare system.
Stay tuned for the next article in our series, in which we will delve deeper into the different revenue models within Value-Based Care.
About the Author
Patrick Kelly is the President and CEO of 4th Season Consulting. With over 20 years of experience in value-based medicine, population health, and care management, Patrick has led numerous successful initiatives in the healthcare industry. His expertise spans various roles, including CIO/CTO at Phytel, Loopback Analytics, and MPOWER Health, as well as Vice President of Information Systems at Catalyst Health Group.
About 4th Season Consulting
4th Season Consulting specializes in the unique needs of the healthcare industry by providing a wide range of consulting services including business intelligence, custom development, IT support, cloud infrastructure, HIPAA and compliance consulting, and digital marketing. The 4th Season Consulting team brings a depth of expertise tailored to the unique needs of healthcare providers, from solo practitioners to large organizations. All without contract minimums or long-term obligations.
There are only twelve notes in Western music. Just twelve. And in any Western scale, there are even fewer – just seven notes.
It is surprising how many of us in tech have music alter-egos. I’m guessing it has something to do with how both areas of study result in a challenging combination of art and science. There are rules, there are guidelines, and there is structure – but within those rules, guidelines, and structure, we find creativity, imagination, and inspiration. We strive for elegance amidst the chaos, and many times we find the most interesting things when we examine the 3rd note and the 7th note of a scale.
Just like how 3rds and 7ths in music can add interest to a solo, certain aspects of data can add interest and depth to an analysis. Here are some examples:
Outliers: Outliers are data points that are significantly different from the majority of the data. They can provide valuable insights into the data and can be used to identify trends and patterns that may not be apparent in the main data set. Why does it cost so much money to run that one facility?
Trends: Trends refer to patterns or movements in data over time. They can help identify changes or shifts in behavior and can be used to predict future trends. Trends highlight drift, and drift over time highlight things that might not be readily visible from day to day, week to week, or month to month observation. Why did my no-show rate go from 3% to 5% over the past 6 months?
Relationships: Relationships between variables can reveal correlations and associations that may not be immediately apparent. For example, there may be a relationship between income and education levels or between age and voting behavior. This is where AI shines – finding how non-intuitive variables trend together.
Anomalies: Anomalies refer to unexpected or unusual patterns in the data. They can provide insights into potential issues or problems and can be used to identify areas that may require further investigation. Anomalies are similar to outliers, but the difference is important. Outliers are single data points. In my example above, the outlier is a single department. Expanding on that example, an anomaly would be that one facility was so much more expensive than others because it was in the center of a pandemic hotspot.
By focusing on these aspects of data, just like how musicians focus on 3rds and 7ths to add interest to a solo, you can find the most interesting and valuable insights in your analysis.
An internal security assessment (ISA) from your vendors can help you understand the security risks associated with working with those vendors and can help you identify any potential vulnerabilities or weaknesses in their security measures. Here are some reasons why you should require your vendors to complete an ISA:
Protecting sensitive data: If you're sharing sensitive data with your vendors, it's important to ensure that they have appropriate security measures in place to protect that data. An ISA can help you verify that your vendors have adequate security controls in place to protect your data.
Compliance requirements: Depending on your industry, you may be required to conduct security assessments of your vendors to comply with GDPR, HIPAA, HITECH, PCI-DSS, or other state and federal regulations. Failing to comply with these regulations can result in fines, legal action, or damage to your company's reputation.
Third-party risk management: Working with vendors introduces additional risk to your organization. An ISA can help you identify potential vulnerabilities in your vendor's security measures and enable you to work with the vendor to mitigate those risks.
Improved security posture: By requiring ISAs of your vendors, you can ensure that your company is working with vendors who take security seriously. This can help improve your overall security posture and reduce the risk of security incidents.
Overall, requiring an ISA of your vendors can help you make informed decisions about your partners and ensure that you're taking the necessary steps to protect your organization and sensitive data.
If you do not have your own ISA, please feel free to download our ISA template.
I recently read this article from the Cybersecurity and Infrastructure Security Agency regarding the ongoing ESXiArgs ransomware attacks, and it got me thinking about why our industry is such an attractive target for hackers.
From the desire for our teams to work efficiently to the need to share data across entities for optimal patient outcomes. However, the reason healthcare is consistently among the top three favorite industries for bad actors is that we are so reliant on our data. Everything from appointments to collections is dependent upon our systems functioning unadulterated, making our data valuable to us as an organization. When you add on top of that the reputational damage that can occur when news of a hack gets out, it becomes obvious hackers are fishing where the fish are.
However, even with the advances we’ve made in protecting ourselves, ransomware attacks are on the rise year after year. And they are on the rise because they are effective. Here are some simple items that can dramatically improve your security posture.
Train and Test Your People
The glow of a screen bounces off the unshaven face of that weird guy from high school as he sits in a dark basement next to a stack of computers with flashing lights and whirling disks. Skillfully, artfully, methodically find his way into your systems… Makes for great movie entertainment, but this is not how the hack usually works. In reality, a guy in a coffee shop pushes a button and releases a flock of emails informing your staff that the HR department has a new policy for them to sign. All they need to do is sign in and read the document. And if they don’t do it by 5 PM today, their paycheck may be delayed. Shortly thereafter, someone is accessing your EHR and no one knows how it happened.
The most exploitable part of your network is not your computers – it’s your people. In healthcare, we are required by law to train our people. It’s not a burden, it’s an opportunity to find our soft spots and harden our environment.
Patch Your Systems
If you didn’t read the article mentioned at the beginning of this post, I’ll cut to the chase. The rapidly spreading EXSiArgs ransomware exploits a vulnerability patched two years ago. Make sure you have a patch program for all your systems that keeps laptops, phones, servers, printers, routers, firewalls, and anything else on your network up to date at least monthly. A strong patch program will apply updates more frequently based on how likely a hacker will be able to exploit the vulnerability and the damage that can result.
Risk Assessment
If you operate in the healthcare space, you are almost certainly subject to HIPAA either because you are a covered entity such as a medical practice, or because you are a business associate such as a revenue cycle management company. This means you are required by law to complete an annual risk assessment. Depending on the size and maturity of your business, this assessment can be straightforward with either this tool provided by HealthIT.gov or with outside help. No matter how you meet this requirement, remember that the goal is not to get a perfect score. The purpose of a risk assessment is to take a hard, candid look at your risk, identify areas for improvement, develop a plan, then execute that plan.
Bring in Help
Not everyone has the time, resources, desire, or even the need for dedicated IT staff. Fortunately, there are a number of companies ready and willing to fill any number of needs at an affordable rate.
The reality is that if you use computers, people are trying to hack your systems. Every day, all day. A quick look at any set of firewall logs will show thousands of attempts to breach your perimeter. Now the majority are clumsy attacks launched by lowbrow bad actors using any number of tools readily available on the web. These will show up as port scans, buffer overflow attempts, and other intrusion methods from which even the smallest of companies should be readily protected. But more sophisticated efforts are always being developed too. Don’t roll the dice with your technology.
Use the form below or call 1-214-216-0159!
