MGMA Podcasts

Daniel Williams: Well, hi everyone.

Daniel Williams here, senior editor at
MGMA host of the MGMA Podcast Network.

Join today as we always are on
Fridays with co-host Colleen Luckett,

editor and writer here at MGMA and on
Fridays we are back with another, uh.

MGMA weekend review.

So, so glad to share, uh, the latest
healthcare industry news with y'all.

Sometimes some policy updates,
expert insights, and just

stories that catch our fancy.

So, Colleen, what has, uh,
got your attention this week?

Colleen Luckett: Hi everyone.

So first up, I'm just here with
your weekly reminder that healthcare

isn't just about healing anymore.

It's about also hackers, havoc and hipaa.

So here's the deal.

If your organization is still treating
cybersecurity like it's an IT only

problem, I have some really bad news
from the future and that future is.

Basically now, well, the first article
we're breaking down today is titled

Healthcare Leaders Prepare for a
very Different HIPAA Security Rule.

It's by Joe Olak, published in Chief
Healthcare Executive on April 20th,

so he lays it out pretty clearly.

The US Department of Health and
Human Services is proposing major

updates to the HIPAA security rule.

Here's what you all need to know.

So the, the first big shift, say goodbye
to quote addressable security measures.

In the past, organizations could wiggle
out of certain safeguards like data

encryption or multi-factor authentication
by labeling them quote, addressable

instead of required, while that loophole
is closing, the new rule makes those

security practices mandatory, which
means many orgs will need to completely

overhaul their systems and policies.

The second major change,
executive accountability is

going up a notch or five really.

Cybersecurity will no longer
be just the CIO's burden alone.

The proposed rule directly holds
executives and board members

responsible for HIPAA compliance.

If your system get breached and
you didn't do your due diligence,

that is going to be on you.

Personal liability is
officially on the table.

So Oli sac outlines how this shift turns
cybersecurity into a full on operational

priority, not just a tech checklist.

And if your group still has a quote
flat network where everything talks

to everything, that's basically like
handing out a map and house keys

to every hacker on the dark web.

So what should medical groups do now?

Number one, you can bring in the
experts, not just techies, risk

strategists who know operations.

Two.

Audit your org, not just your
tech three encrypt and segment.

Those two controls alone
can save your systems.

And four, create a culture of
cybersecurity from the top down.

And remember, compliance
is the floor security.

Is the ceiling.

You don't want to be the cautionary
tale in next year's headlines.

It's a big wake up call, especially for
outpatient and medical group leaders.

If you're juggling vendors, managing
staff access or handling sensitive

patient data in any form, you are in
the cybersecurity hot seat now too.

And that's your HIPAA
heat check for the week.

Okay, Daniel, over to you.

Daniel Williams: Alright, thanks Colleen.

So the next story we're looking at
comes from physicians' practice.

It published April 21st, and
it's titled 10 Key Dos and

Don'ts for Direct Primary Care.

The article was written by Margaret,
a Barter Romo, and Stephen m Coward.

Now, if you've been in healthcare
leadership for any length of time,

you've probably heard plenty of buzz
around direct primary care or DPC.

It's a model that cuts out insurance
and third party payers entirely.

Patients pay a flat monthly fee directly
to their primary care provider, and

in return they get greater access.

Also, fewer administrative headaches
and ideally a more personal

relationship with their care team.

But as bar Romo and Coard point
out, just because the DPC model

seems simpler on the surface.

Doesn't mean there aren't a lot
of moving parts to get right.

In fact, they lead off by saying that
when DPC works well, it's because the

practice has been really intentional
about how they set it up and how they

communicate it to their patients.

One of their big dos is about
clearly defining what's included

in that monthly membership fee.

Are labs covered?

What about vaccines?

Specialty care referrals?

The authors emphasize that the more
transparent you can be upfront, the

less chance there is for confusion
or frustration down the road.

And that's both for
patients and your team.

They also stress the importance of doing
your homework on the regulatory side.

Just because you're outside
the insurance system doesn't

mean you're outside the law.

There are still compliance issues around
state licensure, scope of practice, and

patient privacy that have to be addressed.

So one of the key don'ts here is don't
assume you can just launch a DPC model.

Without a careful legal review.

Another point that stood out
to me was their advice on

patient education and marketing.

This is not the traditional model most
patients are used to, so it takes some

thoughtful messaging to explain how it
works and why it might be a better fit

for certain individuals or families.

They recommend being proactive and
answering those basic questions

patients are going to have, like
what happens if I need hospital care?

Or if I move out of the area, and
a word of caution from the authors,

DPC may not be the right move for
every practice or every market.

They suggest practices.

Take the time to run the numbers,
talk with patients, and understand

the demand before jumping in again,
the article is 10 key do's and

don'ts for direct primary care, and
it appears in physician practice.

It's worth the read.

If your practice has ever considered
making the switch to DPC, we'll put a

direct link to this story in the episode.

Show notes.

Colleen, back over to you.

Colleen Luckett: So you know
when someone texts just.

Okay, and suddenly you're spiraling
and questioning everything

in your entire relationship.

Well, now imagine that energy applied to
an important health screening reminder.

Yeah.

Nothing says we care, like a
message that feels like a breakup.

So my next article's from Med
City News, it was published April

23rd and written by Bob Ferrell.

It's called Improving Patient Trust with.

Digital communication.

Ferrell, who's currently CEO of impulse,
a digital health company focused on

patient engagement lays out a growing
problem that too many healthcare

leaders are still underestimating
declining trust in the health system,

and how digital communication or lack
thereof, is playing a major role.

Between April, 2020 and January,
2024, patient trust dropped by 30%.

That's huge.

According to a big part of this erosion
is tied to poor communication, so

missed messages, confusing outreach,
lack of follow-up and outdated

engagement methods that lead patients
feeling frustrated and ignored.

And let's be clear, this isn't
just a marketing problem.

Ferrell points out that quality
communication between patients

and healthcare teams can actually
influence health outcomes.

Better communication leads to
better understanding, more patient

motivation, and more active
involvement in treatment decisions.

But once a patient walks out
of the doctor's office, that

engagement often just falls apart.

Nearly half of patients say
clearer communication would help

them trust their providers more.

And when it comes to health
plans, the story is the same.

Patients want updates on
coverage, appointment reminders,

medication info, and they want
it in a way that makes sense.

Text, email, apps, not confusing, phone
calls they weren't expecting, but there's

a new wrinkle coming in April, 2026.

A new rule under the telephone Consumer
Protection Act goes into effect.

It gives patients the ability to more
easily opt out of automated calls and

texts, and that has big implications
for healthcare communications right now.

Most patients aren't even
aware the change is coming.

If providers and health plans aren't
proactive about educating patients on

what these changes mean and giving them
real informed consent options, they risk

losing a critical communication link.

Awards that without the right strategy in
place, healthcare organizations could end

up pulling back on essential messaging.

That keeps patients connected
to their care just to avoid

crossing a regulatory line.

So what's the takeaway
for healthcare leaders?

Well, first, build consent and
communication into your strategy.

Don't wait.

Make sure patients know their
options and understand what

they're opting in or out of.

Second, tailor communication by
topic, language, and channel.

Generic blast.

Don't build trust.

Personalized, relevant outreach does and
finally, involve the right stakeholders,

from providers to payers, to tech vendors.

Everyone needs to be a part of the
conversation about how new regulations

will impact patient engagement.

Farrell's final message is
clear in the digital age.

Trust isn't just earned in the exam room.

It's earned in the inbox.

And maintaining that trust takes a
thoughtful, proactive strategy that

balances personalization, compliance, and
respect for the patient's preferences.

We'll throw a link to that
article in the show notes for you.

Daniel, back to you.

Daniel Williams: All right.

Our next story comes from Healthcare dive.

It was actually published April 16th, but
when I came across it this week, I just

decided I had to share it with y'all.

It's titled for Medical Debt.

Care now.

Pay later models abound.

It was written by their senior
reporter, Justin Bachman.

Now, if you spent any time looking
at the patient payment landscape

lately, you know medical debt remains
a massive challenge in the US and is

healthcare costs continue to rise.

Patients are often left scrambling
for ways to pay, sometimes

choosing between their health.

Their finances.

Bachman takes a deep dive into how
FinTech startups are jumping into

this space offering what's being
called care now, pay later options.

And this is exactly what it sounds like.

A growing number of companies
are providing financing plans

that let patients spread
out the cost of their care.

Over time, the goal is to make payments
feel more manageable for patients.

But of course there's a
business side to it too.

These companies are also looking to make
healthcare payments more profitable.

The piece points out that this model is
starting to look a lot like the buy now

pay later trend We've seen in retail.

But apply to medical bills.

And while these options might reduce
the immediate financial hit for

patients, they also introduce new risks.

Like patients taking on debt they may not
fully understand or stacking up multiple

payment plans across different providers.

One thing Bachman highlights is
how these plans are being offered

right at the point of care.

Sometimes before the
patient even gets the bill.

It's positioned as a way to
make healthcare more accessible.

But there's debate over whether
patients, especially when they're under

stress, have the capacity to fully
process the long-term implications

of these financing arrangements.

Consumer advocates quoted in the article
raise concerns about transparency,

asking whether patients are getting
all the information they need upfront.

Are the terms clear?

Are there fees or penalties
if payments are missed?

And what happens when the debt piles up
across several providers or procedures?

For practice leaders, especially those
in revenue cycle or patient experience

roles, this is a space worth watching.

Whether your practice is directly offering
payment plans, considering a partnership

with one of these FinTech companies, or
simply trying to understand how these

models are reshaping patient expectations.

These are conversations that
aren't going away anytime soon.

As a reminder, the article is.

For medical debt care now
pay later models abound.

It was written by Justin Bachman
over at Healthcare Dive, and

as we always do, we'll provide
a direct link to this article.

So Colleen, back over to you.

Colleen Luckett: Thanks, Daniel.

You know, you've entered dystopian
territory when an insurance denial

feels like it came from a Magic eight
ball, but the ball is ai and it's been

trained to say outcome, unclear, deny.

Anyway.

Well, my last story comes from Dark Daily,
published April 23rd, and it's titled.

States pursue legislation limiting AI's
growing role in payer prior authorization,

denials and claims processing.

Here's the situation.

Multiple states are responding to what
they see as a growing threat, insurance

companies using artificial intelligence to
automate the denial of healthcare claims.

Including critical medical and
lab testing, and it's gone far

beyond some periodic complaints.

There are now class action lawsuits
and proposed legislation in at least

11 states aiming to curb this practice.

At the heart of these proposals is the
same concern that AI, when left unchecked.

Could lead to mass denials of
lifesaving care based on pattern

recognition, not clinical judgment.

And it's not just lawmakers
sounding the alarm.

The Arizona Medical Association
issued a strong statement saying

healthcare decisions should be based
on compassionate human expertise, not

algorithms optimized for cost savings.

Now, here's why this matters
for healthcare leaders, and

especially for those in outpatient
care and lab management.

AI is already being used at both
the prior authorization stage

and during claims reimbursement.

Lab tests are being denied routinely,
sometimes even when providers know they

won't be paid, but run the test anyway
to maintain provider relationships.

If your organization relies on timely
claim approvals, automated denials

could disrupt patient care, delay
treatment, and eat into your revenue.

At the same time, there's nuance here.

AI can still serve a positive
role in healthcare, streamlining

documentation, transcribing notes,
even assisting in diagnosis.

But what this article underscores is that
AI should support care, not overwrite it.

For our MGMA members, this is a
time to, number one, audit your

claims processes and flag patterns
that suggest automated denials.

Two, review your payer contracts,
what kind of AI tools are

being used behind the scenes?

And three, engage in advocacy because
how AI is regulated now could reshape

your revenue cycle for years to come.

Bottom line, use AI to fight burnout and
streamline operations, not to rubber stamp

denials from behind a digital curtain.

Again, we will drop that
link in the show notes.

And Daniel, that does it for me today.

Daniel Williams: All right.

That's gonna do it for
this week, everyone.

So thank you for listening to
another episode of MGMA Week.

In review, if you like what you
heard, be sure to follow and

subscribe to the MGMA Podcast Network
wherever you get your podcast.

And you will also find all the,
uh, sources and resources to these

articles in our episode show notes.

So, until then, wishing
y'all a happy weekend.