Making any software purchase for a large organization isn’t easy. You’re busy coordinating teams, researching vendors, comparing those vendors, and reaching a consensus. All that occurs before considering the labor involved in implementing software.
Making the correct decision is vital. To help, here are 10 questions to ask yourself when buying premium billing software:
Will we get the outcome we need?
Start by determining the outcome you’d like to achieve when buying premium billing software. Some organizations aim to automate manual, time-consuming processes. Others hope to improve billing accuracy. Some need to transition off their legacy billing platforms because they’ve become unstable or difficult to manage. Still, others have cobbled together multiple billing solutions resulting from mergers and acquisitions and want to consolidate them into a single billing platform.
Whatever the case, start by defining your goals and future state for your premium billing software. Doing so helps you fine-tune what types of vendors to seek. It also simplifies the measurement of your progress toward your goal after implementation.
Will there be operational interruptions?
When buying premium billing software, a common internal roadblock is a potential for operational interruptions. Teams often push back, objecting to solutions that interrupt their daily activities.
So seek premium billing software that doesn’t interrupt your daily operations to install. Or, if it does, ensure that there are enough benefits – like process automation that frees staff for higher-level work – to outweigh the potential interruptions.
Are our competitors using this?
There are several reasons to understand if your competitors are using the billing software you’re considering:
- To gain a competitive advantage. If your competitors use the same software, find ways to differentiate yourself and gain a competitive advantage. You could try customizing the software, using it uniquely, or finding other software that better suits your needs. For example, you could use different rules to tailor unique delinquency management letters that differentiate your brand.
- To learn from competitors. If your competitors use the software, you can learn from their experiences. You might learn how the competitor uses the software, what works well, and what doesn’t. You’ll make a more informed decision about whether the software is right for your business.
- To evaluate market trends. If many of your competitors use the same software, it could indicate the software is becoming an industry standard. That knowledge helps you understand market trends and determine if the software will be relevant in the long term.
- To evaluate the vendor’s reputation: If many of your competitors are using the software, that vendor likely has a strong reputation in your industry. As a result, you can assess the quality of the software and the level of support you’re likely to receive.
Is it compliant?
Insurance is a highly regulated industry. Vendors must meet specific compliance requirements that may include:
Because the software collects payments, you’ll need a solution that meets PCI compliance. PCI is a set of guidelines that define the requirements for securing credit card transactions and data. The guidelines require maintaining secure networks, protecting cardholder data, regularly monitoring and testing security systems, and implementing strong access control measures. Failure to comply with PCI requirements can result in fines, legal liabilities, and damage to a company’s reputation.
NACHA compliance refers to adherence to the rules and guidelines established by the National Automated Clearing House Association (NACHA) for the electronic transfer of funds between financial institutions in the United States. The organization governs the Automated Clearing House (ACH) network, which is responsible for processing electronic payments such as direct deposits, bill payments, and business-to-business transactions.
SOC compliance refers to adherence to the Service Organization Control (SOC) standards developed by the American Institute of Certified Public Accountants (AICPA) for evaluating and reporting on the controls of service organizations. The SOC standards provide a framework for assessing and reporting the security, availability, processing integrity, confidentiality, and privacy of data processed by service organizations, such as data centers, cloud service providers, and payment processors.
There are three types of SOC reports. SOC2 intends to evaluate the effectiveness of a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy. Companies that provide services involving the processing, storage, or transmission of sensitive data, such as cloud service providers, typically seek SOC2 certification.
Though no specific federal law or regulation in the United States requires health insurers to provide on-shore support exists, some state laws and regulations may require health insurers to have certain customer service operations located within the state or region they serve. As a result, you may need vendors providing only on-shore support.
NIST Cybersecurity Framework
The NIST Cybersecurity Framework is a set of guidelines and best practices developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risks. The framework provides a structured approach to managing cybersecurity risks. NIST designed the framework to be adaptable to a wide range of organizations, regardless of their size, sector, or cybersecurity maturity.
Many organizations use the NIST Cybersecurity Framework to improve their cybersecurity posture and reduce the risk of incidents. The framework is voluntary, but many organizations use it as a baseline for developing their cybersecurity programs or measuring cybersecurity maturity.
Ensure any vendor complies with all HIPAA rules and regulations, including nondiscrimination rules, security and electronic data interchange regulations, and privacy regulations. The organization should also be open to HIPAA privacy and security audits.
What’s our risk if we don’t buy?
Before you buy, identify any risks you’ll face if you fail to change the status quo. Those risks may even outweigh the software’s benefits.
Among the risks we commonly see:
- Labor-intensive processes that lead to poor member experiences
- Those poor member experiences lead to higher customer churn, quantified by measuring lost revenue.
- The high cost – in dollars and labor – of maintaining legacy billing systems
- Billing inaccuracies that compound the poor member experience and high labor cost
- Lack of modern billing features – like an integrated payment portal and automated, configurable delinquency management – that lead to better on-time payment rates
- Inability to scale and capture a larger market share because of inflexible billing solutions
- Declining competitiveness. All those factors – the cost of a legacy system, inability to scale, and labor-intensive billing process – combine to reduce a health insurer’s competitiveness.
Does it fit with our current and planned architecture?
Understanding your strategic technology plan can help determine if the purchase aligns with your current and future technology aims.
Many insurers have taken a much more composable approach to software. The proliferation of data integration methods led insurers away from all-in-one software solutions. Point solutions offer more flexibility and a better feature set.
Insurers, like other industries, have increasingly turned to cloud solutions as well. Cloud products often are easier to maintain, cost less than in-house server farms, and can more flexibly accommodate future technology.
What are our risks if we buy?
There are several risks that a health insurer may face when buying premium billing software, including:
- Cost: There may be significant initial implementation costs when purchasing and implementing new software. Costs may arise during ongoing maintenance and upgrades as well. If the software does not perform as expected, or if unexpected fees associated with the implementation occur, you may face financial losses.
- Integration: Premium billing software must integrate with other health insurer systems. The software may not function properly without the appropriate data, leading to errors, delays, and increased costs.
- Data security: Premium billing software contains sensitive member information. If the software is not secured, it may be vulnerable to hacking, data breaches, and other cyber attacks. Significant financial losses and reputational damage could follow.
- Regulatory compliance: Health insurers are subject to federal and state regulations related to data privacy and information security. Non-compliant premium billing solutions could introduce fines, penalties, and legal action.
- User adoption: A wide range of staff – the billing team, the member services staff, and the technology team – typically use premium billing software. If the software is difficult to use or requires extensive training, staff members may not adopt it, which could lead to delays, errors, and increased costs.
How secure is the software?
There are several factors to consider when judging software security, including:
- Vulnerability management: The vendor should regularly test its software for vulnerabilities. Look for software with a comprehensive vulnerability management program. Ensure that process includes regular vulnerability scans, penetration testing, and code reviews.
- Authentication and access control: Software should have strong authentication and access control mechanisms to ensure that only authorized users access sensitive data and functionality. Look for software that uses strong passwords, multi-factor authentication, single sign-on capabilities, and role-based access control.
- Encryption: Data should be encrypted to protect sensitive information. Find software that uses strong encryption algorithms and proper key management processes.
- Error handling and logging: Robust error handling and logging mechanisms can help identify and diagnose security incidents. Software that logs all security-related events and has proper alerting and incident response processes improves security.
- Compliance: As previously mentioned, software should comply with relevant laws, regulations, and standards, such as HIPAA, PCI, and NIST. Software vendors should regularly perform third-party compliance audits.
- User training: Often overlooked, user training can prevent user error and improve security posture. Find vendors that deliver comprehensive user training and processes that ensure users understand their security responsibilities.
Can we support this technology?
When implementing new software, there are four important considerations:
- Technical infrastructure: Consider compatibility, scalability, and bandwidth requirements for hardware, network infrastructure, and software platforms.
- IT resources: Think about hardware and software support, database management, security, and technical support.
- Data management: Review data storage, backup and recovery, and data governance.
- Integration: Reflect on data integration, workflow integration, and API integration.
When buying premium billing software, will it be future-proof?
Purchasing software is expensive and can be disruptive. To minimize costs and limit disruption, you want the software to function for years. Below are a few ways to search for future-proof software:
- Research the technology stack used by the software. Ensure that the software you want to buy uses modern and widely adopted technologies. Using widely adopted technology increases the likelihood that the software will last into the future and that developers will continue to support and maintain it.
- Look at past performance. Choose a vendor with a developed SDLC that regularly updates and supports their software. Ask how they handle bug fixes, security patches, and updates.
- Consider the software’s integration capabilities. Choose vendors with a history of integration with other systems and software. Vendors with integration chops typically can integrate with new technologies.
- Check for compatibility with emerging technologies. Look for software designed to work with emerging technologies such as artificial intelligence or cloud computing. If the software is already ahead of the curve, it will continue to be relevant as new technologies become mainstream.
- Invest in configurable software. Configurable software is more likely to meet your specific needs. It’s easier to adapt the software to new requirements and the solution will continue to serve your organization even as your needs change.
Certifi’s health insurance premium billing and payment solutions help Medicare Advantage payers improve member satisfaction while reducing administrative costs.