XIFIN Updates Cybersecurity Capabilities – San Diego Business Journal

When it comes to security, healthcare information technology company XIFIN has earned some trust. Last month, the company announced the launch of XIFIN RPM 15, the latest version of its revenue cycle management platform that has earned certified status for information security by HITRUST.

Achieving the HITRUST r2 Certification is “a very big deal from a security perspective,” said XIFIN COO Kyle Fetter. “It is the gold standard for protecting health information and financial transactions in the healthcare industry and has the most rigorous standards and stress testing for cybersecurity.”

Addressing Cyber Concerns

XIFIN’s cybersecurity and IT teams had been working towards the certification for several years, Fetter said. This year, the teams were able to get the certification into the most recent update of the company’s revenue cycle management (RCM) platform. Among other priorities for the update, HITRUS certification was a goal because of the “current environment from a cybersecurity perspective,” he added.

“Local institutions in the health industry have been attacked and breaches have happened,” Fetter said. “Cybersecurity is top of mind for XIFIN customers, so it was a big commitment for us to our customers to make sure we were a top standard when it came to cybersecurity and patient healthcare information and protecting our clients and their information.”

According to the Department of Health and Human Services, 45 million individuals were affected by healthcare-related cyber-attacks in 2021, triple the number of individuals affected in 2018. The “Critical Insight 2021 End-of-Year Healthcare Data Breach Report” cites a 35% increase in attacks on health plans. In 2022, as many as 40 states considered more than 250 bills dealing with cybersecurity1  and cyber insurance premiums increased by 79% in 2022, while policy protections were reduced.

“Security is a priority for XIFIN and a pillar of our RCM platform. As an organization we seek to be ahead of market disruptions and demands,” said Marty Barrack, XIFIN chief legal and compliance officer. “XIFIN commenced the XIFIN RPM initiative to earn Certified status for information security by HITRUST in September 2021. This significant investment and achievement of  HITRUST Risk-based, 2-year Certification  demonstrate that XIFIN RPM has met key regulations and industry-defined requirements for information security.”

No Surprise Billing

In addition to undergoing cybersecurity certification, the XIFIN RPM 15 platform update also addressed regulatory compliance around no surprise billing. Despite the enactment of the Hospital Price Transparency Act and the No Surprises Act, a survey of 2,000 adults conducted by global research firm  Morning Consult reported 20% of patients said they or a family member received an unexpected medical bill in 2022.

“In the laboratory industry, in the durable medical equipment industry, in a number of different areas our customers operate, it is critical for patients to really understand what their out-of-pocket is going to be at the time they’re receiving a service,” Fetter said. “So for that area of our system, we’ve focused the most artificial intelligence and machine learning capabilities to use many different healthcare factors to determine exactly what the patient’s out-of-pocket is going to be for these more complicated and difficult to cover services where they end up getting surprise bills on the back end.”

Business Intelligence

XIFIN’s update also includes a number of other AI-powered features like an enterprise-grade portfolio that includes revenue projection, quarterly metrics and industry benchmarks.

“We think we’ve gone as far as anybody in terms of business intelligence capabilities,” Fetter said. “We’ve been rolling out a number of key analytical capabilities for our customers.”

Another capability in the RPM 15 is claim status workflow automation that provides a prioritized series of actions to final billing that includes data exchange and automated correction via web services or through portals with direct access to physician offices, as well as patients in the case of incorrect insurance information.

Another capability is helping healthcare providers and patients with denials by insurance companies. “On our end, we’ve gone really far in automating those transactions so a healthcare provider can quickly do an appeal with minimal human input and provide the insurance company the information they need to make a coverage decision without going through the more expensive processes that have typically taken 30, 60, 90 days to get through,” Fetter said.

XIFIN

Founded: 1997
CEO: Lâle White
Headquarters: San Diego
Business: Healthcare information technology company
Employees: 900
Website: www.xifin.com
Notable: XIFIN processes more than 120 million accessions/visits per year on behalf of its clients.

Comments are closed.